[Senate Hearing 108-886]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 108-886

 
                      BANK SECRECY ACT ENFORCEMENT

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED EIGHTH CONGRESS

                             SECOND SESSION

                                   ON

 EFFORTS TO ENSURE COMPLIANCE AND ENFORCEMENT OF THE BANK SECRECY ACT, 
  ENACTED IN 1970, WHICH AUTHORIZES THE SECRETARY OF THE TREASURY TO 
 ISSUE REGULATIONS REQUIRING THAT FINANCIAL INSTITUTIONS KEEP RECORDS 
 AND FILE REPORTS ON CERTAIN FINANCIAL TRANSACTIONS, FOCUSING ON ANTI-
     MONEY LAUNDERING AND ISSUES CONCERNING DEPOSITORY INSTITUTION 
                          REGULATORY OVERSIGHT

                               __________

                              JUNE 3, 2004

                               __________

  Printed for the use of the Committee on Banking, Housing, and Urban 
                                Affairs


      Available at: http: //www.access.gpo.gov /congress /senate/
                            senate05sh.html


                                 ______

                    U.S. GOVERNMENT PRINTING OFFICE
25-956                      WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001


            COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

                  RICHARD C. SHELBY, Alabama, Chairman

ROBERT F. BENNETT, Utah              PAUL S. SARBANES, Maryland
WAYNE ALLARD, Colorado               CHRISTOPHER J. DODD, Connecticut
MICHAEL B. ENZI, Wyoming             TIM JOHNSON, South Dakota
CHUCK HAGEL, Nebraska                JACK REED, Rhode Island
RICK SANTORUM, Pennsylvania          CHARLES E. SCHUMER, New York
JIM BUNNING, Kentucky                EVAN BAYH, Indiana
MIKE CRAPO, Idaho                    ZELL MILLER, Georgia
JOHN E. SUNUNU, New Hampshire        THOMAS R. CARPER, Delaware
ELIZABETH DOLE, North Carolina       DEBBIE STABENOW, Michigan
LINCOLN D. CHAFEE, Rhode Island      JON S. CORZINE, New Jersey

             Kathleen L. Casey, Staff Director and Counsel

     Steven B. Harris, Democratic Staff Director and Chief Counsel

                Skip Fischer, Senior Staff Professional

              Stephen R. Kroll, Democratic Special Counsel

   Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator

                       George E. Whittle, Editor

                                  (ii)
?

                            C O N T E N T S

                              ----------                              

                         THURSDAY, JUNE 3, 2004

                                                                   Page

Opening statement of Chairman Shelby.............................     1

Opening statements, comments, or prepared statements of:
    Senator Sarbanes.............................................     2
    Senator Reed.................................................     5
    Senator Allard...............................................     5
        Prepared statement.......................................    41
    Senator Bunning..............................................    41

                               WITNESSES

Susan S. Bies, Member, Board of Governors of the Federal Reserve 
  System.........................................................     5
    Prepared statement...........................................    42
John D. Hawke, Jr., Comptroller of the Currency, U.S. Department 
  of the Treasury................................................     8
    Prepared statement...........................................    47
    Response to a question of Senator Shelby.....................   111
Donald E. Powell, Chairman, Federal Deposit Insurance Corporation    10
    Prepared statement...........................................    60
James E. Gilleran, Director, Office of Thrift Supervision, U.S. 
  Department of the Treasury.....................................    12
    Prepared statement...........................................    67
JoAnn M. Johnson, Chairman, National Credit Union Administration.    13
    Prepared statement...........................................    76
William J. Fox, Director, Financial Crimes Enforcement Network, 
  U.S. Department of the Treasury................................    15
    Prepared statement...........................................    79
Gaston L. Gianni, Jr., Inspector General, Federal Deposit 
  Insurance Corporation..........................................    32
    Prepared statement...........................................    84
Davi M. D'Agostino, Director, Financial Markets and Community 
  Investment, U.S. General Accounting Office.....................    34
    Prepared statement...........................................    93

              Additional Material Supplied for the Record

Letter to Senator Paul S. Sarbanes from John D. Hawke, Jr., 
  Comptroller of the Currency, U.S. Department of the Treasury, 
  dated June 18, 2004............................................   112
Letter to Senator Jack Reed from James E. Gilleran, Director, 
  Office of Thrift Supervision, U.S. Department of the Treasury, 
  dated June 9, 2004.............................................   116

                                 (iii)


                      BANK SECRECY ACT ENFORCEMENT

                              ----------                              


                         THURSDAY, JUNE 3, 2004

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.

    The Committee met at 9:45 a.m., in room SD-538, Dirksen 
Senate Office Building, Senator Richard C. Shelby (Chairman of 
the Committee) presiding.

        OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY

    Chairman Shelby. The hearing will come to order.
    The purpose of today's hearing is to examine the record of 
the Federal Government in enforcing this Nation's laws against 
money laundering and terrorist financing. The high-profile case 
of Riggs Bank, which was recently fined $25 million for 
repeated--I emphasize ``repeated''--failures to comply with the 
Bank Secrecy Act, the basic anti-money laundering statutes 
requiring the reporting of large cash transactions and 
suspicious financial activities, has highlighted possible 
deficiencies in the governmental structure for enforcing these 
laws.
    The Riggs case could be seen as unique. It involved that 
bank's near monopoly on foreign embassy banking. It involved an 
oil-rich country for which the movement of large amounts of 
cash was as 
routine as writing a check to pay bills is for many Americans. 
Whatever cultural, political, or economic factors resulted in 
Riggs' failure to comply with the law, despite repeated 
assurances to its Federal overseers that it would improve in 
that regard, this case cannot be seen as unique. As the General 
Accounting Office will testify later today before this 
Committee, the problem runs deeper than we may care to admit. 
There does appear, on the basis of a number of recent money 
laundering cases, as well as the case of UBS Investment Bank of 
Switzerland, about which this Committee held a hearing on May 
20, to be serious deficiencies on the part of the Federal 
regulatory agencies vested with the authority and 
responsibility to enforce this Nation's laws against money 
laundering.
    I mention the UBS case for a reason. In that case, the 
Federal Reserve Bank of New York, responsible for ensuring that 
U.S. currency was not being transferred to countries sanctioned 
for their support of terrorist activities or their poor human 
rights records, failed to provide adequate oversight of the 
banks with which it had contracted to serve as depositories of 
billions of U.S. dollars in cash. The Federal Reserve Bank 
trusted that the self-generating reports provided it by UBS 
were an accurate reflection of the latter's conduct. The Fed 
was wrong, to the tune of $5 billion.
    Similarly, the Riggs case showed a deference toward the 
client financial institution that undermined the integrity of 
the oversight process. Trust that Riggs would comply not just 
with the terms of the law, but with the agreements intended to 
bring it into compliance with the law, proved the undoing of a 
process that is essential to the war against terrorism. The war 
against terrorism cannot be won without serious efforts at 
impeding the very types of criminal activity that seem to be 
going on or went on at the Riggs Bank, as well as the UBS case. 
And Riggs, as we all know, is not just about their bank's 
relationship to the Embassy of Saudi Arabia. As disturbing are 
the business transactions with the Government of Equatorial 
Guinea, a country known for its corruption, human rights 
abuses, and desperately poor population, despite vast oil 
wealth.
    The Riggs case, as well as that of Banco Popular, Delta 
National Bank and Trust of New York, and others clearly point 
to underlying problems in the approach of Federal regulatory 
agencies to properly carry out their mandate to enforce the 
Bank Secrecy Act.
    How long banks are given to comply with the law before the 
Government acts with sufficient force so as to compel 
compliance is one of the issues to be addressed here today. 
Others include the ability and the willingness of the agencies 
represented here today to execute their enforcement function 
with regard to money laundering with the same competence with 
which they execute their apparently more ingrained ``safety and 
soundness'' function. Their relationship to each other, to the 
Financial Crimes Enforcement 
Network, also represented here today, and to law enforcement 
and the degree to which information essential for enforcing 
anti-money laundering laws is shared among themselves in a 
timely manner. For example, was the FBI informed about cease-
and-desist orders, or did it have to read about them in the 
papers? What about FinCEN? Does the examination process need 
repair? These are the questions that demand attention here.
    Testifying here today and hopefully addressing these 
questions, are Susan Schmidt Bies, Board of Governors of the 
Federal Reserve System; John D. Hawke, Comptroller of the 
Currency and frequent guest here; Donald Powell, the Chairman 
of the Federal Deposit Insurance Corporation; James Gilleran, 
Director of the Office of Thrift Supervision; JoAnn Johnson, 
Chairman of the National Credit Union Administration; and 
William Fox, Director, Financial Crimes Enforcement Network. 
After we hear testimony from these officials, we have a second 
panel comprised of Gaston Gianni, Inspector General of the 
Federal Deposit Insurance Corporation; and Davi D'Agostino, 
Director of the Financial Markets and Community Investment 
Division of the General Accounting Office.
    Senator Sarbanes.

             STATEMENT OF SENATOR PAUL S. SARBANES

    Senator Sarbanes. Thank you very much, Mr. Chairman. First 
of all, I want to say that I strongly share your commitment to 
very strong oversight by this Committee of the agencies under 
our jurisdiction and, in particular, this focus on the 
administration and enforcement of the Bank Secrecy Act.
    The President speaks often of the war against terrorism, 
and again and again people say that an essential part of the 
war against terrorism is to dry up the financial resources that 
the terrorist networks gain access to which enable them to 
carry out their activities. The Bank Secrecy Act is part of 
that effort, but the effectiveness of the BSA and the priority 
which bank regulators and the Treasury Department give to its 
enforcement is regrettably a very open question, underscored by 
the failures of compliance and regulatory oversight at Riggs 
Bank and other institutions. Riggs is the most recent one and 
in the focus.
    OCC examiners outlined problems in Riggs' BSA compliance 
and anti-money laundering procedures as early as 1997. But 
despite Riggs' well-known special circumstances, in terms of 
its clients, the examiners failed to discover widespread 
noncompliance with the Bank Secrecy Act. It was not until late 
2002 that OCC examiners began seriously to test transactions to 
see if the Riggs' program was actually producing results. We 
now know that it was not.
    Throughout much of the same period, Federal 
counterterrorism and law enforcement officials were involved in 
investigations involving accounts of some of Riggs' largest 
customers. And the Federal Reserve Board was conducting 
parallel oversight because of its jurisdiction over the Riggs 
holding company and Edge Act subsidiary. It is not clear when 
the Financial Crimes Enforcement Network, FinCEN, which is said 
to administer the Bank Secrecy Act and which ultimately issued 
a concurrent $25 million penalty assessment with the OCC 
against Riggs, first learned of Riggs' compliance problem. It 
seems clear that there was no coordinated Federal regulatory 
effort relating to the audit and investigation of Riggs.
    The Riggs situation in and of itself is serious, obviously. 
But it may reflect a broader structural problem. No one seems 
to be directly accountable for enforcement of the Bank Secrecy 
Act. Congress vested authority for the Bank Secrecy Act's 
administration and enforcement in the Secretary of the 
Treasury, who has delegated that authority, since 1994, to the 
Director of FinCEN. The Federal banking agencies examine the 
compliance of depository institutions with the Bank Secrecy 
Act, under authority delegated by Treasury. But they also have 
a separate statutory obligation to examine for BSA compliance 
procedures, employing a different set of sanctions than the 
statutory penalties in the Bank Secrecy Act.
    The list of agencies involved in potential BSA compliance 
problems does not end there. Federal enforcement and, now, 
intelligence agencies--for example, the FBI, the Bureau of 
Immigration and Customs Enforcement, the Drug Enforcement 
Administration, the Criminal Investigation Division of the 
Internal Revenue Service--investigate potential BSA violations 
in the course of their activities. State bank regulators have 
their own oversight authority that extends to the Bank Secrecy 
Act in the case of State-chartered institutions. Different 
regulators may--in fact, likely will--regulate different parts 
of increasingly integrated bank holding companies. Treasury, 
through FinCEN, will become involved in compliance penalties 
only in a limited number of situations in which cases are 
referred to it under procedures that, according to testimony we 
will be receiving today, are more than a decade old.
    I am also concerned about the nature of the bank 
examination procedures themselves in this area. Today's 
testimony will indicate that the bank examiners review 
procedures and systems in their money laundering compliance 
examinations. They rarely test transactions to see if the 
procedures or systems are working. It is a little bit like 
going into a room and seeing that the furniture is all in place 
but not placing any weight on the furniture to see whether it 
will sustain the stress. It could all be hollow.
    I am also concerned about reports that compliance 
examiners, generally at the OCC, FDIC, and OTS, have been made 
subordinate to safety and soundness examiners. This would 
affect not only the Bank Secrecy Act, but also other critical 
compliance areas, including, of course, consumer protection.
    The unfortunate lesson of the Riggs case seems to be that, 
despite the attention paid to improving the statutory tools 
given to the Treasury and to law enforcement in the legislation 
enacted after September 11--this Committee brought forth a 
title on money laundering which was included in that 
legislation, and, of course, prior legislation--the Bank 
Secrecy Act is not really ``administered'' at all in any 
coordinated way. Again, no one seems to be responsible for 
putting the statute into effect.
    I hope that today's hearing can force accelerated 
discussion of these issues and place them at the top of the 
anti-money laundering and counterterrorism financing agenda.
    I also want to get a better sense from our witnesses of how 
uniformly they are enforcing the BSA and the anti-money 
laundering laws. It is my understanding that last week, 
Comptroller Hawke sent a memorandum to the OCC's bank examiners 
reminding them of their responsibilities in this area, and I 
look forward to hearing what our other financial regulators are 
doing in this regard and how seriously they take this issue.
    A number of far-reaching proposals are now being made, and 
the Committee may well have to address them. And, of course, 
these would involve how authorities are allocated. One proposal 
is to create a separate Bank Secrecy Act audit and enforcement 
force at the Treasury. Another would be to create a joint BSA 
audit authority under the supervision of the banking regulators 
staffed by experienced examiners whose career ladders call for 
rotation into the unit for several years and who audit 
institutions other than those supervised by their home 
agencies. Another possibility is retaining the present system, 
but requiring FinCEN, so long as it is administrator of the 
BSA, to receive the portion of each examination report dealing 
with Bank Secrecy Act matters, and to participate in the 
determination of action to take in response to deficiencies.
    Another possibility, moving across the range of things, 
would be to delegate full BSA penalty and administrative 
authority to the bank regulators together with mandated 
reporting to Treasury. Another would be to mandate transaction 
testing and other upgraded examination procedures for BSA 
examination.
    I think it is very clear that the current system is not 
working the way it should be working. The Fed imposed a $100 
million on UBS AG for conducting illegal currency transactions 
with four countries. Our colleague, Representative Sue Kelly, 
on the House side, the Chairman of the House Financial Services 
Oversight Committee, called this sanction ``a mere slap on the 
wrist.'' There is very deep concern, obviously, here in the 
Congress about the effectiveness of our fight against terrorist 
financing. Our concern also involves organized crime, drug 
cartels, and so forth. And there is not a sense that the 
agencies are fully reporting for duty with respect to this 
important issue.
    Mr. Chairman, I look forward to hearing the testimony.
    Chairman Shelby. Thank you, Senator Sarbanes.
    Senator Reed.

                 STATEMENT OF SENATOR JACK REED

    Senator Reed. Mr. Chairman, I simply want to associate 
myself with Senator Sarbanes' comments and remarks, and I look 
forward to hearing the testimony of the witnesses.
    Thank you, Mr. Chairman.
    Chairman Shelby. Senator Allard, do you have an opening 
statement?

               STATEMENT OF SENATOR WAYNE ALLARD

    Senator Allard. I do, Mr. Chairman, have an opening 
statement. I will just submit it for the record.
    Chairman Shelby. Without objection, it is so ordered.
    Senator Allard. I would like to thank the panel for taking 
the time to testify before the Committee and you for holding 
the hearing.
    Chairman Shelby. Thank you.
    All of your written testimony will be made part of the 
hearing record. We will start with you, Governor Bies.

              STATEMENT OF SUSAN S. BIES, MEMBER,

        BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM

    Ms. Bies. Thank you, Mr. Chairman and Senator Sarbanes. I 
want to thank you for the opportunity to appear before this 
Committee to discuss the Federal Reserve's participation in 
efforts to combat money laundering and terrorist financing.
    In my remarks today, I will describe for you some of the 
important steps we are taking to fulfill our supervisory 
mission, to guide the institutions we supervise, and, in 
cooperation with the other banking and financial services 
regulators and the Treasury Department, to make every effort to 
use our supervisory tools to enhance the banking industry's 
role in preventing and detecting money laundering and terrorist 
financing activity. The Federal Reserve's anti-money laundering 
program is multifaceted. It involves work in the bank 
supervision area, the applications area, enforcement, 
investigations, training, and coordination with law enforcement 
and intelligence communities, as well as rule writing. This 
morning, I will touch on some of these aspects of the Federal 
Reserve's anti-money laundering program, but will concentrate 
on bank supervision efforts and enforcement matters.
    The Federal Reserve has long shared Congress' view that 
financial institutions and their employees are on the front 
lines of the efforts to combat illicit financial activity. The 
Federal Reserve believes that the banking organizations it 
supervises must take every reasonable step to identify, 
minimize, and manage any risks that illicit financial activity 
may pose to individual financial institutions and the banking 
industry.
    It has been our longstanding policy that Federal Reserve 
supervisors incorporate a Bank Secrecy Act compliance and anti-
money laundering program component into every safety and 
soundness examination conducted by a Federal Reserve Bank. This 
means that on a regular examination cycle, examiners evaluate 
whether a banking organization's Bank Secrecy Act and anti-
money laundering compliance program is satisfactory and are 
commensurate with the organization's business activities and 
risk profiles. Bank Secrecy Act and anti-money laundering 
compliance has, for years, been an integral part of the bank 
supervision process at the Federal Reserve. Furthermore, the 
Federal Reserve's enforcement 
program has a strong history of addressing both anti-money 
laundering and safety and soundness problems in formal actions 
when it becomes necessary.
    There is an important correlation between the areas covered 
by a BSA/AML examination and an institution's overall risk 
management and internal controls. Bank examiners take into 
account an organization's enterprise-wide corporate governance 
mechanisms and how they are applied. The Federal Reserve's bank 
examiners are able to apply a broad perspective and depth of 
organizational knowledge to the area of Bank Secrecy Act and 
anti-money laundering compliance and to coordinate with the 
examination and analytical staff to ensure that safety and 
soundness and Bank Secrecy Act and anti-money laundering are 
integrated and comprehensive. The Federal Reserve has found 
that there is an important synergy gained by integrating safety 
and soundness and Bank Secrecy Act/anti-money laundering 
supervisory processes.
    The Federal Reserve focuses significant resources on the 
prevention and early resolution of deficiencies within the 
supervisory framework. In cases where examiners have identified 
a violation of the compliance program requirement, the Federal 
Reserve is bound by law to take formal enforcement action. The 
same law requiring us to promulgate rules requiring a 
compliance program provides that if an institution fails to 
establish and maintain required procedures, we must issue a 
formal action requiring the institution to correct the problem.
    The Federal Reserve takes this responsibility very 
seriously and has issued a number of public actions against 
banking organizations in fulfillment of this statutory mandate. 
Over the last 3 years, for example, the Federal Reserve has 
taken approximately 25 formal, public enforcement actions 
addressing Bank Secrecy Act and anti-money laundering-related 
matters.
    In addition to taking action itself, the Federal Reserve 
may refer a Bank Secrecy Act-related matter to Treasury's 
FinCEN for consideration of an enforcement action based on 
violations of that law.
    The Federal Reserve staff coordinates enforcement actions 
with other regulators or agencies, including in the area of 
anti-money laundering. If a banking organization's problems 
involve entities supervised by different regulators, resolution 
of enterprise-wide problems may involve multiple enforcement 
actions. For example, the OCC, FinCEN, and the Federal Reserve 
coordinated their recent enforcement actions against Riggs 
Bank, National Association; Riggs National Corporation; and 
Riggs International Banking 
Corporation, the national bank's Edge Act subsidiary. The 
Federal Reserve coordinates its enforcement actions with State 
banking supervisors on a regular basis, and enforcement actions 
involving 
operations of foreign banking organizations may be resolved in 
cooperation with supervisors abroad. In several recent matters, 
there was close coordination also with the U.S. Department of 
Justice.
    The Federal Reserve's Bank Secrecy Act and anti-money 
laundering functions range from supervising and regularly 
examining banking organizations subject to Federal Reserve 
supervision for compliance with the Bank Secrecy Act and 
relevant regulations, to requiring corrective actions for 
detected weaknesses in their Bank Secrecy Act/anti-money 
laundering program, to enhancing money laundering 
investigations by providing expertise to the U.S. law 
enforcement community, to providing training to U.S. law 
enforcement authorities and various foreign central banks and 
government agencies. Over the last 3 years, for example, 
Federal Reserve experts in anti-money laundering-related 
matters have participated in special reviews of funds transfers 
for Federal law enforcement and intelligence authorities, 
taught classes at FBI and Department of Homeland Security 
training academies, held seminars for central bank and foreign 
supervisor authorities in 10 countries, and engaged in 
discussions on anti-money laundering-related matters at 
international fora such as the Basel Cross-border Group and the 
Financial Action Task Force.
    Board and Reserve Bank supervisors seek to provide guidance 
to banking organizations to assist them to fully understand 
applicable regulatory requirements and what is expected by the 
regulators. The Federal Reserve views its supervisory role as 
including initiatives to enhance awareness and understanding by 
banking organizations under Federal Reserve supervision and by 
the industry at large.
    The Federal Reserve makes its Bank Secrecy Act examination 
procedures available to the banking industry and updates those 
procedures by publicly issuing supervision and regulation 
letters. These letters advise Reserve Bank supervisory staff 
and the industry about new examination policies and protocols, 
such as those associated with the USA PATRIOT Act. Federal 
Reserve staff also speaks regularly before the financial 
industry and issues sound practice guidance in conjunction with 
other regulators and Treasury. These initiatives are meant to 
respond to or anticipate questions that arise regarding anti-
money laundering requirements and to help banking 
organizations' compliance efforts.
    The Federal Reserve believes that banking organizations 
should take reasonable and prudent steps to combat illicit 
financial activities, such as money laundering and terrorist 
financing, and to minimize their vulnerability to risks 
associated with such activity. For this reason, the Federal 
Reserve's commitment to ensuring compliance with the Bank 
Secrecy Act continues to be a high supervisory priority. The 
Federal Reserve has an important role in ensuring that criminal 
activity does not pose a systemic threat and, as important, in 
improving the ability of individual banking organizations in 
the United States and abroad to protect themselves from illicit 
activities.
    Thank you.
    Chairman Shelby. Thank you, Governor Bies.
    Mr. Hawke.

                STATEMENT OF JOHN D. HAWKE, JR.

                  COMPTROLLER OF THE CURRENCY

                U.S. DEPARTMENT OF THE CURRENCY

    Comptroller Hawke. Chairman Shelby, Ranking Member 
Sarbanes, and Members of the Committee, I appreciate the 
opportunity to discuss the work of the OCC in combating money 
laundering and enforcing compliance with U.S. laws designed to 
prevent our financial institutions from falling victim to 
criminals and terrorists.
    For the past 30 years, the OCC has placed great importance 
on developing policies and procedures designed to ensure that 
financial institutions have the necessary controls in place and 
provide the requisite notices to law enforcement to make 
certain that they do not become vehicles for money laundering. 
Our examiners are dedicated. Our BSA/anti-money laundering 
examination techniques are highly regarded. We have strived to 
keep our exam techniques current and responsive to new 
developments, and we work cooperatively and successfully with 
law enforcement. For all these reasons, the situation that we 
have confronted with Riggs Bank is deeply troubling, and this 
Committee's keen interest in Riggs is entirely appropriate.
    For this reason, I will rely today on my written testimony 
for a detailed discussion of the components of the OCC's 
extensive BSA and anti-money laundering program and devote my 
oral testimony to the Riggs situation.
    As I reviewed the record of our oversight of Riggs' Bank 
Secrecy Act/anti-money laundering compliance during this 
period, it become clear to me that there was a failure of 
supervision. We should have been more aggressive in our 
insistence on remedial steps at a much earlier time. The types 
of strong formal enforcement action that we ultimately took 
should have been taken earlier. We should have done more 
extensive probing and transaction testing of accounts. Indeed, 
our own BSA exam procedures called for transactional reviews in 
the case of high-risk accounts, yet until recently that was not 
done. We failed to appreciate the risks inherent in Riggs' 
embassy banking business and in certain of the accounts handled 
by the bank, as well as the significance of the deficiencies in 
the bank's systems and controls in relation to those risks.
    This is not a case where the deficiencies in these systems 
and controls at Riggs were not recognized, nor was there an 
absence of OCC supervisory attention to those deficiencies. But 
in failing to promptly recognize the high-risk nature of the 
bank's business in this regard, we did not probe as soon or as 
deeply as we should have. We gave the bank too much time, based 
on its apparent efforts to fix the problems we had repeatedly 
noted, before we 
demanded specific solutions, by specific dates, pursuant to 
formal enforcement actions.
    With this context, allow me to provide a brief review of 
our recent supervision of Riggs. The specific shortcomings in 
Riggs' BSA/AML compliance program were known to us as early as 
1997. In our regular and frequent examinations, we repeatedly 
identified the need for improvement in Riggs' BSA internal 
audit coverage, its information systems, its internal 
monitoring processes, its staff training, and its customer due 
diligence requirements, and we brought those deficiencies to 
the attention of Riggs management. Each time, we found 
management to be apparently cooperative and responsive. And 
because of this attitude, we concluded that Riggs' compliance 
program was either ``satisfactory'' or ``generally adequate,'' 
which led us to continue to rely on various informal 
supervisory remedies in dealing with the Riggs management.
    In the aftermath of the September 11, 2001 tragedies, the 
OCC conducted a series of antiterrorist financing reviews at 
our large and high-risk banks. Riggs was included in those 
targeted exams. The subsequent examination of Riggs ran from 
January to May 2003 and involved extensive cooperation with law 
enforcement agencies. It focused on certain suspicious 
transactions involving the Saudi Embassy relationship and 
culminated in a July 2003 cease-and-desist order, directing 
Riggs to undertake a long list of corrective actions.
    Yet when we returned to the bank in October 2003, the same 
pattern surfaced. While progress had been made toward complying 
with the July C&D order, a new set of problems had become 
evident, this time relating to the bank's relationship with 
Equatorial Guinea. Our reaction this time was fundamentally 
different than before and ultimately led to the assessment of a 
record $25 million civil money penalty against the bank. We 
also continue to evaluate whether additional actions are 
warranted.
    Against this background, there are at least three important 
questions that this Committee might appropriately ask. And I am 
sure there are more. First, why was there a failure of 
supervision in the Riggs case? Second, is our record with 
regard to Riggs symptomatic of shortcomings in our BSA/AML 
supervision of other national banks? And, third, what is the 
OCC doing to assure that there will be no recurrence of 
situations like Riggs?
    To address the first two questions, I have directed our 
Quality Management Division, which reports directly to me and 
is analogous to an internal IG operation, to conduct a 
complete, no-holds-barred, top-to-bottom review of our handling 
of the Riggs situation and to report their findings and 
recommendations back to me in 90 days. I have also directed QMD 
to make a more general assessment of the quality of our BSA/AML 
supervision and to determine whether there are other banks as 
to which our compliance oversight reflects similar 
shortcomings. I will be happy to share the QMD report with this 
Committee when it is completed.
    In order to assure that there is no recurrence of the 
shortcomings evidenced in the Riggs case, I have directed a 
number of other actions, which are described in my written 
testimony, to improve our practices and policies and to develop 
new risk-screening systems and techniques.
    I have also instructed our Committee on Bank Supervision, 
which is comprised of the OCC's senior supervision officials, 
to communicate with all OCC examination staff to raise their 
level of alert for suspicious or high-risk accounts and to 
reemphasize the need for deeper investigation and transaction 
testing where such circumstances exist. This communication re-
emphasizes the critical importance of our BSA/AML compliance 
program and the role that program plays in helping to assure 
that national banks will not be used to facilitate improper 
transactions.
    The Riggs episode reminds us that the Bank Secrecy Act and 
money laundering issues are not only of extreme importance to 
national security but they also have huge reputation 
implications for the banking industry. This heightened 
awareness, coupled with the many technical and other 
improvements in the approach to BSA/AML supervision already 
adopted or contemplated by the OCC and its sister financial 
regulatory agencies, should strengthen the ability of our 
financial system to resist those who would use it for improper 
purposes.
    Notwithstanding the Riggs situation, Mr. Chairman, the OCC 
is committed to doing its part to assure that national banks 
scrupulously perform their responsibilities under the laws 
relating to money laundering. We stand ready to work with 
Congress, with law enforcement, with the other financial 
regulatory agencies, and with the banking industry to continue 
to develop and implement a coordinated and comprehensive 
response to the threat posed to the Nation's financial system 
by money launderers and terrorists.
    Thank you, Mr. Chairman.
    Chairman Shelby. Mr. Powell.

                 STATEMENT OF DONALD E. POWELL

        CHAIRMAN, FEDERAL DEPOSIT INSURANCE CORPORATION

    Chairman Powell. Mr. Chairman, Senator Sarbanes, and 
Members of the Committee, thank you for this opportunity to 
discuss how the FDIC, along with the other bank regulatory 
agencies, addresses our responsibilities under the Bank Secrecy 
Act and related anti-money laundering and antiterrorism laws.
    While my written testimony provides greater detail about 
the FDIC's effort to prevent money laundering and terrorist 
financing, I would like to focus my statement today on how the 
FDIC is seeking to ensure that the American financial system is 
not misused in a way that supports criminal and terrorist 
activities and how bank regulators, law enforcement, and the 
banking industry can work together to address money laundering 
and terrorist financing.
    One of the strongest ways to attack criminal and terrorist 
activities is to focus on their funding sources and their 
attempts to use the financial system to further their goals. 
While legislative and regulatory efforts originally focused on 
criminals laundering large sums of cash, the events of 
September 11 expanded our reach to terrorists who seek to use 
the U.S. banking system to fund their activities.
    The FDIC is responsible for examining State-chartered, 
nonmember banks for compliance with the Bank Secrecy Act and to 
determine the effectiveness of the financial institutions' 
anti-money laundering program. While the vast majority of FDIC-
supervised institutions are diligent in their efforts to 
establish, execute, and administer effective Bank Secrecy Act 
compliance programs, there have been instances where the 
controls and efforts were lacking. In those cases, we have 
implemented a range of corrective measures to ensure banks 
comply with the law.
    In cases where an institution's anti-money laundering 
compliance program has been criticized or in cases where 
previously identified deficiencies have not been corrected, 
including significant violations of law, the FDIC will take 
formal or informal enforcement action. The type of enforcement 
action pursued by the FDIC against an institution is directly 
related to the severity of the offense, management's 
willingness and ability to effectively implement corrective 
action, as well as the extent to which the program has failed 
to identify or deter potential money laundering. In addition, 
the nature of the criticism, the response to prior weaknesses 
or violation notifications, and the overall risk profile of the 
institution are factored into the type of supervisory action, 
as well as any determination to assess civil money penalties.
    The FDIC understands that all institutions are at risk. In 
today's global banking environment, where funds are transferred 
in an instant and communication systems make services available 
nationally, even a lapse at a small financial institution 
outside of a major metropolitan area can have major 
implications on another location across the Nation. The more 
difficult it is for criminals and terrorists to gain entry into 
the American financial system, the more likely it is that they 
will need to rely on less secure and less efficient means of 
financing their activities.
    Since the passage of the USA PATRIOT Act of 2001, the FDIC 
has been involved in a number of activities aimed at supporting 
our efforts to reduce the risk of terrorist financing 
activities. We participated in the rulemaking process of 
relevant parts of the USA PATRIOT Act, and we participated in a 
number of working groups focused on counter-financing of 
terrorism and the USA PATRIOT Act. In conjunction with this, 
and in part to address some recommendations identified in a 
recent inspector general report, the FDIC has undertaken or 
established a number of initiatives to enhance our enforcement 
of the Bank Secrecy Act.
    First, consistent with the increased importance of the BSA, 
the additional workload associated with the USA PATRIOT Act and 
greater emphasis on international efforts to combat terrorism 
financing, we are dedicating more staff to oversight of our 
anti-money laundering and PATRIOT Act efforts. Currently, the 
FDIC has more than 150 Bank Secrecy Act subject matter experts 
nationwide. The FDIC expects to double this number over the 
next 18 months.
    Second, the FDIC is requiring that all examiners complete 
additional formal training on anti-money laundering and PATRIOT 
Act issues by the end of this year. This computer-based 
training also will be offered to all State banking authorities 
and other regulators who wish to provide additional training 
for their staff.
    Third, the FDIC is reviewing all written guidance for 
examiner and industry use to assure that it is current and 
provides clear direction.
    Fourth, beginning this month, in those instances where the 
State banking authority does not conduct Bank Secrecy Act 
exams, the FDIC will send an examiner to conduct an examination 
for BSA and anti-money laundering compliance concurrent with 
the State authority's safety and soundness examination. While 
the FDIC reviews BSA compliance each time it examines a State-
chartered nonmember bank, not all States conduct similar 
examinations. This initiative will ensure that all FDIC-
supervised banks are reviewed for money laundering and 
terrorist financing activity during every examination cycle.
    Fifth, the FDIC has centralized the monitoring process for 
FDIC-supervised banks with serious anti-money laundering 
program deficiencies. This ensures a consistent supervisory 
approach is applied on a national basis. In addition, the FDIC 
recently centralized the process for referring violations to 
FinCEN, which provides consistency in reporting. These 
centralization efforts will enable us to analyze historical 
data internally to identify emerging trends and issues among 
FDIC-supervised banks.
    Sixth, the FDIC will continue its participation in the Bank 
Secrecy Act Advisory Group, which is a public-private 
partnership engaged in the evaluation of strategies to detect 
and prevent money laundering and terrorist financing schemes. 
These initiatives are underway and ongoing.
    There is more we can do. Here are some ideas we are 
exploring within the FDIC and the broader Government to further 
buttress our efforts: Work toward a smarter BSA that 
accomplishes the mission more efficiently through more useful 
and timely filing by banks; Encourage the use of Section 314 
safe harbor language in the law to foster meaningful dialogue 
between institutions about suspicious transactions; Tear down 
the wall between industry and Government and foster better 
dialogues about the broader threats, current criminal and 
terrorist practices, and about the way institutions' BSA 
filings are put to use; Enhance and solidify the perception of 
invulnerability. Any criminal or terrorist should know that if 
he uses the U.S. banking system to transfer value, he will be 
caught.
    In conclusion, the FDIC is fully committed to preventing 
the use of the financial system to support criminal or 
terrorist activities. Only through a strong and comprehensive 
supervisory response and the continued full commitment of the 
industry can we create an environment where terrorists know 
that any attempt to use the American financial system to fund 
their operations poses an unacceptable risk of discovery.
    This concludes my testimony. Thank you.
    Chairman Shelby. Mr. Gilleran.

