[House Hearing, 108 Congress]
[From the U.S. Government Printing Office]





                     RISK MANAGEMENT AND REGULATORY
                    FAILURES AT RIGGS BANK AND UBS:
                            LESSONS LEARNED

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                      OVERSIGHT AND INVESTIGATIONS

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                               __________

                              JUNE 2, 2004

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 108-91


                    U.S. GOVERNMENT PRINTING OFFICE
95-062                      WASHINGTON : DC
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512�091800  
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001

                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                    MICHAEL G. OXLEY, Ohio, Chairman

JAMES A. LEACH, Iowa                 BARNEY FRANK, Massachusetts
DOUG BEREUTER, Nebraska              PAUL E. KANJORSKI, Pennsylvania
RICHARD H. BAKER, Louisiana          MAXINE WATERS, California
SPENCER BACHUS, Alabama              CAROLYN B. MALONEY, New York
MICHAEL N. CASTLE, Delaware          LUIS V. GUTIERREZ, Illinois
PETER T. KING, New York              NYDIA M. VELAZQUEZ, New York
EDWARD R. ROYCE, California          MELVIN L. WATT, North Carolina
FRANK D. LUCAS, Oklahoma             GARY L. ACKERMAN, New York
ROBERT W. NEY, Ohio                  DARLENE HOOLEY, Oregon
SUE W. KELLY, New York, Vice Chair   JULIA CARSON, Indiana
RON PAUL, Texas                      BRAD SHERMAN, California
PAUL E. GILLMOR, Ohio                GREGORY W. MEEKS, New York
JIM RYUN, Kansas                     BARBARA LEE, California
STEVEN C. LaTOURETTE, Ohio           JAY INSLEE, Washington
DONALD A. MANZULLO, Illinois         DENNIS MOORE, Kansas
WALTER B. JONES, Jr., North          MICHAEL E. CAPUANO, Massachusetts
    Carolina                         HAROLD E. FORD, Jr., Tennessee
DOUG OSE, California                 RUBEN HINOJOSA, Texas
JUDY BIGGERT, Illinois               KEN LUCAS, Kentucky
MARK GREEN, Wisconsin                JOSEPH CROWLEY, New York
PATRICK J. TOOMEY, Pennsylvania      WM. LACY CLAY, Missouri
CHRISTOPHER SHAYS, Connecticut       STEVE ISRAEL, New York
JOHN B. SHADEGG, Arizona             MIKE ROSS, Arkansas
VITO FOSSELLA, New York              CAROLYN McCARTHY, New York
GARY G. MILLER, California           JOE BACA, California
MELISSA A. HART, Pennsylvania        JIM MATHESON, Utah
SHELLEY MOORE CAPITO, West Virginia  STEPHEN F. LYNCH, Massachusetts
PATRICK J. TIBERI, Ohio              BRAD MILLER, North Carolina
MARK R. KENNEDY, Minnesota           RAHM EMANUEL, Illinois
TOM FEENEY, Florida                  DAVID SCOTT, Georgia
JEB HENSARLING, Texas                ARTUR DAVIS, Alabama
SCOTT GARRETT, New Jersey            CHRIS BELL, Texas
TIM MURPHY, Pennsylvania              
GINNY BROWN-WAITE, Florida           BERNARD SANDERS, Vermont
J. GRESHAM BARRETT, South Carolina
KATHERINE HARRIS, Florida
RICK RENZI, Arizona

                 Robert U. Foster, III, Staff Director
              Subcommittee on Oversight and Investigations

                     SUE W. KELLY, New York, Chair

RON PAUL, Texas, Vice Chairman       LUIS V. GUTIERREZ, Illinois
STEVEN C. LaTOURETTE, Ohio           JAY INSLEE, Washington
MARK GREEN, Wisconsin                DENNIS MOORE, Kansas
JOHN B. SHADEGG, Arizona             JOSEPH CROWLEY, New York
VITO FOSSELLA, New York              CAROLYN B. MALONEY, New York
JEB HENSARLING, Texas                JIM MATHESON, Utah
SCOTT GARRETT, New Jersey            STEPHEN F. LYNCH, Massachusetts
TIM MURPHY, Pennsylvania             ARTUR DAVIS, Alabama
GINNY BROWN-WAITE, Florida           CHRIS BELL, Texas
J. GRESHAM BARRETT, South Carolina


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    June 2, 2004.................................................     1
Appendix:
    June 2, 2004.................................................    31

                               WITNESSES
                        Wednesday, June 2, 2004

Baxter, Thomas Jr., General Counsel and Executive Vice President 
  of the Federal Reserve Bank of New York, accompanied by 
  Katherine Wheatley, Assistant General Counsel, Federal Reserve 
  Board and Michael Lambert, Financial Services Cash Manager, 
  Federal Reserve Board..........................................     6
Stipano, Daniel, Deputy Chief Counsel, Office of the Comptroller 
  of the Currency................................................     5

                                APPENDIX

Prepared statements:
    Kelly, Hon. Sue W............................................    32
    Oxley, Hon. Michael G........................................    34
    Baxter, Thomas Jr............................................    36
    Stipano, Daniel..............................................    54

              Additional Material Submitted for the Record

Kelly, Hon. Sue W.:
    Bank Secrecy Act: OCC Examination Coverage of Trust and 
      Private Banking Services, U.S. Department of the Treasury..    74

 
                     RISK MANAGEMENT AND REGULATORY
                    FAILURES AT RIGGS BANK AND UBS:
                            LESSONS LEARNED

                              ----------                              


                        Wednesday, June 2, 2004

             U.S. House of Representatives,
      Subcommittee on Oversight and Investigations,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to call, at 2:13 p.m., in 
Room 2128, Rayburn House Office Building, Hon. Sue W. Kelly 
[chairwoman of the subcommittee] Presiding.
    Present: Representatives Kelly, Gutierrez, Moore, Maloney, 
and Matheson.
    Chairwoman Kelly. The subcommittee on Oversight and 
Investigations will examine risk management and regulatory 
failures at Riggs Bank and UBS, lessons learned this afternoon.
    Two weeks ago, this subcommittee explored proposals to 
streamline and federalize our current system to prevent money-
laundering and terror financing. The recent cases involving 
Riggs Bank and UBS reveal regulatory and risk-management 
breakdowns that also must be examined in order to strengthen 
our Government's ability to enforce our anti-money laundering 
laws.
    This afternoon, the subcommittee will investigate the 
noncompliant and inexcusable behavior of these two banks, along 
with the inadequate response of our regulators. In the OCC's 
oversight of the Riggs Bank's case, we find no better 
illustration of the inherent weaknesses of a fragmented 
regulatory regime.
    We find a regulator that was reportedly aware of 
noncompliance by Riggs with high-risk foreign clientele as far 
back as 1997, perhaps even earlier, and does nothing about it. 
We find a regulator that was slow to act even after the 
September 11 terrorist attacks inside our borders made the 
threat posed by terror-funding networks all too clear. We find 
a regulator with credibility so diminished that Riggs 
shamelessly continued to violate the Bank Secrecy Act even 
after a full-time OCC examiner was placed on the bank's 
premises following last summer's consent order.
    I am very interested in hearing directly from the OCC about 
how this happened. I am also deeply concerned that we are 
combating illicit funding networks inside our country with the 
regulatory structure that was not designed to be part of our 
arsenal in a war on terror.
    Though a lot of great strides forward have been taken, 
particularly with the creation of the Office of Terrorism and 
Financial Intelligence, the TFI, and with an elevated focus on 
improving FinCEN's capability, it is evident that this is still 
a work in progress. The time has come to replace slow-footed 
regulatory systems with one that is centralized, multi-
dimensional and focused intentionally on preventing our 
financial institutions from being exploited by criminals and 
terrorists.
    Therefore, this subcommittee will continue to pursue 
proposals that centralize our examination and compliance 
assets, that establish a criminal enforcement authority, that 
will restore the credibility of our regulators. Such reforms 
should establish clear lines of oversight, improve our ability 
to quickly detect and respond to suspicious activity and will 
make clear to financial institutions that, from now on, brazen 
violators are going to be going to jail instead of just paying 
a civil fine.
    Our hearing today also focuses on UBS's contract with the 
Federal Reserve Bank of New York to serve as an extended 
custodial inventory which facilitates the international 
distribution of U.S. Currency. Beginning with its contract in 
1996, UBS was in violation of its agreement to repatriate old 
U.S. banknotes and distribute--re-distribute new banknotes on 
behalf of the Federal Reserve. The bank knowingly traded U.S. 
currency through the ECI with countries subject to restrictions 
from the Office of Foreign Asset Control, including Cuba, Iran, 
Libya, and Yugoslavia. The most serious and disturbing 
violation has been the discovery that officers and employees at 
UBS intentionally falsified documents to side-step detection by 
U.S. authorities.
    Though these actions and the company's failure to implement 
internal controls made it exponentially more difficult to 
detect suspicious activity, it is also important to examine how 
and why routine oversight by the Federal Reserve and the OCC 
didn't raise any concerns. In fact, this subcommittee is deeply 
concerned that contract violations would likely still be 
occurring today had our military not been in a position to find 
U.S. dollars from the Federal Reserve Bank of New York on the 
ground in Iraq. As such, I believe that we must investigate all 
ECI contracts to ensure that foreign governments and financial 
institutions are cooperating with our Government.
    While Riggs Bank and UBS illustrate two distinct regulatory 
meltdowns, they both speak clearly to the need for improving 
our efforts to stop terrorist financing. It may create new and 
unfamiliar responsibilities for financial institutions, but it 
is a moral and ethical responsibility and a license required to 
do business in this country.
    We thank our witnesses for their testimony and hope that 
they can shed some light on these issues. I look forward to 
continuing this discussion in the subcommittee's hearing next 
week regarding the oversight of the Department of Treasury and 
the agency's anti-money laundering efforts.
    I turn now to Mr. Gutierrez.
    [The prepared statement of Hon. Sue W. Kelly can be found 
on page 32 in the appendix.]
    Mr. Gutierrez. Thank you Madam Chairwoman. Thank you for 
calling this hearing today. It is important, especially given 
recent events, as we closely examine our anti-money laundering 
efforts and whether they are sufficient. I am pleased we will 
be looking--we will hear from the regulators about how these 
problems occur and what steps have been taken to prevent their 
re-occurrence.
    The last time Congress was this concerned with the actions 
of UBS was when the Senate Banking Committee was investigating 
the sources of Holocaust financing and UBS attempted to shred 
documents which showed the extent of its involvement. I would 
have hoped that UBS would have learned from the experience to 
take U.S. law and the U.S. Congress much more seriously. I also 
recall the reluctance of Swiss banking authorities to cooperate 
at that time. While I understand that the Swiss Federal banking 
economist was much more helpful in this effort, most foreign 
bank supervisors simply lack the supervisory tools and 
authority of our regulators here in the U.S.
    I think, perhaps, this extended custodial inventory, ECI, 
business should be restricted to U.S. Institutions so that we 
can ensure no dealings with OFAC nations, and nations' 
activities can be closely supervised by U.S. Regulators who 
need to take an active role in monitoring these activities.
    While this fine of a $100 million seems very large, it is 
merely, I believe, a drop in a bucket of a $1 trillion 
institution. It is a one-time penalty that may not have the 
deterrent effect against misconduct that we may have hoped for. 
In this case, the ECI business wasn't particularly profitable 
for the bank--or they say--so the termination of the contract 
and the exclusion from the part of their business isn't likely 
to hurt their financial bottom line very much. It might make 
more sense to punish an institution of the size of UBS by 
restricting their conduct in a more profitable area, such as 
their ability to operate in the United States or making them 
sell off certain aspects of their business which we know to be 
profitable.
    I am also deeply troubled by the Riggs situation. It 
represents not merely a failure of one institution's internal 
controls, but a fundamental flaw in its regulation. It is my 
understanding that the flaws in Riggs systems were long 
outstanding and systematic, dating well before the Patriot Act. 
The recent consent order is something that should have happened 
2 years ago, if not earlier. I don't understand why the OCC was 
not more vigilant on this front and why it took them so long to 
take these actions.
    I also understand that Rigg's problems were initially 
discovered by the FBI, rather than the OCC, and that the 
irregularities in New Guinea were discovered by the bank itself 
and not the OCC. I don't understand, in a risk-based 
supervisory system, why the OCC was not more closely monitoring 
Riggs and why these actions were not brought to light much 
sooner and appropriate action taken. 9/11 was a wake up call 
for the industry and should have been for all regulators as 
well. Our safety depends on banks and bank regulators to be on 
the front lines to prevent terrorists from using international 
financial systems to fund their activities.
    I am gravely concerned that the regulator has not made this 
responsibility a higher priority, and their resources may be 
spread too thin to fulfill their obligations. I have previously 
expressed this concern about the OCC's attempt to broaden their 
portfolio into areas the Congress has not authorized. And I 
think, in fact, the financial services committee is on the 
record in agreeing with me on this point.
    One final point which I mentioned at our May 18 hearing, 
the OCC issued, its fine, late on a Thursday. On that Friday, a 
Maryland woman called her Congressman. She was very concerned 
about her bank account at Riggs Bank. She was referred to the 
Banking Committee staff. And she said that she wanted to talk 
to the regulator. My staff supplied the phone number for the 
OCC's Customer Assistance Group. But unfortunately, they don't 
operate on Fridays. They only talk to consumers 4 days a week 
and then only from 9 to 4, so that woman had to wait from 
Thursday night till Monday before she could possibly reach 
someone at the OCC.
    I would like to know what consumers are supposed to do when 
the OCC is not operating its call center. I think this agency 
is not concerned about consumers, and I have to doubt its 
commitment to an anti-money laundering effort.
    Thank you again, Chairwoman Kelly, for calling this 
hearing, on this hearing, on this issue.
    Chairwoman Kelly. Thank you, Mr. Gutierrez.
    Ms. Maloney? Whoops. Mr. Moore?
    Mr. Moore. Madam Chairperson, I will simply welcome the 
witnesses here today.
    I want to listen and learn, and I appreciate your convening 
this hearing.
    Chairwoman Kelly. Thank you.
    Mr. Matheson?
    Mr. Matheson. I will just reiterate what Mr. Moore said. I 
am looking forward to the hearing. Thank you, Madam Chairwoman, 
for calling it.
    Chairwoman Kelly. Thank you.
    I am going to just simply say that, without all objection, 
all Members' opening statements will be made part of the 
record. One of the reasons for this is that we have a very busy 
schedule right now, and we were going to, with unanimous 
consent, we will just make them all part of the record.
    Chairwoman Kelly. Now, I would like to introduce our panel. 
With us today are the representatives from the Office of the 
Comptroller of Currency and the Federal Reserve Bank of New 
York.
    Our first witness, Mr. Daniel Stipano, was appointed deputy 
chief counsel of the OCC in December of 2000. He is also a 
member of the Treasury Department's Bank Secrecy Act Advisory 
Group and the National Interagency Bank Fraud Working Group. 
Prior to this appointment, Mr. Stipano served as director of 
the OCC's Enforcement and Compliance Division since 1995.
    Our second witness is Mr. Thomas C. Baxter, Jr., general 
counsel and executive vice president of the legal group at the 
Federal Reserve Bank of New York. Mr. Baxter has assumed this 
role since 1995 and also serves as its deputy general counsel 
of the Federal Open Market Committee. His principal 
responsibility is to supervise the day-to-day operation of the 
New York Fed's legal group. That is a big job. We thank you.
    And we thank you for being here. We thank you for your 
testimony today. And without objection, your written statements 
will be made part of the record.
    If you have not testified before a committee before, you 
will be recognized for a 5-minute summary of your testimony. 
There are lights there that will come on the boxes. The green 
light means you have 5 minutes. The yellow light means, please 
sum up in 1 minute, and the red light means, if you haven't 
already summed up, please try to do that as quickly as 
possible. Thank you very much.
    And we will begin with you, Mr. Stipano.

