Thresholds, Cybersecurity, and Crypto: A Global AML Update

In this episode of This Week in AML, Elliot Berman and John Byrne dive into a packed agenda of financial crime compliance developments across the U.S., Canada, and Europe. They discuss the newly introduced bipartisan Senate bill proposing changes to SAR and CTR reporting thresholds, the troubling budget cuts at CISA, and New York’s latest cybersecurity guidance. The conversation also explores open banking debates, TRM Labs’ crypto adoption report, and Fed Governor Michael Barr’s remarks on stablecoins. Internationally, they cover Canada’s record-setting penalty against Xeltox Enterprises and the UK’s AML supervisory overhaul.

Thresholds, Cybersecurity, and Crypto: A Global AML Update - Transcript

Elliot Berman: Hi John. How are you today?

John Byrne: I'm good, Elliot. How are you doing?

Elliot Berman: I'm good too. I wanted to mention something that we forgot to talk about last week, and that is that last Friday's episode was the 275th episode of This Week in AML. So, when you and I occasionally say we've been at this for a long time, we really have been at this for a long time.

John Byrne: I want to thank everybody who's given us feedback and listened. Can't do it without an audience, so thank you so much for that. We really appreciate it. We have a ton of things to talk about, so I'll just dive into the first one 'cause we've mentioned this before and that is, uh in the US Senate, they have finally actually introduced what we knew was coming. A bill to deal with thresholds for reporting both suspicious activity reports and for currency transaction reports.

It is, uh, near, as I can tell, they say it's a bipartisan bill, but I've seen it introduced by several Republicans. I'm assuming that the Democrats aren't listed in this particular story that I'm reading, but it's supposed to be bipartisan bill. It's theoretically designed to streamline the Bank Secrecy Act, which is, we've talked about, has been in place in various forms since 1972 actually, but anyway, under this proposal, the CTR threshold would jump from $10,000 to $30,000.

SAR thresholds would increase from two to three and from five to 10, depending on the circumstances. And then, uh, the Treasury Department would adjust these thresholds every five years to account for inflation. And there's a lot of text around this. I'll make a couple quick comments.

One is this is an issue that I certainly supported 25 years ago when I thought it would make sense to eliminate some of the burdens banks had in terms of cash reporting. But over time I felt that given technology and all sorts of institutions having the ability to, to track these transactions, that that wouldn't be so much of a cost saver. But I have to say I was in Missouri in September from Missouri Bankers and I asked a group of small banks would they benefit from the increase, and they said that they would. So, uh, community banks believe that there's value in jumping the thresholds. You're still gonna have to figure out possible structuring. We talked about the FAQs last week.

The SAR increases not sure what that really does in terms of burden reduction because the dollar amounts are not that high. Plus, I think that small banks actually want to report small dollar frauds 'cause they're hoping law enforcement at the federal or state level will actually take their cases.

So we'll see where this goes. Remember, the House is still not in, so the chances of this moving either through the Senate to the House before the end of 2025 are pretty remote. But it is out there and I'm sure there'll be a lot of discussion about that going forward.

Elliot Berman: The other side of the equation from what you talked about in Missouri is we know from a variety of conversations with law enforcement over the last number of years as this issue has bubbled up that the $10,000 CTR limit it's actually appreciated by some in law enforcement because it gives them a chance as they get more transaction reports to see patterns that and one individual bank may or may not see in a more complex money laundering scheme.

John Byrne: Alright. Staying in the US uh, couple things. You had flagged an issue regarding resources for CISA. Do you wanna mention that?

Elliot Berman: Yeah, so the CISA which is the Cybersecurity and Infrastructure Security A gency its mission is to safeguard federal systems and critical infrastructure while supporting private sector cyber defense through information sharing and incident reporting. A big job. We know that they have already had significant staff losses. Their peak staffing level was about 3,700 folks and their, reported to be down to between 22 and 2,600. That's about, a third, uh, give or take of their staff. So that's pretty significant. But there's an indication in the current budget proposals that are kicking around for 2026 they may take an additional reduction of maybe 4.6% and possibly more. And it's difficult to understand how a critical agency like that can operate leaner. We all talk about cybersecurity, the cyber breaches and all those other things that are happening, and the ones that are being targeted against both governmental systems and private systems, and they're really on the cutting edge of defending that for the whole country.