                 STATEMENT OF JAMES E. GILLERAN

             DIRECTOR, OFFICE OF THRIFT SUPERVISION

                U.S. DEPARTMENT OF THE TREASURY

    Director Gilleran. Chairman Shelby, Senator Sarbanes, 
Members of the Committee, the OTS fully supports the Bank 
Secrecy Act and the U.S. PATRIOT Act, and we are dedicated to 
make sure that our agencies and our licensees completely carry 
out their responsibilities under them.
    In the last 10 months, of our 916 institutions we have 
completed 476 BSA examinations. Of those 476 examinations, we 
found 167 associations with BSA violations. The number of 
violations in those associations in total were 342. All of 
those violations were addressed prior to the completion of our 
examinations and did not lead to any more formal action since 
the institutions completely accepted our findings and made 
changes immediately. We have 7 actions that have come out of 
that effort that have been more formal in nature, have resulted 
in cease-and-desist orders and in civil money penalties. And we 
have 4 or 5 more that are in process.
    To put the number of violations, though, into perspective, 
342, in adding up the number of potential violations that are 
embedded in the OTS and Treasury regulations, they number over 
200 for each institution. So the possibility of the number of 
violations in those approximately 500 examinations was over 
100,000 potential violations. So the regulations are extremely 
detailed and, of course, our examination procedures are 
appropriately detailed but risk-focused.
    We have also participated in trying to conduct educational 
programs for the industry. We have provided additional training 
for our staff. We have greatly expanded the number of examiners 
who are BSA trained. We have halved the interval between BSA 
examinations from 24 to 36 months to 12-month to 18-month 
intervals. We have developed and implemented enhanced scoping 
and examination procedures. We have implemented a new BSA 
tracking and monitoring information system. We have improved 
internal controls governing internal data collection. We have 
bolstered our off-site BSA monitoring programs. We have adopted 
more robust and stringent enforcement policies. We have 
implemented the new BSA quality assurance and audit program. 
And we have improved our internal communications and external 
communications and coordinated closely with other financial 
regulatory agencies, Department of the Treasury, and law 
enforcement.
    I await your questions.
    Chairman Shelby. Thank you.
    Ms. Johnson.

                 STATEMENT OF JOANN M. JOHNSON

         CHAIRMAN, NATIONAL CREDIT UNION ADMINISTRATION

    Ms. Johnson. Chairman Shelby, Senator Sarbanes, and Members 
of the Committee, thank you for the invitation to testify 
before you today on behalf of the National Credit Union 
Administration on the enforcement of the Bank Secrecy Act.
    Congress enacted the BSA to prevent credit unions and other 
financial institutions from being used as intermediaries for 
the transfer or deposit of money derived from criminal 
activity. NCUA is the regulatory authority that monitors 
federally insured credit unions for compliance with the BSA.
    I am pleased to report to the Committee that federally 
insured credit unions have a good record of compliance with the 
requirements of the BSA. Credit unions are also substantially 
in compliance with Sections 314, Information Sharing, and 
Section 326, Customer Identification Program, of the USA 
PATRIOT Act.
    At the end of 2003, NCUA insured 9,399 credit unions. 
Almost 50 percent of federally insured credit unions have 
assets less than $10 million. These credit unions are less 
likely to have transactions that trigger the recordkeeping and 
recording requirements of the BSA. Additionally, approximately 
one-third of Federal credit unions have a single common bond 
sponsor. Officials in smaller credit unions often have a more 
intimate understanding of their members' transactions, which 
facilitates their compliance with the requirements of the BSA. 
Consequently, money laundering has not been a major problem for 
credit unions.
    Nevertheless, much has changed since the terrorist attacks 
of September 11. NCUA recognizes that some federally insured 
credit unions may be targeted by individuals or groups seeking 
to launder money.
    The Federal Credit Union Act requires NCUA to assure BSA 
compliance in federally insured credit unions. Federally 
insured credit unions are required to have BSA compliance 
programs that effectively monitor their daily operations to 
assure compliance with all applicable rules and regulations.
    In fact, the risk-focused examination program used by NCUA 
examiners and State credit union examiners directs that a 
review of compliance with the BSA be completed at every 
examination. All examinations of federally insured credit 
unions completed by a State regulator are reviewed by NCUA 
staff. It should be noted, however, that NCUA does not review 
examinations of privately insured credit unions and does not 
have enforcement authority for BSA compliance in those credit 
unions.
    During the examination of the 7,500 federally insured 
credit unions in 2003, NCUA determined that there were 334 
violations of the BSA. The violations were in 261 credit 
unions, representing 3.5 percent of all credit unions examined. 
The most common violations fell into three categories: 
Inadequate written policy, 63 percent; inadequate customer 
identification program, 8 percent; or 
inadequate currency transaction reporting procedures, 7 
percent.
    Of the 334 violations, credit union officials working with 
an examiner, corrected or agreed to correct 99 percent of the 
violations during the on-site examination.
    In instances when violations at a federally insured credit 
union persist and/or are more severe, NCUA has several options 
to initiate corrective action. They range from a letter from 
the NCUA 
Regional Director to formal administrative action, including 
conservatorship.
    NCUA will use a formal administrative action when necessary 
to correct BSA violations. This has occurred twice in the 
recent past. NCUA placed one institution into conservatorship 
and issued a cease-and-desist order against another.
    NCUA has taken numerous initiatives to address BSA 
compliance in credit unions. These initiatives fall into the 
following 
general categories: Examination program, examiner training, 
compliance examiners, and credit union education.
    In addition to on-site reviews of BSA compliance during 
examinations, NCUA has issued several publications to educate 
federally insured credit unions on BSA and USA PATRIOT Act 
compliance.
    Looking forward, NCUA is committed to maintaining a dynamic 
examination program that will assure federally insured credit 
unions have effective programs in place to minimize the risk of 
money laundering. NCUA will continue to provide guidance to 
federally insured credit unions regarding compliance with the 
BSA.
    Again, thank you, Mr. Chairman, for the opportunity to 
appear before you today on behalf of NCUA to discuss BSA 
compliance in the credit union industry. I am pleased to 
respond to any questions the Committee may have or be a source 
of any additional information you may require.
    Thank you.
    Chairman Shelby. Thank you.
    Mr. Fox.

                  STATEMENT OF WILLIAM J. FOX

         DIRECTOR, FINANCIAL CRIMES ENFORCEMENT NETWORK

                U.S. DEPARTMENT OF THE TREASURY

    Mr. Fox. Thank you, Mr. Chairman, Senator Sarbanes, and 
distinguished Members of the Committee. I appreciate the 
opportunity to appear before you here today to discuss the role 
that the Financial Crimes Enforcement Network can and should 
play in Bank Secrecy Act compliance and enforcement matters. It 
is truly an honor for me to appear with this distinguished 
panel. As I stated the last time I appeared before this 
Committee, we very much appreciate the leadership and 
commitment and oversight of this Committee and its staff on 
these important issues that are the focus of today's hearing. I 
have prepared a statement and have submitted it for the record, 
and I will keep these remarks very brief.
    FinCEN is the delegated administrator of the Bank Secrecy 
Act. Through that delegation, FinCEN is answerable to the 
Secretary of the Treasury for ensuring that the ultimate goals 
of the Act are achieved. While we eagerly accept this 
responsibility, this responsibility is not ours alone. The 
distinguished ladies and gentlemen on this panel with me today 
and the agencies they represent, as well as other agencies such 
as the Securities and Exchange Commission and the Internal 
Revenue Service, have been delegated responsibility to examine 
financial institutions for BSA compliance.
    Indeed, presently implementation of the Bank Secrecy Act's 
regulatory regime involves eight different Federal agencies and 
three SRO's. This unusual structure is both a strength and a 
weakness. The weaknesses are obvious and sometimes clearly 
manifested. To diffuse responsibility across so many 
bureaucracies can cause, and indeed on occasion has caused, 
inconsistency in application, lack of clarity on purpose, and, 
more importantly, a lack of accountability. However, let me 
submit to you that, if managed properly, this structure can 
also be a strength because it builds upon the existing 
expertise and examination functions of the regulators who know 
their industries best. This structure leverages resources where 
resources would otherwise be completely insufficient and 
possibly duplicative, and the current structure exploits the 
knowledge base, experience, and resources of these disparate 
regulators who, again, know their industries best.
    I view it as FinCEN's responsibility to work with my 
colleagues at this table to help manage this structure, to 
build on the strengths our diverse partners bring to the table. 
In other words, administration of the Bank Secrecy Act means 
oversight, it means coordination, and it means ensuring 
consistency of application.
    When I appeared before this Committee in April, I outlined 
a number of challenges I perceived as I came to learn more 
about FinCEN. In my view, of all of those challenges, there are 
no challenges as important to FinCEN as the proper and 
appropriate implementation of the Bank Secrecy Act's regulatory 
regime. Much of our work has been and is devoted to the goal of 
maximizing industry compliance with that regime. We have new 
leadership of our regulatory team at FinCEN. We have also 
developed some short-term priorities for FinCEN in this area 
and on these issues to better understand the industries we 
regulate, assist our regulator partners in the examination 
process, and to further enhance our own capabilities to enforce 
the regulatory regime we have been asked to administer.
    We also have several ideas on how to better manage and 
coordinate the implementation of this regulatory regime on 
which we will engage our regulatory partners. The specifics of 
those priorities and the ideas that we have are set forth in my 
written testimony so I will not recite them here. What I want 
you to know, Mr. Chairman, is that I clearly understand how 
important this set of issues is to the success of our country's 
anti-money laundering and counter-
terrorism finance efforts, dare I say it, to our country's 
security. The implementation of this risk-based system is a 
delicate matter that demands balance, consistency, and clarity.
    For example, the cornerstone of the Bank Secrecy Act, 
suspicious activity reporting, requires financial institutions 
to make judgment calls. If we fail in properly implementing 
this regime, if we get it wrong, the entire system fails. In 
other words, if as regulators we do not keep our focus on the 
implementation of appropriate anti-money laundering programs 
that generate proper reporting, there could be two equally 
unacceptable outcomes. Compliance, for example, is not about 
second-guessing individual judgment calls made by financial 
institutions whether a particular transaction is suspicious. If 
we go down that path, financial institutions as small ``c'' 
conservative institutions will merely file on everything to 
protect themselves from regulatory risk. If, on the other hand, 
we are too lax when it comes to ensuring institutions or 
implementing these programs, proper reporting simply will not 
be generated. Either scenario represents a failure of 
implementation, in my view.
    Mr. Chairman and distinguished Members of this Committee, 
you should know that you have my commitment and the commitment 
of the women and men of FinCEN to do all in our power to ensure 
the appropriate and robust implementation of this critical 
regulatory regime. We appreciate this Committee's continued 
support and focus on these critical issues. Again, I appreciate 
very much the opportunity to be here today, and hopefully our 
presence here will add to this important conversation.
    I will be happy to answer any questions the Committee may 
have.
    Chairman Shelby. Thank you. I thank all of you.
    We have all heard former President Reagan's statement: 
``Trust, but verify.'' What I fear here is that there has been 
a lot of trust and no verification for many years.
    Mr. Hawke, for the record's sake here, would you indicate, 
the first BSA compliance issue at Riggs, when it was noted by 
an OCC examiner? And when was final action taken with respect 
to the particular BSA compliance problems, in other words, the 
gap there, beginning to the end?
    Comptroller Hawke. I have reviewed the record back to 1997, 
Mr. Chairman, and in 1997, we noted certain shortcomings in 
their compliance program.
    Chairman Shelby. What did you do about it?
    Comptroller Hawke. First of all, we graded their program 
``satisfactory,'' which in retrospect was clearly not warranted 
in view of----
    Chairman Shelby. In other words, you did not do anything.
    Comptroller Hawke. No. We told them that they had to make 
certain improvements in their Bank Secrecy Act compliance. They 
went through the motions of making those changes, and as we 
came back----
    Chairman Shelby. Did you go through the motions of checking 
them, too?
    Comptroller Hawke. We did. In subsequent examinations, we 
found that they had not fully complied, and we continued to 
push them to do it.
    Chairman Shelby. What did you do about it when you knew 
they had not complied? Nothing?
    Comptroller Hawke. As I said in my oral statement, Mr. 
Chairman, we did not take swift enough and strong enough 
action.
    Chairman Shelby. Could you just for a minute discuss the 
procedures for routine Bank Secrecy Act examinations? Just give 
us a scenario.
    Comptroller Hawke. We have about 40 full-time Bank Secrecy 
Act compliance examiners and a team of about three specialists 
in the Washington headquarters who set policies. In our large 
banks, Bank Secrecy Act compliance is a regular part of the 
ongoing responsibilities of the resident teams at those large 
banks. In those banks where we do not have full-time resident 
teams, Bank Secrecy Act compliance is part of their regular on-
site examination.
    Chairman Shelby. How many, if you could quantify--and if 
you cannot do it here, do it for the record--violations did you 
pick up at Riggs? There had to be a lot of them.
    Comptroller Hawke. There were plenty of violations at 
Riggs.
    Chairman Shelby. Over many, many years, right?
    Comptroller Hawke. At the beginning of the process, the 
violations were inadequate control systems, inadequate 
training, and the like. As we developed further familiarity 
with that program, it was clear that the violations included 
failure to file suspicious activity reports in situations where 
they were called for.
    Chairman Shelby. Would it be fair to say that the scrutiny 
of the BSA was in name only? In other words, there is not a lot 
of verification, there is not a lot of compliance? Seven years' 
worth of violations and nothing really happened.
    Comptroller Hawke. I am not sure I would characterize it 
quite that way.
    Chairman Shelby. Close to it?
    Comptroller Hawke. I think the problem, Mr. Chairman, was 
not that we were not identifying shortcomings in their 
compliance program. We were. We were insufficiently robust in 
assuring that they were correcting those----
    Chairman Shelby. In other words, you did not do anything 
about it, just plain English.
    Is that right?
    Comptroller Hawke. We did not take swift enough action or 
strong enough action.
    Chairman Shelby. Okay. If we know this has gone on at Riggs 
under your supervision, as you are the Comptroller of the 
Currency, how many other hundreds of thousands, perhaps, of 
exam reports in your files which document serious and 
unaddressed BSA compliance issues at national banks throughout 
the country? Does that concern you?
    Comptroller Hawke. It certainly is an appropriate question. 
I do not have any reason to think that Riggs represents a 
systemic problem. But I have directed----
    Chairman Shelby. But you do not know that.
    Comptroller Hawke. I have directed our Quality Management 
Division to make exactly that kind of inquiry and to report 
back to me on it.
    Chairman Shelby. Mr. Hawke, in addition to the Saudi and 
Equatorial Guinea accounts, Riggs held numerous other foreign 
accounts, including what many characterize as what we would 
call high-risk by FinCEN and OFAC. They include, among others, 
Burma, Cuba, the Sudan, Iraq, Iran, Syria, and Nigeria. If 
Riggs' BSA/AML internal controls were so deficient, which is a 
given, should we be concerned, in other words, should you be 
concerned that many of these other embassy and special interest 
accounts could suffer similar inadequacies and violations?
    Comptroller Hawke. That is certainly a concern, and we have 
been addressing that concern in a number of ways over the last 
year and a half.
    Chairman Shelby. Will you give us a report to the Committee 
on what you have done, especially in these particular ones we 
have raised here?
    Comptroller Hawke. I would be happy to, Mr. Chairman.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Thank you very much, Mr. Chairman.
    Mr. Fox, you are the Administrator of the Bank Secrecy Act. 
Is that correct?
    Mr. Fox. Yes, sir.
    Senator Sarbanes. When did FinCEN learn of the problems at 
Riggs Bank?
    Mr. Fox. I believe the first we learned of the problems at 
Riggs Bank from the Comptroller's office was in June 2003.
    Senator Sarbanes. June 2003?
    Mr. Fox. I believe, yes.
    Senator Sarbanes. Well, now, we just heard in response to 
the questions from Chairman Shelby that the Comptroller's 
office, as I understand Mr. Hawke's answer--and he can correct 
me--had identified shortcomings at Riggs as early as 1997. Is 
that correct?
    And the first you knew as the Administrator of the Bank 
Secrecy Act, that there were such shortcomings, was when in 
2003?
    Mr. Fox. June 2003, Senator. That is what I am told. I was 
not there at FinCEN at the time, but that is what I am told.
    Senator Sarbanes. You are the Administrator of this Act. Do 
you not think there is something amiss when these shortcomings 
are being identified and you are not told about it?
    Mr. Fox. I actually think, sir, that we have a 
responsibility to engage our regulator partners to make sure 
that this communication is occurring on a regular and 
consistent basis.
    Senator Sarbanes. Am I to take it from that answer that to 
your perception the same possibility would exist with respect 
to the other agencies? There is no established reporting 
procedure which lets you, as the Administrator of the Bank 
Secrecy Act, know at a fairly early point that these regulators 
have discovered deficiencies in the workings of their financial 
institutions with respect to the Bank Secrecy Act?
    Mr. Fox. What I have found, Senator, since I have been 
there, is that communication occurs on an ad hoc basis, and I 
believe that that is not a wise course to follow. I believe 
that it should be routinized and we should have better, more 
established, consistent channels of communication if we are 
going to administer the Act effectively and efficiently.
    Senator Sarbanes. Let me ask the panel: When was the last 
time those on the panel, the regulators, including the 
Administrator of the Bank Secrecy Act, from the Treasury, Mr. 
Fox, met together to discuss and review programs and policies 
for coordination of the application of the Bank Secrecy Act?
    Mr. Fox. Sir, we had a meeting. I believe it was as 
recently as last month. It might be the month before. I can get 
you the exact date if you like. We have a group that we call 
affectionately, the SAR owners group, which includes all of the 
bank regulators, the functional regulators, and we met for an 
afternoon at FinCEN, and discussed just a number of issues that 
relate to this.
    Senator Sarbanes. And this included the people at this 
table?
    Mr. Fox. No, sir. It was their staff that handled these 
types of issues for them.
    Senator Sarbanes. Let us take it a level above you and go 
to the Secretary of the Treasury. Are you the administrator by 
delegation from the Secretary of the Treasury?
    Mr. Fox. Yes, sir.
    Senator Sarbanes. When was the last time, Ms. Bies, that 
you and these other top regulators here, and the Secretary of 
the Treasury--although if he sent Mr. Fox, I will accept that 
for the moment--met in order to discuss Bank Secrecy Act 
matters?
    Ms. Bies. Senator, I have not had such a meeting. I am not 
aware whether any of the other governors have. I can follow up 
on that and let you know.
    Senator Sarbanes. Are you the governor that is the point 
person----
    Ms. Bies. I chair the Committee on Supervision Regulation, 
so it would be--I would probably be the one, and I have not had 
such a meeting at that level.
    Senator Sarbanes. Mr. Hawke.
    Comptroller Hawke. I am not aware of any meeting during my 
tenure, Senator Sarbanes, of principals to discuss Bank Secrecy 
Act matters.
    Senator Sarbanes. Mr. Powell.
    Chairman Powell. Two meetings, Senator. First of all, Vice 
Chairman Reich met with Mr. Fox about, I am guessing, 3 to 4 
weeks ago to discuss this particular issue. Then I met with----
    Senator Sarbanes. Four weeks ago?
    Chairman Powell. Three to 4 weeks ago. I met with the 
Secretary of the Treasury within the last 10 days. Among other 
things, we talked about BSA.
    Senator Sarbanes. Now, that was just between you and them 
though. It was not a general meeting of the regulators?
    Chairman Powell. It was not a general meeting.
    Senator Sarbanes. It seems to me that you all might 
presumably learn something from one another in this arena.
    Mr. Gilleran.
    Director Gilleran. FinCEN is involved in all 7 of our 
cease-and-desist orders that have culminated from our 
examinations in the last year, and our people have met with 
FinCEN on several occasions in a formal way. I myself have not 
participated personally.
    Senator Sarbanes. Ms. Johnson.
    Ms. Johnson. I am not aware of a formally organized meeting 
that may have been attended by Former Chairman Dollar and then 
by myself.
    Senator Sarbanes. Is it an outlandish idea to think that a 
coordinated meeting of the regulators and FinCEN with respect 
to the Bank Secrecy Act on some periodic basis would be a good 
idea?
    Chairman Powell. It is a good idea, Senator.
    Comptroller Hawke. I completely agree, Senator. I think 
sharing information and experiences at the principal level 
would be very useful.
    Senator Sarbanes. Mr. Chairman, I have other questions, but 
my time is up, and I will yield.
    Chairman Shelby. We have another round.
    Senator Reed, thank you for your indulgence.
    Senator Reed. Thank you, Mr. Chairman, and thank you for 
your testimony, ladies and gentlemen.
    Mr. Hawke, why were criminal charges not brought in this 
matter with respect to Riggs? Is there a provision to allow 
criminal charges?
    Comptroller Hawke. Senator Reed, Riggs is a matter of 
ongoing investigation, and I think I need to be rather 
circumspect in talking about what may be coming out of the 
ongoing discussions relating to Riggs.
    Senator Reed. Fine. There is a general question you might 
also want to be circumspect. That is, the motivation behind 
these violations, which are rampant over many years. It would 
be one thing if it was just inattention or, lax recordkeeping. 
It would be something else if it was just designed to avoid 
regulation to induce business, and a third category, obviously, 
if there was some malign motive of cooperating with people who 
are criminals or worse. I do not know if you want to comment on 
that?
    Comptroller Hawke. Yes, I would like to comment on that, 
Senator, because Riggs was not an unsophisticated country bank. 
They were a long-established, significant bank in the Nation's 
Capital. As I look back over the record and ponder the same 
kind of question that you have raised, it seems to me that 
there was an inherent tension involved in Riggs' business 
objective, which was essentially to monopolize the embassy 
banking business. They had 95 percent of the embassies in 
Washington, 50 percent of the embassies in London, and they put 
a very high degree of importance on that business. But that was 
a very high-risk business from a Bank Secrecy Act point of 
view. There was an inherent conflict, an inherent tension 
between that business objective and the responsibility for 
robust compliance with the Bank Secrecy Act.
    Senator Reed. Thank you.
    Governor Bies, there is another related case, and that is 
UBS Investment Bank of Switzerland with respect to the extended 
custodial inventory program. A $100 million fine, I presume a 
civil fine?
    Ms. Bies. Yes, it was a civil fine, yes, sir.
    Senator Reed. Is there any contemplation of criminal 
charges?
    Ms. Bies. I think I again need to be circumspect around 
that right now while we continue to get the full information.
    Senator Reed. Let me pose the same question I posed to Mr. 
Hawke. What is your sense of the motivation, given there are a 
range of motives and some of them are, none of them are 
acceptable, but some are more serious and sinister than others.
    Ms. Bies. Again, I do not want to comment on the motives. 
The only thing I will comment is that when you have collusion 
to manage the information that comes to the Federal Reserve, 
there is some kind of intent, and that also the collusion made 
it difficult for us to detect it, and as a result of this we 
are looking; we have already changed procedures, and we are 
going in to test those procedures in the future to try to see 
if there is a way we could have detected this despite the 
collusion.
    Senator Reed. Thank you, Governor Bies.
    Mr. Gilleran, the GAO report, at least my understanding of 
it, suggests that in a survey of 986 thrifts from January 2000 
to October 2002, they discovered BSA violations at 180, which 
seems to be almost 20 percent. That causes you concern?
    Director Gilleran. It certainly does, and we have responded 
to that report, and we are appreciative of their comments in 
this area, and we have adjusted our system accordingly. We have 
improved our information system and that period of time was 
prior to the USA PATRIOT Act, and the focus of course now is 
much greater, but I think that review was a good one for us, 
and we are now presently being reviewed by the GAO also in the 
same area. I think outside reviews are helpful.
    Senator Reed. Thank you. The obvious question that I will 
just pose to the panel, is there any legislative authority that 
you need in addition to the existing statutes to better 
coordinate, better implement, and better enforce? I say that 
because I spend time on the Armed Services Committee also and 
we spend a lot of hours on the war, on terror and threats to 
the Nation. And you might have a more decisive role in 
frustrating attacks against America than many of our uniformed 
officers, if you can control the monies.
    Ms. Johnson.
    Ms. Johnson. Senator, there is one area that NCUA would 
have interest in. The Exam Parity Act of 1998 gave NCUA 
authority to perform examinations of third-party vendors, and 
the Act contained a sunset provision, and that authority 
expired in December 31, 2001. The other regulators do have that 
indefinite examination authority over third-party vendors, and 
that may be helpful.
    Senator Reed. Thank you.
    Comptroller Hawke. Could I just add something, Senator 
Reed?
    Senator Reed. Yes, sir.
    Comptroller Hawke. The legal requirements that we as 
regulators enforce are very far-reaching and very demanding. 
They go essentially, though, to process, to the maintenance of 
control systems, to training, to the maintenance of compliance 
officers, to the filing of currency transaction report, and the 
filing of suspicious activity reports.
    I think those statutes provide a very strong framework for 
the regulators to assure, if they are carrying out their 
responsibilities properly, that the banks, which have the 
primary information about transactions, are doing their job in 
identifying who their customers are, knowing what kinds of 
transactions are going through their accounts, and filing all 
the appropriate reports. It is the job of law enforcement to 
take the output of that process and to determine whether there 
are actual money laundering transactions or terrorist financing 
transactions that are going through the system.
    I think that the statutory framework is strong and adequate 
if we fulfill our responsibilities and the banks fulfill theirs 
in meeting the requirements to have the right kind of controls, 
to have the right kind of systems, and to do the right kind of 
reporting.
    Senator Reed. Thank you.
    Thank you, Mr. Chairman.
    Chairman Shelby. Thank you, Senator Reed.
    Director Gilleran. Just to respond further to Senator Reed, 
in my written statement I have made some recommendations for 
increased communications and better flow of information from 
law enforcement back to the institutions we regulate, because I 
think one of the problems here is the institutions do not know 
to what end a lot of the information that they are providing 
results in, and I think that would help them to better focus on 
a problem if they had more feedback.
    At the same time I would like to see, and I think my fellow 
regulators agree, that we should have a working group set up at 
the Federal Financial Institution Council focusing on Bank 
Secrecy Act, and I would like to have FinCEN be part of that. I 
think that is the appropriate forum under which we can all 
communicate.
    But I think enhanced communication of information is very 
important in this process.
    Senator Reed. Thank you, Mr. Chairman.
    Chairman Shelby. Mr. Hawke, as I understand it from talking 
with you yesterday, if someone withdraws, we will just use $1 
million, at Riggs Bank, $1 million in cash. And the bank files 
a notice of that with you, with the transaction report. Is 
there a second step that has to be done dealing with the Bank 
Secrecy Act? In other words, is it a two-step process? Would 
that be a little suspicious, $1 million?
    Comptroller Hawke. I think a $1 million cash transaction 
would inherently raise----
    Chairman Shelby. Should have set off an alarm somewhere at 
the Comptroller of the Currency if you had known.
    Comptroller Hawke. It should have set off alarms at the 
bank, which is the first place that the transaction would be 
noticed.
    Chairman Shelby. Unless the bank perhaps was maybe not 
filing that second report? Was it incumbent upon them to file 
two reports, one the transaction itself, the withdrawal?
    Comptroller Hawke. There are statutory and regulatory 
standards that define the circumstances for filing suspicious 
activity reports, and it is the bank's obligation in the first 
instance to make sure that they are filing suspicious activity 
reports where there is a suspicious transaction.
    Chairman Shelby. So it is a two-step process, was it not? 
That is what I am getting at.
    Comptroller Hawke. That is right.
    Chairman Shelby. The first one they file, and they did 
file, as I understand?
    Comptroller Hawke. That is right.
    Chairman Shelby. But they did not file the suspicious 
activity report, although in some cases there is $1 million in 
cash withdrawn; is that correct?
    Comptroller Hawke. That is correct.
    Chairman Shelby. Mr. Fox, I know there is an ongoing 
investigation, but it suggests to me maybe there is a 
conspiracy or something going on at Riggs. They file one report 
and do not file the others, you know, something is going on in 
the bank. Does that trigger anything with you?
    Mr. Fox. Senator, I agree that $1 million cash transaction 
generally should set off alarms, and I think it does at most 
institutions if such transactions occur. I really cannot 
comment on what----
    Chairman Shelby. I know, not on an ongoing investigation.
    Mr. Fox. Yes, sir.
    Chairman Shelby. Mr. Hawke, as you fully confident as we 
speak today, after looking back in the Comptroller of the 
Currency's Office, that your examiners fully understand the 
significance of BSA compliance? We know they understand the 
safety and soundness compliance, which is important.
    Comptroller Hawke. Senator, if they do not understand it 
today, we have a very serious problem. I think they do. We have 
emphasized it repeatedly. We are in the process of revising our 
examination handbook for Bank Secrecy Act. I directed our 
Committee on Bank Supervision to send out a very strong message 
to all of our examination personnel to reemphasize the 
importance of Bank Secrecy Act compliance and the need for 
transaction testing and the need to be extremely cautious and 
sensitive about identifying transactions that raise questions.
    Chairman Shelby. Governor Bies, how many cases, if any, has 
the Federal Reserve referred to FinCEN in the past year?
    Ms. Bies. Total number of cases I may have to get back to 
you, sir.
    Chairman Shelby. I heard it was zero, that it was no 
referrals.
    Ms. Bies. No, that is not true. That is not true. We have a 
good working relationship. We have the history of the 25 cases 
I cited. We actually referred cases to FinCEN, and in some 
cases they took formal action.
    Chairman Shelby. Will you furnish that to the Committee?
    Ms. Bies. We will get you a list, yes, sir.
    Chairman Shelby. What criteria is used in determining 
whether to refer a case to FinCEN from let us say the Board of 
Governors of the Fed?
    Ms. Bies. When we go in and do the testing as part of the 
examination procedure, we will look at the facts that we find 
and determine the violations. Sometimes also, I want to 
emphasize that the tests we perform, since they are samples, we 
may not detect the errors, but that is why it is so important 
we work with FinCEN and law enforcement because like in Banco 
Popular, they gave us a heads up on particular customers that 
we could then target for this testing, and were able to work 
with them to prove the case. So the information sharing is 
critical with law enforcement, both Department of Justice as 
well as FinCEN, to make sure we are effective jointly, because 
together we can find more than individually working.
    Chairman Shelby. Mr. Fox, do you recall any referrals from 
the Federal Reserve to FinCEN?
    Mr. Fox. Senator, I would like to get back to you with that 
number, particularly based on the Governor's comments. I just 
would like to get back and make sure we do not leave anything 
incorrect.
    Chairman Shelby. That what you told us before is right?
    Mr. Fox. Yes.
    [Laughter.]
    I want to be right, sir.
    Chairman Shelby. Mr. Fox, has FinCEN ever encountered 
resistance from bank regulators to the kind of communication 
you believe is essential to your mission of law enforcement?
    Mr. Fox. Sir, since I have been an FinCEN, absolutely not. 
In fact, one of the gratifying things that has occurred for me 
since I have been at FinCEN, since December 2003, is the 
willingness of the staff of the regulators to engage in this 
way.
    I think we are working on these issues and working on them 
hard, and I think this is getting better. That is my 
perception. I cannot speak about the past.
    Chairman Shelby. To all you as regulators, since September 
11, 2001, what has changed? Have you become more aware of the 
importance of terrorist financing and so forth? In other words, 
what have you done since September 11, 2001?
    Comptroller Hawke. Mr. Chairman, I think that the awareness 
of not only the regulators, but also everybody in Government 
has been significantly heightened since September 11. There are 
a number of supervisory actions that we have taken in this area 
including horizontal reviews of all of our large bank 
compliance programs, as well as many of the mid-size bank 
compliance programs. As I said before, we have revised our 
examination procedures, and our examination handbook. We are 
creating a database of SAR's. We are redoing a lot of things 
that have commended themselves to us because of the awareness 
that came from September 11.
    Chairman Shelby. Mr. Hawke, is there written guidance for 
examiners on when to refer violations to FinCEN? I would ask 
Mr. Powell and Mr. Gilleran the same question.
    Comptroller Hawke. I believe there are referral guidelines, 
Mr. Chairman, and those guidelines generally provide for 
referral of systematic serious violations to FinCEN.
    Chairman Shelby. Would this be true of the Board of 
Governors?
    Ms. Bies. Yes, sir.
    Chairman Shelby. Mr. Powell, the FDIC?
    Chairman Powell. Yes, sir. May I comment on your earlier 
question?
    Chairman Shelby. Absolutely.
    Chairman Powell. Obviously, I think there is a heightened 
awareness. We have dedicated more personnel. We have adopted 
new policies, and new procedures. Training is intensified. Let 
me make a couple of comments.
    I think policies, controls, oversight, testing, training 
are terribly important. I think it is important, in the line of 
questioning, that we fill in the box and that we make the 
appropriate reference to law enforcement. All those are 
critically important. But I do not think it is as important as 
the culture or the oversight of management. I think until 
management is committed, including the regulatory agencies----
    Chairman Shelby. At the top.
    Chairman Powell. It is a mindset, a proactive commitment. 
The procedures are important, but not like the attitude in our 
culture at the top.
    Chairman Shelby. Governor Bies.
    Ms. Bies. Mr. Chairman, I would like to echo what Mr. 
Powell just said, and to emphasize that at the Federal Reserve, 
one of the things we really focus on in terms of the quality 
assurance around our examination procedures is when we do find 
breaks in controls, that we take it very seriously and go back 
and say, what could we have done better, and improve it.
    For example, after Banco Popular, we went back and made 
significant changes in the way we were reviewing money 
laundering, the Bank Secrecy Act, and have put those changes in 
place.
    For the USA PATRIOT Act for those different parts of it 
where the required rules have been issued, we have already 
drafted new examination procedures. They are out in pilot, 
being actively tested by our examination force now to make sure 
they will be effective and have the intended results. We will 
adjust them if they do not get the results we are expecting. We 
just view this as a continuous process that every one of these 
events reminds us there are new ways that people are finding to 
use the banking system for illicit purposes, and whenever we 
find another way it is done, it is our job to respond promptly 
and make sure that is added to the arsenal of information that 
our examiners have out in the field to deal with this promptly.
    Chairman Shelby. Mr. Fox, how can you be sure that the 
banking regulators are referring violations to you under 
consistent criteria; how do you do that?
    Mr. Fox. Mr. Chairman, I think we have an agreement that 
was signed in 1990, or it may even have been signed before 
FinCEN became a bureau, certainly before it became the 
Administrator of the Act. Sir, that agreement needs to be 
revisited and along with our colleagues at the table here we 
need to come up with some pretty set criteria and guidelines so 
that we are all working from the same page.
    But I think again, sir, I would answer your question 
directly in saying that the best thing that we can do is engage 
these regulators. They are doing, from our perspective, very 
good work out there, and I think it is our responsibility to 
keep, if anything, maybe even be annoying at times, to keep 
reminding them that this is important and that we need to 
communicate and we need to do this in a right way. I think that 
is the best and most effective way to do it under this current 
system.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. Thank you very much, Mr. Chairman.
    I have to say to the panel, I do not perceive a sense of 
urgency in dealing with this matter. I appreciate that the bank 
regulators have had a traditional focus on safety and 
soundness. And I understand that if something went wrong with 
safety and soundness, we would have you in here at the table 
and saying, ``Why did you not meet your mission? Here we have 
had a breakdown in safety and soundness and it is affecting the 
whole financial system.''
    But these compliance questions are important as well. Now, 
some of them involve a lot of consumer protection and I am not 
going to move over into that arena, although that is an arena 
that I think is quite important, and I think there has been a 
tendency on the part of the regulatory agencies not to give it 
appropriate focus and attention and importance. But Bank 
Secrecy Act compliance could well go to some basic question of 
our Nation's security.
    The Army announced today that they are going to keep 
thousands of active duty and reserve soldiers who are nearing 
the end of their volunteer service commitments, they are going 
to keep them in and have them serve an entire tour overseas. So 
it is really being transformed from a voluntary service into 
mandatory service. Now, the Army is under a lot of stress, 
which is resulting in this, but I mean, in a sense, emergency 
measures are being taken all over the place.
    And dealing with money laundering and terrorist financing 
is of critical importance. Now, we did not pay enough attention 
to it before. We had drug cartels, we had crime syndicates 
using money laundering and so forth. Great resistance. The 
Justice Department came to us, when we did the USA PATRIOT Act 
and wanted this title and a lot of the authorities which 
previously they had not been able to obtain. It is clear why.
    Some banking institutions come to us and say that clients 
are moving to off-shore jurisdictions because they have to go 
through these procedures here. Apparently they want to move hot 
money, and they go somewhere else in order to try to do it, 
which of course leads to the question of who is responsible for 
interacting in order to curb what is being done in other 
jurisdictions.
    But we have to devise a way for compliance to have a higher 
status, and I am trying to figure out how that can be done 
while at the same time, you can continue to ensure safety and 
soundness. Let me ask a couple of questions.
    First of all, I take it from the responses we have already 
received that the Treasury Secretary, interacting with the head 
regulators who are here today, could establish periodic 
meetings to consider the application of the Bank Secrecy Act 
and how to enhance its enforcement with respect to all of the 
financial institutions; is that correct? We do not have to pass 
legislation in order for that to happen; is that correct?
    [Witnesses nodded affirmatively.]
    I also gather most people think it is a good idea. I see 
everyone nodding.
    Mr. Fox, would you go back and tell Treasury Secretary Snow 
of this conversation we had here and see if we can get such a 
first meeting underway and then subsequent meetings to follow 
up? I mean, there is a lot of exchange that can take place here 
that I think will enhance the application of the Act. This is 
an important matter--I keep coming back to it--in the fight 
against terrorism.
    Mr. Fox. You have my word, sir, I will do that. I agree 
with you.
    Senator Sarbanes. Yes, okay.
    Now, I want to ask about the subordination of the 
compliance function at the various agencies to the safety and 
soundness examiners. The Fed maintains separate Safety and 
Soundness and Compliance Divisions, and that seems to me to 
give an extra impetus or focus to compliance and enables the 
development of enhanced expertise in that arena. I mean, the 
Safety and Soundness people have plenty to do in and of itself, 
and I think if you put the Compliance people under them, you 
may have a bit of a problem or maybe you will have quite a big 
problem.
    Now, as I understand it, the Compliance examiners at the 
other agencies have now been placed under the Safety and 
Soundness structure; is that correct?
    Director Gilleran. That is not true at the OTS.
    Senator Sarbanes. It is not true at the OTS?
    Director Gilleran. No.
    Senator Sarbanes. You have a separate Compliance Division?
    Director Gilleran. No, we have cross-trained, and therefore 
we see no distinction between Compliance and Safety and 
Soundness. We think that Compliance is part of Safety and 
Soundness. We have cross-trained our people so that they are 
completely able to do the compliance work, as well as safety 
and soundness work. We think that is the proper way to both 
train people and to carry out the examination process.
    Senator Sarbanes. Mr. Powell.
    Chairman Powell. Ours is separate, as you know, Senator. 
But one comment. I want to be sure I do not mislead you. BSA is 
part of the safety and soundness exam at the FDIC, and the 
reason for that is that we believe our BSA people should be 
trained more than in just the compliance effort, understand the 
bank operations, the assets and the liabilities. We found that 
terrorists sometimes get loans and just do not pay them back. 
So the BSA is part of the safety and soundness examination. The 
examiner are uniquely and specially trained. As I mentioned in 
my testimony, we have specialists. We have 150 of them at the 
FDIC that do nothing but the BSA work.
    Senator Sarbanes. Well, with respect to both of you, does 
this response also apply to the other laws in which you have a 
compliance responsibility?
    Chairman Powell. No, sir. We have specialists in compliance 
that are specialists in consumer laws and other related 
compliance laws.
    Senator Sarbanes. Are they under the safety and soundness 
people?
    Chairman Powell. They are under the Division of Supervision 
and Consumer Protection. We have a safety and soundness 
section, and we have a compliance section.
    Senator Sarbanes. And the OCC?
    Comptroller Hawke. I do not think it is accurate, Senator 
Sarbanes, to say that compliance supervision has been 
subordinated to safety and soundness supervision. We have, as 
the other agencies do, specialists in the compliance area, and 
each one of our banks has an examiner in charge. The examiner-
in-charge of each of the 24 largest banks is responsible for 
all aspects of supervision of that bank. He will have Safety 
and Soundness people reporting to him, he will have Compliance 
people, he will have Asset Management people and IT people all 
reporting to him. So, at the top of the pyramid, with respect 
to any one of our large banks, there is a single point of 
accountability who will have responsibility both for safety and 
soundness and compliance.
    One other point, Senator Sarbanes, the nature of the 
responsibilities that we have in the Bank Secrecy Act 
compliance area is procedural and process-oriented, very much 
the same as the nature of the responsibilities we have in the 
safety and soundness area. Our examiners look at the adequacy 
of systems, the adequacy of controls, the adequacy of training. 
It is the same kind of methodology that is brought to bear on 
the safety and soundness side. So there is a great deal of 
similarity between the two disciplines.
    Senator Sarbanes. Well, now, as I understand it, the OCC 
recently realigned its compliance organizational structure; is 
that correct?
    Comptroller Hawke. We did not really realign it. We 
eliminated an intermediate level of management and replaced 
them with compliance experts in that chain of command.
    Senator Sarbanes. Well, now in the directive sent out by 
your Deputy Comptroller for Compliance, where they say you are 
going to ``closely align our Compliance Program with our Safety 
and Soundness Program,'' and then you move the Compliance field 
examiners to report to the ADC's in the field offices. That is 
a change.
    Comptroller Hawke. Right. That is with respect to the 
community banks. With respect to the large banks, as I 
described, it is the examiner-in-charge of the large bank who 
has the consolidated responsibility for all aspects of 
supervision: safety and soundness, compliance----
    Senator Sarbanes. And then let me go on. That same memo 
says, and I am concerned about this, ``Given the changes that 
are occurring in the banking industry, we anticipate that the 
number of field compliance specialists and ADC's at the Band 7 
level will in the future exceed the volume of traditional 
compliance work at that level. Therefore, we are offering 
buyouts to the Compliance examiners and Compliance ADC's who 
occupy Band 7 positions.''
    Now, at a time when the OCC seems to be taking on more 
compliance responsibilities, both Bank Secrecy and Consumer 
Protection, it is not quite clear to me how you can be buying 
out your Compliance examiners, in terms of meeting your 
responsibilities.
    Comptroller Hawke. We are not reducing the number of 
Compliance people that we have in the organization as a whole, 
Senator Sarbanes, and we are trying to promote, as Chairman 
Powell and Director Gilleran indicated, the broadening of the 
expertise of our examiners, generally.
    Senator Sarbanes. Let me ask, do you have----
    Comptroller Hawke. We do not intend to reduce the number of 
Compliance examiners.
    Senator Sarbanes. Then, that has not happened? You are not 
buying out Compliance examiners?
    Comptroller Hawke. No. I am not sure which memo you are 
reading from, Senator.
    Senator Sarbanes. It was a notice sent in March 2004 by Ann 
Jaedicke, Deputy Comptroller for Compliance.
    Comptroller Hawke. We put out a memo in May 2004, 
describing what was going on with respect to compliance, and we 
made very clear in that memo that we do not intend to reduce 
the number of Compliance examiners.
    Senator Sarbanes. Could you furnish us a copy of that memo.
    Comptroller Hawke. Yes, sir. I would be happy to.
    Ms. Bies. Senator Sarbanes, can I respond to the comment? I 
did not have a chance.
    The one thing I would like to point out, in the Federal 
Reserve System, we created, in 1993, at the Board level, a 
group, an officer who was really responsible for all of the BSA 
and anti-money laundering supervision, and we have expanded 
that group as need has occurred over the last few years.
    The reason we have specialists within Supervision and 
Regulation at the Board is to help design the policies and help 
us identify when there are weaknesses that need to be addressed 
out in the field exams. Within the Reserve Banks, which is 
where our examiners reside, is each of the 12 Reserve Banks, 
the examiners are part of the supervisory group within that 
Reserve Bank.
    But these, as we have gone from just money laundering with 
criminal activity to now bank secrecy, where you are involving 
maybe activities that go through legitimate funding sources 
that end up in terrorist hands, it gets more and more difficult 
to identify the sources of funding. And so one of the things we 
are trying to do is to work aggressively with law enforcement 
to help identify back to the banks where there are particular 
cases, whether they need to do follow-up.
    So it is really a team effort. It is identifying policy and 
procedures at the Board level, using that to strengthen the 
activities in the Reserve Banks, and then work in the field by 
the examiners also giving us indications back up to the top 
where the supervisory process needs to change. But it is 
integrated within the overall supervision for the Bank Secrecy 
Act anti-money laundering. It is all within our supervisory 
responsibility of the Division of Banking Supervision and 
Regulation.
    Senator Sarbanes. That is very helpful. Thank you.
    Chairman Shelby. Is there a set number of warnings that a 
financial institution receives, Mr. Hawke? In other words, is 
there a number of years that generally pass between an initial 
warning regarding a BSA compliance and imposition of a penalty?
    Comptroller Hawke. No, not at all, Senator. I think that is 
an issue that has to be decided in each case. Clearly, in the 
Riggs case, we gave them too much latitude over too long a 
period of time.
    Chairman Shelby. Trusted them too much?
    Comptroller Hawke. Well, it is not so much that we trusted 
them too much. We were insufficiently----
    Chairman Shelby. Wait a minute now. Are you saying you did 
not trust them? I thought you told me before, and others have 
said, that a lot of the relationship with a bank is trust.
    Comptroller Hawke. In the Riggs case, it was not a question 
of our trusting the management. We saw things that needed to be 
fixed. We told them that they had to be fixed. Where we were 
guilty of a shortfall in not coming in robustly and soon 
enough.
    Chairman Shelby. There was no follow-through, in other 
words, by the Comptroller of the Currency's Office, basically; 
is that correct?
    Comptroller Hawke. The follow-through was not strong enough 
early enough.
    Chairman Shelby. Well, did it exist at all?
    Comptroller Hawke. We eventually----
    Chairman Shelby. No, I mean from 1997 until recently, did 
it exist?
    Comptroller Hawke. Eventually, it did. In 2003, we issued a 
cease-and-desist order. We waited too long to do that.
    Chairman Shelby. Six years.
    Comptroller Hawke. We should have taken stronger action 
earlier. There is no question about that.
    Chairman Shelby. Chairman Powell, briefly, the Hudson 
United Bank Corporation, one of the most recent BSA-related 
cease-and-desist order involves the Hudson United Bank of New 
Jersey. Would you briefly walk us through the history of this 
case. What was the FDIC's role in determining what measures 
would be taken in responding to information pointing to 
Hudson's failure to comply with the Bank Secrecy Act? What was 
your agency's assessment of Hudson's risk prior to detection of 
its failure to comply with the Bank Secrecy Act?
    Chairman Powell. I am not sure I can answer those, 
specifically, Mr. Chairman, but I can tell you that I have been 
briefed on that particular issue within the last 30 days. I 
think our people were very aggressive in assessing the 
enforcement action against that particular institution, after 
findings that had occurred over the last 12 to 24 months.
    Chairman Shelby. Mr. Fox, in the past here, in the 
Committee, and Senator Sarbanes has been here longer than I 
have, and this is my 18th year, but I can tell you in the past 
we have addressed the issue of regulatory forbearance as it 
related to the solvency of bank safety and soundness.
    We learned the hard way right here, and the regulators 
learned, too, that when regulators let banks that were in 
trouble get by, when those banks later failed, it cost the U.S. 
taxpayers billions and billions of dollars.
    What is your view with respect to the dangers of regulatory 
forbearance in BSA compliance cases?
    Mr. Fox. Oh, it cannot even enter the conversation, Mr. 
Chairman. I believe that the information collected under the 
Bank Secrecy Act is absolutely critical to the security of our 
country.
    Chairman Shelby. That is right.
    Mr. Fox. And I will tell you something that I hope is 
heartening. It has been my perception, since I have been at 
FinCEN, I have not seen any such regulatory forbearance among 
these regulators, but I do not think we could ever be in a 
situation where we would allow something like that to happen.
    Chairman Powell. Senator, I think the bank regulators----
    Chairman Shelby. Chairman Powell.
    Chairman Powell. I am concerned, to some extent. I think 
that bank regulators and the industry we supervise recognize 
this is national security. Safety and soundness is one issue, 
but this is equal or superior to safety and soundness--the 
national security of this country. And I think there is 
heightened oversight on the BSA.
    Chairman Shelby. A high priority.
    Chairman Powell. Absolutely. I think bankers, I would not 
underestimate the seriousness of the BSA enforcement. It is a 
national security issue. It is lives and deaths. The other is 
dollars. And I think, clearly, our resolve is very strong that 
we enforce the Bank Secrecy Act.
    Chairman Shelby. But when there is a 6-year lapse there, 
that is more than troubling.
    Senator Sarbanes, do you have any other comments?
    Senator Sarbanes. I do not think so.
    Chairman Shelby. I want to thank the panel, all of you, for 
your time and your participation. We have a number of questions 
for the record, and we have some Members that are tied up in 
other hearings, and we will keep the record open for that.
    Mr. Fox, all of you, thank you very much.
    Senator Sarbanes. Mr. Chairman, I think, as they depart, we 
should leave them with a message that this is a matter which, I 
presume, the Committee intends to follow very closely, given 
its importance.
    Chairman Shelby. Absolutely. We have no choice in our 
oversight, as we know. This is important, and we are expecting 
Mr. Fox, and we believe that he is going to be working with you 
very, very closely regarding this.
    Mr. Fox. We welcome that oversight, Mr. Chairman, Senator 
Sarbanes. Thank you.
    Chairman Shelby. Thank you very much, all of you.
    Our second panel will be Gaston Gianni, Jr., Inspector 
General, the Federal Deposit Insurance Corporation, and Ms. 
Davi D'Agostino, Director, Financial Markets and Community 
Investments, General Accounting Office.
    I want to welcome the second panel. We appreciate your 
forbearance here today. We had some very important witnesses 
here, as you people know well.
    Mr. Gianni, we will start with you. Your written testimony 
has been made part of the record. And without objection, you 
proceed as you wish.