STATEMENT OF DANIEL P. STIPANO, DEPUTY CHIEF COUNSEL, OFFICE OF 
                THE COMPTROLLER OF THE CURRENCY

    Mr. Stipano. Chairwoman Kelly, Ranking Member Gutierrez and 
members of the Subcommittee, I appreciate this opportunity to 
discuss the OCC's supervision of Riggs Bank N.A. and 
particularly our efforts to bring Riggs into compliance with 
the Bank Secrecy Act. The OCC and FinCEN recently assessed a 
$25 million civil money penalty against Riggs for violations of 
the BSA. The OCC also took a separate cease and desist action 
to supplement the Order issued against the bank in July 2003.
    The OCC first identified deficiencies in Riggs procedures 
several years ago. Beginning in the late 1990s, we recognized 
the need for improved processes at Riggs and for improvements 
in the training in, and awareness of, the BSA's requirements 
and in the controls over their BSA processes. Prior to 9/11, 
the OCC visited the bank at least once a year and sometimes 
more often to either examine or review the bank's BSA 
compliance program.
    Over this time frame, OCC examiners consistently found that 
Riggs' program was either satisfactory or generally adequate, 
meaning it met the minimum requirements of the BSA, but we 
nonetheless continued to find weaknesses and areas of its 
program that needed improvement. We addressed those weaknesses 
using various informal supervisory actions.
    After 9/11, the OCC escalated its supervisory efforts to 
bring Riggs' compliance program to a level commensurate with 
the risks that were undertaken by the bank. In 2002, the OCC 
conducted a series of anti-terrorist financing reviews at our 
large or high-risk banks, including Riggs. As a result of these 
reviews and other internal assessments, plus published reports 
of suspicious money transfers involving the Saudi Embassy 
accounts, our concerns regarding Riggs' anti-money laundering 
program were heightened. Thus we conducted another examination 
of Riggs in January 2003.
    The focus of that examination was on Riggs' embassy banking 
business and, in particular, the Saudi Embassy accounts. The 
examination lasted for approximately 5 months and involved 
agency experts in the BSA and anti-money laundering area. It 
disclosed serious BSA compliance program deficiencies that 
resulted in the bank's failure to identify and report 
suspicious transactions occurring in the Saudi Embassy 
accounts.
    The finding from the January 2003 examination formed the 
basis for the July 2003 cease and desist order.
    Throughout this examination, there was regular contact with 
the FBI investigators. We provided the FBI with voluminous 
amounts of documents and information on the suspicious 
transactions, and we hosted a meeting with the FBI to discuss 
these documents and findings. Throughout this process, we 
provided the FBI with expertise on both general banking matters 
and on some of the complex financial transactions that were 
identified.
    The OCC began its next examination of the bank's BSA 
compliance in October 2003. The purpose of this examination was 
to assess compliance with the Order and the USA PATRIOT Act and 
to review accounts related to the Embassy of Equatorial Guinea. 
The examiners found that, as with the Saudi Embassy accounts, 
the bank lacked sufficient policies, procedures, systems and 
controls to identify suspicious transactions concerning the 
bank's relationship with Equatorial Guinea. The findings from 
this examination as well as from previous examinations formed 
the basis for the OCC's recent civil money penalty and cease 
and desist actions.
    In retrospect, as we review our BSA-compliance supervision 
of Riggs during this period, we should have been more 
aggressive in our insistence on remedial steps at an earlier 
time. We also should have done more extensive probing and 
transaction testing of the Embassy accounts. As described more 
fully in my written testimony, we have reevaluated our BSA 
supervision processes in light of this experience, and we will 
be implementing changes to improve how we conduct supervision 
in this area.
    While not to be minimized, the Riggs situation must be put 
in broader context. Unlike other financial institutions which 
have only recently become subject to compliance program and 
suspicious activity reporting requirements, banks have been 
under such requirements for years. Not surprisingly, banks are 
widely recognized as the leaders among the financial services 
industry in the anti-money laundering area. The role of the OCC 
and the other Federal banking agencies is not that of criminal 
investigators, but rather to ensure that the institutions we 
supervise have strong anti-money laundering programs in place. 
As a consequence of our supervision, most banks today have 
strong anti-money laundering programs, and many of the largest 
national banks have programs that are among the best in the 
world.
    In conclusion, the OCC is committed to preventing national 
banks from being used wittingly or unwittingly to engage in 
money laundering, terrorist financing or other illicit 
activities. We are ready to work with Congress, the other 
financial institutions regulatory agencies, law enforcement and 
the banking industry to continue to develop and implement a 
coordinated and comprehensive response to the threat posed to 
the Nation's financial system by money laundering and terrorist 
financing.
    [The prepared statement of Daniel P. Stipano can be found 
on page 54 in the appendix.]
    Chairwoman Kelly. Thank you very much.
    Mr. Baxter.