John Byrne: Staying with cybersecurity. Also in New York, the Department of Financial Services issued industry guidance on cybersecurity risks associated with third party service providers. It doesn't impose new reg requirements, but it's an attempt to clarify current obligations.

And so according to their introduction, they say, building upon previous guidance, the department emphasizes the importance of a proactive, risk-based and continuously adaptive approach to third party governance. So take a look at that when you get a chance just issued on the 21st of October.

And I just want to add one other thing since we're talking technology. Uh, Punchbowl News reported yesterday, uh, it was the deadline for a comment period on an on open banking rules that are actually mandated by Dodd-Frank. And they sat dormant for about a decade and they were finalized under the previous administration, the Biden administration. But then this year the CFPB uh, hit as they say, the reset button, but the comment period was still open.

So something called the Financial Technology Association, which is a group of FinTech, crypto, and merchant groups want to preserve that framework on open banking. And this is gonna be an interesting lobbying exercise because the largest traditional banks wanna roll back this open banking. It makes it easier for customers to access and transfer their financial details between different regulated firms. According to Punchbowl News, banks don't love that policy, they fear that that could make it far easier for customers to switch banks and threaten their deposit bases.

So the letter from FTA, I'm quoting from it says that the, um, nation's largest banks want to roll back open banking, weakened consumer financial data sharing and crush competition to protect their position in the marketplace. Obviously, hyperbolic statement coming from a group that's opposed to this. The signatories include the American FinTech Council, Blockchain Association, Crypto Council for Innovation, the National Association of Convenience Stores, the Grocers and the National Retail Federation.

So an interesting, it's not just an inside the Beltway issue it's something that obviously can affect consumers and it will be fascinating to watch this play out.

Elliot Berman: Indeed. It feels a little bit like the debate that went on when, uh the FCC, this is about 15 years ago, was looking at allowing people to take their telephone numbers with them when they move from one cell provider to the other.

John Byrne: That's right. Yeah, exactly.

Elliot Berman: So we'll see. I'm sure it'll be neither exactly the framework that's sitting out there now, or the one that the, uh, opponents of that framework, uh, wanna go to. So it'll be something in between. Where would you like to go?

John Byrne: TRM Labs who do a lot of reports, and we've interviewed folks from there a couple times on podcasts, they have their latest report, which is entitled the 2025 Crypto Adoption and Stablecoin Usage Report. And the key findings of this report looking basically the first six months of this administration, uh, is the US crypto activity surged around 50% year over year. South Asia emerged as the fastest growing region for crypto adoption in 2025 and stablecoins reached a record in US dollars, 4 trillion in Transaction Value, which accounts for 30% of all on chain activity.

And sanctions related activity in stablecoins, according to the report fell by 60% they argue suggesting threat actors are shifting to alternative digital assets. So that report is available from TRMLabs.com.

Elliot Berman: And also related to stablecoins, Fed Governor Michael Barr gave a speech I think it was earlier this week, might have been right at the end of last week. And the title of speech was Exploring the Possibilities and Risks of New Payment Technologies, but he really focused on stablecoins. It's a, it's an interesting piece and I, uh, would commend people go to the Fed website and take a look at it. He talks about a lot of different things.

He highlights that the GENIUS Act has some gaps in it related to consumer protection and other things like that. He gives a little history lesson about privately created currencies. Uh, but I think it's a good read and it helps frame the issues for those of us who are not experts. So, uh, I commend people. Take a quick look at that.

John Byrne: Outside of the US again FINTRAC has announced an administrative monetary penalty on a company called Xeltox Enterprises that previously was known as Certa Payments, LTD, the administrative penalty of 176 million Canadian dollars for, 2,593 instances across six types of violations, the Proceeds of Crime Act.