               STATEMENT OF GASTON L. GIANNI, JR.

                       INSPECTOR GENERAL

             FEDERAL DEPOSIT INSURANCE CORPORATION

    Mr. Gianni. Thank you, Mr. Chairman.
    Mr. Chairman, Senator Sarbanes, and Members of the 
Committee, I am pleased to testify before you today. We 
appreciate and thank the Committee for its interest in gaining 
a greater understanding of how Government is combatting 
terrorist financing and money laundering.
    What I would like to do is just briefly summarize my 
testimony, having it included for the record.
    By way of perspective, the FDIC Chairman's testimony 
indicated that FDIC has conducted almost 11,000 Bank Secrecy 
examinations since 2000. Over the past several years, in line 
with our 
responsibilities under the Inspector General Act, my office has 
conducted three audits that address the FDIC's efforts to 
design and implement a supervisory program to examine 
institutions' compliance with provisions of the Bank Secrecy 
and then more recently the USA PATRIOT Act.
    Overall, these audits identified that the Corporation has 
taken steps to implement a risk-focused approach to 
examinations. However, improvements were needed. I am pleased 
to report to you this morning that the Corporation has 
corrective actions completed or in process to address all of 
our recommendations.
    We issued our first report, the ``Examination Assessment of 
Bank Secrecy Compliance Act,'' in March 2001 and concluded 
that, first, examiners did not adequately document their Bank 
Secrecy examination planning and procedures; second, examiners 
did not consistently document the work they performed in risk-
scoping as 
required by the Corporation; and, last, the examiners were not 
taking full advantage of the information that was available at 
FinCEN.
    We made recommendations to enforce the documentation 
requirements and to make fuller use of the information at 
FinCEN.
    We issued our second report in September 2003, related to 
our review of whether FDIC had developed and implemented 
adequate procedures to examine financial institutions' 
compliance with the USA PATRIOT Act. We focused on Title III of 
the Act, which addressed anti-money laundering measures and 
currency crimes and protection.
    The Division of Supervision and Consumer Protection had 
advised the FDIC-regulated institutions of the new Title III 
requirements in cases where the Department of the Treasury had 
issued final rules implementing Title III provisions, but had 
not established guidance for their examiners. The Corporation 
was either coordinating the issuance of uniform procedures with 
an interagency steering committee or waiting for Treasury to 
issue additional final rules. This delay was of particular 
concern for Title III provisions addressing money laundering 
deterrents and verification of customer identification.
    Again, we recommended that FDIC issue interim guidance and 
procedures and then work closely with their interagency 
counterparts to ensure timely issuance of final guidance.
    Our most recent audit related to Bank Secrecy focused on 
actions taken by FDIC in its supervisory capacity to ensure 
that FDIC-supervised institutions implemented effective 
corrective actions to BSA violations.
    Of the over 5,600 institutions that the FDIC supervised 
during the time period of our audit, which would cover the time 
period of 1997 through the year 2003, approximately 47 percent 
of the institutions had been cited at least one time for a BSA 
violation. Those violations included citations for not 
complying with Treasury requirements, as well as the FDIC's 
policies and procedures as to how a program is supposed to be 
developed.
    In those institutions where violations were cited, 458--
approximately 17 percent--had been cited for repeat Bank 
Secrecy violations. Our audit results raised concerns related 
to four general areas: The extent of regulatory action on 
significant and repeat violations; the consistency of reporting 
of deficiencies and violations; the timing of follow-up and 
corrective actions taken by the institutions; and then handling 
of those referrals to the Department of the Treasury.
    Our audit showed a high rate of significant and repeat 
violations, many of which were not subject to regulatory 
actions. Our sample included 27 institutions with repeat 
violations. Of those 27 institutions, 17--63 percent--were not 
subject to regulatory action for their repeat violations, 
although other supervisory efforts such as follow-up 
correspondence to bank management and visitations may have been 
in progress. Of the 10 institutions that were subject to 
regulatory actions, only one was subject to a cease-and-desist 
order and the other 9 were subject to informal actions.
    Not all Bank Secrecy deficiencies that the Corporation's 
examiners described in their reports were cited as violations 
in the reports and tracked in the FDIC information systems. 
Such deficiencies may receive less attention from bank 
management or in FDIC's follow-up system.
    In many instances, the Corporation followed up or pursued 
regulatory action for certain violations before the next 
examination or received evidence from bank management, FinCEN, 
or others that the violation had been corrected.
    However, for nearly one-third of the 82 reports that we 
reviewed, examiners waited until the next examination to follow 
up on some or all of the Bank Secrecy violations.
    In some cases, more than 1 year, and up to 5 years, passed 
before bank management took corrective action that was 
effective or before the FDIC applied regulatory actions. About 
two-thirds of the violations sampled took longer than 1 year to 
correct.
    FDIC's policy of alternating examinations with State 
regulatory agencies also contributed to this time lag. 
Specifically, 45 of the 72 exam reports that we reviewed from 
State regulatory agencies did not address Bank Secrecy 
compliance. These were the institutions that had violations. We 
reviewed the State reports. They did not cite any specific 
information regarding the Bank Secrecy violations. Therefore, 
the FDIC could not rely on those exams. Consequently, follow-up 
by the FDIC did not occur until the next examination; 
generally, 2 to 3 years after the violations were initially 
filed.
    While many institutions had been cited for BSA violations, 
there were only 34 referrals to the Treasury Department during 
this period. Most of these referrals were made by one FDIC 
regional office. We determined that when a referral to the 
Treasury Department had been made, Treasury had taken action.
    Based on our work and in light of the increased 
Congressional interest in BSA compliance and emphasis on 
national security concerns, we have made recommendations that 
the Corporation reevaluate and update its examination guidance 
to help ensure adequate examiner follow-up and timely 
corrective action by bank management; discuss and update the 
referral policy with the Treasury Department; encourage State 
coverage of Bank Secrecy Act compliance; and develop 
alternative procedures to compensate for the lack of State 
coverage.
    Looking ahead, Mr. Chairman, there are key questions that 
FDIC should consider in conjunction with the Treasury 
Department and the other financial regulators as it looks to 
improve the Bank Secrecy program.
    First, is risk-scoping Bank Secrecy examinations and 
follow-up still the most effective approach to uncovering money 
laundering and terrorism financing?
    Second, are the policies and procedures for reporting 
certain cash transactions and Bank Secrecy violations to the 
Treasury Department, some of which date to the early 1990's, 
currently effective?
    And, last, is the information reported to FinCEN by 
financial institutions and regulators effectively evaluated and 
does it ultimately result in timely preventive actions?
    Mr. Chairman, we appreciate the opportunity to participate 
in these hearings. We are prepared to assist in addressing 
these issues and have additional audits planned in this area.
    I would be pleased to answer any questions that you may 
have.
    Chairman Shelby. Thank you.
    Ms. D'Agostino.