STATEMENT OF THOMAS BAXTER, JR., GENERAL COUNSEL AND EXECUTIVE 
 VICE PRESIDENT, FEDERAL RESERVE BANK OF NEW YORK, ACCOMPANIED 
 BY KATHERINE WHEATLEY, ASSISTANT GENERAL COUNSEL, AND MICHAEL 
            LAMBERT, FINANCIAL SERVICES CASH MANAGER

    Mr. Baxter. Chairwoman Kelly, Representative Gutierrez and 
Members of the subcommittee, my name is Thomas Baxter, and I am 
the general counsel and executive vice president of the Federal 
Reserve Bank of New York.
    At the New York Fed, I have responsibility for the Legal 
Department, Security and the Court Secretary's Office. With me 
today are two representatives of the Federal Reserve Board, 
Katherine Wheatley, assistant general counsel, and Michael 
Lambert, financial services cash manager.
    Chairwoman Kelly. We welcome their presence. Thank you very 
much, Mr. Baxter.
    Mr. Baxter. We appreciate your invitation and are 
privileged to appear before you to discuss the Federal 
Reserve's operation of the extended custodial inventory, or ECI 
program, and our responses to UBS's misconduct in operating one 
of our ECI facilities.
    The U.S. dollar is the most desired form of money in the 
world. In many ways, our dollar represents the strength of the 
American economy. The dollar is so desired around the world 
because it is a stable, always-reliable medium of exchange and 
store of value. Today, I will be speaking about the Federal 
Reserve's operation of the ECI program, and I should start by 
describing that program.
    In operation since 1996, when the Treasury, Secret Service 
and Federal Reserve collectively decided to launch it, the ECI 
program has been a great success. The program sustains the 
quality of the U.S. dollar banknote, helps to deter 
counterfeiting and provides an efficient and effective 
mechanism for the distribution of those notes in our largest 
market, the market outside of the United States. We estimate 
that up to two-thirds of our currency, or over $400 billion, 
circulates outside of the United States.
    The ECI program involves the use of financial institutions, 
mainly commercial banks, that are highly active in the 
international currency distribution business as Federal Reserve 
contractors. These institutions agreed to extend the Federal 
Reserve's reach into major financial centers of other countries 
and hold inventory of our most popular product, that is the 
Federal Reserve note. They do this by holding in custody for us 
in their vaults U.S. dollar notes that we expect to distribute 
abroad or old and unfit notes that we wish to repatriate. The, 
quote, ``extended custodial inventory,'' unquote, facility, 
helps to assure the quality of our product and its efficient 
distribution.
    With respect to quality, the ECI facility performs two 
important functions. First, it positions us to better monitor 
and control the quality of our product by identifying 
counterfeit notes. The ECIs are well situated to detect such 
notes, to remove them from circulation, to provide intelligence 
to law enforcement authorities, both here and abroad, and to 
distribute new authentic notes. They perform similar functions 
with respect to what we at the Federal Reserve call unfit 
notes, which is a cash-processing codeword for worn and dirty.
    As for the efficiency of our distribution network, through 
our ECI contract partners, we are positioned in high-volume, 
wholesale banknote markets. Currently, these markets are 
located in London, Frankfurt, Zurich, Hong Kong and Singapore. 
At the present time, we have ECI contracts with American 
Express Bank, Bank of America, HSBC Bank USA, the Royal Bank of 
Scotland and United Overseas Bank. Our ECI contractors bring 
into the markets they serve new fit notes quickly, and with 
similar expedition, they repatriate unfit or old-design notes 
to the United States for destruction.
    They have ready a substantial inventory of notes to satisfy 
the periodic spikes in supply and demand encountered in a world 
full of uncertainties. Because these notes are Federal Reserve 
property, the ECI contractors do not have to finance the 
inventory when it is not needed. This leads me to my first 
point.
    The experience that we have had with UBS does not change 
the fact that the ECI program is a success, nor should it 
detract from the importance of the program to the Federal 
Reserve, the Treasury, and the Secret Service. I hasten to add 
that I am in no way trying to minimize what UBS did. The breach 
by UBS of our contract was wrongful, and the concerted acts of 
deception by UBS carried out over a long period of time, 
violated our laws.
    The Federal Reserve terminated the contract with UBS in 
October of 2003. And we assessed a $100 million civil money 
penalty against UBS on May 10, thereby remedying the breach and 
punishing UBS's deception. This leads to my second point, which 
looks at how we respond when someone doing our business 
performs badly.
    The prompt corrective action taken to terminate the Federal 
Reserve's contractual relationship with UBS and to punish 
deception by UBS with a large monetary penalty demonstrates a 
resolve that Federal Reserve operations will be conducted to 
the highest standards and in full compliance with U.S. legal 
requirements. In this regard, it is noteworthy that our ECI 
contracts in essence export U.S. legal requirements, including 
OFAC restrictions, to offshore facilities. The U.S. sanctions 
regime generally cannot be applied extra-territorially.
    When the Federal Reserve learned that UBS breached its 
contractual obligations to abide by the restrictions of the 
U.S. sanctions program and engaged in U.S. dollar transactions 
with impermissible jurisdictions, we acted swiftly and surely. 
We terminated our contract with UBS and debited UBS's account 
with us for the entire inventory maintained in the Zurich 
vault.
    In a day, UBS lost an entire business line that had been 
profitable throughout the 8 years that UBS served as an ECI 
contractor. The forfeiture of profitable business is a 
financial consequence. UBS also suffered a reputational injury. 
Through the related action of our colleagues at the Swiss 
Federal Banking Commission, UBS is forbidden from reentering 
the wholesale external banknote business without the permission 
of the commission. This leads to my third point.
    The Federal Reserve will not tolerate deception. We will 
not tolerate deception from those banking organizations that we 
supervise, and we will not tolerate deception from those with 
whom we contract to execute important Federal programs. The ECI 
program is one such program. To transact business out of the 
Zurich facility with Iran, Cuba, Libya, and Yugoslavia, as UBS 
did, UBS personnel needed to act covertly and to hide their 
activity from the Federal Reserve. The people who engaged in 
such conduct in Switzerland have lost their jobs. The business 
franchise is no more. In the civil money penalty that we 
announced on May 10, UBS paid a heavy price for the deceit of 
the banknote personnel which it formally employed.
    Turning for just a moment back to the ECI program, the 
imposed penalty gave our remaining ECI operators 100 million 
reasons to be truthful. And on top of all of that, the Swiss 
Federal Banking Commission issued a formal, public, quote, 
``reprimand,'' unquote to the largest bank in Switzerland. The 
banknote personnel of UBS deceived people at the Banking 
Commission just as they deceived us. Our colleagues at the 
Banking Commission joined with us in finding such deception 
inexcusable and warranting that reprimand. This brings me to my 
fourth and my final point.
    At the Federal Reserve, we are dedicated to continuous 
improvement, and we know that all internal controls can be 
bolstered through the lessons of experience, including our own 
unfortunate experience in the UBS matter. That experience has 
shown that our primary control for compliance with the country 
restrictions in the contract, namely, truthful monthly 
reporting of currency transactions by country, was just not 
sufficient. With the country reports that we received from UBS, 
we did not follow the old audit admonition, quote, ``trust but 
verify,'' unquote. Since February of this year, our ECI 
contracts have a number of new features that enhance the 
control environment and provide for the necessary verification. 
One is the requirement that management of our ECI contractors 
attest yearly on contract compliance and accurate reporting and 
that an independent public accounting firm certify to the 
Federal Reserve that the management attestation is fairly 
stated. This Sarbanes-Oxley inspired change shows our 
commitment to continuous improvement.
    Another new feature is a 17-point procedural program that 
spells out the ECI contractor's responsibilities for OFAC and 
anti-money laundering compliance. This program provides for 
OFAC risk-assessments, requires the implementation of ECI 
program internal controls, establishes operational 
responsibility for compliance and specifies internal and 
external audit requirements. Moreover, each ECI operators 
policies and procedures directed at OFAC's compliance will be 
reviewed by a team of experts from both the New York Feds and 
OFAC.
    Let me conclude by summarizing my four points. The ECI 
program is important and successful because it fosters the 
excellent quality of U.S. currency, and it has efficient 
distribution outside the United States. When someone performs 
poorly in the ECI program, you can be assured that the Federal 
Reserve will respond with prompt force, full corrective action. 
If there is deception in addition to poor performance, as was 
the case with UBS, the consequences will be severe. Finally, we 
will strive to continuously improve our internal controls and 
the ECI program by borrowing the best ideas and by learning 
lessons from our experiences. Thank you for your attention. And 
I look forward to answering any questions you may have.
    [The prepared statement of Thomas Baxter Jr. can be found 
on page 36 in the appendix.]
    Chairwoman Kelly. Thank you Mr. Baxter. I am sure there 
will be questions.
    I am going to turn to you, Mr. Stipano. I have seen news 
reports that indicate that your agency was aware of compliance 
problems at Riggs as far back as 1998, 1997 or 1999 and I see 
your testimony says late 1990s. When exactly, what month and 
year, did the OCC recognize problems and violations were 
occurring at Riggs?
    Mr. Stipano. Well, I can't give you the month, but I can 
give you the year. As far back as 1997, we cited the bank for 
deficiencies in its Bank Secrecy Act compliance program. The 
types of deficiencies that were flagged at the time tended to 
have to do with the individual elements of a compliance 
program, in other words, with training, internal controls, 
testing, et cetera. Those deficiencies were somewhat technical 
in nature and were not really at a level that would normally 
require use of formal enforcement action to correct.
    Chairwoman Kelly. Is there--Mr. Stipano, I am going to ask 
you this again.
    Mr. Stipano. Okay.
    Chairwoman Kelly. I would like to know a month. If it was 
1997, what month?
    Mr. Stipano. I don't have that information at my 
fingertips. We would be happy to provide it to you though.
    Chairwoman Kelly. I would appreciate if you will do that.


    [Subsequently Mr. Stipano advised Mrs. Kelly that the month was 
August of 1997.]