And so some of these include failure on over a thousand separate occasions to submit suspicious transaction reports for transactions involving known dark debt markets, virtual currency wallets linked to criminal activity such as trafficking and child sexual abuse material, movement of fraud proceeds, laundering of ransomware payments and financial flows with reasonable grounds to suspect they were related to sanctions evasion, failure to develop and apply written compliance policies.

That's certainly understandable that would be the case. Failure to assess and document the risk of a money laundering offense and failure to submit on four separate occasions a notification of the change to the information provided in a prescribed application which is also an interesting find.

Uh, but the last one, failure to report on over 1500 separate occasions, the receipt from a client of an amount in virtual currency of 10,000 or more in the course of a single transaction together with the prescribed information. So a pretty extensive penalty. I saw somebody comment that the, this dollar amount was more than the total of all previous FINTRAC fines since their existence. I haven't checked that, but that was what one commentor said.

Elliot Berman: This strikes me and we've had a few of these in the US where it's a total compliance system failure. Uh, staying in Canada as part of their budgeting process, it's been announced that the the government plans to create a new financial crimes agency that will, uh combat fraud and tackle money laundering. So FINTRAC, which has been there a long time, is their FIU. This will be, I think a, although the details have not yet been announced, this is likely to be a a side-by-side agency. Canada also announced its first national anti-fraud strategy.

And there is some sense that some of this is in anticipation of its November FATF review, and that's because they will be one of the first countries to be reviewed under the newest FATF regime. So, clearly looking at their program and seeing what they need to do at the national level in addition to issuing gigantic, appropriate, but gigantic fines against, uh, organizations that aren't paying attention.

John Byrne: As we record this midweek, we know that the FATF Plenary is underway. We will obviously have reporting on that in our next conversation.

Elliot Berman: Yeah. So, moving to, uh, Europe, the UK is reorganizing, its AML compliance oversight process, and FCA is going to become the UK's primary AML watchdog. So in addition to financial services companies, they are going to become the main supervisor for the legal profession, accounting profession, trust companies and corporate service sectors. Those new groups are currently split among 23 different supervisors.

So if nothing else, this will at least get them in the fold. It is not changing the firm's obligations under the current compliance regime. Those rules as they apply to each sector will remain the same, but they're getting a new regulator.

John Byrne: Right. What do you have coming up? I know by the time people hear this our October webinar will have been completed.

Elliot Berman: Yes. And uh, so what we have coming up will be streamed on November 20th, and that's gonna be Global Regulatory Trends in Financial Crime Compliance. I know John, you are gonna handle that one as the moderator. You've got a great panel. I was in on the prep call the other day and I think it's gonna be really, uh, a good session.

And then just to give people a flash for the future on December 18th, we're going to stream the last webinar of the year, and that's Financial Crime Compliance Year in Review. And we have another great panel lined up. So, in addition to all the other things we're working on. And John, I know you've been talking to some people and plan to ha have some more podcasts, so you wanna mention a couple of those.

John Byrne: We are going to talk to the Human Security Collective about various issues regarding financial access in about two weeks scheduling that, that's an ongoing issue. Very similar group to the Charity and Security Network, and I am working to efforts, some other conversations.

But on, on my end, I wanted to end with one thing I we need to flag and that is over the weekend uh, the Trump administration freed representative, former representative George Santos from prison. He was serving a seven year prison term for federal fraud on which he stole money from veterans and others. The sentence was commuted according to the note that came out. It was immediate commutation of his entire sentence to time served with no further fines, restitution, probation, supervised release, or other conditions. And remember, he stole money from a number of veterans.

But I have picked up that, uh, this was in Nassau County is where the case occurred. The district attorney's office in Nassau County has just reported, which is part of the, uh, district where he used to represent, said that they have not eliminated the possibility that he could be prosecuted on state charges. The district attorney said the following, I'm proud of work my office has done. While the office cannot comment on ongoing investigation, suffice it to say that I remain focused on prosecuting political corruption wherever it exists, regardless of political affiliations. So it'll be interesting to see if, uh, Santos gets prosecuted under state charges since he was commuted for the fraud that he committed.

Elliot Berman: Well, John you have a good rest of the week and I will talk to you next week.

John Byrne: Take care.

Elliot Berman: You too. Bye-bye.