           STATEMENT OF DAVI M. D'AGOSTINO, DIRECTOR

           FINANCIAL MARKETS AND COMMUNITY INVESTMENT

                 U.S. GENERAL ACCOUNTING OFFICE

    Ms. D'Agostino. Thank you, Mr. Chairman, Ranking Member 
Sarbanes, and Members of the Committee.
    I am very pleased to be here today before you and along 
with the FDIC IG on this panel to discuss a number of issues 
concerning Federal regulators' oversight of banks, thrifts and 
credit unions for Bank Secrecy Act or BSA compliance, and our 
ongoing work for this Committee on this matter.
    Several recent cases imposing large civil money penalties 
on depository institutions have increased attention on industry 
compliance with, and Government enforcement of, the BSA. My 
oral 
summary will focus on, one, selected recent enforcement actions 
taken against depository institutions for BSA violations, and 
two, the scope and approach of our ongoing work that we are 
doing for this Committee on BSA examinations, violations 
identified and the various levels of enforcement and penalties 
imposed for them.
    First, in the last few years and as recently as last month, 
the financial regulators, FinCEN and the Courts have taken 
actions against a number of depository institutions for 
significant BSA violations. Recent enforcement actions show 
that various types of depository institutions have had BSA 
violations. These actions also raise the issue of the 
timeliness of the identification of the BSA violations and the 
enforcement actions taken by the regulators. For example, an 
individual who was later convicted of money laundering offenses 
had apparently deposited $21 million in cash at Banco Popular 
de Puerto Rico, between 1995 and 1998. The bank had not 
investigated or reported this activity to FinCEN or to law 
enforcement until 1998, years after the suspicious activity had 
taken place.
    In 1999, the bank's regulator expanded its examination 
scope for BSA compliance based on information it received from 
law enforcement. Its findings then led to Justice, FinCEN, and 
the bank regulator, imposing penalties and entering into a 
deferred prosecution agreement with the bank. These actions 
were all taken for violating the BSA's suspicious activity 
reporting requirement.
    More recently Riggs Bank was assessed a $25 million civil 
money penalty for BSA violations including the failure to 
maintain an effective BSA compliance program and failure to 
monitor and report large transactions involving foreign 
embassies. Although OCC, Riggs' regulator, testified yesterday 
and again today that they had identified the problems early on, 
apparently as early as 1997, and used supervisory measures in 
efforts to get improvement at the bank, these efforts in this 
case proved to have limited effect.
    In 2003, OCC deemed the bank to be systemically deficient 
and the bank entered into a consent order. In 2004, when the 
bank still was not in full compliance, they were assessed the 
penalty.
    In recent years, we have issued a number of reports dealing 
with regulatory oversight of AML activities, anti-money 
laundering activities, of financial institutions, and my 
written statement that has been submitted for the record goes 
into more detail on those. Our statement also highlights some 
of the work done by the IG's, the Inspectors General, on which 
we are relying quite heavily to help us get up the curve to do 
the massive amounts of work that we are doing for you in your 
most recent December request.
    Our current work is actually the most comprehensive review 
we think that we have done at GAO on BSA issues. In that work 
our primary objectives are to determine first, how the five 
regulators' risk-focused examinations assess BSA compliance; 
second, the extent to which the regulators identified BSA and 
AML violations and take supervisory actions; and third, the 
consistency of BSA compliance examination procedures and the 
interpretation of violations across the regulators.
    To answer these questions we plan to review the reliability 
of the data systems that the regulators use to track the 
violations themselves. As FDIC's IG's work has pointed out, 
there are some problems with the systems and what data is 
included and not included by the examiners in the database that 
is used.
    Second, from the samples we plan to pull from all of the 
regulators of BSA compliance examinations over a 4-year period, 
we plan to analyze the work papers, and this will allow us to 
determine the following things: The areas the exams did and did 
not cover, the nature of BSA violations identified, whether or 
not the regulators somehow curtailed their BSA compliance 
exams, and the basis for the decisions to do so. We are also 
going to be tracking the supervisory actions taken to correct 
violations that have been identified, and we will examine the 
ramifications, if any, of Treasury not delegating authority to 
the bank regulators to assess BSA compliance penalties as 
mandated by statute in 1994.
    We are also in the process of putting together a picture of 
the statutory authorities, the players and the layers of types 
of violations and enforcement actions, and the penalties, 
including when they are civil and when they are criminal. I 
hear a lot of confusion at each of these hearings that we are 
monitoring over the spring over what is a deficiency versus 
what is a violation? What is a recordkeeping violation versus a 
program violation? We hope to sort through all of that and 
review when certain kinds of penalties make sense. We are 
working with Justice, the bank regulators and Treasury to try 
to tease that out and make some sense of it as well as wade 
through all of the various legislation and authorities that are 
in place.
    With that said, Mr. Chairman, Ranking Member Sarbanes, I 
will conclude my statement and will answer any questions you 
have of us.
    Chairman Shelby. The General Accounting Office has prepared 
a number of reports on money laundering and terrorist financing 
over the years. Do you believe that there are systemic problems 
that resulted in Riggs case being unaddressed for so many 
years? You heard the testimony earlier. You know the case. A 
lot of years.
    Ms. D'Agostino. Yes. It did seem to go on for quite some 
time. From the pieces that we are putting together from the 
testimonies of the OCC representatives, it appears that OCC was 
trying to ``push on a string'' at Riggs with the bank's 
management, and when you push on a string, you don't get 
resistance and you don't make progress. It seems as if it did 
last a long time.
    Whether or not it is systemic, I do not think that we can 
say today. We hope that our work for the Committee will provide 
some insight into that question.
    Chairman Shelby. Would you say it is lack of due diligence 
then?
    Ms. D'Agostino. OCC was aware and trying to work with the 
bank's management.
    Chairman Shelby. Well, they were trying, but were they----
    Ms. D'Agostino. They were pushing on the string.
    Chairman Shelby. I love your phrase.
    Ms. D'Agostino. Yes. And it is very frustrating.
    Chairman Shelby. You have tried to push one, have you not?
    Ms. D'Agostino. Yes, sir.
    Chairman Shelby. Senator Sarbanes.
    Senator Sarbanes. I want to follow up the Chairman's 
question right there on whether there was a problem with the 
system. In the Banco Popular case which you cited, there 
eventually was a settlement in that case, correct?
    Ms. D'Agostino. There was a deferred prosecution. It was 
one of the early uses by Justice, I think, of this interesting 
tool.
    Senator Sarbanes. But the settlement agreement indicated, 
and I am now quoting from it, ``During the period of 1995 
through 1998, the Federal Reserve, through the Federal Reserve 
Bank of New York, conducted four examinations of Banco Popular. 
These examinations did not contain any criticism of Banco 
Popular's BSA compliance policies or procedures.'' And 
apparently they only noticed it when the Fed got a tip from a 
Federal law enforcement official, and ordered a special 
targeted examination of the bank.
    I ask the Chairman if I could ask that question right now.
    Chairman Shelby. You can.
    Senator Sarbanes. Because it follows up exactly on his 
point. I mean there is something wrong. The system is not 
working right, is it?
    Ms. D'Agostino. It is not working swiftly from the 
appearance of these two cases, and I think the FDIC IG's work 
indicates it can take a long time to go through the supervisory 
process of trying to take informal and formal supervisory 
action, sometimes without much effect.
    Yet at the same time--again--there is much we do not know, 
because we are still doing our work. For example, we do not 
know to what extent informal supervisory actions have been 
effective and timely. So, I think by starting with these cases 
which are very enlightening, we still may be missing the whole 
picture. Some of the things that we can learn by looking at 
more closed cases for the Committee, is how this layering of 
authorities, layering of players, and interaction between bank 
regulators and law enforcement, fits together and works--not 
only where it breaks down but also where it may work well. That 
is what we hope to get at in our systematic review of the 
regulators' data and through sampling exams for the Committee.
    Chairman Shelby. Mr. Gianni, how could the FDIC better use 
its supervisory and enforcement authority, which they have a 
lot there, to address BSA violations? Is BSA violations deemed 
an important mission at the FDIC, and if not, why not?
    Mr. Gianni. I think after today's hearing, I believe it is 
a priority within the Corporation. I think that clearly the 
work of my office would lead me to say that the examiners, the 
evidence would show that the examiners were in fact identifying 
problems. The issue became what happened after the 
identification? How hard did we push to get the problems 
resolved? What was the management support? This morning, 
Chairman Powell said that if you do not have the culture and 
you do not have the tone at the top, if I might use a phrase, 
to say that this is important, you tend to try to go after the 
approach that will have the least impact in disrupting the 
relationship with the institution. So you take the least 
aggressive action first. And if they do not follow through on 
that, then you go up a step. That takes time. Then if they do 
not take action on the second time, you go up to the last or 
cease and desist.
    So it takes time to go through this process of increased 
regulatory action. I think we need to, the Corporation needs to 
reexamine at that.
    Chairman Shelby. Is it troubling to both of you that in the 
Riggs situation, the second report that I talked about later 
was almost always ignored, the BSA, bank suspicious activity 
report? They filed the transaction report, but they did not do 
the other one.
    Ms. D'Agostino. The SAR.
    Chairman Shelby. Is that troubling?
    Ms. D'Agostino. Yes, it is. Although we do know from our 
previous work, that banks spend a lot of time doing their own 
investigation before they put together one of these reports. 
And again, I am not familiar with all of the facts and 
circumstances surrounding, for example, the Saudi account case, 
and whether or not this activity was unusual or suspicious for 
the Saudi account. It could have been routine that they pulled 
and moved millions of dollars in and out every day from their 
accounts. We just do not know enough about it.
    Chairman Shelby. But you are studying it closely.
    Ms. D'Agostino. We are. We are watching it every day. We 
are not going to be able to get all the details until cases are 
closed, and so that makes our job a little more difficult.
    Chairman Shelby. How often are banks, ma'am, examined? In 
other words, have the regulators adhered to their examination 
cycle with respect to the Bank Secrecy Act enforcement?
    Ms. D'Agostino. We have not gotten that far yet in our 
work, but we will include this question in our scope.
    Chairman Shelby. Is that not an important question?
    Ms. D'Agostino. Sure. How often do they go in and look at 
BSA compliance?
    Chairman Shelby. Will you be addressing this in your 
ongoing study at the General Accounting Office?
    Ms. D'Agostino. Sure. That will be one of many factors.
    Chairman Shelby. Mr. Gianni.
    Mr. Gianni. Mr. Chairman, I can report that the 
Corporation, is complying with the statute of ensuring that 
banks are examined at least every 18 months, and in some cases 
every year.
    Chairman Shelby. What about information sharing with regard 
to the Federal Deposit Insurance Corporation? If you just 
briefly tell the Committee the normal process which by FDIC 
information, the way they work the Bank Secrecy Act compliance, 
is shared with the other agencies like Treasury and anybody 
else.
    Mr. Gianni. There are a number of committees and groups 
that address bank secrecy type issues. I do not think there is 
a comprehensive process in place currently to share the 
information as it relates to bank secrecy and to pull all of 
this information together to see whether there are trends, 
anomalies, or issues that need to be addressed.
    I think first of all, all of the information that we 
accumulate within the Corporation is not passed on to FinCEN, 
and so with FinCEN's greater responsibility and the will to 
bring the regulators together, I think it is a good first step 
that the Committee has achieved. The parties can begin to 
better share information to see whether information that is 
housed within the FDIC is similar to information that is housed 
in one of the other regulatory agencies. Again, it is not 
unlike what is going on between the CIA and the FBI now as it 
relates to our intelligence sharing.
    Chairman Shelby. But it is very important in both instances 
to share information.
    Mr. Gianni. I would agree with you, sir, and I think what 
happened, sir, is that when September 11 tragically occurred, 
we had a sea change of priorities within our country, and we 
had the passage of the USA PATRIOT Act, but I believe that the 
risks associated to that, or potential risks associated to that 
were underestimated by the bank regulators. It is now being 
recognized that it is a part of our national defense, and I 
believe that the regulators will have the will and commitment 
to step up and to address these issues in a unified manner.
    Chairman Shelby. Both of you, you at the FDIC as Inspector 
General, and you at the General Accounting Office are 
continuing to work in this area. What are some of the steps you 
are into?
    Ms. D'Agostino. One of our major efforts relates to 
assessing the systems that each regulator has and the separate 
sets of data that are housed in their own IT units. We are 
going to have to go through all of them--luckily FDIC has done 
some work ahead of us on that--and try to get a good fix on 
what kind of data are and are not included. We will design our 
work around the systems and the data available within them, and 
check the reliability of them.
    That is what we are involved in right now. It is basically 
an audit within an audit, to see how reliable the information 
is before we use it to report to you information and analysis. 
That is a big piece of our undertaking for the Committee.
    Again, we are looking at the authorities and the penalties 
and how it all works in practice.
    Chairman Shelby. Thank you.
    Mr. Gianni. Mr. Chairman, I think we are going to work 
closely with the GAO. We do not want to duplicate. We want to 
try to identify how we can complement the GAO in its efforts to 
try to address the request from the Committee.
    There are several areas where I think that we could make a 
contribution. Clearly, I think that this practice of risk 
focusing might be appropriate for the initial go-round, but 
risk focusing for follow-up action may not be the appropriate 
way. So, we need to think a bit more about risk scoping and how 
that applies to bank secrecy.
    Second, I think clearly the agencies are concerned about 
regulatory burden. Having said that, we have to think through 
how we have gone about implementing the various laws and 
regulations, and to see whether there may be a streamlined way 
of still accomplishing the legislative objectives that were set 
out by the Congress, yet, doing it in a much more efficient 
way. The Corporation has a process working with the other 
regulators to look at that.
    The last thing I would like to talk about is--it was raised 
this morning--I think I would like to look at the Hudson case 
to see the similarities that might exist, and just pursue that 
from an intellectual standpoint to see if there are some 
lessons learned that we might be able to help the Corporation 
on.
    Chairman Shelby. You are in a position to do that.
    Mr. Gianni. Yes, I am, sir.
    Chairman Shelby. And I hope you will. To both of you, will 
you hopefully finish your work in this area before the year is 
out? This is just June 1. I know it is a big undertaking, but 
it is an important and timely undertaking. You cannot put a 
calendar day on it.
    Ms. D'Agostino. We have not yet committed to a date to the 
Committee for issuing our final report. We are considering 
whether there might be ways where we could report on an interim 
basis on different pieces of this fairly large request you have 
made of us, so that you do not have to wait so long to receive 
our results.
    Chairman Shelby. Sure. We appreciate that.
    Could you both briefly expand on comments regarding the 
vulnerability of the risk-based approach to the oversight 
process? For example, when you determine what constitutes 
suspicious activity, is that pretty subjective? You have 
criteria to go by, you have to have something that triggers 
something at the regulatory agencies?
    Mr. Gianni. There are certainly guidelines out that have 
been written to help the examiners, but it is judgment. It 
comes down to judgment. When you have judgment being made----
    Chairman Shelby. Critical evaluation of something.
    Mr. Gianni. It is a critical judgment. When you have those 
types of critical judgments being made within a framework, it 
is important to make sure those judgments get reviewed not only 
on an individual basis, but also on a collective basis to see 
if there are areas where we can help refine the guidance, 
further improve the guidance, so stronger and better judgments 
are made in the future.
    Chairman Shelby. Do you believe that the regulatory 
structure we have today, if used diligently, would be 
sufficient in the future, or do we need to look somewhere else?
    Mr. Gianni. I personally think that the bank regulators, 
working together, can accomplish what needs to get 
accomplished.
    Chairman Shelby. Is the Riggs case a wake-up call and some 
of the others, hopefully?
    Mr. Gianni. I believe Riggs is a wake-up call, as well as 
the fact that the Committee has seen fit to have oversight. I 
personally do not underestimate the power of Ccongressional 
oversight.
    Chairman Shelby. Do you have a comment?
    Ms. D'Agostino. I agree with the FDIC IG. I think training 
and keeping up to date on the most current approaches by the 
money launderers and terrorist financiers, and anything that 
law enforcement could help put together to better inform the 
examiners would be useful too. But I am not sure that structure 
is the only issue. I do think that the leadership, the 
oversight, and that tone at the top, as Mr. Gianni pointed out, 
are very important in keeping attention properly focused on 
AML.
    Chairman Shelby. You both have your hands full, but we 
appreciate the job you are doing and the attitude that you 
have, and we will have you back before the Committee.
    Thank you very much for the work and your commitment.
    Ms. D'Agostino. Thank you.
    Mr. Gianni. Thank you, Mr. Chairman.
    Chairman Shelby. The hearing is adjourned.
    [Whereupon, at 12:10 p.m., the hearing was adjourned.]
    [Prepared statements, response to written questions, and 
additional material supplied follows:]

               PREARED STATEMENT OF SENATOR WAYNE ALLARD

    I would like to thank Chairman Shelby for holding this hearing to 
examine the enforcement of the Bank Secrecy Act. Since 1970, the Bank 
Secrecy Act has been an important tool the Government uses to combat 
money laundering and the financing of terrorism. This statute has taken 
on even more significance through the USA PATRIOT Act as the 
international monetary system has been manipulated by terrorists. The 
Act requires all financial institutions to maintain records and file 
reports that are used in criminal, tax, or regulatory investigations 
and proceedings. Seeing that these requirements are met is a daunting 
task, yet critical to the ultimate safety of people around the world.
    The Committee has held three oversight hearings on terror financing 
this year, which I believe have helped initiate significant 
improvements to the existing counterterror finance programs within the 
Treasury Department. I look forward to today's discussion on the 
specific procedures on how suspicious activities and transactions are 
detected, and more particularly, how they are dealt with when they are 
found. That is where there have been problems in recent months and it 
is vital that we determine how to catch money launderers in a timely 
fashion. An effective way to track down terrorists is by tracing their 
financial transactions, and so I look forward to progress made in this 
area.
    I would like to thank our witnesses for coming to testify and look 
forward to hearing how your offices enforce the Bank Secrecy Act.

                               ----------

               PREPARED STATEMENT OF SENATOR JIM BUNNING

    Thank you Mr. Chairman for holding this very important oversight 
hearing and I would like to thank all of our witnesses here today.
     Like many Americans, I was very surprised to hear the reports out 
of Iraq of our soldiers finding large sums of U.S. currency in a 
country that our Nation has imposed sanctions upon. I was even more 
surprised to find out that the cash was traced directly to the New York 
Federal Reserve. I was somewhat relieved to find out the New York Fed 
did nothing wrong in this particular instance, though I am concerned 
some of our allies were skirting our sanctions. However, when the Fed 
investigated the cash in Iraq, they uncovered many serious problems in 
the Extended Custodial Inventory Program. The program, which was set up 
to ensure a supply of currency and recover and replace worn out 
currency, showed some very disturbing abuses. UBS, who ran the program 
in Switzerland, falsified documents and sent currency to countries on 
our sanctions list.
     Equally disturbing were the reports of the Riggs bank scandal. 
Riggs was skirting Bank Secrecy Act procedures, and moving large sums 
of cash without making Suspicious Activity Reports or SAR's. SAR's are 
not something that are that obscure. They were even mentioned on an 
episode of the Sopranos. Surely a banker would know to file them. The 
only conclusion could be that the SAR's were knowingly not filed. The 
OCC has recently fined Riggs $25 million. But I am very concerned why 
the Riggs scandal lasted as long as it did. And I want to make sure 
this type of problem does not happen again.
     There seemed to be a lapse in oversight by the regulators in both 
of these cases. I am glad all of the regulating agencies are 
represented today so we can find out their take on the Bank Secrecy Act 
and the USA PATRIOT Act and if they believe any of their regulated 
institutions are involved in similar practices. I would like to know, 
if the Fed and OCC, without jeopardizing any possible investigations, 
can you tell us if there are any other similar problems out there on 
the horizon in the other institutions you regulate.
     I would also like to know from all of you, what you think of the 
Bank Secrecy Act and the USA PATRIOT Act. Should they be expanded or 
contracted. Where and how can they be improved? Do they need to be 
tweaked or overhauled? We must make sure we are making the best use of 
our resources to ensure we are doing whatever we can to choke off the 
financial lifeblood to terrorists. We can and must do better. Too much 
is at stake.
     Once again, thank you Mr. Chairman for holding this hearing and I 
thank our witnesses for testifying today. Hopefully we can get to the 
bottom of this.

                  PREPARED STATEMENT OF SUSAN S. BIES

        Member, Board of Governors of the Federal Reserve System
                              June 3, 2004

    Mr. Chairman, thank you for the opportunity to appear before the 
Senate Committee on Banking, Housing, and Urban Affairs to discuss the 
Federal Reserve's participation in efforts to combat money laundering 
and terrorist financing. The Federal Reserve and the other Federal 
financial institutions supervisory agencies play a critical role in 
these efforts, and the Federal Reserve is actively engaged in a number 
of initiatives to refine and strengthen examination protocols in this 
area and to effectively deploy resources to prevent, identify, and 
address problems at the banking organizations supervised by the Federal 
Reserve.
    In my remarks today, I will describe for you some of the important 
steps we are taking to fulfill our supervisory mission, to guide the 
institutions we supervise, and, in cooperation with the other banking 
and financial services regulators and the Treasury Department, to make 
every effort to use our supervisory tools to enhance the banking 
industry's role in preventing and detecting money laundering and 
terrorist financing. The Federal Reserve's anti-money laundering 
program is multifaceted. It involves work in bank supervision, 
applications, enforcement, investigations, training, coordination with 
the law enforcement and intelligence communities, and rule writing. 
This morning, I will touch on some of these aspects of the Federal 
Reserve's anti-money laundering program, but will concentrate on bank 
supervision efforts and enforcement matters.
    I would like to begin with a few words about the Federal Reserve's 
supervisory philosophy in this area. The Federal Reserve has long 
shared Congress's view that financial institutions and their employees 
are on the frontline of the effort to combat illicit financial 
activity. The Federal Reserve believes that the banking organizations 
it supervises must take every reasonable step to identify, minimize, 
and manage any risks that illicit financial activity may pose to 
individual financial institutions and the banking industry. 
Accordingly, the Federal Reserve has required the financial 
institutions it supervises to put in place appropriate controls and 
risk management mechanisms, and has also devoted extensive resources to 
issuing guidance on legislative and regulatory requirements and sound 
banking practices, as well as to coordinating supervisory efforts with 
other agencies. In addition, the Federal Reserve uses its enforcement 
authority, where necessary, in the event that serious problems or risks 
cannot be satisfactorily addressed in the supervisory process.
Supervisory Strategy and Procedures for Anti-Money Laundering
and Counter Terrorist Financing
    It has been our longstanding policy that Federal Reserve 
supervisors incorporate a Bank Secrecy Act compliance and anti-money 
laundering program component into every safety and soundness 
examination conducted by a Reserve Bank. This means that on a regular 
examination cycle, examiners seek to determine if a banking 
organization's Bank Secrecy Act (BSA) and anti-money laundering (AML) 
compliance 
programs are satisfactory and are commensurate with the organization's 
business activities and risk profiles. Examinations are conducted at 
the State member banks, bank holding companies, Edge Act corporations, 
and U.S. branches and agencies of foreign banks supervised by the 
Federal Reserve. Every Reserve Bank has BSA/AML specialists and 
coordinators on its staff, and, since the late 1980's, the Board has 
had an anti-money laundering program in its supervision division 
overseen by a senior official. Simply put, Bank Secrecy Act and anti-
money laundering compliance has for years been an integral part of the 
bank supervision process at the Federal Reserve. Furthermore, the 
Federal Reserve's enforcement program has a strong history of 
addressing both anti-money laundering and safety and soundness problems 
in formal actions, where necessary. While the number of actions may 
fluctuate somewhat from year to year, the Federal Reserve's exercise of 
its enforcement authority has been consistently strong and timely.
    The Federal Reserve supervision process includes both on-site 
examinations and off-site surveillance and monitoring. The Federal 
Reserve generally conducts an on-site examination of each bank it 
supervises once every 12 to 18 months, and at each examination staff 
reviews the institution's anti-money laundering procedures and its 
compliance with the Bank Secrecy Act, as amended by the USA PATRIOT Act 
and new Treasury regulations. For large, complex banking organizations, 
the safety and soundness examination process is continuous, and anti-
money laundering and BSA compliance is incorporated into examinations 
conducted throughout the year. The Federal Reserve always includes BSA/
AML examinations in the supervisory strategy for every banking 
organization we supervise.
    A key component of anti-money laundering examinations is the 
institution's compliance with the BSA compliance program requirement. 
The Federal Reserve and the other Federal banking agencies have 
compliance program requirements for institutions they supervise. In 
general, the rules require a bank to establish, maintain, and document 
a program that includes:

 a system of internal controls to ensure ongoing compliance 
    with the BSA,
 independent testing of the bank's compliance with the BSA,
 training of appropriate bank personnel, and
 the designation of an individual responsible for coordinating 
    and monitoring day-to-day compliance with the BSA.

    The Federal Reserve works to ensure that the banking organizations 
we supervise understand the importance of having in place an effective 
anti-money laundering program. When a Reserve Bank conducts a BSA/AML 
examination of a banking organization under its supervision, the four 
components of the program establish the framework for the examination. 
To properly evaluate the effectiveness of a banking organization's 
anti-money laundering program, the Federal Reserve has developed 
comprehensive examination procedures and manuals, and regularly 
provides training for its examiners. The BSA/AML examination procedures 
are currently under revision to reflect newly issued regulations under 
the USA PATRIOT Act.
    The Federal Reserve's BSA examinations are risk-focused. While a 
``core'' BSA examination is required of all banking organizations, 
risk-focused procedures allow examiners to apply the appropriate level 
of scrutiny to higher-risk business lines, where necessary, and 
alleviate burden where high-risk products or customers are not present. 
In other words, a small State member bank with a low-risk customer base 
receives a considerably different and less burdensome BSA/AML 
examination than a large, complex banking organization with 
international operations.

The Examination Process
    During every safety and soundness examination of banking 
organizations under Federal Reserve supervision, bank examiners 
specially trained in BSA requirements review the institution's previous 
and current compliance with the BSA. Examiners first determine whether 
the institution has included BSA/AML procedures in all of its 
operational areas, including retail operations, credit, private 
banking, and trust, and has adequate internal control procedures to 
detect, deter and report money laundering activities, as well as other 
potential financial crimes. As part of such an examination, bank 
examiners also review an institution's fraud detection and prevention 
capabilities, and its policies and procedures for cooperating with law 
enforcement (whether through responding to subpoenas, acting on 
information requests under Section 314 of the USA PATRIOT Act, or 
otherwise).
    Our supervision policy guidance in this area requires that 
examiners also conduct a review of the databases of Suspicious Activity 
Reports (SAR's) and Currency Transaction Reports (CTR's) to determine 
if the banking organization that is about to be examined has filed such 
reports and that they appear complete and timely. Examiners are not 
doing this to count the number of SAR's and CTR's, to compare their 
findings against other institutions, or to base any criticisms solely 
on a numerical count, but rather to make sure, for example, that the 
bank or U.S. branch of a foreign bank understands its obligations in 
this critical area and has taken steps to fulfill its responsibilities 
by filing timely and accurate reports with law enforcement and bank 
regulators.
    The on-site examination begins as a review of the institution's 
written compliance program and documentation of self-testing and 
training, as well as a review of the institution's system for capturing 
and reporting certain transactions pursuant to the Bank Secrecy Act, 
including any suspicious or unusual transactions possibly associated 
with money laundering or other financial crimes. Transaction testing is 
generally conducted to verify these systems.
    In those instances where there are deficiencies in the BSA/AML 
program, including failures to adequately document self-testing or 
training, obvious breakdowns in operating systems, or failures to 
implement adequate internal controls, the Federal Reserve's examination 
procedures require examiners to conduct a more intensified second-stage 
examination that would include the review of source documents and 
expanded transaction testing, among other steps.
    There is an important correlation between the areas covered by a 
BSA/AML examination and an institution's overall risk management and 
internal controls. Thus, bank examiners take into account an 
organization's enterprise-wide corporate governance mechanisms and how 
they are applied. The Federal Reserve's bank examiners are able to 
apply a broad perspective and depth of organizational knowledge to the 
area of BSA/AML and to coordinate with examination and analytic staff 
to ensure that the safety and soundness and BSA/AML examinations are 
integrated and comprehensive. The Federal Reserve has found that there 
is an important synergy gained by integrating the safety and soundness 
and BSA/AML supervisory processes.

Enforcement Actions
    The Federal Reserve focuses significant resources on the prevention 
and early resolution of deficiencies within the supervisory framework. 
When problems are identified at a banking organization, they are 
typically communicated to the management and directors in a written 
report. The management and directors are requested to address 
identified problems voluntarily and to take measures to ensure that the 
problems are corrected and will not recur. Most problems are resolved 
promptly after they are brought to the attention of a banking 
organization's management and directors.
    In some instances, however, examiners identify problems relating to 
anti-money laundering measures that are pervasive, repeated, unresolved 
by management, or otherwise of such serious concern that use of the 
Federal Reserve's enforcement authority is warranted. If the problem 
does not require a formal action, the Reserve Banks have the authority 
to take informal, nonpublic supervisory action, such as requiring the 
adoption of an appropriate resolution by an institution's board of 
directors or the execution of a memorandum of understanding between an 
institution and the Reserve Bank.
    When informal action will not suffice, the Federal Reserve has 
authority to take formal, public enforcement action to compel the 
management and directors of a banking organization to address anti-
money laundering and BSA compliance problems. These actions include 
written agreements, cease-and-desist orders, and civil money penalties, 
and are legally enforceable in court. These actions are not delegated 
to the Reserve Banks, and are undertaken only with the concurrence of 
the Board's General Counsel and the Board's Director of the Division of 
Banking Supervision and Regulation. Because these actions are public, 
they can have a significant impact on a banking organization, 
particularly one that is a public company. In determining whether 
formal action is appropriate, Federal Reserve staff considers all 
relevant factors, including the nature, severity, and duration of the 
problem, the anticipated resources and actions necessary to resolve the 
problem, and the responsiveness of the directors and management.
    In cases where examiners have identified a violation of the 
compliance program requirement, the Federal banking agencies are bound 
by law to take formal enforcement action. The same law requiring the 
banking agencies to promulgate rules requiring the four-part compliance 
program that I discussed earlier provides that if an institution fails 
to establish and maintain the required procedures, or if it has failed 
to correct any previously identified problem with the procedures, then 
the agency must issue a formal action requiring the institution to 
correct the problem. The Federal Reserve takes this responsibility very 
seriously and has issued a number of public actions against banking 
organizations in fulfillment of this statutory mandate. Federal Reserve 
staff exerts every effort to ensure that this statute is implemented 
consistently, and Board staff acts as a central coordinator for the 
examination and enforcement staff at the different Reserve Banks. Over 
the past 3 years, for example, the Federal Reserve has taken 
approximately 25 formal, public enforcement actions addressing BSA/AML-
related matters. Actions have been taken against large banking 
organizations as well as smaller ones--the one constant is that the 
examination process identified regulatory violations in the 
organizations' compliance programs that, under the law, mandated the 
supervisory actions.
    In addition to taking action itself, the Federal Reserve may refer 
a BSA-related matter to Treasury's Financial Crimes Enforcement Network 
(FinCEN) for consideration of an enforcement action based solely on BSA 
violations, rather than a program failure or issues relating to safety 
and soundness. Treasury has delegated to the Federal financial banking 
agencies the authority to examine for BSA compliance those institutions 
they normally examine for safety and soundness; however, Treasury has 
not delegated the authority to take an enforcement action, such as the 
assessment of a fine, for violations of the Bank Secrecy Act.
    Federal Reserve staff coordinates enforcement actions with other 
regulators or agencies, including in the area of anti-money laundering. 
If a banking organization's problems involve entities supervised by 
different regulators, resolution of enterprise-wide problems may 
involve multiple enforcement actions. For example, the Office of the 
Comptroller of the Currency (OCC), FinCEN, and the Federal Reserve 
coordinated their recent enforcement actions against Riggs National 
Corporation; Riggs Bank, N.A.; and Riggs International Banking 
Corporation, the bank's Edge Act subsidiary, to ensure consistency and 
concurrent resolution of open issues. The Federal Reserve coordinates 
enforcement actions with State banking supervisors on a regular basis, 
and enforcement actions involving operations of foreign banking 
organizations may be resolved in cooperation with supervisors abroad. 
In several recent matters, there was close coordination with the U.S. 
Department of Justice as well.

The Applications Process
    Before I describe some more aspects of the Federal Reserve's 
supervisory process, let me touch on a very important component of the 
Federal Reserve's anti-money laundering process--the processing of 
applications and notices filed with the Board. The Federal Reserve has 
had a longstanding practice of considering an applicant's compliance 
with anti-money laundering laws in evaluating various applications, 
including bank mergers and acquisitions of insured depositories by bank 
holding companies as well as applications filed by foreign banks to 
establish U.S. banking offices under the Foreign Bank Supervisory 
Enhancement Act. The USA PATRIOT Act included a provision memorializing 
our practice in the application area and required the Board to take 
into account the effectiveness of an applicant's BSA compliance program 
when it considers applications under various laws.
    Under our longstanding protocols as well as the new law, every 
application matter considered by the Federal Reserve includes a BSA/AML 
compliance-related component whereby staff has to make specific 
judgments regarding an applicant's compliance with the law in this 
important area. While I cannot, of course, comment on specific cases, I 
can report to you that Board staff has on some recent occasions advised 
banking organizations considering expansion or other activities 
requiring the filing of applications with the Federal Reserve to 
concentrate instead on their BSA/AML programs. While not the full 
equivalent of an enforcement action, I am sure that you can appreciate 
the fact that every banking organization that is seeking or planning on 
seeking Federal Reserve approval of an application makes every effort 
possible to ensure that its anti-money laundering program is considered 
to be fully satisfactory by examiners and that any deficiencies that 
may be identified are addressed as expeditiously as possible. The 
applications process gives the Board a strong tool in the BSA/AML area.

Guidance to Banking Organizations
    Turning back to the Federal Reserve's normal supervision process, 
Board and Reserve Bank supervisors seek to provide guidance to banking 
organizations to assist them to fully understand applicable regulatory 
requirements and what is expected by the regulators. While financial 
institutions are, of course, fully responsible for their own 
compliance, the supervisors play an important role in ensuring that 
regulatory requirements are correctly understood and uniformly applied. 
This is particularly true in areas such as compliance with new 
regulations promulgated since the USA PATRIOT Act.
    The Federal Reserve views its supervisory role as including 
initiatives to enhance awareness and understanding by examiners 
throughout the Federal Reserve System, by banking organizations under 
Federal Reserve supervision, and by the financial industry at large. To 
promote a full understanding of anti-money laundering 
requirements, the Federal Reserve issues Supervision and Regulation 
letters, which are used to advise Reserve Bank supervisory staff, 
supervised institutions, and the banking industry about policy matters; 
provides on-going training to examiners; speaks regularly before the 
financial industry; and issues guidance in conjunction with other 
regulators and Treasury. These initiatives are meant to respond to or 
anticipate questions that arise regarding anti-money laundering 
requirements. The Federal Reserve is keenly aware of the resources that 
anti-money laundering and counter-terrorist financing requirements 
demand of financial institutions and believes that it is our duty to 
assist them in meeting their obligations.

Federal Reserve Resource Commitment
    The Federal Reserve's BSA/AML function ranges from supervising and 
regularly examining banking organizations subject to Federal Reserve 
supervision for compliance with the BSA and relevant regulations, to 
requiring corrective action for 
detected weaknesses in BSA/AML programs, to enhancing money laundering 
investigations by providing expertise to the U.S. law enforcement 
community, and to providing training to U.S. law enforcement 
authorities and various foreign central banks and government agencies. 
Over the past 3 years, for example, Federal Reserve experts in BSA/AML-
related matters have participated in special reviews of funds transfers 
for Federal law enforcement and intelligence authorities, taught 
classes at FBI and Department of Homeland Security training academies, 
held seminars for central bank and foreign supervisory authorities in 
over 10 countries, including Botswana, Mexico, Russia, and the United 
Arab Emirates, and engaged in discussions on AML-related matters at 
international fora such as the Basel Cross-border Group and the 
Financial Action Task Force on Money Laundering (FATF).
    Over the course of the past 10 plus years, the Federal Reserve's 
anti-money laundering program has grown dramatically. From a senior 
official at the outset assigned to coordinate the Federal Reserve's BSA 
activities in the late 1980's, to the creation and staffing in early 
2004 of a new section within the Board's Division of Banking 
Supervision and Regulation dedicated solely to anti-money laundering 
efforts (the Anti-Money Laundering Policy and Compliance Section), the 
Federal Reserve continues to commit a growing number of its resources to 
BSA/AML compliance. In 1993, the Federal Reserve System began the practice 
of designating a senior examiner at each of the 12 Reserve Banks to 
serve as a Bank Secrecy Act coordinator for the BSA examiners at that 
Reserve Bank. The number of senior BSA examiners throughout the System 
has grown tremendously, particularly since the enactment of the USA 
PATRIOT Act and the increasing complexity of BSA examinations. The web 
of BSA examiners throughout the Federal Reserve System is brought 
together through a direct communication channel with the Board's AML 
Policy and Compliance Section. This communication is an important tool 
for gathering examination experiences and providing consistent guidance 
throughout the Federal Reserve System.
    By any standard, the Federal Reserve has taken a leadership role in 
the U.S. Government's and international banking and regulatory 
community's anti-money laundering efforts.