    Mr. Stipano. We will do that.
    Chairwoman Kelly. I think that is important for us to know.
    Mr. Stipano. Understood.
    Chairwoman Kelly. The problems you just outlined, training, 
testing, internal controls, why did it take 6 years for the SAR 
reports, that problem not to come to light? Your agency knew 
that there were violations at Riggs. It took an unusual step in 
2003 to put a full-time examiner on-site, but it wasn't until 
2004 that you took some action by assessing a fine.
    I think you would agree that eradicating terror financing 
is one of the most time-sensitive issues that has ever faced 
our financial regulatory system. I want to know why the agency 
dawdled before taking any real action if you knew about these 
problems. You knew about them 3 years before 9/11. But even 
after that wake-up call, it took another 2 years before you got 
a full-time examiner on site, and the violations were still 
continuing with your full-time examiner.
    I just--you know, I just--it boggles my mind. I am sure it 
probably boggles yours. But I would like to know why the agency 
dawdled in not taking any real action here.
    Mr. Stipano. I don't know that I would characterize us as 
having dawdled.
    But I would agree that, with hindsight, there certainly 
were judgments that we made that turned out not to be the 
correct ones. Let me go back a little bit in time because I 
think it is useful to look at our supervision of Riggs, both 
pre-9/11 and post 9/11. Pre-9/11, we did many examinations of 
the bank focusing on the adequacy of their BSA compliance 
program, which is our charge. The bank had a program and was in 
compliance with the regulation. In other words, the regulation 
requires that all banks have a program in place and that it 
cover four areas. The bank had that. But it didn't perform on 
each of those elements as well as it needed to. There were 
deficiencies. The training needed to be better. The controls 
needed to be beefed up. What we did not know at that time were 
the types of substantive violations of the BSA that were 
discovered as a result of our examination in 2003.
    I think there are a couple of reasons for that. And I will 
be very up front with you. The first is that we trusted 
management too much to get the problems fixed. In the vast 
majority of cases where you have these types of violations, the 
examiners bring them to the attention of management and the 
board, and the problems get fixed. And that is usually the end 
of it. That didn't happen at Riggs. There was an effort made to 
fix the problems, but the effort took a long time. It took 
longer than it should have, and we were willing to give 
management too much slack.
    The other error in judgment that was made during that time 
frame was that we under-estimated the risk in the Embassy 
accounts. Pre-9/11, embassy accounts were not viewed by the OCC 
or anyone else that I know of as high-risk accounts. The types 
of things that we were focusing on for in-depth examinations 
were foreign private banking, foreign correspondent, accounts, 
accounts with Russian entities, accounts with countries that 
are on the Financial Action Task Force list, but not embassy 
accounts. As it turned out, there was a lot of risk in those 
embassy accounts, but it did not come to light until after 9/
11.
    Chairwoman Kelly. I am looking now at an OCC examination. 
It is entitled Bank Secrecy Act, the OCC Examination Coverage 
of Trust and Private Banking Services issued by the Office of 
Inspector General, November 29, 2001. In there, there is a 
chart that lists your rate of coverage and testing high-risk 
transactions for foreign correspondent banking at 0 percent. In 
other words, in November of 2001, the IG's report says you 
weren't even looking at this stuff. And that's November of 
2001. You still weren't looking at this. With unanimous 
consent, I am going to insert this into the record.
    [The following information can be found on page 74 in the 
appendix.]
    Chairwoman Kelly. But that, sir, begs the question about 
what those people were doing between 2001, November, and 2003, 
when you finally put somebody in the bank. I am not asking you 
a question. I am simply making a statement here that there had 
to be some knowledge somewhere, institutionally within the OCC 
I suspect, that would have brought to bear some more 
information gathering and better oversight on foreign 
transactions.
    What kind of an interaction did you have with bureaus like 
FinCEN and the Fed after the OCC became aware of the Riggs 
problems? When did the law enforcement get involved? And I 
would like to know what--it was a result of the investigation 
into the report of the financial link between the Saudi 
ambassador's wife and the 9/11 hijackers. Was that what 
triggered this? What triggered this?
    Mr. Stipano. Maybe it would be useful for me to walk you 
through the chronology, post 9/11. You are absolutely correct; 
9/11 turned the world on its head, including our world in the 
regulatory agencies. Our immediate response in the aftermath of 
9/11 was to work with law enforcement to identify where the 
accounts of the 9/11 hijackers were, as well as where the 
accounts of other individuals and entities that were linked 
with the hijackers were.
    A process was put into place 5 weeks after 9/11 whereby the 
FBI could provide us with the names of suspected terrorists and 
people who were linked to terrorism, and we would blast it out 
by e-mail to every one of our financial institutions, who would 
then be obligated to report back and identify the account. So 
that was something we did immediately after 9/11.
    Another major initiative at that point was to implement the 
PATRIOT Act, which was passed a few weeks after 9/11. It put 
some requirements in place very quickly. But very little of 
that statute was self-effectuating. It required that 
regulations be written. So we worked on various work teams with 
the Treasury Department and the other Federal financial 
institutions regulators to write regs to implement the PATRIOT 
Act.
    Another step that had to be taken was to write new exam 
procedures. Pre-9/11, our focus in this area was on money 
laundering. Post-9/11, now we are looking at something 
relatively new, terrorist financing. So we needed new exam 
procedures. These were all things that were done in the 
immediate month after 9/11.
    In the summer of 2002, we embarked on a series of anti-
terrorist financing reviews at most of our large banks and our 
other high-risk banks, including Riggs. The purpose of those 
reviews was to, determine the extent of compliance with the 
PATRIOT Act requirements that were in place as of that time, 
and to see what the banks were doing to deter and prevent 
terrorist financing. And to the extent that we discerned 
weaknesses, we would then follow up with a more full-scope 
exam.
    Riggs was, as I said, part of that group that was examined 
with these anti-terrorist-finance exams. And it disclosed 
weaknesses. So that was part of our impetus for doing the 
January of 2003 exam.
    Now, in the meantime, that fall, there were published 
accounts of Riggs accounts related to the Saudi Embassy that 
may have been used to funnel information to people associated 
with the hijackers. Obviously, became aware of that and that 
caused us to focus with particularity on the Saudi Embassy 
accounts. Up to that point, other than the normal types of 
supervisory interactions that we would have with the Fed on any 
bank that has a holding company, there was not extensive 
contact with other agencies. There was not with FinCEN, and to 
my knowledge, there was not with the FBI.
    Once that examination began, that all changed. The exam we 
did in January of 2003 involved some of our best agency 
experts. It went on for 5 months. It was an intensive drill-
down type of look at the Saudi accounts, and it discovered all 
kinds of problems, mainly a lack of sufficient know-your-
customer documentation and a failure to file suspicious 
activity reports in noncompliance with the BSA.
    This information was provided to the FBI. We had many 
meetings with the FBI. I shared a lot of information with them, 
and at the conclusion of the examination, we made a referral to 
FinCEN for the assessment of civil money penalties under the 
Bank Secrecy Act.
    Chairwoman Kelly. Okay. I think that we can talk about that 
further because it brings questions in my mind about when you 
say that there was no contact between your agency, FinCEN, FBI 
and the Treasury prior to this. It just--I hope that that has 
changed.
    Mr. Stipano. But at that point, there really wouldn't have 
been a reason to. I mean, we would normally make a referral to 
FinCEN under guidelines that FinCEN and the banking agencies 
agreed to many years ago. Prior to that January 2003 exam, 
systemic BSA violations had not been discovered, so there would 
not have been a basis for a referral to FinCEN. And we were 
unaware of any criminal violations that would have necessitated 
a contact with the FBI.
    Chairwoman Kelly. Well, in 1997, there were some areas of 
concern. And it didn't improve, and it continued to not 
improve. I think we should--I think we should maybe get into 
another dialogue about this, and I will have some further 
follow-up questions on it as I think.
    But the report that was--a report that was issued by the 
Treasury Inspector General found that you really lacked, as I 
pointed out, sufficient testing of the high risk transactions 
that were commonly associated with money laundering or lacked 
review and evaluation of critical BSA reports that banks are 
required to file. Now, that is--I am quoting from the inspector 
general's report that I put into the record. Specifically, 
examiners did not test wire transfers, transactions with 
foreign correspondent banks, currency transaction reports or 
suspicious activity reports. In fact, when they looked at that, 
you had a 0 percent score.
    The report concluded that the OCC should ensure that 
examiners complete transactional testing of high-risk BSA 
areas, and this was November 2001. And it notes that the OCC 
management concurred with that recommendation. So the 
management, the OCC knew in 2001 that there were shortcomings 
there. And, you know, if you--the OCC scored 0 percent in high-
risk areas. You wonder then, there are some other things on 
that chart. You wonder about some of these other areas. And if 
you thought you were performing at a certain standard, you 
think that you maybe now might be overstating your ability to 
handle the issues? I was adding up this--your testimony, the 
number of people who worked for the OCC. You have taken on a 
lot. And I am wondering if you are overstating your ability to 
handle the issues.
    In the Riggs case, that bank is located just a couple miles 
from its own regulator, the OCC, in a high-threat area with the 
largest embassy banking clientele. You begin to wonder how many 
warning signs it takes, how many IG reports it takes. And you 
begin to wonder that--how can the American people have any 
confidence to handle this financial oversight? You know, 
banking regulators have had every warning and every 
opportunity, and I am not so sure we can win any longer.
    On a scale of 1 to 10, how would you rate banking 
regulators' ability to oversee the BSA compliance right now?
    Mr. Stipano. 9. This is not a new area for us, Chairwoman 
Kelly. This is something that we have been doing for decades. 
And I am not saying that we are perfect and that--I am not 
saying that the supervision that we did in Riggs was perfect. 
But our job is to ensure that banks have strong anti-money 
laundering programs, and banks have been under that requirement 
for 17 years.
    The OCC has been very aggressive and vigorous in this area. 
For example, since 1998, we have taken 78 formal enforcement 
actions against banks and their institution-affiliated parties 
that were based in whole or in part on violations of the Bank 
Secrecy Act. Some of those cases are among the most significant 
money-laundering cases that the United States Government has 
ever brought, and the OCC played a key role in those cases.
    As a consequence of our vigilance in this area, most banks 
have excellent BSA compliance programs, and some of the largest 
national banks have programs that are among the best in the 
world. They are the model that nonbanking financial 
institutions are trying to achieve.
    And, frankly, I think the real area of concern and one of 
the best things that the PATRIOT Act did was it extended the 
types of requirements that banks are under, like the compliance 
program requirement and the SAR filing requirement, to a whole 
host of industries that previously had not been subject to 
those requirements: money transmitters, pawn brokers, broker-
dealers, et cetera. And the task now is to get those industries 
up to the level where the banks are.
    Chairwoman Kelly. Finally, I look inside here, and you say 
you have nearly 17,000 examiners in the field. It seems to me 
that what happened with Riggs may not be an isolated case. I 
think that there may be difficulty in communications with other 
agencies. I think that maybe it might be time, for the sake of 
the American people's trust in our financial system, to let the 
agency egos be put aside and start recommitting to working 
together so that you can share information.
    I am very concerned that information has not and may still 
not be shared between agencies. The problem is, one, when a 
regulator goes in and begins to look at the things they are 
charged to look at, they get very involved in the paper work, 
the appropriate forms filled out, the appropriate forms filed 
and the appropriate filing cabinets. It does us no good, in 
terms of bank regulation and enforcement, to have everything go 
into a filing cabinet and not be enforced. And I am very 
concerned that we maybe think about not only civil but criminal 
enforcement and possibly think about ensuring that compliance 
is assisted by a criminal enforcement program within the 
Treasury.
    Do you think it would have made a difference last year, if 
Riggs--when Riggs was kind of shamelessly flaunting all your 
regulations in your face---if someone had been able to pick up 
in Treasury, at that moment, and had criminal enforcement 
powers for the BSA? I mean, right now, the IRS is the only one 
that has that power. Wouldn't it be helpful that maybe we have 
criminal enforcement capability with people who are familiar 
with the controls and the systems of the financial institutions 
to put it all together?
    When your reports come in and say, wait a minute, this is a 
red flag, something needs to happen. What do you think about 
that?
    Mr. Stipano. I think it would be very, very difficult for 
another agency or group of agencies to duplicate or improve on 
the job that the banking agencies do when it comes to assessing 
the adequacy of a BSA compliance program for a couple of 
reasons. One is that we have at our disposal thousands of bank 
examiners who are skilled experts at doing this, and that would 
not be true with another agency. And the type of work that is 
involved, assessing controls, assessing training, testing, is 
within the particularized skill sets of most bank examiners. So 
handing that function to another agency, in my view, would be a 
step backward and would not improve compliance in the anti-
money laundering area.
    That said, I agree with you that there is room for 
improvement when it comes to coordination among Government 
agencies and information-sharing. One area where I think that 
the Government is lacking is that information-sharing often is 
