The Anti-Money Laundering Act of 2020 (AMLA), enacted in the waning days of the Trump administration, amended the Bank Secrecy Act (BSA) in several ways that are likely to have a lasting impact on the AML risk landscape that financial institutions face. Among these changes was an overhaul of the BSA’s whistleblower provision, to offer robust new incentives for individuals to report violations of the BSA to federal authorities, on the one hand, while providing a private cause of action against employers for retaliation, on the other.
Although these two aspects of the enhanced AMLA whistleblower program are mutually reinforcing, it is important for financial institutions to understand the unique risks created by each.
Increased Incentives to Report to Federal Authorities
Prior to enactment of the AMLA, the BSA had a rather anemic whistleblower provision that capped awards at $150,000 – a number that was thought did not incentivize many, particularly long-term or high-level employees. Under the AMLA’s enhanced provision, the Secretary of the Treasury can award whistleblowers up to 30% of the monetary sanctions obtained as a result of the disclosure (provided the sanction exceeds $1 million). Interestingly, unlike the SEC whistleblower program on which it was modeled, the AMLA program does not currently contain a minimum award amount, creating some ambiguity about the strength of the incentive.
Potential Increase in Enforcement Activity. Nonetheless, the dramatic increase in the potential upside of whistleblowing may naturally precipitate an increase in tips to regulators and law enforcement, with an accompanying increase in enforcement activity under the BSA. The extent of this anticipated increase remains to be seen, of course, and may depend at least in part on whether the Department of the Treasury exercises its authority in the coming months to set a minimum award amount. Nonetheless, certain clues may be gleaned from the notable uptick in enforcement that followed enactment of the SEC whistleblower program under the Dodd-Frank Act.
According to the SEC’s Report to Congress for FY 2020, the SEC’s whistleblower program has led to more than $2.7 billion in total monetary sanctions since its inception, with more than $500 million being awarded to whistleblowers. Of the 106 award recipients to date, 68% were current or former insiders. This number may be even higher under the AMLA program, since insiders have exclusive access to certain restricted information relevant to potential BSA lapses, such as whether a suspicious activity report (SAR) has been filed.
Application to Compliance Personnel. Notably, the AMLA incentive provision does not contain any express carve-out for compliance or audit professionals who provide information on AML/CFT lapses as part of their job duties. In contrast, awards to such personnel are narrowly circumscribed under the SEC program, and for good reason: incentivizing a compliance officer to report an AML lapse to government officials in the first instance would tend to interfere with their core function of helping their institution meet its compliance obligations. It is possible that Treasury adopts similar limitations through rulemaking (assuming it believes it has the authority to do so). Unless and until such time, the AMLA places financial institutions in a very difficult position, in some sense creating a conflict between compliance personnel and the institutions they serve.
New Anti-Retaliation Cause of Action
The AMLA also creates a private right of action for employees who believe they have suffered retaliation as a result of protected whistleblower activity. Retaliation is defined to include any change in the terms and conditions of employment or post-employment as a result of the protected activity. Complaints are generally governed by the whistleblower retaliation rubric applicable to the federal aviation sector, 49 U.S.C. § 42121(b), including a low-threshold causation standard, to wit, that the protected activity was at least a “contributing factor” in the employment action. Successful employees are eligible for reinstatement, double back pay, compensatory damages, and attorney fees.
Employers that are subject to the whistleblower provisions in the Federal Deposit Insurance Act and the Federal Credit Union Act are exempt from the AMLA’s anti-retaliation provision. Employees of FDIC- and FCUA-insured institutions will continue to be covered by the existing whistleblower protections in those two separate acts, which contain a higher threshold than the AMLA.
Institutions that are covered by the new anti-retaliation provision, however, will want to carefully evaluate the new litigation risks it creates. In particular, by removing or ameliorating one disincentive to whistleblowing – namely, the prospect of suffering employment consequences – the new cause of action complements and amplifies the incentives provision, further encouraging employees to report AML lapses to federal authorities.
Risk of Claims Based on Internal Reporting. The anti-retaliation provision is not limited to circumstances where employees report to federal authorities; it also protects employees from retaliation for internal reporting of AML violations. Financial institutions subject to the provision may face retaliation claims by employees, including but not limited to compliance personnel, who were fired or disciplined after reporting potential AML lapses to a supervisor or other responsible person within the organization.
In this respect, the AMLA provision differs sharply from the SEC anti-retaliation provision, which is triggered only once an employee has made a disclosure to the SEC, and instead more closely resembles the anti-retaliation provision in the False Claims Act (FCA). For example, in February 2020, an employee was awarded $2.5 million under the FCA retaliation provision for her claim that she was terminated for reporting potential fraud to her supervisor. Although the scale of the awards under the AMLA anti-retaliation provision may seem relatively small compared to the enforcement penalties meted out by bank regulators, FinCEN, or DOJ for BSA violations, the cost of litigation coupled with the potential multiplicity of such claims should not be underestimated.
Steps to Consider
Although there is no one-size-fits-all answer on how to meet the two-fold risk created by the AMLA whistleblower program, covered institutions may wish to consider the following steps:
- Review the adequacy of internal reporting mechanisms and remediation measures, to make sure that the institution addresses significant AML lapses before they are reported to the federal authorities for a bounty. It is worth noting that of the employee insiders awarded under the SEC program, a full 84% raised their concerns internally in some way or another. Explore additional ways to encourage employees to report concerns internally first, without appearing to discourage external reporting (which may be met with hostility by regulators). A top-to-bottom culture of compliance, in which employees believe that they are heard, can be a critical component of risk mitigation.
- Review employee and post-employment confidentiality agreements for consistency with the new AMLA program. Use caution with provisions that may be interpreted by employees or regulators to restrict the ability of employees to report to federal authorities. By way of analogy, the SEC brought an enforcement action in 2015 against a company for requiring witnesses in internal investigations to sign confidentiality statements warning that they would face discipline if they discussed the matter with any outside parties without prior approval.
- Separately assess the risk of exposure to retaliation claims, to the extent covered by the new provision. Review retaliation policies and manager training; update as necessary.
- Watch for any forthcoming notice of proposed rulemaking (or other rules or guidance) related to the new whistleblower program, including on whether and how compliance and audit personnel will be permitted to receive inventive awards. Consider submitting public comments to the Treasury, whether individually or through trade associations.