Supervisory Coordination
    Due to the complexity of financial institutions today, it is 
imperative that the Federal Reserve coordinate with a long list of 
agencies on issues tied to the Bank Secrecy Act. First, the Federal 
Reserve views the Department of the Treasury and FinCEN as important 
partners due to their leadership role in administering the Bank Secrecy 
Act. In addition, for a number of complex financial institutions, the 
Federal Reserve shares supervisory and regulatory responsibilities with 
the OCC, Federal Deposit Insurance Corporation, and the Office of 
Thrift Supervision at the Federal level, with the banking agencies of 
the various States, and with foreign banking authorities for the 
international operations of U.S. banks and the operations of foreign 
banks in the United States.
    This network of partners requires a high degree of coordination. 
The regulatory authorities communicate constantly regarding BSA-related 
matters. For example, among bank regulators, there are a number of 
electronic systems in place that allow secure access to examination 
information. This allows regulators to monitor the status of 
organizations under their direct or indirect purview. It is also the 
Federal Reserve's practice to notify relevant functional regulators 
when a supervisory action may have impact on an institution subject to 
their supervision.
    In addition, bank regulators collaborate in the development of 
consistent examination procedures and examiner training. The USA 
PATRIOT Act required a surge of rulemaking activity, and the Federal 
Reserve and its regulatory colleagues continue to advise Treasury as it 
completes this important work.

Law Enforcement Coordination
    The Federal Reserve routinely coordinates with Federal and state 
law enforcement agencies with regard to potential criminal matters, 
including anti-money laundering and financial crime activities. This 
coordination may occur when the Federal Reserve takes action to address 
matters that are also addressed in a criminal proceeding, when the 
financial condition of a bank is affected by a criminal matter, or when 
law enforcement draws on Federal Reserve staff expertise in its 
investigative work. The Federal Reserve maintains open channels of 
communication with law enforcement, whether through interagency working 
groups or through informal staff level contacts.

Conclusion
    The Federal Reserve believes that banking organizations should take 
reasonable and prudent steps to combat illicit financial activities 
such as money laundering and terrorist financing, and to minimize their 
vulnerability to risks associated with such activity. For this reason, 
the Federal Reserve's commitment to ensuring compliance with the Bank 
Secrecy Act continues to be a high supervisory priority. The Federal 
Reserve has an important role in ensuring that criminal activity does 
not pose a systemic threat, and, as important, in improving the ability 
of individual banking organizations in the United States and abroad to 
protect themselves from illicit activities.
    Thank you again for inviting me today to explain the Federal 
Reserve's work in this important area.

                PREPARED STATEMENT OF JOHN D. HAWKE, JR.

                      Comptroller of the Currency
                    U.S. Department of the Treasury
                              June 3, 2004

Introduction
    Chairman Shelby, Ranking Member Sarbanes, Members of the Committee, 
I appreciate the opportunity to appear before you today to discuss the 
challenges we at the Office of the Comptroller of the Currency (OCC)--
and other financial institution regulators--face in combating money 
laundering in the U.S. financial system, and how we are meeting those 
challenges. I will also address the enforcement actions in this area we 
have recently taken against Riggs Bank N.A.
    As the regulator of national banks, the OCC has long been committed 
to the fight against money laundering. For more than 30 years, the OCC 
has been responsible for ensuring that the banks under its supervision 
have the necessary controls in place and provide requisite notices to 
law enforcement to assure that those banks are not used as vehicles to 
launder money for drug traffickers or other criminal organizations. The 
tragic events of September 11 have brought into sharper focus the 
related concern of terrorist financing. Together with the other Federal 
banking agencies, the banking industry, and the law enforcement 
community, the OCC shares the Committee's goal of preventing and 
detecting money laundering, terrorist financing, and other criminal 
acts and the misuse of our Nation's financial institutions.
    The cornerstone of the Federal Government's anti-money laundering 
(AML) efforts is the Bank Secrecy Act (BSA). Enacted in 1970, the BSA 
is primarily a recordkeeping and reporting statute that is designed to 
ensure that banks and other financial institutions provide relevant 
information to law enforcement in a timely fashion. The BSA has been 
amended several times, most recently through passage of the USA PATRIOT 
Act in the wake of the September 11 tragedy. Both the Secretary of the 
Treasury, through the Financial Crimes Enforcement Network (FinCEN), 
and the Federal banking agencies, have issued regulations implementing 
the BSA, including regulations requiring all banks to have a BSA 
compliance program, and to file reports such as suspicious activity 
reports (SAR's) and currency transaction reports (CTR's).
    Due to the sheer volume of financial transactions processed through 
the U.S. financial system, primary responsibility for compliance with 
the BSA and the AML statutes rests with the Nation's financial 
institutions themselves. The OCC and the other Federal banking agencies 
are charged with ensuring that the institutions we supervise have 
strong AML programs in place to identify and report suspicious 
transactions to law enforcement, and that such reports are, in fact, 
made. Thus, our supervisory processes seek to ensure that banks have 
systems and controls in place to prevent their involvement in money 
laundering, and that they provide the types of reports to law 
enforcement that the law enforcement agencies, in turn, need in order 
to investigate suspicious transactions that are reported.
    To accomplish our supervisory responsibilities, the OCC conducts 
regular examinations of national banks and Federal branches and 
agencies of foreign banks in the United States. These examinations 
cover all aspects of the institution's operations, including compliance 
with the BSA. Our resources are concentrated on those institutions, and 
areas within institutions, of highest risk. In cases of noncompliance, 
the OCC has broad investigative and enforcement authority to address 
the problem.
    Unlike other financial institutions, which have only recently 
become subject to compliance program and SAR filing requirements, banks 
have been under such 
requirements for years. For example, banks have been required to have a 
BSA compliance program since 1987, and have been required to file SAR's 
(or their predecessors) since the 1970's. Not surprisingly, most banks 
today have strong AML programs in place, and many of the largest 
institutions have programs that are among the best in the world. There are 
now approximately 1.3 million SAR's in the centralized database that is maintained by FinCEN. While the USA PATRIOT Act further augmented the due diligence and reporting requirements for banks in several key areas, one 
of its primary objectives was to impose requirements on nonbanking 
institutions that had long been applicable to banks.
    The OCC's efforts in this area do not exist in a vacuum. We have 
long been active participants in a variety of interagency working 
groups that include representatives of the Treasury Department, law 
enforcement, and the other Federal banking agencies. We also work 
closely with the FBI and other criminal investigative agencies, 
providing them with documents, information, and expertise on a case-
specific basis. In addition, when we are provided with lead information 
from a law enforcement agency, we use that information to investigate 
further to ensure that BSA compliance systems are adequate.
    We continue to work to improve our supervision in this area and we 
are constantly revising and adjusting our procedures to keep pace with 
technological developments and the increasing sophistication of money 
launderers and terrorist financers. For example, along with the other 
Federal banking agencies, the OCC recently developed examination 
procedures to implement several key sections of the USA PATRIOT Act, 
and we expect to be issuing a revised version of our BSA Handbook by 
year end. We have also recently initiated two programs that will 
provide stronger and more complete analytical information to assist our 
examiners in identifying banks that may have high money laundering 
risk. Specifically, we are developing a database of national-bank filed 
SAR's with enhanced search and reporting capabilities, and we also are 
developing and will implement nationwide, a new risk assessment process 
to better identify high-risk banks. Additionally, we are exploring with 
FinCEN and the other banking agencies better ways to use BSA 
information in our examination process to better identify risks and 
vulnerabilities in the banking system.
    Recent events surrounding Riggs Bank N.A. have heightened interest 
in how the banking agencies, and the OCC in particular, conduct 
supervision for BSA/AML compliance. Together with FinCEN, the OCC 
recently assessed a record $25 million civil money penalty (CMP) 
against Riggs Bank N.A. The OCC also imposed a supplemental cease-and-
desist (C&D) order on the bank, requiring the institution to strengthen 
its controls and improve its processes in the BSA/AML area. Along with 
the C&D order we issued against the bank in July 2003, these and other 
actions we have taken have greatly reduced the bank's current risk 
profile.
    However, with the benefit of hindsight, it is clear that the 
supervisory actions that we previously took against the bank were not 
sufficient to achieve satisfactory and timely compliance with the BSA, 
that more probing inquiry should have been made into the bank's high 
risk accounts, and that stronger, more forceful enforcement action 
should have been taken sooner. While we do not believe that Riggs is 
representative of the OCC's supervision in the BSA/AML area, we are 
nonetheless taking a number of steps to guard against a repeat of this 
type of situation. In this regard, I have directed that our Quality 
Management Division commence a review and evaluation of our BSA/AML 
supervision of Riggs and make recommendations to me on several issues 
concerning our approach to and the adequacy of our BSA/AML supervision 
programs generally, and particularly with respect to Riggs.

Background and Legal Framework
    In 1970, Congress passed the ``Currency and Foreign Transactions 
Reporting Act'' otherwise known as the ``Bank Secrecy Act'' (BSA), 
which established requirements for recordkeeping and reporting by 
private individuals, banks, and other financial institutions. The BSA 
was designed to help identify the source, volume, and movement of 
currency and other monetary instruments into or out of the United 
States or being deposited in financial institutions. The statute sought 
to achieve that objective by requiring individuals, banks, and other 
financial institutions to create a paper trail by keeping records and 
filing reports of certain financial transactions and of unusual 
currency transfers. This information then enables law enforcement and 
regulatory agencies to pursue investigations of criminal, tax, and 
regulatory violations.
    The BSA regulations require all financial institutions to submit 
various reports to the Government. The most common of these reports 
are: (1) FinCEN Form 104 (formerly IRS Form 4789)--Currency Transaction 
Report (CTR) for each payment or transfer, by, through or to a 
financial institution, which involves a transaction in currency of more 
than $10,000; and (2) FinCEN Form 105 (formerly Customs Form 4790)--
Report of International Transportation of Currency or Monetary 
Instruments (CMIR) for each person who physically transports monetary 
instruments in an aggregate amount exceeding $10,000 into or out of the 
United States. Bank supervisors are not responsible for investigating 
or prosecuting violations of criminal law that may be indicated by the 
information contained in these reports; they are, however, charged with 
assuring that the requisite reports are filed timely and accurately.
    The Money Laundering Control Act of 1986 precludes the 
circumvention of the BSA requirements by imposing criminal liability 
for a person or institution that knowingly assists in the laundering of 
money, or who structures transactions to avoid reporting. It also 
directed banks to establish and maintain procedures reasonably designed 
to assure and monitor compliance with the reporting and recordkeeping 
requirements of the BSA. As a result, on January 27, 1987, all Federal 
bank regulatory agencies issued essentially similar regulations 
requiring banks to develop procedures for BSA compliance. The OCC's 
regulation requiring that every national bank maintain an effective BSA 
compliance program is set forth at 12 CFR Sec. 21.21 and is described 
in more detail below.
    Together, the BSA and the Money Laundering Control Act charge the 
bank regulatory agencies with:

 overseeing banks' compliance with the regulations described, 
    which direct banks to establish and maintain a BSA compliance 
    program;
 requiring that each examination includes a review of this 
    program and describes any problems detected in the agencies' report 
    of examination; and
 taking C&D actions if the agency determines that the bank has 
    either failed to establish the required procedures or has failed to 
    correct any problem with the procedures which was previously cited 
    by the agency.

    The Annunzio-Wylie Anti-Money Laundering Act, which was enacted in 
1992, strengthened the sanctions for BSA violations and the role of the 
Treasury Department. It contained the following provisions:

 a so-called ``death penalty'' sanction, which authorized the 
    revocation of the charter of a bank convicted of money laundering 
    or of a criminal violation of the BSA;
 an authorization for Treasury to require the filing of 
    suspicious-transaction reports by financial institutions;
 the grant of a ``safe harbor'' against civil liability to 
    persons who report suspicious activity; and
 an authorization for Treasury to issue regulations requiring 
    all financial institutions, as defined in BSA regulations, to 
    maintain ``minimum standards'' of an AML program.

    Two years later, Congress passed the Money Laundering Suppression 
Act, which primarily addressed Treasury's role in combating money 
laundering. This statute:

 directed Treasury to attempt to reduce the number of CTR 
    filings by 30 percent and, to assist in this effort, it established 
    a system of mandatory and discretionary exemptions for banks;
 required Treasury to designate a single agency to receive 
    SAR's;
 required Treasury to delegate CMP powers for BSA violations to 
    the Federal bank regulatory agencies subject to such terms and 
    conditions as Treasury may require;
 required nonbank financial institutions to register with 
    Treasury; and
 created a safe harbor from penalties for banks that use 
    mandatory and discretionary exemptions in accordance with Treasury 
    directives.

    Finally, in 2001, as a result of the September 11 terror attacks, 
Congress passed the USA PATRIOT Act. The USA PATRIOT Act is arguably 
the single most significant AML law that has been enacted since the BSA 
itself. Among other things, the USA PATRIOT Act augmented the existing 
BSA framework by prohibiting banks from engaging in business with 
foreign shell banks, requiring banks to enhance their due diligence 
procedures concerning foreign correspondent and private banking 
accounts, and strengthening their customer identification procedures. 
The USA PATRIOT Act also:

 provides the Secretary of the Treasury with the authority to 
    impose special measures on jurisdictions, institutions, or 
    transactions that are of ``primary money-laundering concern;''
 facilitates records access and requires banks to respond to 
    regulatory requests for information within 120 hours;
 requires regulatory agencies to evaluate an institution's AML 
    record when considering bank mergers, acquisitions, and other 
    applications for business combinations;
 expands the AML program requirements to all financial 
    institutions; and
 increases the civil and criminal penalties for money 
    laundering.

    The OCC and the other Federal banking agencies have issued two 
virtually identical regulations designed to ensure compliance with the 
BSA. The OCC's BSA compliance regulation, 12 CFR Sec. 21.21, requires 
every national bank to have a written program, approved by the board of 
directors, and reflected in the minutes of the bank. The program must 
be reasonably designed to assure and monitor compliance with the BSA 
and must, at a minimum: (1) provide for a system of internal controls 
to assure ongoing compliance; (2) provide for independent testing for 
compliance; (3) designate an individual responsible for coordinating 
and monitoring day-to-day compliance; and (4) provide training for 
appropriate personnel. In addition, the implementing regulation for 
Section 326 of the USA PATRIOT Act requires every bank adopt a customer 
identification program as part of its BSA compliance program.
    The OCC's SAR regulation, 12 CFR Sec. 21.11, requires every 
national bank to file a SAR when they detect certain known or suspected 
violations of Federal law or suspicious transactions related to a money 
laundering activity or a violation of the BSA. This regulation mandates 
a SAR filing for any potential crimes: (1) involving insider abuse 
regardless of the dollar amount; (2) where there is an identifiable 
suspect and the transaction involves $5,000 or more; and (3) where 
there is no identifiable suspect and the transaction involves $25,000 
or more. Additionally, the regulation requires a SAR filing in the case 
of suspicious activity that is indicative of potential money laundering 
or BSA violations and the transaction involves $5,000 or more.

OCC'S BSA/AML Supervision
    The OCC and the other Federal banking agencies are charged with 
ensuring that banks maintain effective AML programs. The OCC's AML 
responsibilities are coextensive with our regulatory mandate of 
ensuring the safety and soundness of the national banking system. Our 
supervisory processes seek to ensure that institutions have compliance 
programs in place that include systems and controls to satisfy 
applicable CTR and SAR filing requirements, as well as other reporting 
and recordkeeping requirements to which banks are subject under the 
BSA.
    The OCC devotes significant resources to BSA/AML supervision. The 
OCC has nearly 1,700 examiners in the field, many of whom are involved 
in both safety and soundness and compliance with applicable laws 
including the BSA. We have over 300 examiners onsite at our largest 
national banks, engaged in continuous supervision of all aspects of 
their operations. In 2003, the equivalent of approximately 40 full time 
employees were dedicated to BSA/AML supervision. The OCC also has three 
full-time BSA/AML compliance specialists in our Washington DC 
headquarters office dedicated to developing policy, training, and 
assisting on complex examinations. In addition, the OCC has a full-time 
fraud expert in Washington DC, who is responsible for tracking the 
activities of offshore shell banks and other vehicles for defrauding 
banks and the public. These resources are supplemented by dozens of 
attorneys in our district offices and Washington DC headquarters office 
who work on compliance matters. In 2003 alone, not including our 
continuous large bank supervision, the OCC conducted approximately 
1,340 BSA examinations of 1,100 institutions and, since 1998, we have 
completed nearly 5,700 BSA examinations of 5,300 institutions.
    The OCC monitors compliance with the BSA and money laundering laws 
through its BSA compliance and money laundering prevention examination 
procedures. The OCC's examination procedures were developed by the OCC, 
in conjunction with the other Federal banking agencies, based on our 
extensive experience in supervising and examining national banks in the 
area of BSA/AML compliance. The procedures are risk-based, focusing our 
examination resources on high-risk banks and high-risk areas within 
banks. During an examination, examiners use the procedures to review 
the bank's policies, systems, and controls. Examiners test the bank's 
systems by reviewing certain individual transactions when they note 
control weaknesses, have concerns about high-risk products or services 
in a bank, or receive information from a law enforcement or other 
external source.
    In 1997, the OCC formed the National Anti-Money Laundering Group 
(NAMLG), an internal task force that serves as the focal point for all 
BSA/AML matters. Through the NAMLG, the OCC has undertaken a number of 
projects designed to improve the agency's supervision of the BSA/AML 
activities of national banks. These projects include the development of 
a program to identify high-risk banks for expanded scope BSA 
examinations and the examination of those banks using agency experts 
and expanded procedures; examiner training; the development of revised 
examination procedures; and issuance of policy guidance on various BSA/
AML topics.
    Over the years, the NAMLG has had many significant accomplishments 
including:

 publishing and updating numerous guidance documents, including 
    the Comptroller's BSA Handbook, extensive examination procedures, 
    numerous OCC advi-sories, bulletins and alerts, and a comprehensive 
    reference guide for bankers and examiners;
 providing expertise to the Treasury Department and the 
    Department of Justice in drafting the annual U.S. National Money 
    Laundering Strategy;
 providing expertise to the Treasury Department, FinCEN and the 
    other Federal banking agencies in drafting the regulations to 
    implement the USA PATRIOT Act; and
 developing state-of-the-art training programs for OCC and 
    other Federal and foreign regulatory authorities in training their 
    examiners in BSA/AML supervision.

    To deploy its resources most effectively, the OCC uses criteria 
developed by NAMLG that targets banks for expanded scope AML 
examinations. Experienced examiners and other OCC experts who 
specialize in BSA compliance, AML, and fraud are assigned to the 
targeted examinations. The examinations focus on areas of identified 
risk and include comprehensive transactional testing procedures. The 
following factors are considered in selecting banks for targeted 
examinations:

 locations in high-intensity drug trafficking areas (HIDTA) or 
    high-intensity money laundering and related financial crime areas 
    (HIFCA);
 excessive currency flows;
 significant international, private banking, fiduciary or other 
    high-risk activities;
 unusual suspicious activity reporting patterns;
 unusual large currency transaction reporting patterns; and
 fund transfers or account relationships with drug source 
    countries or countries with stringent financial secrecy laws.

    The program may focus on a particular area of risk in a given year. 
For example, our 2005 targeting program will focus on banks that have 
significant business activity involving foreign money services 
businesses. In prior years, our targeting focus has been on banks that 
have significant business activity in private banking, offshore 
banking, and lines of business subject to a high risk of terrorist 
financing.
    Other responsibilities of the NAMLG include sharing information 
about money laundering issues with the OCC's District offices; 
analyzing money laundering trends and emerging issues; and promoting 
cooperation and information sharing with national and local AML groups, 
the law enforcement community, bank regulatory agencies, and the 
banking industry.
    NAMLG has also worked with law enforcement agencies and other 
regulatory agencies to develop an interagency examiner training 
curriculum that includes instruction on common money laundering 
schemes. In addition, the OCC has conducted AML training for foreign 
bank supervisors and examiners two to three times per year for the past 
4 years. Over 250 foreign bank supervisors have participated in this 
training program. Recently, the World Bank contracted with the OCC to 
tape our international BSA school for worldwide broadcast. The OCC has 
also partnered with the State Department to provide AML training to 
high-risk jurisdictions, including selected Middle Eastern countries. 
And we consistently provide instructors for the Federal Financial 
Institutions Examination Council schools, which are now patterned after 
the OCC's school. In total, the OCC's AML schools have trained 
approximately 550 OCC examiners over the past 5 years.

OCC's Enforcement Authority
    Effective bank supervision requires clear communications between 
the OCC and the bank's senior management and board of directors. In 
most cases, problems in the BSA/AML area, as well as in other areas, 
are corrected by bringing the problem to the attention of bank 
management and obtaining management's commitment to take corrective 
action. An OCC Report of Examination documents the OCC's findings and 
conclusions with respect to its supervisory review of a bank. Once 
problems or weaknesses are identified and communicated to the bank, the 
bank's senior management and board of directors are expected to 
promptly correct them. The actions that a bank takes, or agrees to 
take, to correct deficiencies documented in its Report are important 
factors in determining whether more forceful action is needed.
    OCC enforcement actions fall into two broad categories: Informal 
and formal. In general, informal actions are used when the identified 
problems are of limited scope and magnitude and bank management is 
regarded as committed and capable of correcting them. Informal actions 
include commitment letters, memoranda of understanding, and matters 
requiring board attention in examination reports. These 
generally are not public actions.
    The OCC also may use a variety of formal enforcement actions to 
support its supervisory objectives. Unlike most informal actions, 
formal enforcement actions are authorized by statute, are generally 
more severe, and are disclosed to the public. Formal actions against a 
bank include C&D orders, formal written agreements and CMPs. C&D orders 
and formal agreements are generally entered into consensually by the 
OCC and the bank and require the bank to take certain actions to 
correct identified deficiencies. The OCC may also take formal action 
against officers, directors and other individuals associated with an 
institution (institution-affiliated parties). Possible actions against 
institution-affiliated parties include removal and prohibition from 
participation in the banking industry, CMP's, and C&D orders.
    In the BSA area, the OCC's CMP authority is concurrent with that of 
FinCEN. In cases involving systemic noncompliance with the BSA, in 
addition to taking our own actions, the OCC refers the matter to 
FinCEN. In the case of Riggs Bank, the OCC and FinCEN worked together 
on the CMP against the bank.
    In recent years, the OCC has taken numerous formal actions against 
national banks to bring them into compliance with the BSA. These 
actions are typically C&D orders and formal agreements. The OCC has 
also taken formal actions against institution-affiliated parties who 
participated in BSA violations. From 1998 to 2003, the OCC has issued a 
total of 78 formal enforcement actions based in whole, or in part, on 
BSA/AML violations. During this same time period, the OCC has also 
taken countless informal enforcement actions to correct compliance 
program deficiencies that did not rise to the level of a violation of 
law.

Significant BSA/AML Enforcement Actions
    The OCC has been involved in a number of cases involving serious 
BSA violations and, in some cases, actual money laundering. Some of the 
more significant cases involved the Bank of China (New York Federal 
Branch), Broadway National Bank, Banco do Estado de Parana (New York 
Federal Branch), and Jefferson National Bank. There are also dozens of 
other examples where the OCC identified significant money laundering or 
BSA non-compliance, took effective action to stop the activity, and 
ensured that accurate and timely referrals were made to law 
enforcement.

Bank of China, New York Federal Branch
    In May 2000, OCC examiners conducting a safety and soundness 
examination discovered serious misconduct on the part of the branch and 
its former officials, including the facilitation of a fraudulent letter 
of credit scheme and other suspicious activity and potential fraud and 
money laundering. The misconduct, which resulted in significant losses 
to the branch, was subsequently referred to law enforcement. In January 
2002, the OCC and the Peoples' Bank of China entered into companion 
actions against the Bank of China and its United States-based Federal 
branches. The bank's New York branch agreed to pay a $10 million 
penalty assessed by the OCC and the parent bank, which is based in 
Beijing, agreed to pay an equivalent amount in local currency to the 
People's Bank of China, for a total of $20 million. The OCC also 
required that the branch execute a C&D order which, among other things, 
required it to establish account opening and monitoring procedures, a 
system for identifying high risk customers, and procedures for regular, 
ongoing review of account activity of high risk customers to monitor 
and report suspicious activity. The OCC also took actions against six 
institution-affiliated parties.

Broadway National Bank, New York, New York
    In March 1998, the OCC received a tip from two separate law 
enforcement agencies that this bank may be involved in money 
laundering. The OCC immediately opened an examination which identified 
a number of accounts at the bank that were either being used to 
structure transactions, or were receiving large amounts of cash with 
wire transfers to countries known as money laundering and drug havens. 
Shortly thereafter, the OCC issued a C&D order which shut down the 
money laundering and required the bank to adopt more stringent 
controls. The OCC also initiated prohibition and CMP cases against bank 
insiders. In referring the matter to law enforcement, we provided 
relevant information including the timing of deposits that enabled law 
enforcement to seize approximately $4 million and arrest a dozen 
individuals involved in this scheme. The subsequent OCC investigation 
resulted in the filing of additional SAR's, the seizure of 
approximately $2.6 million in additional funds, more arrests by law 
enforcement, and a referral by the OCC to FinCEN. In November 2002, the 
bank pled guilty to a three count felony information that charged it 
with failing to maintain an AML program, failing to report 
approximately $123 million in suspicious bulk cash and structured cash 
deposits, and aiding and assisting customers to structure approximately 
$76 million in transactions to avoid the CTR requirements. The bank was 
required to pay a $4 million criminal fine.
Banco do Estado de Parana, Federal Branch, New York, N.Y (Banestado)
    In the summer of 1997, the OCC received information from Brazilian 
Government officials concerning unusual deposits leaving Brazil via 
overnight courier. The OCC immediately dispatched examiners to the 
branch that was receiving the majority of the funds. OCC examiners 
discovered significant and unusually large numbers of monetary 
instruments being shipped via courier into the Federal branch from 
Brazil and other countries in South America, as well as suspicious wire 
transfer activity that suggested the layering of the shipped deposits 
through various accounts with no business justification for the 
transfers. The OCC entered into a C&D order with the Federal branch and 
its head office in Brazil in January 1998 that required controls over 
the courier and wire transfer activities and the filing of SAR's with 
law enforcement. The OCC also hosted several meetings with various law 
enforcement agencies discussing these activities and filed a referral 
with FinCEN. Shortly thereafter, the Brazilian bank liquidated the 
branch. In May 2000, the OCC assessed a CMP against the branch for 
$75,000.

Jefferson National Bank, Watertown, New York
    During the 1993 examination of this bank, the OCC learned from the 
Federal Reserve Bank of New York that the bank was engaging in cash 
transactions that were not commensurate with its size. OCC examiners 
subsequently discovered that several bank customers were depositing 
large amounts of cash that did not appear to be supported by the 
purported underlying business, with the funds being wired offshore. The 
OCC filed four criminal referral forms (predecessor to the SAR) with 
law enforcement pertaining to this cash activity and several additional 
criminal referral forms pertaining to insider abuse and fraud at the 
bank. The OCC also briefed several domestic and Canadian law 
enforcement agencies alerting them to the significant sums of money 
flowing through these accounts at the bank. Based upon this 
information, law enforcement commenced an investigation of these large 
deposits. The investigation resulted in one of the most successful 
money laundering prosecutions in U.S. Government history. The 
significant sums of money flowing through the bank were derived from 
cigarette and liquor smuggling through the Akwesasne Indian Reservation 
in northern New York. The ring smuggled $687 million worth of tobacco 
and alcohol into Canada between 1991 and 1997. The case resulted in 21 
indictments that also sought the recovery of assets totaling $557 
million. It also resulted in the December 1999 guilty plea by a 
subsidiary of R.J. Reynolds tobacco company and the payment of a $15 
million criminal fine. The four criminal referral forms filed by the 
OCC in the early stages of this investigation were directly on point 
and pertained to the ultimate ringleaders in the overall scheme. These 
money laundering cases were in addition to the C&D order entered into 
with the bank, the prohibition and CMP cases that were brought by the 
OCC, and the insider abuse bank fraud cases that were brought by law 
enforcement against some of the bank's officers and directors. Seven 
bank officers and directors were ultimately convicted of crimes.