a one-way street from the banks and from the banking agencies 
to criminal law enforcement. There has been improvement since 
the PATRIOT Act. The process that I described to you 
previously, of sending out the control list, has now been 
codified under Section 314 of the PATRIOT Act. That is a 
significant development that has made it much easier for law 
enforcement to target accounts of potential terrorists. But 
that is relatively new.
    What I think would help the banking agencies probably more 
than anything would be for the Treasury Department and FinCEN 
in particular to better utilize the data that they have to 
provide us with analytical reports that would allow us to be 
better at identifying the risks and concentrating our resources 
on the high-risk banks and the areas within the banks that pose 
the greatest degree of risk. That is something that I 
understand is a very high priority with FinCEN presently and 
something that they hope to accomplish.
    Chairwoman Kelly. Well, right now, FinCEN doesn't have the 
ability to enforce anything. They are collecting. And they are 
collecting information. Streamlining and centralizing.
    I heard you talk about streamlining, but I think also maybe 
we need to think about centralizing information so that it can 
be appropriately examined with one oversight and be responded 
to, so we don't have another instance where it has taken since 
1997 before people throw up their hands and said, ``Oh my 
goodness, there is something happening here.'' that is--
streamlining and centralizing might be good. It is not 
necessarily always one of the things that we do with the 
Federal Government, but in this instance, it might be a good 
thing. So maybe we can talk about that also.
    Mr. Stipano. I just want to be clear on this point though 
because our view is that, while errors in judgment were made on 
Riggs, Riggs was an anomaly and the system as a whole presently 
functions very well. It can be improved, and we hope to improve 
it. And the way to improve it is through better coordination 
among agencies and increased information-sharing. The solution, 
in our view, is not to junk the present system and replace it 
with something else, because I don't believe that you will 
replace it with a system that is better than the one you have 
right now.
    Chairwoman Kelly. Well, Mr. Stipano, I am not interested in 
junking the present system, but I am interested in making sure 
that we don't walk out of here this afternoon and find that, on 
the front pages of the newspapers tomorrow morning, there is 
another Riggs situation.
    I think it is very important that we look at how the 
examinations are being done, how information is being 
collected, how it can be better collected in a place so that it 
can be reacted to by the people who have the enforcement 
capability. And if there is not an appropriate enforcement 
capability at the agency in charge, which in this case is the 
Treasury, then the Treasury probably should have that 
enforcement capability. And it may be something that we want to 
think about.
    It is just--I am just throwing this out here, because I 
think it is clear there was a break down in the system. And 
when that happens, we need--it is right and appropriate for us 
to take a look at how to better that system so that doesn't 
happen again.
    Mr. Baxter, I would like to ask you a couple of questions. 
There are indications that the Fed saw hints of OFAC related 
problems at UBS early in the ECI program and had some 
conversations with the bank. Please tell us if those concerns 
were ever communicated to OFAC. Also, please tell us why there 
was not much more stringent attention to the problem if there 
was even a hint of OFAC-related problems.
    Mr. Baxter. Chairwoman Kelly, first, with respect to 
whether we had an early warning of a problem at UBS involving 
OFAC, the answer is no.
    In 1998, following the merger between UBS and Swiss Bank 
Corporation, Federal Reserve officers felt it was appropriate 
to remind the UBS management that came in at the time of the 
responsibilities for OFAC compliance under the contract. But 
that was triggered not by concern that there was a compliance 
failure. It was a concern about management change that attended 
the merger of Swiss Bank Corp and UBS.
    With respect to notification to the office of foreign 
assets control, we first learned of an OFAC problem on June 25 
of 2003 when an officer who was visiting the Zurich facility 
learned that there had been transactions of cash with Iran, 
which of course was not permitted under the contract in early 
July. All of that information was communicated to our 
colleagues at OFAC, and I should emphasize that we communicated 
the information that we had at the time, information that was 
not correct in several different respects, but the information 
was timely communicated by the Federal Reserve to OFAC as soon 
as we learned that we had a problem.
    Chairwoman Kelly. Did the Fed send correspondence after the 
UBS merger to warn them of interaction with OFAC-listed 
countries?
    Mr. Baxter. I wouldn't characterize it as a warning. I 
would characterize it as a reminder, and the concern was 
specifically generated by the fact that anytime there is a 
merger, particularly a merger of the dimension of the UBS-Swiss 
Bancorp that with management change come new people, and the 
new people might not be mindful of the special contractual 
requirements that we exported through our contract to 
Switzerland. And in Switzerland there were no prohibitions on 
transactions by Swiss banks with Cuba, with Iran; there were 
restrictions with Libya and Yugoslavia. So it was appropriate 
for us to remind periodically not only UBS, but other ECI 
operators that there were special restrictions exported from 
the United States by contract.
    Chairwoman Kelly. I just turned to Mr. Gutierrez, because 
earlier in his opening statement he talked about whether or not 
the ECI should be with American-owned banks only.
    Why wouldn't some aggressive steps, having been taken in 
1996, make certain that ECIs around the world were operated by 
U.S. banks? Why wouldn't they, by definition, have to observe 
the OFAC sanctions? Is there some reason why that didn't 
happen?
    Mr. Baxter. First, with respect to the point about U.S. 
institutions--and it is a very good point because, as U.S. 
persons, branches abroad of U.S. banking organizations are 
subject to OFAC requirements, so they would not need to be 
reminded or they would not need to be required in a contract. 
But there are also specific reasons why the Federal Reserve 
looks to foreign institutions in certain locations. And let me 
give you a case in point, and the case in point happens to be 
UBS.
    At the time we started our ECI program, we were 
particularly concerned about replacing a $100 note with a new 
note, and one of the places that the old $100 note was very, 
very popular was in the former Soviet Union. At that point in 
time, there was an American bank called Republic National Bank 
that was serving the former Soviet Union. That American bank 
decided that it was no longer interested in the Russian 
business. And so we were in the position of wanting to reach 
into Russia to deal with the replacement of the $100 note, and 
we needed to find an ECI contractor who could do that.
    UBS was the contractor who stepped forward. So in that 
particular case, we looked to a foreign institution to fill in 
for a U.S. institution that no longer exists, but at the time 
it was withdrawing voluntarily from that particular business, 
business that the Federal Reserve, the Treasury, and the Secret 
Service and the American ambassador at the time felt was very 
important to pay attention to with respect to the replacement 
of that $100 note.
    So there are reasons that we look to particular foreign 
institutions to extend our reach into certain jurisdictions, 
like Zurich back in 1996, like Singapore with respect to United 
Overseas Bank; and those are reasons to look to foreign 
institutions to service us. And what we do with the foreign 
institutions is, we basically apply through the contract the 
OFAC restrictions.
    Chairwoman Kelly. Thank you.
    Mr. Gutierrez.
    Mr. Gutierrez. Thank you very much. Welcome to you all and 
thank you for your testimony. I want to go back to Mr. Stipano.
    The chairwoman and you, through her questions, spoke a 
little bit about the Riggs situation in 1998 and 1999. Now, I 
will put words in your mouth, so you can correct anything that 
you said, that one of the reasons was that your auditors 
believed what was being said by the answers that were given by 
Riggs employees back to your regulators and auditors; is that 
what you said?
    Mr. Stipano. I don't know if I would characterize it 
exactly that way.
    Mr. Gutierrez. Why don't you recharacterize it, because I 
want to know exactly what happened.
    Chairwoman Kelly said, well, what happened, you were there 
for 1 year, 2 years, 3 years; and you said, well, one of the 
reasons was--I understood that they lied to you. And you kind 
of phrased it a little nicer and said, they didn't quite--we 
kind of believed them.
    Mr. Stipano. I wouldn't say that they lied to us, but I 
think that what was going on in that pre-9/11 period was that 
our examiners were finding deficiencies with the bank's BSA 
compliance program at every exam. They weren't the kinds of 
deficiencies that were flagged in the 2003 exam where we looked 
in depth at the Saudi Embassy accounts, but there were 
problems, and we brought these problems to the attention of 
bank management and the board. They were discussed during the 
exams. They were written up in the exam reports, and we secured 
what we believed was a commitment from bank management to fix 
them.
    What would happen is really what I would term more 
accurately as ``foot dragging.'' The changes that we wanted to 
have made were made, but they were made slowly. There was not a 
real responsiveness. And looking back at this with hindsight, I 
think that----
    Mr. Gutierrez. You trusted them.
    Mr. Stipano. We trusted them. And in hindsight, we 
shouldn't have done it.
    Mr. Gutierrez. I guess we finally found a word to describe 
why it might have taken the OCC as long, because you trusted 
them. But it seemed to me that an organization such as yours, 
which is safety and soundness and is the regulator, there 
shouldn't be issues of trust. I mean, you know, was it trust 
but verify? And I don't think you were verifying, because 
similar things popped up later on.
    It should have been caught earlier. And just so that we 
don't think it is the chairwoman and I who have decided, 
because they sent you down here--they usually send one of the 
counsels down here. Mr. Hawke is good at doing that, but he 
acknowledged, and these are his words in the New York Times, he 
says ``We should have gotten tougher earlier, and I don't make 
any excuses for it. It's a fair criticism of our supervision of 
Riggs that we let things go on too long.''
    So when you describe a situation, which is a 9, in which 
Mr. Hawke, who I would characterize as a very self-assured 
person--I wouldn't say arrogant, but self-assured person, 
doesn't take much from anybody, right, tough--says, we took too 
long and which his deputy counsel, yourself, said, we trusted 
them too much, I think you can start wondering.
    I mean, if the FBI came and said, yeah, we talked to the 
terrorists, but we trusted them and so the buildings came down, 
I think people might think it wasn't a 9-out-of-ten system that 
was working there. I mean, just understand that from our point 
of view that--just we trusted them, they took too long, there 
was foot dragging. You are the boss. I mean, when a regulator 
sends down bank examiners, I want them to shake up that bank. I 
want them to go all the way up the chain of command and say, we 
have a problem and we have to clean it up or--I think you know 
what the problem is, Mr. Stipano, it is always the ``or.'' 
Maybe they take the risk of getting caught and the fines and 
the penalties, which was one of my earlier questions.
    We have to think of new fines and new penalties. I mean, 
this is like risk: What is my risk as a financial institution 
if I foot drag? What is the most that the OCC--maybe we need 
tougher penalties, and we have been doing some of that.
    So it just seems to me that to say we trusted them, 
especially in this new age after we passed the PATRIOT Act, you 
can't trust anybody anymore. We can't trust the Riggs. We can't 
trust UBS.
    I am sure the folks at the Federal Reserve Bank trusted 
them. They said, what a great company, they are really going to 
come on and do this job. And we can't do that. We need to 
monitor them, don't you think?
    So 9 out of ten, I don't think in this particular case to 
say that this is just one. Which are the other cases in which 
you are trusting people today that tomorrow we are going to 
find out that that trust was ill conceived?
    Mr. Stipano. First of all, I always agree with Mr. Hawke. 
So I'd like to get that on the record.
    Mr. Gutierrez. I don't, and in that, we don't share a 
common opinion.
    Mr. Stipano. Secondly, while I would characterize our 
overall efforts in this area as a 9, I certainly would not 
characterize our efforts with respect to Riggs as a 9. We made 
errors in judgment, and I think they are obvious and we have 
discussed them. But I don't think that Riggs is emblematic of 
our supervision broadly in any area and certainly not in the 
BSA area.
    Mr. Gutierrez. Let me ask you a question. Do you still 
trust people? Do you still send your bank auditors out and say, 
we trust them, and walk away?
    Mr. Stipano. I believe you have to trust but verify.
    Mr. Gutierrez. Okay. Well, I would like to know what kind 
of things you are doing differently, given that Riggs started 
in 1997, 1998, 1999, and finally, voila, this year we got a 
fine. So that is a long time, as we sit here, to watch an 
institution such as yours, that wants to expand.
    Now you are sending out preemption notices to the States 
saying, not only do we want to do all the great things we did 
while Riggs was doing all of these nefarious things, we want to 
expand our authority; but we don't want to actually charge any 
more fees to our customers, the banks, in order to hire more 
employees in order to expand that authority.
    So I see an institution that walks up here and says, we are 
doing everything fine, we are doing everything so great--this 
is Mr. Hawke, of course, not yourself--doing everything so 
great and now we want to preempt attorneys general and bank 
regulators and other people at the State level from issues and 
consumer complaints, that you want to now preempt stateside.
    So I think you get my worry.
    Let me just say that I read your testimony, and it was like 
on page 19 on the top that says ``The examiners found that, as 
with the Saudi Embassy accounts, the bank lacked sufficient 
policies, procedures and controls to identify suspicious 
transactions concerning the bank's relationship.''
    You found out about those irregularities at the Equatorial 
Bank, or did the Riggs people tell you about them or the FBI 
tell you about them? Because as I read that, it kind of sounds 
like, voila, our examiners found out about it. Did your 
examiners find out about it as I was led to believe when I 
first read that paragraph or did others bring it to your 
attention?
    Mr. Stipano. Let me give you an answer to that question. 
First of all, I don't think the sentence says that we found 
problems in the Equatorial Guinea accounts.