OCC Cooperation with Law Enforcement and Other Agencies
    As the above cases illustrate, combating money laundering depends 
on the cooperation of law enforcement, the bank regulatory agencies, 
and the banks themselves. The OCC participates in a number of 
interagency working groups aimed at money laundering prevention and 
enforcement, and meets on a regular basis with law enforcement agencies 
to discuss money laundering issues and share information that is 
relevant to money laundering schemes. For example, the OCC is an 
original member of both the National Interagency Bank Fraud Working 
Group and the Bank Secrecy Act Advisory Group. Both of these groups 
include representatives of the Department of Justice, the FBI, the 
Treasury Department, and other law enforcement agencies, as well as the 
Federal banking agencies. Through our interagency contacts, we 
sometimes receive leads as to possible money laundering in banks that 
we supervise. Using these leads, we can target compliance efforts in 
areas where we are most likely to uncover problems. For example, if the 
OCC receives information that a particular account is being used to 
launder money, our examiners would then review transactions in that 
account for suspicious funds movements, and direct the bank to file a 
SAR if suspicious transactions are detected. The OCC also provides 
information, documents, and expertise to law enforcement for use in 
criminal investigations on a case-specific basis.
    The OCC has also played an important role in improving the AML and 
terrorist financing controls in banking throughout the world. For the 
past several years, the OCC has provided examiners to assist with 
numerous U.S. Government-sponsored international AML and terrorist 
financing assessments. We have a cadre of specially trained examiners 
that has provided assistance to the Treasury Department and the State 
Department on these assessments in various parts of the world, 
including South and Central America, the Caribbean, the Pacific-rim 
nations, the Middle East, Russia, and the former Eastern Bloc nations. 
In this regard, the cadre has participated in terrorist financing 
investigations, assessed local money laundering laws and regulatory 
infrastructure, and provided training to bank supervisors.
    The OCC is also providing direct assistance to the Coalition 
Provisional Authority (CPA) of Iraq. Four OCC examiners are currently 
working in Iraq as technical assistance advisers to the CPA's Ministry 
of Finance and helping their counterparts at the Central Bank of Iraq 
develop a risk-based supervisory system tailored to the Iraqi banking 
system. The OCC examiners are assisting in the development of a law 
addressing money laundering and terrorist financing that is close to 
enactment by the CPA, the drafting of new policy and examination 
manuals to implement this law, and they are providing extensive AML 
training to Iraqi bank regulators.
Post-September 11 Activities and the Implementation of the

USA PATRIOT Act
    In the immediate aftermath of the September 11 terror attacks, the 
OCC participated in a series of interagency meetings with bankers 
sponsored by the New York Clearinghouse to discuss the attacks and 
their impact on the U.S. economy and banking system, and provided 
guidance to the industry concerning the various requests from law 
enforcement for account and other information. The OCC was also 
instrumental in working with the other banking agencies to establish an 
electronic e-mail system for law enforcement to request information 
about suspected terrorists and money launderers from every financial 
institution in the country. This FBI Control List system was in place 
five weeks after September 11 and was the precursor to the current 
system established under Section 314(a) of the USA PATRIOT Act, which 
is now administered by FinCEN. At the same time, the OCC established a 
secure emergency communications e-mail system for all national banks 
through the OCC's BankNet technology.
    In October 2001, Congress passed the USA PATRIOT Act. The OCC has 
been heavily involved in the many interagency work groups tasked with 
writing regulations to implement the USA PATRIOT Act over the past few 
years. To date, these work groups have issued final rules implementing 
Sections 313 (foreign shell bank prohibition); 319(b) (foreign 
correspondent bank account records), 314 (information sharing), and 326 
(customer identification). The OCC was also involved in drafting the 
interim final rule implementing Section 312 (foreign private banking 
and correspondent banking).
    The OCC took the lead in developing the current 314(a) process for 
disseminating information between law enforcement and the banks. The 
OCC worked with the interested regulatory and law enforcement agencies, 
and drafted detailed instructions to banks concerning the 314(a) 
process and the extent to which banks are required to conduct record 
and transactions searches on behalf of law enforcement. The OCC also 
took the lead in drafting a frequently asked questions (FAQ's) document 
to provide further guidance as to the types of accounts and 
transactions required to be searched, when manual searches for this 
information would be required, and the timeframes for providing 
responses back to law enforcement. Under the new procedures, 314(a) 
requests from FinCEN are batched and issued every two weeks, unless 
otherwise indicated, and financial institutions have two weeks to 
complete their searches and respond with any matches.
    Throughout this process, the OCC continually assisted FinCEN in 
maintaining an accurate electronic database of 314(a) contacts for 
every national bank and Federal branch, provided effective 
communications to the industry through agency alerts concerning the 
314(a) system, and participated in quarterly interagency meetings with 
fellow regulators and law enforcement agencies to ensure that the 
process was working effectively and efficiently.
    The OCC also took the lead in drafting the interagency Customer 
Identification Program (CIP) regulation mandated by Section 326 of the 
USA PATRIOT Act, which mandates the promulgation of regulations that, 
at a minimum, require financial institutions to implement reasonable 
procedures for: (1) verifying the identity of any person seeking to 
open an account, to the extent reasonable and practicable; (2) 
maintaining records of the information used to verify the person's 
identity, including name, address, and other identifying information; 
and (3) determining whether the person appears on any lists of known or 
suspected terrorists or terrorist organizations provided to the 
financial institution by any government agency. The OCC is also the 
primary drafter of interagency FAQ's concerning the implementation of 
the CIP rules. A second set of interagency FAQ's will be issued 
shortly.
    In order to assess USA PATRIOT Act implementation by the industry, 
in the summer of 2002, the OCC conducted reviews of all of its large 
banks to assess their compliance with the regulations issued under the 
USA PATRIOT Act up to that time, and to evaluate the industry response 
to terrorist financing risk. Although, at that time, many of the USA 
PATRIOT Act regulations had not yet been finalized, we felt it was 
important to ascertain the level of bank compliance with and 
understanding of the new requirements. The purpose of these reviews was 
to discern the types of systems and controls banks had in place to 
deter terrorist financing, and follow up with full-scope AML exams in 
institutions that had weaknesses. As a result of these reviews, the OCC 
was able to obtain practical first hand knowledge concerning how banks 
were interpreting the new law, whether banks were having problems 
implementing the regulations or controlling terrorist financing risk, 
and which banks needed further supervision in this area.
    On October 20, 2003, the OCC issued interagency examination 
procedures to evaluate national bank compliance with the requirements 
of Section 313 and 319(b), and Section 314 of the USA PATRIOT Act. The 
procedures were designed to assess how well banks are complying with 
the new regulations and to facilitate a consistent supervisory approach 
among the banking agencies. OCC examiners are now using the procedures 
during BSA/AML examinations of the institutions under our supervision. 
The procedures allow examiners to tailor the examination scope 
according to the reliability of the bank's compliance management system 
and the level of risk assumed by the institution. An interagency 
working group is currently drafting examination procedures concerning 
Section 326 of the USA PATRIOT Act. The OCC is also the primary drafter 
of these procedures and we expect that they will be issued shortly.

OCC Outreach and Industry Education
    As previously stated, the primary responsibility for ensuring that 
banks are in compliance with the BSA lies with the bank's management 
and its directors. To aid them in meeting this responsibility, the OCC 
devotes extensive time and resources to educating the banking industry 
about its obligations under the BSA. This has typically included active 
participation in conferences and training sessions across the country. 
For example, in 2002 the OCC sponsored a nationwide teleconference to 
inform the banking industry about the USA PATRIOT Act. This 
teleconference was broadcast to 774 sites with approximately 5,400 
listeners.
    The OCC also provides guidance to national banks through: (1) 
industry outreach efforts that include roundtable discussions with 
bankers and industry wide conference calls sponsored by the OCC; (2) 
periodic bulletins that inform and remind banks of their 
responsibilities under the law, applicable regulations, and 
administrative rulings dealing with BSA reporting requirements and 
money laundering; (3) publications, including the distribution of 
comprehensive guide in this area entitled Money Laundering: A Banker's 
Guide to Avoiding Problems; (4) publication and 
distribution of the Comptroller's BSA Handbook which contains the OCC's 
BSA examination procedures, and the Comptroller's Handbook for 
Community Bank Supervision which provides guidance on BSA/AML risk 
assessment; and (5) periodic alerts and advisories of potential frauds 
or questionable activities, such as alerts on unauthorized banks and 
FinCEN reporting processes. In addition, senior OCC officials are 
regular participants in industry seminars and forums on the BSA, the 
USA PATRIOT Act, and related topics.

Current Supervisory Initiatives
    The OCC uses somewhat different examination approaches depending 
largely on the size of the institution and its risk profile. In large 
banks (generally total assets of $25 billion) and mid-size banks 
(generally total assets of $5 billion), OCC examiners focus first on 
the bank's BSA compliance program. These banks are subject to our 
general BSA/AML examination procedures that include, at a minimum, a 
review of the bank's internal controls, policies, procedures, customer 
due diligence, SAR/CTR information, training programs, and compliance 
audits. We also evaluate BSA officer competence, the BSA program 
structure, and the bank's audit program, including the independence and 
competence of the audit staff. While examining for overall BSA 
compliance, examiners typically focus on suspicious activity monitoring 
and reporting systems and the effectiveness of the bank's customer due 
diligence program.
    Additional and more detailed procedures are conducted if control 
weaknesses or concerns are encountered during the general procedures 
phase of the examination. These supplemental procedures include:

 transaction testing to ascertain the level of risk in the 
    particular business area (for example, private banking, payable 
    upon proper identification programs (PUPID), nonresident alien 
    accounts, international brokered deposits, foreign correspondent 
    banking, and pouch activity) and to determine whether the bank is 
    complying with its policies and procedures, including SAR and CTR 
    filing requirements;
 evaluation of the risks in a particular business line or in 
    specific accounts and a determination as to whether the bank is 
    adequately managing the risks;
 a selection of bank records to determine that its 
    recordkeeping processes are in compliance with the BSA.

    For community banks (generally total assets under $5 billion), 
examiners determine the examination scope based on the risks facing the 
institution. For low-risk banks, examiners evaluate changes to the 
bank's operations and review the bank's BSA/AML compliance program. For 
banks with higher risk characteristics and weak controls, additional 
procedures are performed, including review of a sample of high-risk 
accounts and additional procedures set forth above. Examiners also 
perform periodic monitoring procedures between examinations and conduct 
follow-up activities when significant issues are identified.

Use of CTR and SAR Data in the Examination Process
    All banks are required by regulation to report suspected crimes and 
suspicious transactions that involve potential money laundering or 
violate the BSA. In April 1996, the OCC, together with the other 
Federal banking agencies, and FinCEN, unveiled the SAR system, SAR 
form, and database. This system provides law enforcement and regulatory 
agencies online access to the entire SAR database. Based upon the 
information in the SAR's, law enforcement agencies may then, in turn, 
initiate investigations and, if appropriate, take action against 
violators. By using a universal SAR form, consolidating filings in a 
single location, and permitting electronic filing, the system greatly 
improves the reporting process and makes it more useful to law 
enforcement and to the regulatory agencies. As of December 2003, banks 
and regulatory agencies had filed over 1.3 million SAR's, with national 
banks by far the biggest filers. Nearly 50 percent of these SAR's were 
for suspected BSA/money laundering violations.
    The OCC also uses the SAR database as a means of identifying high-
risk banks and high-risk areas within banks. Year-to-year trend 
information on the number of SAR's and CTR's filed is used to identify 
banks with unusually low or high filing activity. This is one factor 
used by the OCC to identify high-risk banks. Examiners also review 
SAR's and CTR's to identify accounts to include in the examination 
sample. Accounts where there have been repetitive SAR filings or 
accounts with significant cash activity in a high-risk business or 
inconsistent with the type of business might be accounts selected for 
the sample.

Riggs Bank Enforcement Actions
    As previously mentioned, the OCC and FinCEN recently assessed a $25 
million CMP against Riggs Bank N.A. for violations of the BSA and its 
implementing regulations, and for failing to comply with the 
requirements of an OCC C&D order that was signed by the bank in July 
2003. Also, in a separate C&D action dated May 13, 2004 to supplement 
the C&D we had issued in July 2003, the OCC directed the bank to take a 
number of steps to correct deficiencies in its internal controls, 
particularly in the BSA/AML area. Among other requirements in this 
separate action, the OCC directed the bank to:

 Ensure competent management. Within 30 days, the board of 
    directors must determine whether management or staff changes are 
    needed and whether management skills require improvement.
 Develop a plan to evaluate the accuracy and completeness of 
    the bank's books and records, and develop a methodology for 
    determining that information required by the BSA is appropriately 
    documented, filed, and maintained.
 Adopt and implement comprehensive written policies for 
    internal controls applicable to the bank's account relationships 
    and related staffing, including the Embassy and International 
    Private Banking Group. Among other requirements, the policies must 
    mandate background checks of all relationship managers at least 
    every 3 years and must prohibit any employee from having signature 
    authority, ownership, or custodial powers for any customer account.
 Develop and implement a policy that permits dividend payments 
    only when the bank is in compliance with applicable law and upon 
    written notice to the OCC.
 Adopt and implement an internal audit program sufficient to 
    detect irregularities in the bank's operation, determine its level 
    of compliance with applicable laws and regulations and provide for 
    testing to support audit findings, among other requirements.

    These actions were based on a finding that the bank had failed to 
implement an effective AML program. As a result, the bank did not 
detect or investigate suspicious transactions and had not filed SAR's 
as required under the law. The bank also did not collect or maintain 
sufficient information about its foreign bank customers. In particular, 
the OCC found a number of problems with the bank's account relationship 
with foreign governments, including Saudi Arabia and Equatorial Guinea. 
Riggs failed to properly monitor, and report as suspicious, 
transactions involving tens of million of dollars in cash withdrawals, 
international drafts that were returned to the bank, and numerous 
sequentially numbered cashier's checks. The OCC will continue to 
closely monitor the corrective action that the bank takes in response 
to the order and we are prepared to take additional actions if 
necessary.
    These actions are the most recent of a series of escalating 
supervisory and enforcement reactions to ongoing deficiencies in Riggs 
BSA/AML compliance program. Since this matter involves an open bank and 
open investigations, there are limitations on what can be said without 
disclosing confidential supervisory information and potentially 
compromising future criminal, civil and administrative actions. With 
that caveat, we have tried to set out below a summary of our 
supervision of this institution in the BSA/AML area, dating back to 
1997.
    The OCC first identified deficiencies in Riggs' procedures several 
years ago. Beginning in the late 1990's, we recognized the need for 
improved processes at Riggs and for improvements in the training in, 
and awareness of, the BSA's requirements and in the controls over their 
BSA processes. Prior to September 11, the OCC visited the bank at least 
once a year and sometimes more often to either examine or review the 
Bank's BSA/AML compliance program.
    Over this timeframe OCC examiners consistently found that Riggs' 
BSA compliance program was either ``satisfactory'' or ``generally 
adequate,'' meaning that it met the minimum requirements of the BSA, 
but we nonetheless continued to identify weaknesses and areas of its 
program that needed improvement in light of the business conducted by 
the bank. We addressed these weaknesses using various informal, 
supervisory actions. Generally, this involved bringing the problems to 
the attention of bank management and the board and securing their 
commitment to take corrective action.
    During this period, it was clear that the bank's compliance program 
needed improvement but we determined that the program weaknesses did 
not rise to the level of a violation of our regulation or pervasive 
supervisory concern. The OCC identified problems with the bank's 
internal audit coverage in this area, its internal monitoring 
processes, and its staff training on the BSA and customer due diligence 
requirements. Repeatedly, management took actions to address specific 
OCC concerns but, as is now clear, the corrective actions being taken 
often were not sufficient to achieve the intended results. The bank was 
continually taking steps to respond to OCC criticisms, but failed to 
take action on its own to improve its overall compliance program, 
especially with regard to high-risk areas. Due to the lack of an 
effective and proactive management team, additional weaknesses and 
deficiencies were continually identified by the OCC over this time 
period, but bank follow-up on these weaknesses ultimately proved to be 
ineffective and the problems continued longer than they should have.
    As various changes occurred in the regulatory expectations for 
banks relative to BSA compliance and related issues over this period of 
time, our scrutiny of the bank was adjusted accordingly. For example, 
when the Financial Action Task Force and FinCEN identified 
``uncooperative'' countries, we conducted an examination at Riggs that 
specifically focused on account relationships with those countries and 
determined that the bank did not have extensive transaction activity 
with any of the countries on the list. In addition, Treasury issued its 
guidance on ``politically exposed persons'' in January 2001, and, as a 
result, the OCC's focus on the risks associated with the Riggs' embassy banking business began to increase and our supervisory activities were heightened accordingly. However, at that time, the Kingdom of Saudi Arabia 
was not viewed as a country that posed heightened risk of money laundering 
or terrorist financing, and Equatorial Guinea had just begun to reap the financial benefits of the discovery of large oil reserves in the mid-1990's.
    After September 11, the OCC escalated its supervisory efforts to 
bring Riggs' compliance program to a level commensurate with the risks 
that were undertaken by the bank and we believed that we were beginning 
to see some progress in this regard. In fact, the bank was beginning 
the process of a major computer system conversion that would address 
many of the shortcomings in the existing information systems that the 
bank was relying on. Unfortunately, bank management had to adjust the 
timeline repeatedly. This caused significant delays in the 
implementation date, pushing it from the original target of year-end 
2002 to September 2003. Thus, the bank was not able to fulfill many of 
the commitments that it made to the OCC to correct our concerns 
pertaining to their BSA compliance program. Also, as previously 
mentioned, the OCC conducted a series of anti-terrorist financing 
reviews at our large or high-risk banks, including Riggs, in 2002. As a 
result of these reviews and other internal assessments, plus published 
accounts of suspicious money transfers involving Saudi Embassy 
accounts, our concerns regarding Riggs BSA/AML compliance were 
heightened. Thus, we commenced another examination of Riggs in January 
2003.
    The focus of the January 2003 examination was on Riggs' Embassy 
banking business, and, in particular, the accounts related to the 
Embassy of Saudi Arabia. Due to its Washington DC location, its 
extensive retail branch network, and its expertise in private banking, 
Riggs found embassy banking to be particularly attractive and had 
developed a market niche. In fact, at one time, 95 percent of all 
foreign embassies in the United States, and 50 percent of the embassies 
in London conducted their banking business with Riggs. The OCC's 
examination lasted for approximately 5 months and involved experts in 
the BSA/AML area. The findings from the January 2003 examination formed 
the basis for the July 2003 C&D order entered into with the bank. The 
OCC also identified violations of the BSA that were referred to FinCEN.
    During the course of the 2003 examination, the OCC cooperated 
extensively with investigations by law enforcement into certain 
suspicious transactions involving the Saudi Embassy relationship. These 
transactions involved tens of millions of dollars in cash withdrawals 
from accounts related to the Embassy of Saudi Arabia; dozens of 
sequentially numbered international drafts that totaled millions of 
dollars that were drawn from accounts related to officials of Saudi 
Arabia, and that were returned to the bank; and dozens of sequentially 
numbered cashier's checks that were drawn from accounts related to 
officials of Saudi Arabia made payable to the accountholder. There was 
regular contact with the FBI investigators throughout this examination. 
We provided the FBI with voluminous amounts of documents and 
information on the suspicious transactions, including information 
concerning transactions at the bank that the FBI previously was not 
aware of. The OCC also hosted a meeting with the FBI to discuss these 
documents and findings. Throughout this process we provided the FBI 
with important expertise on both general banking matters, and on some 
of the complex financial transactions and products that were 
identified.
    The July 2003 C&D order directed the bank to take a number of steps 
to correct deficiencies in its internal controls in the BSA/AML area 
and to strongly consider staffing changes. Among other requirements in 
this action, the OCC directed the bank to:

 Hire an independent, external management consultant to conduct 
    a study of the Bank's compliance with the BSA, including, training, 
    SAR monitoring, and correcting deficiencies and conduct a risk 
    assessment for compliance with the BSA throughout the bank.
 Evaluate the responsibilities and competence of management. In 
    particular, the consultant's report to the board of directors must 
    address, among other things, the responsibilities and competence of 
    the bank's BSA officer, and the capabilities and competence of the 
    supporting staff in this area. Within 90 days, the board of 
    directors must determine whether any changes are needed regarding 
    the bank's BSA officer and staff;
 Adopt and implement detailed policies and procedures 
    (including account opening and monitoring procedures) to provide 
    for BSA compliance and for the appropriate identification and 
    monitoring of high risk transactions;
 Ensure effective BSA audit procedures and expansion of these 
    procedures. Within 90 days the board of directors must review and 
    evaluate the level of service and ability of the audit function for 
    BSA matters provided by any auditor; and
 Ensure bank adherence to a comprehensive training program for 
    all appropriate operational and supervisory personnel to ensure 
    their awareness and their responsibility for compliance with the 
    BSA.

    The OCC began its next examination of the bank's BSA compliance in 
October 2003. The purpose of this examination was to assess compliance 
with the C&D order and the USA PATRIOT Act, and to review accounts 
related to the Embassy of Equatorial Guinea. It was clear from this 
examination that the bank had made progress in complying with the order 
and in improving its AML program. Another notable accomplishment was 
the successful implementation of the long planned system upgrade that 
significantly improved the information available to bank staff and 
management to monitor account activity and identify suspicious 
activity. Notwithstanding, there were significant areas of 
noncompliance noted by our examination. The examiners found that, as 
with the Saudi Embassy accounts, the bank lacked sufficient policies, 
procedures, and controls to identify suspicious transactions concerning 
the bank's relationship with Equatorial Guinea. These transactions 
involved millions of dollars deposited in a private investment company 
owned by an official of the country of Equatorial Guinea; hundreds of 
thousands of dollars transferred from an account of the country of 
Equatorial Guinea to the personal account of a government official of 
the country; and over a million dollars transferred from an account of 
the country of Equatorial Guinea to a private investment company owned 
by the bank's relationship manager. The findings from this examination, 
as well as previous examination findings, formed the basis for the 
OCC's recent CMP and C&D actions.
    In retrospect, as we review our BSA/AML compliance supervision of 
Riggs during this period, we should have been more aggressive in our 
insistence on remedial steps at an earlier time. We also should have 
done more extensive probing and transaction testing of accounts. Our 
own BSA examination procedures called for transactional reviews in the 
case of high-risk accounts, such as those at issue here, yet until 
recently, that was not done at Riggs in the Saudi Embassy and the 
Equatorial Guinea accounts. Clearly, the types of strong formal 
enforcement action that we ultimately took should have been taken 
sooner. This is not a case where the deficiencies in the bank's systems 
and controls were not recognized, nor was there an absence of OCC 
supervisory attention to those deficiencies. But we failed to 
sufficiently probe the transactions occurring in the bank's high-risk 
accounts and we gave the bank too much time, based on its apparent 
efforts to fix its own problems, before we demanded specific solutions, 
by specific dates, pursuant to formal enforcement actions. As described 
below, we have reevaluated our BSA/AML supervision processes in light 
of this experience and we will be implementing changes to improve how 
we conduct supervision in this area. I have also directed that our 
Quality Management Division undertake an internal review of our 
supervision of Riggs. These steps are outlined more fully below.

Improvements Undertaken to Improve BSA/AML Supervision
    While we believe our overall supervisory approach to BSA/AML 
compliance has been rigorous and is working well, we are committed to 
ongoing evaluation of our approaches to BSA/AML compliance and to 
appropriate revisions to our approach in light of technological 
developments, and the increasing sophistication of money launderers and 
terrorist financers, as well as to address aspects of the process where 
shortcomings were evidenced in the Riggs situation. Recent and current 
initiatives include the following:

 As previously mentioned, together with the other Federal 
    banking agencies, we recently developed revised examination 
    procedures for several key sections of the USA PATRIOT Act and we 
    expect to be issuing a revised version of our BSA Handbook by the 
    end of the year.
 We plan to develop our own database of national bank-filed 
    SAR's with enhanced search and reporting capabilities for use in 
    spotting operational risk including in the BSA/AML area. This 
    database will be compatible with the OCC's supervisory databases 
    and enable us to: (1) generate specialized reports merging SAR data 
    with our existing supervisory data, (2) sort SAR information by 
    bank asset size and line of business, and (3) provide enhanced word 
    and other search capabilities.
 We are developing and will implement nationwide, a new risk 
    assessment process to better identify high-risk banks. This system 
    uses standardized data on products, services, customers, and 
    geographies to generate reports that we will use to identify 
    potential outliers, assist in the allocation of examiner resources, 
    and target our examination scopes (for example, particular products 
    or business lines).
 We are exploring with FinCEN and the other agencies better 
    ways to use BSA information in our examination process, so that we 
    can better pinpoint risks and secure corrective action. Upon 
    completion of FinCEN's BSA Direct initiative (currently under 
    development), the OCC will have direct access, as opposed to dial-
    in access, to the SAR database. We expect that this direct access 
    system will allow us to make better and more effective use of 
    FinCEN's SAR database.
 We are also exploring how we can systematically capture BSA/
    AML criticisms in examination reports so that we can track 
    situations where no follow-up formal action has been taken.
 Our Committee on Bank Supervision also has sent an alert to 
    remind and reinforce for OCC examination staff the need to 
    recognize accounts and transactions that appear to be anomalous or 
    suspicious or that have other characteristics that should cause 
    them to be considered high-risk in nature, and to conduct 
    additional transaction testing and investigation in such 
    situations.

    In addition, specifically with regard to Riggs, I have directed our 
Quality Management Division to immediately commence a review and 
evaluation of our BSA/AML supervision of Riggs. This review will 
include an assessment of whether we took appropriate and timely actions 
to address any shortcomings found in the bank's processes and in its 
responses to matters noted by the examiners, and the extent and 
effectiveness of our coordination and interaction with other regulators 
and with law enforcement. I have also asked for recommendations for 
improvements to our BSA/AML supervision and our enforcement policy with 
regard to BSA/AML violations.

Conclusion
    The OCC is committed to preventing national banks from being used, 
wittingly or unwittingly, to engage in money laundering, terrorist 
financing, or other illicit activities. We stand ready to work with 
Congress, other financial institution regulatory agencies, law 
enforcement agencies, and the banking industry to continue to develop 
and implement a coordinated and comprehensive response to the threat 
posed to the Nation's financial system by money laundering and 
terrorist financing.

                 PREPARED STATEMENT OF DONALD E. POWELL

            Chairman, Federal Deposit Insurance Corporation
                              June 3, 2004

    Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank 
you for this opportunity to discuss how the Federal Deposit Insurance 
Corporation, along with the other bank regulatory agencies, addresses 
our responsibilities under the Bank Secrecy Act (BSA) and related anti-
money laundering and antiterrorism laws.
    My testimony begins with a brief history of the BSA and an overview 
of the work the FDIC is doing under the law. I also will outline the 
current initiatives that the FDIC is undertaking to foster a culture 
more focused on the effective supervision of banks for compliance with 
BSA and related laws, and to provide assistance to law enforcement 
agencies. Finally, I will discuss some broader ideas related to the way 
bank regulators, law enforcement, and the banking industry can work 
together to address money laundering and terrorist financing.

Background and Evolution of BSA
    The Bank Secrecy Act, which was enacted in 1970, authorizes the 
Secretary of the Treasury (Treasury) to issue regulations requiring 
that financial institutions keep records and file reports on certain 
financial transactions. Treasury's authority includes specifying filing 
and recordkeeping procedures and designating the businesses and types 
of transactions subject to these procedures. As part of its overall 
responsibility and authority to examine banks for safety and soundness, 
the FDIC is responsible for examining State-chartered, nonmember 
financial institutions for compliance with the BSA. This is consistent 
with Treasury's delegation of its authority under the BSA to the 
financial regulatory agencies for determining compliance with the 
Treasury's Financial Reporting and Recordkeeping regulations.
    The original purpose of the BSA was to prevent banks from being 
used to conceal money derived from criminal activity and tax evasion. A 
process of filing various reports, including currency transaction 
reports (CTR's), was established and proved highly useful in criminal, 
tax, and regulatory investigations and proceedings. Banks are required 
to report cash transactions over $10,000 using the CTR. The information 
collected in the CTR can provide a paper trail for investigations of 
financial crimes, including tax evasion and money laundering, and has 
led to convictions and asset forfeiture actions.
    Although the BSA has been in effect for over 30 years, numerous 
revisions and amendments have been made to enhance the notification and 
investigation of financial crimes. The Money Laundering Control Act, 
which was enacted in 1986 to respond to the increase in money 
laundering activity related to narcotics trafficking, was the first 
major expansion of the BSA. The Money Laundering Control Act 
criminalized money laundering and prohibited the structuring of 
transactions to avoid the filing of CTR's. Additionally, at that time, 
banks reported suspicious transactions by marking the ``Suspicious'' 
box on the CTR and also filing a Report of an Apparent Crime form 
(criminal referral) with the bank's primary regulator and law 
enforcement agencies.
    Over the years, additional laws and amendments were passed to 
define how financial institutions share information relating to 
apparent money laundering activities with law enforcement. These laws 
included: the Annunzio-Wylie Money Laundering Suppression Act of 1992, 
which replaced the criminal referral form with the suspicious activity 
report (SAR) to be used for apparent money laundering activities; the 
Money Laundering Suppression Act of 1994, which liberalized the rules 
for using CTR exemptions; and the Money Laundering and Financial Crimes 
Strategy Act of 1998, which focused on improving cooperation and 
coordination among regulators, law enforcement, and the financial 
services industry.
    The focus of the BSA was escalated further in the wake of the 
September 11, 2001, terrorist attacks against the United States with 
passage of the Uniting and Strengthening America by Providing 
Appropriate Tools to Restrict, Intercept, and Obstruct Terrorism Act of 
2001, otherwise known as the USA PATRIOT Act. Title III of the USA 
PATRIOT Act expands the BSA beyond its original purpose of deterring 
and detecting money laundering to include terrorist financing in the 
United States. One of the new provisions requires financial 
institutions to conduct due diligence on customer accounts through a 
Customer Identification Program (CIP). The CIP requires institutions to 
maintain records, including customer information and methods used to 
verify customers' identities.
    In 1990, the Financial Crimes Enforcement Network (FinCEN) was 
established in Treasury to administer the BSA and provide a government-
wide, multisource intelligence and analytical network. In October 2001, 
the USA PATRIOT Act elevated the status of FinCEN within Treasury and 
emphasized its role in fighting terrorist financing. In addition to 
administering the BSA, FinCEN is responsible for expanding the 
regulatory framework to other industries (such as insurance, gaming, 
securities brokers/dealers) vulnerable to money laundering, terrorist 
financing, and other crimes.

Evolution of 314(a) Requests
    Shortly after the attacks on September 11, the Federal Bureau of 
Investigation provided a confidential listing (Control List) of 
suspected terrorists to the Federal banking agencies. The Federal 
banking agencies provided the list to financial institutions to check 
their records for any relationships or transactions with named 
suspects. Financial institutions reported positive matches to the 
Federal Reserve Bank of New York which, in turn, passed the information 
to the appropriate law enforcement agency. Based upon this information, 
law enforcement authorities would 
subpoena the reporting bank for relevant information needed to assist 
in their investigation. The initial Control List primarily consisted of 
suspects, supporters, and material witnesses of the ongoing 
investigation of the September 11 attacks.
    Section 314 of the USA PATRIOT Act requires FinCEN to establish a 
formal mechanism for law enforcement to communicate names of suspected 
terrorists and money launderers that are under investigation to 
financial institutions on a regular basis. The implementing regulations 
mandate that financial institutions receiving names of suspects search 
their account and transaction records for potential matches and report 
positive results to FinCEN in the manner and time frame specified in 
the request. This new information sharing system, referred to as 
``314(a) Requests,'' replaced the Control List.
    Every FinCEN 314(a) request is certified and vetted as a valid and 
significant terrorist/money laundering investigation through the 
appropriate law enforcement agency prior to being sent to a financial 
institution. Law enforcement agencies maintain that this new system is 
an effective, successful tool in their investigations.
    Information provided to the FDIC from FinCEN, showing the initial 
results of the program, indicate some successes. From February 18, 
2003, through November 25, 2003, agencies have processed 188 law 
enforcement requests. Of these cases, 124 were related to money 
laundering and 64 cases were related to terrorism or terrorist 
financing. There were 1,256 subjects of interest in these 
investigations. Of these, financial institutions responded with 8,880 
matches, resulting in the discovery or issuance of the following:

 795 new accounts identified;
 35 new transactions;
 407 grand jury subpoenas;
 11 search warrants;
 29 administrative subpoenas/summons; and
 3 indictments.

    The FDIC plays a particularly active role in ensuring that the 
314(a) program runs effectively by maintaining point of contact 
information for FDIC-supervised and national banks. By properly 
maintaining this information, the FDIC ensures that banks are able to 
act on 314(a) requests in the timeliest fashion.
    The 314(a) requests should not be confused with the list published 
by the Department of the Treasury's Office of Foreign Assets Control 
(OFAC). The Section 314(a) request pertains to suspects and material 
witnesses to significant terrorist/money laundering investigations, and 
is confidential. Further, the names are subject to a one-time search of 
bank records, and banks are not required by law to terminate account 
relationships. The OFAC list is a public list which contains names of 
individuals, organizations and countries against whom the United States 
has instituted sanctions. Financial institutions must have a formal 
process for regular searches of records and transactions against 
updated OFAC lists.
    Although the Section 314(a) requests have improved our ability to 
identify possible money laundering or terrorist financing activity, 
other provisions of Section 314 may be underutilized or could be 
improved. For example, under Section 314(b), there is a safe harbor for 
bankers to discuss suspect transactions with other banks that are 
counterparties in a transaction. It appears that only 10 percent of 
insured financial institutions use this safe harbor even though it 
creates an opportunity to gain a better understanding of, and develop 
additional information about, questionable transactions before they are 
reported. In addition, under Section 314(a), financial institutions 
generally have a 14-day window to report a positive ``hit.'' This 
timeframe should be evaluated to determine whether this permissible 
reporting delay is realistic since the information may not be received 
until well after criminal activity occurs. As law enforcement, bank 
regulators and the industry gain experience with the USA PATRIOT Act, 
we must continually evaluate its implementation to ensure that it is as 
effective as possible.