    Mr. Gutierrez. It says ``The examiners found that, as with 
the Saudi Embassy accounts, the bank lacked sufficient 
policies, procedures and controls,'' ``the examiners found.''
    Mr. Stipano. Right.
    Mr. Gutierrez. Did the FBI or Riggs find it?
    Mr. Stipano. No. The examiners found that, just like with 
the Saudi accounts, the bank did not have policies and 
procedures with respect to Equatorial Guinea. What happened 
with Equatorial Guinea was that this was actually something 
that was going to be looked at during the January 2003 
examination. There were published accounts of problems----
    Mr. Gutierrez. I just read it and I just want to see. So if 
you can only find something once between the OCC, the FBI--what 
agency, who brought it to public attention first? Did the bank 
examiners show up and say, voila, we found this or did Riggs 
say it?
    Mr. Stipano. The examiners did not find the problems at 
Equatorial Guinea.
    Mr. Gutierrez. That's what I am trying to say. So then, in 
other words, when I read your testimony and when I first read 
it, I said, hey, look, the examiners did a great job. They 
found this.
    Actually, they didn't find it.
    Mr. Stipano. Congressman, with all due respect, I don't 
believe that is what that sentence says. The sentence says that 
they didn't find adequate policies and procedures with respect 
to those accounts, just as they didn't find adequate policies 
and----
    Mr. Gutierrez. But really Riggs is the one that brought 
this to the attention of the OCC about the lack of procedures?
    Mr. Stipano. Not exactly.
    Mr. Gutierrez. Fine. It is all right. What is, is. It will 
come up again----
    Mr. Stipano. Can I just finish the answer?
    At the conclusion of the 2003 examination, we told the bank 
that the next time we are in there, this was going to be an 
area that we were going to look at. So the bank was on notice 
that this was priority and, frankly, that was one of the 
problems. And the reason for such a big sum of money penalty 
was that despite having been put on notice, they still did not 
clean up those accounts.
    Mr. Gutierrez. All right. Let me just say that when your 
boss, Mr. Hawke, says nonsense about what banks are going to 
do, and I hear you give yourself a 9 out of 10, and I think 
that I with my staff kind of set the tone. So if I am out there 
saying that Congress, even though there has been a vote of the 
Banking Committee saying basically, the OCC is wrong, this 
committee has voted--and we are kind of elected, the last time 
I checked. At least with everybody else there was no dispute in 
their election by the people.
    When he says, nonsense, and this committee says to Mr. 
Hawke, let's sit down, which we have done on a number of 
occasions, and let's sit down with bank regulators and let's 
sit down with attorneys general and let's sit down with this 
committee and let's try to resolve our differences after this 
committee has taken a vote--not the Congress, but this 
committee has taken a vote--saying we think you have exceeded 
your authority and he says, no, nonsense, everything is fine, I 
guess that can, I believe, create a sense of arrogance within 
the institution when the boss basically says to Congress, after 
it has taken a vote in the committee, and uses those kinds of 
words when we believe we have a concern--and not only we, but a 
lot of other people think that there is concern.
    Let me just ask you that when consumers now call you folks 
up, have a consumer complaint, am I right that those phones 
only operate Monday through Thursday from 9:00 to 4:00?
    Mr. Stipano. Congressman Gutierrez, I have to confess here. 
I am not the expert on our Customer Assistance Group.
    Mr. Gutierrez. We called on a Friday, and it said it was 
closed. So you won't dispute that?
    Mr. Stipano. I don't know whether it is or not.
    Mr. Gutierrez. Let me just tell you, we tried it, and it 
said 9:00 to 4:00 Monday through Thursday.
    I was a former city council member back in Chicago, and I 
loved that job a lot, and one of the things that kept us very 
close was that if your cable didn't come on because the city 
council would authorize who got the cable license, people would 
call me up and say, I called the cable company and they won't 
fix it; and if I told them that I was allowing the cable 
company, which I had voted, as the city council, to only open 
up their offices from Monday through Thursday from 9:00 to 
4:00, I don't know how long I would have stayed in the city 
council.
    I think if people call up the gas company in Chicago or 
Commonwealth Edison that has the franchise to serve 
electricity, and they were only going to open from 9:00 to 
4:00, as a matter of fact, if I decided that my city council 
office or my congressional office tomorrow was only going to 
operate from 9:00 to 4:00 Monday through Thursday, I think you 
would agree with me that I would have a problem in doing that.
    And I think that you should understand that you have a 
problem and that when people complain to us that their 
complaint is well grounded, that government should work Monday 
through Friday 9:00 to 4:00--maybe that is not an 8-hour day--
and that if you need more help, since you want to expand your 
authority and preempt the States, that maybe you should say, 
Congress, we don't agree with you, but we are going to open 
Monday through Friday.
    Does it sound legitimate to you as the deputy counsel that 
you should operate Monday through Friday?
    Mr. Stipano. I do not deal with the Customer Assistance 
Group. I am open Monday through Friday, and I don't leave at 
4:00. And I get calls from people all the time. In fact, 
usually if there is a problem in the BSA area, the call 
ultimately comes to me. I am not suggesting that I want to 
function as a shadow Customer Assistance Group, but there are 
other people in the agency that can take calls----
    Mr. Gutierrez. But the rest of the agency functions Monday 
through Friday, right?
    Mr. Stipano. The agency functions Monday through Friday.
    Mr. Gutierrez. I suggest that all parts of the agency 
should function Monday through Friday, and I think we can 
probably give a lot of different examples about what would be 
wrong with not functioning Monday through Friday. It seems to 
me that that is the work week and that the financial 
institutions are open and people have problems; and it is wrong 
for agencies such as yours to want to preempt States and then 
say, we are only going to open our offices from Monday through 
Thursday from 9:00 to 4:00. It should be a better operation so 
that the public, which I have a concern about, is well served 
so that we are not getting messages that say we don't have to 
deal with you, Attorney General, the OCC says that has been 
preempted; let's call their offices, only to find your offices 
aren't open.
    Because you want to know something. My State bank 
regulators in Illinois are open Monday through Friday. The 
attorney general of the State of Illinois is open Monday 
through Friday. And across this country I have yet to find a 
State bank regulator or attorney general, which your agency 
wishes to preempt, that is not open Monday through Friday. So I 
would expect that if you want to take over the responsibilities 
of those State agencies that at least you afford the public the 
same customer service that is currently being afforded them by 
attorneys general and State bank examiners, that we don't 
reduce the quality of service to the American people which you 
and I have made a vocation to carry out. I guess that is our 
point.
    I have other questions, and we will submit them for the 
record. Thank you very much, Madam Chairman.
    Chairwoman Kelly. Okay. Thank you.
    Mrs. Maloney.
    Mrs. Maloney. Thank you, Madam Chair, for your hard work on 
this, and Ranking Member Gutierrez.
    Welcome, Chief Counsel Stipano and General Counsel Baxter. 
I request that my opening statement be put in the record. I 
really would like to ask Mr. Stipano what aspects of the 
PATRIOT Act could help avert a repeat of the Riggs problem.
    Mr. Stipano. I think that there are provisions in the 
PATRIOT Act that are helpful and will be helpful going forward. 
But I think that the problems----
    Mrs. Maloney. Specifically, which ones would be helpful 
going forward?
    Mr. Stipano. I think that, first of all, section 312, which 
is the provision that requires due diligence and enhanced due 
diligence procedures for foreign private banking and 
correspondent accounts, that would be something that would be 
helpful because even though the Saudi Embassy accounts were not 
technically private banking accounts, in some ways they were 
operated like they were private banking accounts.
    There is an interim final rule in place implementing 
section 312. My understanding is that the Treasury Department 
will soon be issuing a final regulation which will codify this 
requirement, and I think----
    Mrs. Maloney. Why is it taking so long? We passed the 
PATRIOT Act and the anti-money laundering provisions almost 3 
years ago. And we still haven't put the rule in place? I mean 
this is really outrageous.
    Mr. Stipano. We have all the other ones in place. I am not 
a spokesman for the Treasury Department, though. The Treasury 
Department has the pen on this particular regulation, and it is 
the Treasury Department that has to issue the rule. So maybe 
this is a question for your hearing next week. I don't really 
know the answer to that.
    Mrs. Maloney. Well, then when you were looking at Riggs, 
under what standard did you examine Riggs regarding the due 
diligence and the opening of accounts with the diplomatic 
community? Were you using the standard before 312 or the intent 
of 312, section 312?
    Mr. Stipano. We have a requirement that all banks have a 
compliance program, and among the things that are required as 
part of a compliance program are satisfactory internal 
controls. That would include due diligence procedures for all 
accounts and enhanced due diligence procedures for high-risk 
accounts.
    The embassy accounts--at least the Saudi Embassy account is 
a high-risk account; and what the bank should have done was, 
first of all, they should have had better systems in place so 
that they knew the number of accounts that they had. Secondly, 
they needed to have better information on how those accounts 
would be used, what the sources of funds would be, where the 
funds would go.
    Mrs. Maloney. But when you knew about this in 1998 and 
1999--it was well known to the OCC that they were not in 
compliance with the Bank Secrecy Act at Riggs--did you go to 
them and suggest that they have standards and procedures and 
due diligence, and then go back and just make sure they got the 
job done? I mean, this is serious stuff right now.
    Every time I pick up the paper, New York, where I live, is 
Code Red, at least Code Orange. They are announcing terrorist 
attacks any day now, and we all know you can't attack without 
money. So if you crack down on the shipment of money, we can 
crack down on the ability of terrorists to act.
    I mean, this is extremely serious and not to put the regs 
in place or even to have followed them or to have gone back--
you talk about all the people you have in the field. What about 
who you have in Washington? You don't even have to leave the 
office. You are right here in Washington with Riggs. You can 
walk across the street and see them, practically.
    And we knew, since 1998, they had problems with these high-
risk accounts, and yet we didn't come in and crack down on it 
more. I mean, I find it quite frankly scandalous.
    Mr. Stipano. I couldn't agree with you more as to the 
seriousness of this matter, but what we knew in 1998 was very 
different from what we knew in 2003; and in 1998 what our 
examinations revealed were deficiencies in the compliance 
program, not wholesale violations of the Bank Secrecy Act. It 
was a much less grave type of violation.
    They were brought to the attention of management. They were 
written up in the exam report. Commitments to fix the problems 
were obtained. But as I testified earlier, bank management did 
not follow through on these changes as quickly as they needed 
to, and hence, there were repeat violations.
    There is no question, looking back at it with hindsight, we 
should have been more forceful with that bank at that point and 
not waited until 2003 to take a formal enforcement action.
    Mrs. Maloney. What does your enforcement action mean? Will 
they be fined? What is going to happen?
    Mr. Stipano. There actually are three actions that the OCC 
has taken. The first one was in July of last year, and that was 
a cease and desist order. It is a public enforcement document. 
It is about 20 pages long. It requires the bank basically to 
take steps to improve its anti-money laundering program.
    That cease and desist order was supplemented by a second 
cease and desist order that was issued a few weeks ago and----
    Mrs. Maloney. What I don't understand is, why didn't you 
issue a cease and desist order the minute that the FBI alerted 
you to the problems at Riggs? It almost makes it sound as if 
the OCC doesn't take the Banking Secrecy Act issue seriously.
    Is it a priority at the OCC, the BSA?
    Mr. Stipano. It absolutely is a priority. We were not 
alerted by the FBI. We found escalating problems with the 
bank's program through our exam process and because of 
published reports about connections between the Saudi accounts 
and the hijackers. That triggered this very extensive 
examination that we did last year which formed the basis for 
our subsequent enforcement actions.
    Mrs. Maloney. But you say that the BSA issues are a high 
priority of the OCC, but I am told that they are not even part 
of the National Bank Examiners Handbook, that most of the 
regulations that were issued in 2002 aren't even part of the 
examiners handbook. Now is that true----
    Mr. Stipano. No, that is not true. The----
    Mrs. Maloney.--that it is not fully updated? That the 
handbook is not fully updated?
    Mr. Stipano. We are in the process of updating it, and 
there should be a revised version out shortly, but----
    Mrs. Maloney. Why didn't you update it the minute that we 
passed the PATRIOT Act? This is serious business.
    I can't tell you how quickly New York reacted in a thousand 
ways. We totally rebuilt the command center that was destroyed, 
within 19 hours, completely rebuilt it, and I can't believe you 
can't get the handbook updated with the information that we 
passed to combat money laundering and terrorist dollars flowing 
through our country. I mean, really it is beyond--it is a 
disgrace, I think, an absolute disgrace.
    Mr. Stipano. The PATRIOT Act required us to make lots of 
changes in our examination procedures and to write regulations, 
and that took time. We could have come out with a revised 
handbook earlier, but if the procedures weren't done and the 
regulations weren't written, it probably would not have been of 
great value to the examiners.
    Mrs. Maloney. It would not have been. Well, what more 
should we be doing to make sure that the type of actions at 
Riggs don't happen again?
    Mr. Stipano. I think there are a number of steps that the 
OCC is prepared to take.
    Mrs. Maloney. Such as?
    Mr. Stipano. Comptroller Hawke has directed our Quality 
Management Division to do a stem-to-stern review of the Riggs 
matter to find out what happened and to see what lessons we can 
learn from it. But even before that review is done, there are 
several steps that we can take right now, and we are taking 
them.