Responsibilities of the FDIC to Facilitate BSA Compliance
    All FDIC-supervised institutions are required to establish and 
maintain procedures designed to assure and monitor compliance with the 
requirements of the BSA. Section 326.8 of the FDIC's rules and 
regulations requires that all FDIC-supervised institutions maintain BSA 
compliance programs that include controls, training, and independent 
testing necessary to assure that effective programs are in place.
    In addition to examining State-chartered, nonmember banks for 
compliance with the BSA and underlying regulations, the FDIC is 
required to make periodic reports regarding violations of Treasury's 
financial recordkeeping rules to the Treasury. The purpose of the BSA 
examination is to determine the effectiveness of a financial 
institution's anti-money laundering program. Specifically, every BSA 
examination focuses on the oversight provided by a bank's senior 
management and its respective Board of Directors, as well as the system 
of controls put in place to identify reportable transactions, prepare 
CTR's, monitor the purchase and sales of monetary instruments and 
electronic funds transfer activities, comply with the OFAC laws and 
regulations, administer information sharing requirements under Section 
314(a) of the USA PATRIOT Act, administer the Customer Identification 
Program, and report suspicious activities. Although the BSA regulations 
do not prescribe the frequency with which BSA compliance should be 
reviewed, examination procedures for BSA compliance are included within 
the scope of FDIC safety and soundness examinations. Since 2000, the 
FDIC has conducted almost 11,000 BSA examinations.
    The FDIC is the primary Federal regulator of approximately 5,300 
insured financial institutions holding total assets of almost $1.7 
trillion. The majority of FDIC-supervised institutions are small and 
located outside a Metropolitan Statistical Area (MSA),\1\ in less-
densely populated areas. To effectively supervise BSA compliance at 
State nonmember banks, the FDIC has adopted a risk-focused approach. An 
institution's level of risk for potential money laundering determines 
the necessary scope of the BSA examination. For example, an examiner 
might consider an institution with the following characteristics to 
have a low money-laundering risk: located in a rural area; not located 
in a high-risk money laundering and related financial crimes area 
(HIFCA); \2\ small asset size; small deposit base; known and stable 
customer base; stable management and employee base; and relatively few 
CTR's.
---------------------------------------------------------------------------
    \1\ The Office of Management and Budget defines an MSA as an area 
with either a minimum population of 50,000 or a Census Bureau-defined 
urbanized area with a total population of at least 100,000. MSA's 
comprise one or more counties and may include one or more outlying 
counties that have close economic and social relationships with the 
central county. An outlying county must have a specified level of 
commuting to the central counties and also must meet certain standards 
regarding metropolitan character. For example, the Washington, DC MSA 
extends from Frederick, Maryland, to Fredericksburg, Virginia, and 
includes two counties in West Virginia.
    \2\ HIFCA is a term used in the Money Laundering and Financial 
Crimes Strategy Act of 1998 as a means of concentrating law enforcement 
efforts at the Federal, State, and local levels in high intensity money 
laundering zones.
---------------------------------------------------------------------------
    On the other hand, an institution located in a HIFCA or engaged in 
particularly risky business lines will receive significantly more 
scrutiny under the FDIC's risk-focused compliance examinations due to 
their elevated risk profiles. Current HIFCA designations for money 
laundering are assigned to the MSA's of New York City, Los Angeles, 
Chicago, San Francisco, and Miami. HIFCA's also include the Mexican 
borders with Texas and Arizona as well as San Juan, Puerto Rico. 
Financial institutions located in a HIFCA, or that have certain 
characteristics that may indicate a greater risk of money laundering or 
related vulnerabilities, undergo an expanded-scope BSA examination. 
These examinations include extensive transaction testing designed to 
validate management's compliance with BSA and anti-money laundering 
regulations.
    Regardless of the risk profile of a particular institution, the 
FDIC understands that all institutions are at risk of being utilized to 
facilitate money laundering and terrorist financing. In today's global 
banking environment where funds are transferred instantly and 
communication systems make services available nationally, even a lapse 
at a small financial institution outside of a major metropolitan area 
can have significant implications in another location across the 
Nation. The more difficult it is for criminals and terrorists to gain 
entry into the American financial system, the more likely it is that 
they will need to rely on less secure and less efficient means of 
financing their activities.
    While it has been our experience that the vast majority of FDIC-
supervised institutions are diligent in their efforts to establish, 
execute, and administer effective BSA compliance programs, there have 
been instances where controls and efforts were lacking. In those cases, 
the FDIC implements a range of corrective measures to ensure that banks 
comply with the law. Generally, weaknesses noted in BSA compliance have 
been technical in nature and have not resulted in the facilitation of 
money laundering or terrorist financing activities. Usually, bank 
management is responsive to correcting the deficiencies within the 
normal course of business. In cases where significant deficiencies are 
cited during a BSA examination, bank management is required to address 
such deficiencies in a written response to the FDIC that outlines the 
corrective action proposed and establishes a timeframe for 
implementation.
    In cases where an institution has been lax in administering its BSA 
compliance program and failed to correct previously identified 
deficiencies, including significant violations of law, the FDIC has 
procedures to obtain commitments from bank management to correct the 
deficiencies. The procedures generally require some type of formal or 
informal enforcement action. The FDIC can also utilize its authority to 
assess civil money penalties against an institution for noncompliance 
with BSA. In addition, significant violations are referred to FinCEN, 
in accordance with the BSA, which also has the authority to assess 
civil money penalties for noncompliance with the BSA.
    The FDIC believes in a flexible supervisory approach using 
technical guidance, moral suasion, and a gradual escalation of 
enforcement action as appropriate. However, a more aggressive 
supervisory approach may be necessary to effect correction when a 
greater risk for money laundering exists within an institution due to 
willful noncompliance with the BSA and/or the absence of an effective 
BSA program. The type of enforcement action pursued by the FDIC against 
an institution is directly related to the severity of the offense, 
management's willingness and ability to effectively implement 
corrective action, as well as the extent to which the program has 
failed to identify and/or deter potential money laundering. 
Additionally, the nature of the criticism, the response to prior 
weaknesses or violation notifications, and the overall risk profile of 
the institution are factored into the type of supervisory action. When 
weaknesses are identified at institutions that have a high BSA risk 
profile, such as those located within a HIFCA, the FDIC has been 
aggressive in taking formal supervisory action. In addition, the FDIC 
has the authority to remove and/or prohibit an individual from the 
banking industry for deliberate or negligent actions related to money 
laundering.

FDIC Efforts to Thwart Money Laundering and Terrorist Financing
Activities
    In order to identify money laundering and terrorist financing 
activity, it is important to know the differences between the two 
activities. Money laundering generally involves the following factors:

 Profit is the motivation;
 ``Dirty money'' is laundered;
 Funds are derived from the crime;
 Large sums of money are involved (generally);
 Shell companies and offshore centers are frequently used;
 Complicated structures are created often requiring attorney or 
    trustee involvement;
 Assets are purchased with illicit funds, then sold, thereby 
    converting to ``clean'' cash; and
 Use of official or counterfeit bank checks or wire transfers.

    Terrorist financing differs as it generally involves the following 
factors:

 Ideology is the motivation;
 Both ``clean money'' and ``dirty money'' are laundered;
 Funds are often derived from donations and crime;
 Both large and small sums of money are involved;
 Banks and money exchanges (including alternate value transfer 
    systems) are used;
 Charities and front operations are used; and
 Funding sometimes derives from government ``state 
    sponsorship.'' \3\
---------------------------------------------------------------------------
    \3\ State sponsorship can be described as implicit or explicit 
action or funding by a government to endorse terrorist activity.

    These distinctions between money laundering and terrorist financing 
are important when evaluating suspicious bank transactions.
    The FDIC examines CTR's and SAR's to determine, in part, a bank's 
compliance with the BSA. Examiners analyze an institution's volume and 
trend in CTR and SAR filings to assist in risk scoping the examination. 
For example, increases in the volume of CTR's filed may be the result 
of deposit growth, the elimination of exempted businesses, or increases 
in retail or other high-risk customers. Decreases may be caused by the 
failure of the bank to file CTR's, an increase in the number of 
exempted businesses, the elimination of retail and/or other high-risk 
customers, or structuring transactions to avoid reporting requirements.
    Increases in the number of SAR's filed may be due to an increase in 
high-risk customers, entry into a high-risk market or product, or an 
improvement in the bank's method for identifying suspicious activity. 
Decreases may be the result of deficiencies in the bank's process for 
identifying suspicious activity, the closure of high-risk or suspicious 
accounts, personnel changes, or the failure of the bank to file SAR's.
    When appropriate, examiners conduct transaction testing during a 
BSA examination to determine if reportable transactions have been 
captured on the bank's system and if a CTR was filed. In the case of a 
structured transaction, an examiner will determine if a SAR was filed. 
As part of the CTR and SAR validation process, an examiner may also 
note if the SAR reports fraud and/or insider abuse which is closely 
linked to money laundering and other illicit acts. Also, examination 
staff may use SAR's as a basis for further evaluation of the conduct of 
insiders who may eventually be removed and/or banned from the banking 
industry under Section 8(e) of the Federal Deposit Insurance Act.
    Since 2001, the FDIC has issued 30 formal enforcement actions 
against 25 financial institutions and three individuals to address 
severely deficient BSA compliance efforts and/or ineffective anti-money 
laundering controls. These actions include 25 Orders to Cease and 
Desist, three Orders of Prohibition which ban individuals from 
participating in the banking industry and two Civil Money Penalty 
Assessments against related entities in the amount of $7,500,000. 
Fourteen of the 25 Cease and Desist Orders were issued in response to 
severe and/or chronic BSA-related deficiencies that exposed those 
institutions to a high vulnerability of possible money laundering 
activity.
    The FDIC also has effectively utilized informal actions such as 
bank board resolutions and memoranda of understanding to strengthen the 
BSA compliance efforts of its supervised institutions under appropriate 
circumstances. The informal actions also put the bank's board of 
directors on notice of their responsibility to ensure BSA compliance. 
Since 2001, FDIC-supervised institutions have entered into 53 informal 
actions with BSA-related provisions.

FDIC Participation in Interagency Working Groups
    The FDIC participates in numerous interagency working groups formed 
for the purpose of drafting risk-based revisions to the BSA, required 
by the USA PATRIOT Act, and developing interpretive guidance for the 
financial services community. The FDIC has worked actively with 
Treasury and the financial regulators in developing regulations and 
guidance to implement the USA PATRIOT Act. For many years, the FDIC has 
worked with the Treasury, FinCEN and the other banking agencies in 
setting international standards, developing policies, and implementing 
best practices to combat money laundering and, more recently, terrorist 
funding as part of the nation's anti-money laundering regime.
    The FDIC also participates in the Bank Secrecy Act Advisory Group, 
which is a public-private partnership devoted to the discussion of 
money laundering schemes, enforcement of anti-money laundering laws, 
and remedies for making all reporting processes more efficient. The BSA 
Advisory Group has 43 members with representatives from all bank 
regulatory agencies; law enforcement; the securities, insurance, and 
gaming industries; and the banking industry. The BSA Advisory Group and 
its subcommittees are currently evaluating all aspects of the BSA 
(implementing rules and reporting requirements) and developing 
recommendations to make these areas more efficient.

International Outreach Programs
    The FDIC believes that strong governance of foreign banking 
programs reduces opportunities for money laundering and increases the 
ability to identify sources of terrorist financing. The FDIC actively 
participates in working groups and technical assistance missions 
sponsored by the Departments of State and Treasury to assess 
vulnerabilities to terrorist financing activity worldwide and to 
develop and implement plans to assist foreign governments in 
enforcement efforts directed toward 
financial crimes. To facilitate its commitment to these assignments, 
the FDIC identified a group of 22 examiners and attorneys who have 
received specialized training in identifying money laundering and 
terrorist financing. Over the past 2 years, several of these 
individuals and others have worked with over 62 countries to provide 
technical assistance and training, meeting with supervisory and law 
enforcement representatives, senior prosecutors, and financial 
intelligence unit directors, and assisting in the development of 
foreign-directed BSA training programs. In all cases, the foreign 
officials from these countries ranging from Caribbean to European to 
Middle Eastern war-torn countries expressed interest in the FDIC's 
anti-money laundering examination programs and our progress in 
implementing PATRIOT Act provisions. Some of these countries have a 
myriad of issues and concerns with regulatory compliance and secrecy 
laws. Further, through participation on the Basel Committee, the FDIC 
has assisted in the evaluation and issuance of international guidelines 
on money laundering.
    In addition, the FDIC provided substantial assistance to the 
Department of the Treasury in drafting the anti-money laundering/
antiterrorist financing rules for the Iraqi Coalition Provisional 
Authority in Baghdad. The comprehensive framework was drafted for the 
new Iraqi government to implement and conform to international 
standards.

Current Initiatives
    Since the passage of the USA PATRIOT Act in 2001 (which augments 
the BSA to address the risk of terrorist financing activities), the 
FDIC has been involved in a number of activities, including: 
implementing rules and interpretive guidance, incorporating changes 
into examination procedures, training examiners, and participating in 
industry outreach sessions. The agency participated in the rulemaking 
process of relevant parts of the USA PATRIOT Act and has participated 
in a number of working groups focused on counter-financing of terrorism 
and the USA PATRIOT Act. In conjunction with these activities, and, in 
part, to address some recommendations identified in a recent FDIC 
Office of Inspector General report, we have undertaken a number of 
initiatives to enhance the FDIC's enforcement of the BSA.

Upgrading Staff
    Consistent with the increased importance of the BSA, the additional 
workload associated with the USA PATRIOT Act, and greater emphasis on 
international efforts to combat terrorism, the FDIC has taken 
additional steps to ensure that these areas receive increased 
attention. The FDIC is dedicating more staff to its Special Activities 
Section, which oversees the nationwide implementation and coordination 
of the FDIC's BSA, anti-money laundering, and PATRIOT Act efforts. 
Additionally, the FDIC is designating and training additional BSA 
subject matter experts. The FDIC expects to double its number of BSA 
experts over the next 18 months. Currently, the FDIC has more than 150 
BSA experts nationwide. Multiple experts are assigned to offices that 
examine several institutions having characteristics that may indicate 
greater money laundering or related vulnerabilities.

Additional Training
    In an effort to increase the level of BSA expertise in the field, 
the FDIC is requiring all examiners to complete additional formal 
training on BSA anti-money laundering and PATRIOT Act issues by year-
end 2004. This computer-based training also will be offered to all 
State banking authorities and other regulators who wish to provide 
additional training for their staff. As a supplement to the required 
additional training, the FDIC is participating in the planning and 
development of anti-money laundering training for examiners that is 
sponsored by the Federal Financial Institutions Examination Council.

Updating Examiner Guidance
    The FDIC continues to reevaluate and modify as necessary all BSA 
anti-money laundering and antiterrorism examination and industry 
guidance to ensure the incorporation of changes resulting from passage 
of the USA PATRIOT Act. This effort involves reviewing all written 
guidance for examiner and industry use, working with other bank 
regulators and Federal law enforcement in assessing the guidance and 
using conferences and other public forums to communicate any changes 
required by banks for compliance with the law.

Improving State Examinations
    The FDIC has an alternating examination program with most State 
banking departments. In this program, the FDIC and State authorities 
alternate, or conduct every other examination, accepting or using the 
other agency's examination findings to meet mandatory examination cycle 
requirements. While the FDIC reviews BSA compliance each time it 
examines a State-chartered, nonmember bank, not all States conduct 
similar examinations.
    Beginning this month, in those instances where a State banking 
authority does not conduct Bank Secrecy Act exams, the FDIC will send 
an examiner to conduct an examination for BSA and anti-money laundering 
compliance concurrent with the State authority's safety and soundness 
examination. This initiative will ensure that all FDIC-supervised banks 
are reviewed for money laundering and terrorist financing activity 
during every examination cycle. Conducting a BSA examination concurrent 
with the State's safety and soundness examination is expected to reduce 
the regulatory burden upon the financial institution by scheduling both 
events simultaneously rather than multiple examinations conducted 
during a given year.
    In addition, 10 sTates have committed to beginning BSA-examinations 
in 2004. The FDIC will assist those States as necessary with training 
to facilitate thorough state evaluations of BSA compliance.

Improving Reporting
    The FDIC has centralized the monitoring process for FDIC-supervised 
banks with serious BSA, anti-money laundering and antiterrorist 
financing program deficiencies. This allows senior Washington Office 
personnel to confer with regional staff to ensure that a consistent 
supervisory approach is applied on a national basis. In addition, the 
FDIC recently centralized the process for referring BSA violations to 
FinCEN which provides consistency in reporting. These centralization 
efforts also will enable the FDIC to analyze historical data internally 
to identify emerging trends and issues among FDIC-supervised banks.
    In order to provide more information to financial institutions and 
the general public, a section of the FDIC's external website is devoted 
to the Bank Secrecy Act, anti-money laundering and counter-financing of 
terrorism issues.

Improving Government and Industry Coordination
    While there has been marked improvement in information sharing 
among Government agencies in recent years, communication between 
Government entities and the banking industry could be improved. Current 
communication tends to be limited to requests for information and 
responses to those requests. We should also create a better dialogue 
between the industry, the regulators, and law enforcement about how our 
banking system can be used for nefarious purposes. We should continue 
to work to eliminate any barriers that exist between Government and the 
industry to foster more seamless communication about both the broader 
context and potential threats. In my view, these efforts would help us 
detect and deter the use of the financial system by criminals and 
terrorists.

Conclusion
    The FDIC believes that a vigilant BSA, anti-money laundering and 
antiterrorist financing supervisory program requires that appropriate 
supervisory actions be taken to support compliance with Treasury and 
FDIC regulations and guidance. Proper supervision of banks to ensure 
that they maintain effective programs creates an environment where 
terrorists know that any attempt to use the American financial system 
to fund their operations pose an unacceptable risk of discovery.
    The FDIC diligently enforces the BSA by establishing a 
comprehensive supervisory approach that includes conducting thorough 
BSA compliance examinations and ensuring an appropriate supervisory 
approach when BSA concerns exist in FDIC-supervised institutions. In 
addition, the FDIC is proactive in addressing recent changes to the BSA 
by incorporating those rules into examiner and industry guidance, 
providing various forms of examiner and industry training and outreach 
sessions, and assisting in global anti-money laundering and 
antiterrorist financing efforts.
    The FDIC is fully committed to preventing the use of the financial 
system to support criminal or terrorist activities. Highly trained bank 
examiners are a major resource in this fight that cannot be easily 
duplicated. They are in every bank in the country, they are able to 
identify suspicious relationships and transactions and they have the 
power to dig deeply into the facts when warning flags are raised. While 
the current system is not perfect, we should approach reforms carefully 
to ensure that they do not duplicate resources and expertise that 
already exist and do not inadvertently interfere with the achievement 
of the goals that we all share.
    This concludes my testimony. I would be happy to answer any 
questions and would like to thank the Committee for providing this 
opportunity to discuss the FDIC's role in enforcing the Bank Secrecy 
Act and assisting the overall effort to fight money laundering and 
terrorist financing activity.

                PREPARED STATEMENT OF JAMES E. GILLERAN

                 Director, Office of Thrift Supervision
                    U.S. Department of the Treasury
                              June 3, 2004

Introduction
    Good morning, Chairman Shelby, Senator Sarbanes, and Members of the 
Committee. Thank you for the opportunity to testify at today's hearing 
on the Bank Secrecy Act (BSA), as amended by the USA PATRIOT Act. My 
testimony provides an overview of the BSA and OTS's compliance 
responsibilities under the BSA and Home Owners' Loan Act (HOLA), 
describes our work to implement the USA PATRIOT Act and strengthen 
oversight of the BSA, and reports on the state of thrift compliance 
with the BSA and on how OTS responds to failures and deficiencies to 
comply with the Act. My statement also explains requirements for 
thrifts to file suspicious activity reports (SAR's), and summarizes an 
ongoing GAO audit of the agency on BSA implementation by OTS.
    OTS fully supports the goals and objectives of the BSA and the USA 
PATRIOT Act through policies, programs, and regulatory, supervisory, 
and enforcement initiatives. We have examiners who are well trained and 
experienced in reviewing thrifts for compliance with the BSA and the 
USA PATRIOT Act. Our examiners know the institutions we regulate well 
and are well-positioned to identify and correct BSA problems. The 
average OTS examiner has over 16 years of experience.
    Our examiners have been using updated BSA examination procedures 
since October of last year. We have strengthened our oversight by 
issuing internal guidance to our examiners and external guidance to the 
depository institutions. We have also developed and provided 
substantial new training programs for our staff over the last 2 years, 
and increased the number of examiners who have been trained in BSA 
requirements and have developed proficiency in this area.
    The number of OTS examiners capable of conducting BSA reviews has 
increased by over 80 examiners, or by approximately 75 percent from 
2001 to the present. We now have more than 190 examiners trained in BSA 
compliance issues, and we will continue to train staff and add 
expertise to our examination corps in this area in the coming year. We 
also shortened the examination cycle for BSA reviews since 2001, from a 
2 to 3 year cycle to a 12 to 18 month examination cycle, or more 
frequently if circumstances require.
    In addition, our field personnel communicate on a regular, on-going 
basis with OTS senior managers. Through frequent industry contact and 
ongoing supervision, OTS continually monitors industry BSA compliance 
efforts. We frequently consult with individual thrifts on their BSA 
compliance programs, such as reviewing changes in key personnel, 
unusual activity, or anomalous transactions that might warrant a field 
visit.
    In our experience, the most effective way to uncover BSA and USA 
PATRIOT Act deficiencies is through the ongoing examination process. 
Violations are usually discovered in fissures within an institution's 
programs, controls or operations. Uncovering weaknesses in an 
institution's BSA compliance program requires experienced examiners who 
are familiar with the ongoing operations of the particular institutions 
they oversee as well as how various banking transactions are typically 
structured, industry best practices, and depository institution 
operations, generally.
    BSA compliance review is necessarily risk-focused--the review is 
tailored to consider the potential risk of money laundering or 
terrorist financing in different business lines. Our examiners have 
broad exposure to an institution's entire business operation: Its 
organizational structure, business activities, normal range of 
transactions, risk management practices, the quality of its management, 
and its internal control environment. Our examinations and follow-up 
reviews enable us to monitor corrections and improvements in, and 
ongoing compliance with BSA/AML requirements. Knowledge of, and 
familiarity with each institution's risk profile puts OTS in the best 
position to effectively monitor the BSA compliance programs and 
activities of the institutions we regulate.

Background of the Bank Secrecy Act and Compliance Overview
    The Bank Secrecy Act (BSA), enacted in 1970, requires financial 
institutions to file certain currency and monetary instrument reports 
and maintain certain records for possible use in criminal, tax, and 
regulatory proceedings. The BSA's purpose is to prevent financial 
institutions from being used as intermediaries for the transfer or 
deposit of money derived from criminal activity. Accordingly, the BSA 
requirements result in a paper trail of the activities of money 
launderers serving the interests of terrorists, drug traffickers, and 
other elements of white collar and organized crime.
    Congress has amended the BSA several times over the years to 
strengthen its anti-money laundering (AML) and counter-terrorism 
financing purposes. The most recent, and perhaps most significant, set 
of amendments is found in Title III of the USA PATRIOT Act. The USA 
PATRIOT Act adopted strong and far-reaching requirements intended to 
prevent, detect, and prosecute terrorism, terrorist financing, and 
international money laundering. It has resulted in several new 
regulations that have a direct impact on a thrift's BSA/AML compliance 
program.
    Since its enactment, OTS has worked vigorously and diligently to 
implement the USA PATRIOT Act. As detailed below, OTS has been actively 
involved in crafting regulations implementing various provisions of the 
USA PATRIOT Act,\1\ and in issuing related guidance and examination 
procedures. OTS has been examining and working with the institutions we 
regulate to ensure compliance not only with the letter of the law, but 
also the spirit of its intended purpose.
---------------------------------------------------------------------------
    \1\ This statement references three sets of regulations. These are 
OTS's BSA rule at 12 CFR Sec. 563.177; Treasury's BSA regulation at 31 
CFR Part 103, which applies to savings associations; and the 
interagency USA PATRIOT Act regulations, which are a part of Treasury's 
BSA rule in Part 103, which apply to a wide range of financial 
institutions, including thrifts.
---------------------------------------------------------------------------
OTS's BSA Oversight Responsibilities
    The Home Owners' Loan Act (HOLA) authorizes OTS to require thrifts 
to comply with the BSA and provides very broad enforcement authority to 
compel this objective.\2\ The HOLA mandates that OTS issue regulations 
requiring thrifts to adopt BSA compliance procedures. At each 
examination we conduct, OTS reviews the required procedures, documents 
its findings and describes any significant problems in the examination 
report. When a thrift fails to establish and maintain the required 
procedures, or fails to correct previously identified problems, our 
examiners and field supervisors are instructed to take enforcement 
action against the institution. In addition to the HOLA, we have 
enforcement authority under the Federal Deposit Insurance Act (FDIA), 
which also imposes AML recordkeeping requirements on thrifts and other 
insured depository institutions.\3\
---------------------------------------------------------------------------
    \2\ HOLA Sec. 5(d)(6).
    \3\ FDIA Sec. 21.
---------------------------------------------------------------------------
    To discharge our responsibilities under the HOLA and FDIA, OTS 
issued a BSA regulation that requires compliance with specific 
components of the BSA.\4\ Our regulation also requires thrifts to 
comply with the Department of the Treasury's BSA regulations,\5\ 
including requirements for Customer Identification Programs (CIP's), 
internal controls, testing for BSA compliance, and employee training on 
BSA/AML and related issues.
---------------------------------------------------------------------------
    \4\ 12 CFR Sec. 563.177.
    \5\ 12 CFR Part 103.
---------------------------------------------------------------------------
    OTS has also adopted a suspicious activity report (SAR) regulation 
that requires thrifts to file a SAR with FinCEN and the appropriate 
Federal law enforcement agencies when it detects a ``known or suspected 
violation of Federal law or a suspicious transaction related to a money 
laundering activity or a violation of the [BSA].'' \6\ These 
requirements are described in more detail later in this testimony.
---------------------------------------------------------------------------
    \6\ 12 CFR Sec. 563.180.
---------------------------------------------------------------------------
    While OTS has broad enforcement authority to correct a deficiency 
or BSA violation, choosing the appropriate supervisory response 
involves the careful balancing of a wide range of factors and the 
informed exercise of professional judgment and discretion.
    In our experience, the most effective way to resolve most BSA/AML 
compliance program deficiencies is as part of the overall examination 
process. We routinely require thrifts to undertake corrective action in 
the course of an examination. Addressing issues within the examination 
framework often results in a thrift promptly implementing necessary 
corrective action, and makes for fast and effective changes that we can 
immediately review. We believe that our examiners are in the best 
position to uncover problems with a thrift's BSA/AML compliance program 
and to resolve them quickly with management. The relationship between 
the institutions we regulate and our examiners is extremely 
constructive.
    It is our experience that most institutions appreciate the 
importance of BSA and the USA PATRIOT Act, and are committed to the 
concepts, goals, and objectives of these laws. We continue to work with 
thrift institutions to ensure that they have a strong, independent 
testing and verification process in place. Numbers bear out this 
contention. Since July of last year, we addressed BSA/AML compliance 
program deficiencies at 167 thrifts. Some of these deficiencies were 
self-reported by the institutions, but the vast majority were 
identified during OTS examinations. The combination of self-reporting 
and issues identified in examinations uncovered 342 BSA violations at 
these institutions, mostly of Treasury's BSA regulations at 31 CFR Part 
103. In all cases, management either agreed with the examiner's 
recommendation and moved promptly to implement changes to fix the 
problem, or completed the recommended corrective action before the 
examination was completed.
    When the examination approach fails to resolve a BSA problem or 
issue, OTS can take enforcement action under FDIA Section 8 against a 
thrift and its related entities for engaging in an unsafe or unsound 
practice or violating a law, regulation, condition imposed in writing, 
or written agreement. Under this authority, OTS may (i) issue cease-
and-desist orders, (ii) issue removal, suspension, and prohibition 
orders, and/or (iii) impose civil money penalties.

OTS Implementation of the USA PATRIOT Act
Key Provisions of the USA PATRIOT Act
    OTS often, in coordination with FinCEN and the other Federal 
banking agencies (FBA's), has participated in numerous initiatives to 
issue regulations, policy guidance, and examination procedures to 
implement the USA PATRIOT Act. For example, OTS issued an extensive 
staff summary of the USA PATRIOT Act in March 2002.\7\ This document 
informs institutions of the requirements of the Act and provides 
information on its implementation. In particular, it discusses the USA 
PATRIOT Act in three sections, as follows:
---------------------------------------------------------------------------
    \7\ OTS Notice: OTS Staff Summary of USA PATRIOT Act (March 20, 
2002) (copy attached).

 The first section describes USA PATRIOT Act requirements that 
    are applicable to all thrift institutions and that were effective 
    immediately or in the near term, such as the information sharing 
    requirements and the requirement that a financial institution 
    produce records relating to its BSA/AML compliance program or its 
    customers within 120 hours of a request from the appropriate FBA.
 The second section describes the new enhanced due diligence 
    procedures for thrifts that engage in private banking or maintain 
    foreign correspondent accounts.
 The third section discusses USA PATRIOT Act provisions of 
    general interest, such as the authorization for Treasury to impose 
    special measures with respect to particular institutions, 
    jurisdictions, accounts, or transactions and the requirement that 
    each thrift have a Customer Identification Program (CIP).

    OTS also issued a USA PATRIOT Act Update in August 2002.\8\ The 
update included important guidance on the new CIP requirements, 
information sharing with law enforcement, and new due diligence 
requirements for foreign correspondent accounts and private banking 
accounts. The update noted that OTS would begin 
reviewing for compliance with the provisions when the new regulations 
became effective, and urged institutions to carefully review the new 
regulations and their preambles, and implement the new procedures as 
required.
---------------------------------------------------------------------------
    \8\ Chief Executive Officer (CEO) Letter 166 (August 5, 2002) (copy 
attached).
---------------------------------------------------------------------------
Customer Identification Programs
    The new CIP requirements, issued on May 9, 2003, by the Treasury 
Department, the FBA's, the SEC, and the CFTC, set forth procedures for 
verifying the identity of anyone who opens an account, and requires 
institutions to maintain records to verify a customer's identity, and 
to determine whether the customer appears on any list of known or 
suspected terrorists or terrorist organizations. An institution's CIP 
must include risk-based procedures designed to enable the institution 
to form a reasonable belief that it knows the identity of its 
customers. OTS has been examining institutions for CIP compliance since 
the requirements went into effect on October 1, 2003.
    Simultaneous with the issuance of the new CIP rules, OTS issued two 
additional pieces of guidance.\9\ Customer Identification Programs: A 
Staff Summary and Answers to Questions (the CIP Summary) (copy 
attached); and USA PATRIOT Act Preparedness Checkup: A Framework for 
Achieving Compliance with the New USA PATRIOT Act Regulations (the 
Checkup) (copy attached).
---------------------------------------------------------------------------
    \9\ CEO Letter 175 (May 9, 2003) (copy attached).
---------------------------------------------------------------------------
    The CIP Summary, the first guidance issued by a regulatory agency 
about the new CIP rules, alerted thrifts to the specific requirements 
of the new rules. The CIP Summary also specifies exactly what OTS is 
looking for when reviewing a thrift's CIP, and addresses important 
questions about the CIP rules.
    The CIP Summary describes the types of accounts covered by the 
rule, who is a ``customer'' for purposes of the rules, and the specific 
requirements that a thrift's CIP must meet. The CIP Summary also:

 Notes the four pieces of identifying information that a thrift 
    must obtain from a customer who opens a new account;
 Indicates the methods (both documentary and nondocumentary) by 
    which a thrift can verify the identifying information;
 Discusses the recordkeeping requirements of the new rules;
 Highlights the requirements about checking Government lists of 
    suspected terrorists or money launderers;
 Notes that thrifts must be in compliance with the new rules 
    beginning October 1, 2003; and
 Emphasizes that OTS would begin examining for compliance 
    during all examinations beginning on or after October 1, 2003.

    The Checkup was issued the same day as the new rules and the CIP 
Summary. It remains the only checklist form of guidance about preparing 
for USA PATRIOT Act implementation issued by a regulatory agency. In 
the Checkup, OTS encouraged institutions to ``ADApT'' their current 
BSA/AML program to the new USA PATRIOT Act requirements:

 Analyze their current program;
 Develop a comprehensive BSA/AML program, which includes a CIP 
    that address all of the thrift's business lines;
 Apply the revised program throughout the thrift's day-to-day 
    operations; and
 Test the new program through internal audits and testing to 
    ensure that the program is functioning as intended.