    Mrs. Maloney. When is your report on lessons learned from 
Riggs going to be due? In another 3 years?
    Mr. Stipano. No, it will not be. It will be a matter of 
months. In fact, the review has already begun.
    Mrs. Maloney. I would respectfully request that when it is 
done, it would be handed in to the chairwoman so she can give 
it to all of us, so we can all read it.
    Chairwoman Kelly. Mr. Stipano, I would concur with that. We 
would like that report delivered as soon as possible.
    Mr. Stipano. As soon as it is completed, we will deliver 
it.
    Chairwoman Kelly. I thought you said it was completed, sir.
    Mr. Stipano. No, no. I said the review has begun.
    Chairwoman Kelly. The review has been done?
    Mr. Stipano. The review has begun.
    Chairwoman Kelly. Has begun. And I am sorry, if the 
gentlewoman would yield, her question was how long do you 
expect that to take?
    Mr. Stipano. I don't know exactly how long it will take. My 
guess is it will probably be several months.
    Chairwoman Kelly. Would you please inform us of the 
progress of that report on a regular basis?
    Mr. Stipano. Yes, we will.
    The due date, by the way, is September 1.
    Mrs. Maloney. Reclaiming my time, what other steps can we 
take that are concrete to crack down on the terrorist money 
business?
    Mr. Stipano. We need to become better at identifying risk. 
One of the big problems with Riggs was that neither our 
examiners nor law enforcement nor anyone else recognized the 
risks in these embassy accounts.
    There are a number of steps that we are taking to do that. 
One of them is the nationwide implementation of a risk 
identification system that has been developed by one of our 
district offices. It involves gathering information on products 
and services and various types of activities that banks are 
involved in and putting it in spreadsheet form and developing a 
methodology to quantify risks and identify banks that may be 
outliers.
    We are also working on a new database that would use 
national bank-filed SARS to pinpoint operational risks 
generally, but also risks in the BSA area.
    Third, we are working with FinCEN and the other banking 
agencies on ways to better use BSA data. FinCEN is sitting on a 
gold mine of information with the SARS data and the CTR data 
and other data that they have. The ability of the government to 
connect the dots and provide that information to the banking 
agencies is absolutely essential because once we have that kind 
of information, we can target our resources to the areas of 
banks that are truly high risk.
    As I mentioned earlier, we have also completed our 
examination procedures on three sections of the PATRIOT Act and 
we are about to come out with new procedures on a fourth 
section.
    Mrs. Maloney. Quite frankly, you don't need a database or a 
spreadsheet to know that Riggs, the international bank for most 
of the foreign governments in the country and the foreigners in 
the country, is a high-risk bank. I mean, it is common sense, 
and yet it was not looked at. So I hope that you improve. This 
should be a priority.
    And I know you have a lot of smart people working in the 
OCC, and I have great respect for Comptroller Hawke. But it 
doesn't sound like the BSA issues are at the top of your 
concerns, and I think it should jump ahead of any concerns that 
you have to change your charter and everything else you have 
been trying to do, because this is critically national security 
and, really, the security of our people is at stake.
    But I would like to go to Mr. Baxter and I would like to 
ask you about the Basle Capital Accords that are coming out 
that the Fed has been working on with the international 
community. When we finally solidify and come forward with these 
decisions on various capital requirements and so forth, do you 
think having an international standard is going to help us 
spotlight and see the type of problems that were at UBS? Do you 
think that would be helpful, or is that really not an issue? 
What is your feeling on that?
    Mr. Baxter. One of the things we see in the UBS matter is 
an example of operational risk, a failure of people, a failure 
of controls. These failures were observed not here in the 
United States, but in the operation that was being conducted in 
Zurich. It is a good illustration of operational risk as a type 
of risk being addressed in Basle II, and here is one vivid 
demonstration of operational risk.
    It also, I think, Congresswoman, has relevance to what is 
being done at the Basle Committee because this occurred in a 
multinational banking organization.
    UBS is an organization that conducts its operations in many 
countries. It has 65,000 employees around the world; 22,000 of 
them are in the United States. So you can see an operational 
risk problem and an institution that conducts its operation 
cross-border. So it is a good illustration of why operational 
risk is an important part of the risk quotient that is 
addressed in Basle II. It is also a good illustration of why 
the effort needs to be multinational and because this Basle II 
is being imposed on institutions that conduct their operation 
cross-border.
    Mrs. Maloney. Well, I was encouraged somewhat that the U.S. 
And Swiss authorities worked in cooperation with the U.S. 
management of UBS to investigate and correct the UBS systemic 
risk management lapses in Zurich.
    But one of your statements earlier was alarming to me when 
you said one of the problems is that the personnel at the bank 
were not informed of the laws of the United States of America, 
of how we treat these accounts, and that we certainly shouldn't 
be transferring money and so forth to Libya, et cetera, and 
these other countries. And it seems to me that that would have 
to be part of the protocol, to let people know what the laws 
are.
    I mean, I find that an incredible--I can't believe that 
someone is that stupid that they don't inform everyone that 
this is the standard, because it is a U.S. bank, too, even 
though it is dealing with many different countries and just 
merged with the Swiss bank and so forth.
    What is your comment on that? It is the stupidity defense, 
``I just didn't know.'' I think if you read the paper, you 
would have known that--any intelligent person reading the paper 
would have known that we had these certain guidelines and rules 
about transferring accounts and moneys and so forth to various 
countries.
    Mr. Baxter. Congresswoman, you are absolutely right that 
the people in the bank note trading area of the UBS in Zurich, 
they knew about the restrictions that were exported in our 
contract to them. They knew that they had to conceal what they 
were doing. They had to conceal what they were doing not only 
from the Federal Reserve, but also from the Swiss Federal 
Banking Commission, from the more senior management at UBS and 
from UBS's external and internal auditors.
    They did it because they were willing to lie. They did it 
because they were willing to violate the law, and they paid a 
price for that. But there is no question that they knew of the 
limitations in that bank note trading area, and they knew they 
had to hide. And hide they did.
    Mrs. Maloney. Well, I misunderstood you in your earlier 
comments. I thought you stated that they did not know, that 
there were people with the Swiss bank, and they just merged 
with another bank and they weren't familiar.
    But you say it is just a matter of just crime, and I am 
glad that we have cracked down on it, but what could we do in 
the future to make sure that doesn't happen again? How could we 
improve our oversight and our monitoring?
    Mr. Baxter. Well, it won't happen again with UBS because 
they are no longer in the----
    Mrs. Maloney. No longer in business, right. But other 
banks?
    Mr. Baxter. With the other five contractors, what we have 
done is implement this 17-point program through contract 
changes that were effective in February of this year.
    In addition, we are planning visitations to each of our 
five contractors to review policies and procedures dealing with 
anti-money laundering and OFAC compliance in our offshore 
facilities.
    Now, it will come as no surprise that we have heightened 
attention in those five contractors now, who have watched the 
$100 million penalty being assessed against UBS and have taken 
careful notice. So while this iron is hot, we going to make 
those visitations, we are going to review with our colleagues 
at OFAC the policies and procedures that are in place, and we 
are going to make suggestions to our ECI contractors as to how 
they can be improved.
    So those are the things that we have got in train. We are 
also expecting in the late summer/early fall to start to 
receive the public accounting firm certifications, and those 
certifications will be attesting to the management 
representations we will receive both with respect to contract 
compliance and with respect to accurate reporting. And the 
check of those independent public accounting firms, in our 
view, is significant. It is significant in a Sarbanes-Oxley 
context and it is significant because we know those public 
accounting firms are very mindful of their own liability; and 
they will be making certifications directly to the Federal 
Reserve, and we will have a say in our contracts as to who 
those public accounting firms are and then the policies and 
procedures that they will follow with respect to their 
certifications.
    So all of those things are in train, and all of those 
things, we expect, will give us much greater assurance that we 
will not see a repetition of the conduct we found with UBS in 
any of our other contractors.
    Mrs. Maloney. Did the Fed ever consider using only U.S. 
banks operating abroad for these functions? Wouldn't that have 
made things simpler since U.S. Banks are not allowed to deal 
with countries on the OFAC list?
    Mr. Baxter. You're right, Congresswoman. It does make 
things simpler, but that, in itself, is no guarantee of perfect 
compliance. Again, we get to that old audit admonition about 
trust but verify. So we feel that even with respect to our U.S. 
ECI contractors--and most of them are U.S. Institutions--that 
we can't only trust them, we have to trust and verify.
    So the procedures that I mentioned with respect to the new 
contracts and the external certified public accounting firm 
attestations, those we are going to implement across the board 
regardless of nationality. They will apply to the U.S. 
institutions and the non-U.S. institutions.
    With respect to the specific question, have we considered 
using only U.S. flag institutions, yes, we have considered 
that. The difficulty is to penetrate certain markets around the 
world, we feel we need to turn to some of our foreign 
commercial institutions for the reasons that led us to the UBS 
in 1996. And that is why, in Singapore, we are doing business 
with the United Overseas Bank.
    So we are certainly mindful that the U.S. flag institution 
might be simpler and has some legal difficulties that are less 
than we find with the foreign flag carriers or institutions, 
but we haven't made the decision to use only American 
institutions at this point.
    Mrs. Maloney. Thank you very much. And I yield back the 
balance of my time, although I think I used it all up.
    Chairwoman Kelly. That is quite all right. I thank you 
both.
    But I have one follow-up question for you, Mr. Stipano. 
What happened to the auditors that failed to find the problems 
at Riggs? Are they still at OCC?
    Mr. Stipano. It is hard to answer that because we are 
talking about----
    Chairwoman Kelly. I thought it was a fairly straight 
question. Are they still at OCC?
    Mr. Stipano. There are a lot of examiners who have examined 
Riggs during this time period. Some of them are still at OCC 
and some of them are not.
    Chairwoman Kelly. What mechanism do you have in place to 
assess the performance of the bank examiners regarding the BSA 
compliance?
    Mr. Stipano. We have a couple of mechanisms. One is the 
performance appraisal process that the OCC uses for examiners 
and for other types of employees and another is the Quality 
Management Division. That is the division that Comptroller 
Hawke has directed to do a review of the Riggs matter and to 
report back on what went wrong.
    Chairwoman Kelly. How long was that Quality Control 
Division in place?
    Mr. Stipano. I don't know offhand. It is not something 
recent.
    Chairwoman Kelly. Years? Months?
    Mr. Stipano. In some form, I would say years.
    Chairwoman Kelly. I think that this has been a very 
interesting hearing. I am interested that you were talking 
about the great amount of information that FinCEN has and talk 
about the ability to connect the dots. If we streamline what is 
going on with regard to regulatory agencies and perhaps 
centralize them, then they perhaps can have access to each 
other's information in a much more direct way that will result 
in better oversight, more rapid response. And certainly we 
don't want to see this kind of thing happen again for such an 
extended period of time.
    We don't live in the world that we lived in prior to 9/11/
2001. We live in a very different world. And part of that world 
is that we now--those of us who are charged with the 
responsibility of making sure that our country is safe and that 
our banking system is safe, we must think outside of the box, 
look outside of the box for solutions; that we will never let 
this kind of thing happen that happened with the Riggs Bank 
again.
    I am concerned with not only what happened with OCC, but I 
also am concerned with the Fed in one aspect. The fine of $100 
million sounds like a lot of money, but when you have a bank 
with more than $1 trillion in assets, that fine seems a mere 
slap on the wrist. I would hope that when an institution is 
fined, especially an institution that had in place people who 
were supposed to find this kind of malfeasance, I would hope 
that that institution would pay a much steeper price for not 
regulating and controlling their own employees' behavior.
    Here in the United States we put people like that in jail 
when there is a fraud in a bank. We have bank fraud laws; those 
people go to jail. $100 million, it seems they got by on the 
cheap, and I am quoting a lot of other people who have also 
mentioned that to me.
    I would hope that when you are considering fines of this 
nature again that the Fed would consider a healthier fine for 
any kind of malfeasance that is occurring.
    This is a blow to our financial system in a way--both of 
these are blows to our financial system in a way that American 
people have a right to expect should not happen when we have 
institutions in place whose charge it is to make sure that it 
doesn't happen.
    I appreciate the fact that you came here today. I 
appreciate the fact that you spent so much time with us, 
helping us understand what did happen, what went wrong, and 
helping us understand how it is possible that we might be able 
to get through this and come out on the other end with a much 
better regulatory environment that will help protect America 
and America's financial institutions in a better way.
    The Chair notes that some members may have additional 
questions for this panel which they may wish to submit in 
writing. So, without objection, the hearing record will remain 
open for 30 days for members to submit written questions to 
these witnesses and place their responses in the record.
    I thank the witnesses for their appearances here today. 
This hearing is adjourned.
    [Whereupon, at 3:57 p.m., the subcommittee was adjourned.]


                            A P P E N D I X



                              June 2, 2004


[GRAPHIC] [TIFF OMITTED] T5062.001

[GRAPHIC] [TIFF OMITTED] T5062.002

[GRAPHIC] [TIFF OMITTED] T5062.003

[GRAPHIC] [TIFF OMITTED] T5062.004

[GRAPHIC] [TIFF OMITTED] T5062.005

[GRAPHIC] [TIFF OMITTED] T5062.006

[GRAPHIC] [TIFF OMITTED] T5062.007

[GRAPHIC] [TIFF OMITTED] T5062.008

[GRAPHIC] [TIFF OMITTED] T5062.009

[GRAPHIC] [TIFF OMITTED] T5062.010

[GRAPHIC] [TIFF OMITTED] T5062.011

[GRAPHIC] [TIFF OMITTED] T5062.012

[GRAPHIC] [TIFF OMITTED] T5062.013

[GRAPHIC] [TIFF OMITTED] T5062.014

[GRAPHIC] [TIFF OMITTED] T5062.015

[GRAPHIC] [TIFF OMITTED] T5062.016

[GRAPHIC] [TIFF OMITTED] T5062.017

[GRAPHIC] [TIFF OMITTED] T5062.018

[GRAPHIC] [TIFF OMITTED] T5062.019

[GRAPHIC] [TIFF OMITTED] T5062.020

[GRAPHIC] [TIFF OMITTED] T5062.021

[GRAPHIC] [TIFF OMITTED] T5062.022

[GRAPHIC] [TIFF OMITTED] T5062.023

[GRAPHIC] [TIFF OMITTED] T5062.024

[GRAPHIC] [TIFF OMITTED] T5062.025

[GRAPHIC] [TIFF OMITTED] T5062.026

[GRAPHIC] [TIFF OMITTED] T5062.027

[GRAPHIC] [TIFF OMITTED] T5062.028

[GRAPHIC] [TIFF OMITTED] T5062.029

[GRAPHIC] [TIFF OMITTED] T5062.030

[GRAPHIC] [TIFF OMITTED] T5062.031

[GRAPHIC] [TIFF OMITTED] T5062.032

[GRAPHIC] [TIFF OMITTED] T5062.033

[GRAPHIC] [TIFF OMITTED] T5062.034

[GRAPHIC] [TIFF OMITTED] T5062.035

[GRAPHIC] [TIFF OMITTED] T5062.036

[GRAPHIC] [TIFF OMITTED] T5062.037

[GRAPHIC] [TIFF OMITTED] T5062.038

[GRAPHIC] [TIFF OMITTED] T5062.039

[GRAPHIC] [TIFF OMITTED] T5062.040

[GRAPHIC] [TIFF OMITTED] T5062.041

[GRAPHIC] [TIFF OMITTED] T5062.042

[GRAPHIC] [TIFF OMITTED] T5062.043

[GRAPHIC] [TIFF OMITTED] T5062.044

[GRAPHIC] [TIFF OMITTED] T5062.045

[GRAPHIC] [TIFF OMITTED] T5062.046

[GRAPHIC] [TIFF OMITTED] T5062.047

[GRAPHIC] [TIFF OMITTED] T5062.048

[GRAPHIC] [TIFF OMITTED] T5062.049

[GRAPHIC] [TIFF OMITTED] T5062.050

[GRAPHIC] [TIFF OMITTED] T5062.051

[GRAPHIC] [TIFF OMITTED] T5062.052

[GRAPHIC] [TIFF OMITTED] T5062.053

[GRAPHIC] [TIFF OMITTED] T5062.054

[GRAPHIC] [TIFF OMITTED] T5062.055

[GRAPHIC] [TIFF OMITTED] T5062.056

[GRAPHIC] [TIFF OMITTED] T5062.057

[GRAPHIC] [TIFF OMITTED] T5062.058

[GRAPHIC] [TIFF OMITTED] T5062.059

[GRAPHIC] [TIFF OMITTED] T5062.060

[GRAPHIC] [TIFF OMITTED] T5062.061

[GRAPHIC] [TIFF OMITTED] T5062.062

[GRAPHIC] [TIFF OMITTED] T5062.063

[GRAPHIC] [TIFF OMITTED] T5062.064

[GRAPHIC] [TIFF OMITTED] T5062.065

[GRAPHIC] [TIFF OMITTED] T5062.066

[GRAPHIC] [TIFF OMITTED] T5062.067

[GRAPHIC] [TIFF OMITTED] T5062.068

[GRAPHIC] [TIFF OMITTED] T5062.069

[GRAPHIC] [TIFF OMITTED] T5062.070

[GRAPHIC] [TIFF OMITTED] T5062.071

[GRAPHIC] [TIFF OMITTED] T5062.072

[GRAPHIC] [TIFF OMITTED] T5062.073

[GRAPHIC] [TIFF OMITTED] T5062.074

[GRAPHIC] [TIFF OMITTED] T5062.075

[GRAPHIC] [TIFF OMITTED] T5062.076

[GRAPHIC] [TIFF OMITTED] T5062.077