    The Checkup lists several questions a thrift should ask as it 
ADApTs to the new USA PATRIOT Act requirements. For instance, when 
Analyzing its current program, a thrift should consider, among other 
things, how its business operations expose it to money laundering or 
terrorism financing risks. When Developing its new, enhanced BSA/AML 
program, a thrift should take a number of steps, including ensuring 
that the program addresses each of the new regulatory requirements and 
identify business operations that might require enhanced scrutiny.
    When Applying its new program, a thrift should ask itself whether 
staff is informed of the new requirements, whether appropriate customer 
identification information collection and verification practices are 
taking place, and whether private banking accounts and foreign 
correspondent accounts are being handled correctly. Finally, when a 
thrift Tests the new program, the Checkup provides a number of factors 
for the thrift to review, including ensuring that internal audits or 
compliance reviews identify shortcomings in the BSA/AML compliance 
program and seek prompt corrective action, and determining whether 
staff and service provider implementation of the new regulatory 
requirements is keeping pace with the thrift's operational needs. Our 
examiners are instructed to explore all of these issues when 
examining an institution's USA PATRIOT Act compliance.
    In January 2004, OTS, along with the other FBA's, the SEC, and the 
CFTC, issued another importance piece of guidance, ``frequently asked 
questions'' (FAQ's) to help explain the final CIP rule.\10\ That 
document begins with a general description of the CIP requirements and 
emphasizes that a bank's CIP must include risk-based procedures for 
verifying the identity of each customer to the extent reasonable and 
practicable. The FAQ's note that it is critical that each bank develop 
procedures to account for all relevant risks, including those presented 
by the types of accounts maintained by the bank, the various methods 
provided to open accounts, the type of identifying information 
available, and the bank's size, location, and type of business or 
customer base.
---------------------------------------------------------------------------
    \10\ CEO Letter 188 (January 8, 2004) (copy attached).
---------------------------------------------------------------------------
    The FAQ's also make clear that specific minimum requirements in the 
rule, such as the four basic types of information to be obtained from 
each customer, should be supplemented by risk-based verification 
procedures, where appropriate, to ensure that the bank has a reasonable 
belief that it knows each customer's identity.
    The document also answers a number of common questions about the 
CIP rules, such as whether loans purchased from a car dealer are 
``accounts'' (No) and whether a person who becomes a co-owner of an 
existing deposit account is a ``customer'' (Yes). The FAQ's also 
consider whether a bank's foreign subsidiaries are subject to the rule 
(No) and whether a bank may keep copies of documents provided to verify 
a customer's identity even though not required to do so (Yes). The 
agencies are currently working on a second set of FAQ's on the CIP 
requirements, which are now circulating for approval at the agencies 
and will be issued soon.

Information Sharing
    Section 314 of the USA PATRIOT Act encourages cooperation and 
information sharing among financial institutions, regulators, and law 
enforcement. OTS has actively participated in developing and 
implementing these requirements.
    On September 26, 2002, Treasury issued a final rule implementing 
the new information sharing requirements. In response to industry 
concerns about the regulatory burden of the requests for information, 
and after consulting with OTS and the other FBA's, on November 26, 
2002, Treasury placed a moratorium on information requests from law 
enforcement. Treasury subsequently streamlined the process and lifted 
the moratorium in February 2003. Since then, institutions have been 
responding to requests for information from law enforcement.
    Last October, OTS alerted thrifts to new examination procedures to 
review thrift compliance with the new requirements,\11\ and we 
incorporated the new procedures into our overall BSA examination 
procedures. Those procedures include a review of the institution's 
procedures for promptly responding to law enforcement requests for 
information, documentation of any positive match with the requests, and 
copies of any vendor confidentiality agreements regarding services 
rendered pursuant to the requests. Examiners are also instructed to 
review copies of any SAR's filed related to the information sharing 
process, as well as to review an institution's analysis or 
documentation where a SAR was considered, but not filed.
---------------------------------------------------------------------------
    \11\ CEO Letter 183 (October 20, 2003) (copy attached).
---------------------------------------------------------------------------
    OTS also participates in quarterly meetings with FinCEN, the 
regulators, and representatives of law enforcement to discuss and 
further refine the information sharing process. Those meetings allow 
law enforcement to provide feedback to the regulators about how the 
information sharing process is working and for regulators to convey to 
law enforcement the views of financial institutions on how to improve 
the process. Items of discussion have included a breakdown of positive 
responses by type of financial institution and regulator, proposed 
enhancements to the various forms used in the process, and development 
of a secure, encrypted network to facilitate the exchange of 
information between law enforcement and financial institutions.

Foreign Shell Banks, Requests for Bank Records, and Summons Authority
    OTS has also issued specific guidance on the USA PATRIOT Act 
provisions banning correspondent accounts for foreign shell banks, 
requiring financial institutions to produce records related to anti-
money laundering compliance within 120 hours of an examiner's request, 
and providing that Treasury or the Attorney General may issue a 
subpoena or summons to any foreign bank that maintains a correspondent 
account in the United States and may request the bank to produce 
records related to that account, including records maintained abroad.
    Treasury, through FinCEN and after consultation with OTS and the 
other FBA's, issued a final rule implementing these new requirements on 
September 26, 2002. Last October, OTS alerted thrifts to the new 
examination procedures to review thrift compliance with the new 
requirements.\12\ Under those procedures, examiners are to evaluate an 
institution's policies and procedures for foreign correspondent 
accounts to determine whether they address the minimum requirements 
specified in the regulation, such as the responsible party for 
gathering the necessary information and the process for identifying 
foreign correspondent accounts. The procedures also require an examiner 
to, based on a risk assessment, sample foreign correspondent accounts, 
review the collection of requisite information and obtain any customer 
due diligence or other relevant information related to those accounts. 
We have incorporated those new procedures into our overall BSA 
examination procedures.
---------------------------------------------------------------------------
    \12\ CEO Letter 183 (October 20, 2003) (copy attached).
---------------------------------------------------------------------------
Other Significant USA PATRIOT Act Provisions
    OTS also participates in a number of other ongoing working groups 
and projects related to specific provisions of the USA PATRIOT Act. For 
instance, Treasury consults with OTS, among others, when considering 
whether to impose special measures on a jurisdiction, institution, 
class of transactions, or type of account that the Department finds is 
of ``primary money laundering concern.'' To date, Treasury has imposed 
special measures on Nahru, Burma, and two Burmese banks, and has just 
issued a proposal to do so with regard to a bank in Syria.
    OTS has been involved in developing new regulations implementing 
the USA PATRIOT Act requirements that financial institutions have 
specific due diligence procedures, including enhanced due diligence 
procedures, for correspondent accounts for foreign financial 
institutions or private banking accounts for non-U.S. persons. On July 
23, 2002, Treasury, after consulting with OTS and the other FBA's, 
issued an interim rule imposing the Section 312 requirements on banks 
and thrifts. Treasury is drafting a final regulation implementing 
Section 312, and routinely consults OTS.

Examination Procedures and Guidance
    In preparation for the October 1, 2003, compliance deadline for the 
new CIP requirements, OTS updated its entire BSA examination program. 
This revision included updating existing procedures and adding new 
sections to address specific USA PATRIOT Act requirements. We trained 
our examiners on the new procedures in mid-September 2003, and our 
examiners have been using the new procedures for all BSA examinations 
that commenced since October 1, 2003. Examiner reaction has been 
positive, with the examiners' general perception that most institutions 
are taking the necessary steps to comply with the new USA PATRIOT Act 
requirements. After extensive field testing, we are in the final stages 
of formally incorporating the new procedures in our OTS Examination 
Handbook.
    Under our comprehensive examination approach, many more examiners 
are now trained on conducting BSA examinations, which has expanded our 
capabilities immensely. We continually discuss and cover BSA and USA 
PATRIOT Act examination issues at staff conferences, examiner team 
meetings, and examiner education initiatives. In addition to our 
September 2003 training on the new procedures, we have included BSA/USA 
PATRIOT Act discussions in our Compliance I, Compliance II, and 
Advanced Compliance examiner schools. We provided internal training on 
the new BSA/USA PATRIOT Act requirements at our National Applications 
Staff Conference in May 2003 and our National Compliance Training for 
Senior Management program in June 2003. We also provide online and CD-
ROM study guides and training modules for our examiners.
    We actively participate in training programs and industry 
conferences throughout the country. Besides the guidance we have issued 
directly to institutions, we have participated in numerous interagency 
BSA/USA PATRIOT Act seminars and town meetings with industry 
representatives in all of our Regions. We also participated in BSA/USA 
PATRIOT Act discussions at various officer and director conferences, 
such as the FDIC's Regional Directors conference, and numerous trade 
association conferences. These include conferences sponsored by 
America's Community Bankers, the California Bankers Association, the 
Chicagoland Bankers Association, the Florida Bankers Association, the 
Georgia Community Bankers Association, the Heartland Community Bankers, 
the Iowa Bankers Association, Iowa Community Bankers and Iowa 
Independent Bankers Association, the Maryland Bankers Association, the 
Missouri Bankers, the North Carolina Bankers Association, the Suncoast 
Bankers Compliance Association, and the Wisconsin Community Bankers, 
among others.
    In implementing the new USA PATRIOT Act requirements and in 
examining thrifts for compliance under the new BSA procedures issued 
last October, OTS also has had the benefit of several recommendations 
made by the Treasury Department's Inspector General, who conducted an 
audit of OTS's enforcement actions taken for BSA violations. That audit 
report, issued September 23, 2003, and which covered the period January 
2000 through October 2002, made certain recommendations to further 
enhance OTS's supervisory process and data collection efforts.
    In response to these recommendations, OTS has issued both external 
and internal supplemental guidance on BSA/AML compliance programs and 
the enforcement of BSA obligations. This past March, OTS issued a 
regulatory bulletin that discusses OTS's authority under the BSA, 
details the specific regulatory and statutory requirements applicable 
to thrift operations in this area, and sets out general enforcement 
guidelines that OTS will follow for violations of the regulatory and 
statutory requirements.\13\
---------------------------------------------------------------------------
    \13\ Regulatory Bulletin 18-6 (March 31, 2004) (copy attached).
---------------------------------------------------------------------------
    The bulletin also lists the special factors that OTS will consider 
when determining the appropriate enforcement action for BSA/AML 
violations, including the following:

 Whether the thrift has adequately corrected BSA/AML violations 
    noted in a prior Report of Examination (ROE);
 Whether the thrift's BSA/AML compliance has deteriorated since 
    violations were noted in the prior ROE, or there has been 
    inordinate delay in making meaningful progress in addressing the 
    violations;
 Whether the violations in fact constitute, or reflect a 
    material risk of, money laundering, terrorist financing, or 
    structuring to avoid reporting requirements; and
 Whether the thrift identified the weaknesses itself through 
    its BSA testing, audit, or self-evaluation efforts and the thrift 
    has independently instituted timely and adequate corrective action.

    On April 5, 2004, we issued to our examiners new internal guidance 
elaborating on certain features of the regulatory bulletin. That 
guidance identifies specific BSA/AML violations that must be noted in 
examination reports, unless the thrift adequately corrects the 
violations during the examination period. The internal guidance 
provides further instruction on when a thrift will be considered to 
have ``adequately corrected'' a violation. The internal guidance also 
specifies that all institutions, regardless of asset size, must have 
BSA compliance programs that address all the regulatory requirements 
and are appropriate to the BSA/AML risks attributable to the thrift's 
risk factors, operational complexity, and market circumstances. 
Finally, the internal guidance provides more detailed instructions to 
examiners on documenting BSA/AML violations in the appropriate OTS 
database.
    The guidance on entering BSA violations data into OTS's new 
database is part of an ongoing, multiyear project to enhance and update 
our examination reporting database that was begun in January 2000. The 
update, now completed, encompasses all examination areas, including 
examination of a thrift's BSA compliance program. Not only does our 
enhanced database enable OTS to more closely monitor a thrift's 
compliance as well as industry trends and areas of interest, but also 
the data it is producing verifies our conviction that the most 
effective way to resolve deficiencies in a thrift's BSA/AML compliance 
program is during the examination process.
    Finally, also as suggested by the Inspector General, we have 
enhanced our supervisory review of the BSA examination process. 
Specifically, to assure BSA violation data accuracy, each examiner-in-
charge is now responsible for ensuring that BSA violations are entered 
into the data system correctly. This is often supplemented with a 
second level review and each region will conduct periodic quality 
assurance reviews to further ensure accurate data entry. We have 
drafted procedures for including BSA examinations and the integrity of 
system data entry in our ongoing 
Examination Quality Assurance reviews. Those reviews are designed to 
test compliance with OTS's national standards for BSA examinations, 
including those discussed in the new guidance. The initial review of 
examinations completed in the first quarter of calendar year 2004 will 
commence in the third quarter.

Assessment of Thrift Compliance with the BSA; OTS Enforcement
    The effective date for the updated procedures to conduct BSA 
examinations, October 1 of last year, coincides with the effective date 
for the most recent USA PATRIOT Act regulation, the CIP rules. Although 
we have been using these new procedures only a short time, we have 
received preliminary feedback from examiners and supervisors in the 
field.
    That feedback is generally positive. We believe that the thrift 
industry, in general, is complying with the BSA and USA PATRIOT Act 
requirements. As in most areas of bank supervision, however, we 
continue to identify areas of weakness in some thrift institutions. We 
also periodically uncover significant problems at a small number of 
institutions. In these situations, we move quickly and forcefully to 
correct violations. We believe that our record of risk-based 
supervisory response to identified institutional weaknesses places OTS 
in an excellent position for ensuring that the thrift industry 
continues to meets its BSA/AML obligations.
    We have identified some recurring problems related to basic BSA/AML 
requirements at some smaller institutions that have fewer resources to 
devote to compliance issues. The problems we see in these smaller 
thrifts are normally the same types we saw even prior to the USA 
PATRIOT Act. They generally involve the more administratively intensive 
requirements of the BSA program elements. For example, some smaller 
thrifts have inadequate training programs or fail to conduct an annual 
audit of the BSA compliance program that is fully independent.
    Generally speaking, smaller thrifts engaged in typical mortgage 
lending and FDIC-insured deposit taking in a local community tend to be 
exposed to a lower risk of money laundering as a result of the 
traditional nature of their operations. They tend to know their 
customers, have geographically limited operations, offer few or no 
international banking or private banking products and services, and 
conduct more streamlined, traditional banking operations focused on 
narrow, longstanding markets (normally mortgage lending). Even small 
institutions, however, are not free from the risk of money laundering 
activities and our reviews take that fact into consideration.
    The BSA compliance program at a small thrift--which still should be 
risk-based--need not be as elaborate as a program at a large, 
international financial institution. While a BSA compliance program 
must include all regulatory components, how each component is satisfied 
can vary depending on the operational risk presented by a particular 
institution's business. We have made clear to the industry and our 
examiners that all thrifts, regardless of size, must have BSA 
compliance programs that address all regulatory requirements and are 
appropriate to the BSA risks attributable to their operational 
complexity and market circumstances.
    OTS has backed up that message by issuing a number of formal 
enforcement orders to ensure that savings associations comply fully 
with the requirements of the BSA. For example, in October 2003, OTS 
issued a comprehensive cease-and-desist order to a savings association 
requiring that it develop and implement effective BSA and AML programs, 
including procedures to ensure that SAR's and CTR's are filed as 
required by law. OTS also fined the institution $175,000 for its past 
violations. OTS is closely monitoring the institution's compliance with 
the order.
    In another example, OTS recently issued a cease-and-desist order 
against an institution that had several problems with its BSA/AML 
compliance program. Those problems included failing to monitor large 
cash transaction activity in several commercial accounts, failing to 
file SAR's, and failing to file CTR's. Examinations also revealed 
weaknesses in the required BSA training programs. The cease-and-desist 
order required the thrift to strengthen its BSA compliance program, 
with particular attention to its CTR filing obligation and ensuring 
that its designated BSA officer had sufficient resources to perform BSA 
responsibilities on a day-to-day basis.
    In all, since we started using our new examination procedures last 
October, we have issued seven formal enforcement orders for BSA 
violations, including cease-and-desist orders, civil money penalties, 
and supervisory agreements. We also use the examination process to 
informally resolve a host of BSA/AML compliance issues. As I noted, 
since last July, we identified 167 thrifts with deficiencies in their 
BSA/AML compliance programs--all of the institutions either agreed to 
implement changes and moved promptly to do so, or completed the 
recommended corrective action before the completion of their 
examination. Finally, we are actively investigating several other 
possible violations of the BSA by thrifts, which may result in the 
issuance of other enforcement orders.

Interagency Working Groups and Committees
    Cooperation with our fellow agencies is always important, and it is 
particularly crucial in the anti-money laundering context. Money 
laundering and the financing of terrorism are truly global issues, 
cutting across a wide range of business activities, financial 
institutions, and international boundaries. The continuing fight 
against money laundering and terrorism demands coordinated, consistent 
efforts on both the national and international level.
    OTS and our Federal banking agency counterparts largely work hand-
in-hand in this effort. I have already mentioned the number of USA 
PATRIOT Act-related working groups and regulatory projects to which 
OTS, as well the other Federal banking agencies, have contributed. Many 
of those projects continue, as the agencies, always in a concerted way, 
provide guidance and examination standards to the industry. A good 
example of such a continuing effort is the ongoing work to issue a 
second set of frequently asked questions about the Customer 
Identification Program rules.
    OTS also participates in the Bank Secrecy Act Advisory Group 
(BSAAG). The BSAAG is a unique collection of representatives from law 
enforcement, regulators, and the private sector charged with 
responsibility for advising the Secretary of the Treasury on matters 
relating to the administration of the BSA. With the USA PATRIOT Act's 
expansion of the types of entities subject to anti-money laundering 
program requirements, the BSAAG's membership has also recently expanded 
to include representatives from a wide variety of new industries, such 
as automobile dealers, life insurance companies, and money service 
businesses.
    Along with the other Federal banking agencies and representatives 
from a number of law enforcement agencies, OTS is a member of the Bank 
Fraud Working Group. This forum enables participants to share 
information, and cooperate in identifying individuals engaged in fraud 
and trends involving fraudulent activities.
    Even outside the formal working group context, cooperation between 
the Federal banking agencies on BSA/AML matters is consistent and long-
standing. For instance, OTS cooperates with FinCEN and law enforcement 
agencies when matters of mutual interest are uncovered in OTS 
examinations or reviews. OTS and FinCEN have worked together to 
investigate and remedy BSA violations through the issuance of parallel 
enforcement actions. OTS also has frequently assisted law enforcement 
agencies investigating possible criminal misconduct and has, on 
occasion, made its examiners available as testifying experts before 
grand juries.

OTS's BSA Resources Webpage and Hotline
    To make information about the Bank Secrecy Act and USA PATRIOT Act 
easily accessible by thrifts and other interested parties, OTS 
maintains a page on its internet site with links to all the documents 
referred to in this testimony, including those related to CIP and other 
USA PATRIOT Act requirements, SAR's, and recent announcements. The 
webpage also includes links to FinCEN and to the Office of Foreign 
Asset Control (OFAC). The OTS's BSA webpage can be accessed through 
OTS's Internet site at www.ots.treas.gov. OTS also maintains a USA 
PATRIOT Act hotline for thrifts to call with questions about their BSA 
responsibilities.

Suspicious Activity Reports (SAR's)
    For many years, the BSA has authorized the Department of the 
Treasury to require any financial institution to report suspicious 
transactions relevant to possible statutory or regulatory violations. 
Even before the FBA's issued SAR regulations in 1996, thrifts and other 
depository institutions were required to file criminal referral and 
suspicious transactions reports. The USA PATRIOT Act did not change the 
basic SAR requirement.
    OTS's SAR regulations require a thrift to file a SAR when it 
detects a ``known or suspected violation of Federal law or a suspicious 
transaction related to a money laundering activity or a violation of 
the Bank Secrecy Act.'' \14\ To reduce regulatory burden on filers, 
depository institutions, and other filers submit SAR's only to an IRS 
data center that maintains a unified SAR database on behalf of FinCEN 
and the FBA's. FinCEN presently is testing a system to permit direct, 
secure on-line filing of SAR's. Currently, some filers still submit 
paper reports. Others deliver information electronically on tape or 
disk, which delays its inclusion in the database by approximately 1 
month. When fully implemented, electronic filing will greatly improve 
the usefulness of the SAR database for regulators and law enforcement 
agencies.
---------------------------------------------------------------------------
    \14\ 12 CFR Sec. 563.180.
---------------------------------------------------------------------------
    Because the SAR database contains highly confidential information 
of known or suspected criminal activities, on-line access is restricted 
to the FBA's, certain other state and Federal agencies, and to law 
enforcement agencies, such as the FBI and the Secret Service. Banks and 
thrifts may not disclose a SAR or its contents, and the banking 
agencies do not share SAR information with non-SAR users.
    From 1996 through 2003, financial institutions filed nearly 1.3 
million SAR's. SAR's related to thrifts account for less than 10 
percent of all SAR's. The total number of SAR's filed each year has 
grown significantly. For the 9 months of 1996 after the SAR 
requirements took effect, there were 52,069 SAR's filed. For 2003, this 
had grown to 288,343. Nearly half of all SAR's filed since 1996 have 
related to BSA and money laundering violations. Check fraud is a 
distant second, with nearly 12 percent.
    OTS staff members review SAR's each month for possible enforcement 
action and to coordinate with law enforcement investigations. In 
addition, in preparing to conduct a periodic examination of a thrift, 
examiners review the SAR's that relate to the thrift, and during the 
examination determine whether there is an ongoing problem that must be 
addressed.
    SAR's are valuable tools. For instance, information in SAR's allows 
FinCEN to identify emerging trends and patterns associated with 
financial crimes, which is vital to law enforcement agencies and 
provides valuable feedback to regulators and financial institutions. 
Here at OTS, information in thrift-filed SAR's has resulted in a number 
of enforcement orders, including cease and order orders and prohibition 
orders.

General Accounting Office Review
    The General Accounting Office (GAO) has recently initiated two new 
reviews in this area. One involves a review of the implementation of 
the anti-money laundering provisions of the USA PATRIOT Act by the 
banking agencies and others. GAO specifically plans to review (i) the 
status of implementing the customer identification program and 
information sharing provisions, (ii) agency procedures for assessing 
compliance and enforcement, (iii) efforts to educate the industry about 
the new regulations, and (iv) the extent to which the agencies have 
revised and applied examination guidance.
    The other review relates to BSA examinations and enforcement for 
depository institutions. GAO intends to study (i) how the banking 
agencies audit for BSA compliance, (ii) the number and nature of BSA 
violations since the late 1990's, (iii) how BSA violations are 
identified and addressed, (iv) consistency of BSA examinations, 
interpretation, and enforcement across the agencies, (v) the adequacy 
of the agencies' resources for BSA examinations and the new USA PATRIOT 
Act requirements, and (vi) the role of the Treasury Department in the 
agencies' examination programs and enforcement efforts.
    Much of this testimony addresses what OTS has accomplished in the 
areas to be covered by the GAO reviews. We are working to provide GAO 
with the preliminary information they have requested and look forward 
to assisting them in their efforts in any way we can.

OTS Recommendations to Enhance Existing BSA/USA PATRIOT Act Efforts
    We have identified several areas for consideration that we believe 
would enhance the existing BSA and USA PATRIOT Act efforts and 
initiatives. These are:

 Establishing better communications among the FBA's, FinCEN, 
    the banking industry and law enforcement, particularly with respect 
    to systemic BSA violations and developing trends. We encourage such 
    exchanges of information through several means, including 
    advisories, guidance, meetings and personal communications.
 Enhancing the flow of information between law enforcement and 
    depository institutions. The information sharing process should be 
    a two-way street. In order to review account records that might 
    relate to terrorist financing, financial institutions need as much 
    identifying information as law enforcement can provide. 
    Additonally, law enforcement needs responses to its inquiries as 
    quickly as possible from depository institutions. The FBA's can 
    substantially assist in facilitating the collection and exchange of 
    this vital information.
 Improving FBA coordination and BSA/AML awareness and training 
    via a more formalized procedure within the Federal Financial 
    Institutions Examination Council (FFIEC). This includes improving 
    communications among the FBA's and FinCEN regarding known schemes 
    to evade BSA/AML laws, as well as having FinCEN supplement BSA 
    training programs within the FFIEC so that all the FBA's and FinCEN 
    are consistent in the application of BSA/AML standards.

Conclusion
    We have always taken our responsibility to oversee compliance with 
the BSA seriously. The original focus of the BSA was to prevent 
criminal money laundering activities. Since the events of September 11, 
2001, and the enactment of the USA PATRIOT Act, the focus of the BSA 
has expanded to include the war against terrorism.
    OTS has redoubled its efforts under the BSA and the new USA PATRIOT 
Act requirements. We have:

 Helped educate the thrift industry through a variety of 
    mechanisms;
 Provided additional training for staff;
 Greatly expanded the number of examiners who are reviewing BSA 
    and USA PATRIOT Act compliance on an on-going basis;
 Halved the interval between BSA examinations;
 Developed and implemented enhanced scoping and examination 
    procedures;
 Implemented a new BSA tracking and monitoring information 
    system;
 Improved internal controls governing data collection, 
    examination, and enforcement activities;
 Bolstered off-site BSA monitoring programs;
 Adopted more robust and stringent enforcement policies;
 Implemented a new BSA Quality Assurance audit program; and
 Improved internal communications and external communications 
    and coordination with other regulatory agencies, Treasury, and law 
    enforcement.

    These actions collectively demonstrate our vigorous and diligent 
efforts to ensure maximum compliance with the intent and purpose of 
both the BSA and the USA PATRIOT Act. There is still more to be done. 
We pledge our continued efforts, look forward to your observations on 
these issues and await your questions.

                               ----------

                 PREPARED STATEMENT OF JOANN M. JOHNSON
             Chairman, National Credit Union Administration
                              June 3, 2004

    Chairman Shelby, Ranking Member Sarbanes, and Members of the 
Committee, thank you for the invitation to testify before you on behalf 
of the National Credit Union Administration (NCUA) on the enforcement 
of the Bank Secrecy Act (BSA).
    Congress enacted the BSA to prevent credit unions and other 
financial institutions from being used as intermediaries for the 
transfer or deposit of money derived from criminal activity. NCUA is 
the regulatory authority that monitors federally insured credit unions 
for compliance with the BSA.

Supervision of BSA Compliance in the Credit Union Industry
    I am pleased to report to the Committee that historically federally 
insured credit unions have a good record of compliance with the 
requirements of the BSA. Credit unions are also substantially in 
compliance with Sections 314 (Information Sharing) and 326 (Customer 
Identification Program) of the USA PATRIOT Act.
    At the end of 2003, NCUA insured 9,399 credit unions. Almost 50 
percent of federally insured credit unions are small with assets less 
than 10 million dollars. The smaller credit unions are less likely to 
have transactions that trigger the recordkeeping and recording 
requirements of the BSA. Additionally, approximately one-third of 
Federal credit unions have a single common bond sponsor. Officials in 
smaller credit unions and single common bond credit unions often have a 
more intimate understanding of their members' transactions, which 
facilitates their compliance with the requirements of the BSA. 
Consequently, money laundering has not been a major problem for credit 
unions.
    Nevertheless, much has changed since the terrorist attacks of 
September 11. There is increased recognition that denying terrorists 
the ability to launder funds through the Nation's financial system is 
an essential part of winning the war on terrorism. NCUA recognizes that 
as some federally insured credit unions increase in asset size, offer 
more complex financial services, and expand their fields of membership, 
the possibility increases that they may be targeted by individuals or 
groups seeking to launder money. NCUA is mindful of our responsibility 
in this area.
    The Federal Credit Union Act requires NCUA to assure BSA compliance 
in federally insured credit unions. Our responsibility is to ensure 
that all federally insured credit unions comply with applicable 
regulatory requirements and have effective programs in place to 
minimize the risk that they will be used to launder money. Federally 
insured credit unions are required to have BSA compliance programs that 
effectively monitor their daily operations to assure compliance with 
all applicable rules and regulations.
    To assure compliance, during each examination of a federally 
insured credit union, examiners review BSA compliance programs. In 
fact, the risk-focused examination program used by NCUA examiners and 
State credit union examiners directs that a review of compliance with 
the BSA be completed at every examination. (In the one State that does 
not use NCUA's risk-focused examination program, their examination 
program directs a comparable review of BSA compliance.) While this 
review is mandated by the Federal Credit Union Act, the design of the 
review and our extensive examiner education in this area result from 
NCUA's recognition of the important role of credit unions in preventing 
both money laundering and the financing of terrorism.
    In addition to NCUA's risk-focused examination program, NCUA has 
jointly participated with our fellow regulators and the Financial 
Crimes Enforcement Network (FinCEN) on a number of regulations designed 
to implement provisions of the USA PATRIOT Act. Also, NCUA is 
represented on the Bank Secrecy Act Advisory Group and the National 
Bank Fraud Working Group. And, as a member of the Federal Financial 
Institutions Examination Council (FFIEC), we work with other regulators 
to develop effective examiner education in this area and provide 
guidance on best practices to financial institutions.
    Among the 9,369 natural person credit unions, 3,593 are State-
chartered, federally insured institutions and have a State supervisory 
authority as their primary regulator. In accordance with its 
responsibility under the Federal Credit Union Act, NCUA reviews BSA 
compliance each time it conducts a credit union examination. In State-
chartered, federally insured credit unions where the State regulator 
conducts the examination, the State examiner reviews for BSA 
compliance. All examinations of federally insured credit unions 
completed by a state regulator are reviewed by NCUA staff. It should be 
noted, however, that NCUA does not review examinations of privately 
insured credit unions and does not have enforcement authority for BSA 
compliance in those credit unions.
    During examinations, NCUA reviews the federally insured credit 
union's operations to assure that policies and procedures are in place 
for credit union staff to file Suspicious Activity Reports (SAR's) 
relating to money laundering. Consolidated reports received from FinCEN 
concerning SAR filings are provided to NCUA regional staff and 
examiners to assist in the examination process of the BSA.
    In 2003, NCUA examined over 4,400 Federal credit unions and jointly 
participated with the State regulators in over 600 examinations of 
state-chartered federally insured credit unions. In addition, State 
regulators examined approximately 2,500 federally insured credit 
unions. During those examinations, NCUA determined that there were 334 
violations of the BSA. The violations were in 261 credit unions, 
representing 3.5 percent of credit unions examined. The most common 
violations fell into three categories--inadequate written policy (63 
percent), inadequate customer identification program (8 percent), or 
inadequate currency transaction reporting procedures (7 percent).
    When an examiner identifies a violation of the BSA, immediate 
resolution of the violation is sought. Of the 334 violations, credit 
union officials, working with an examiner, corrected or agreed to 
correct 99 percent of the violations during the on-site examination. 
Based on the severity of the violation, the examiner will establish 
supervision plans to ensure corrective action.
    In instances when violations at a federally insured credit union 
persist and/or are severe, NCUA has several options to initiate 
corrective action. They range from a letter from the NCUA Regional 
Director to formal administrative action including conservatorship. 
During 2003, NCUA Regional Directors issued one letter to a credit 
union that failed to have a BSA compliance program and entered into one 
Letter of Understanding and Agreement with credit union officials to 
ensure resolution of a multitude of problems from a failure to 
understand requirements of the BSA.
    NCUA will use a formal administrative action when necessary to 
correct BSA violations. This has occurred twice in the recent past. 
NCUA placed one institution into conservatorship and issued a cease-
and-desist order against another. The first instance involved a credit 
union with multiple violations; NCUA placed the institution into 
conservatorship, removing the board of directors and senior operational 
management. NCUA then installed new management to correct deficiencies 
in internal controls and compliance programs. When systemic problems 
had been corrected, NCUA entered into a written agreement with the 
credit union committing the institution to a rigorous compliance 
program. Approximately 10 months after imposing the conservatorship, 
NCUA returned operations of the credit union to its members.
    In the other instance, NCUA issued a cease-and-desist order to 
correct deficiencies in a credit union's BSA program. NCUA required a 
review of past transactions using an acceptable independent auditor and 
a commitment to file appropriate documentation regarding discovered 
violations. The credit union also agreed to retain a BSA compliance 
expert to evaluate its BSA program and to provide weekly education to 
all its employees in this area.

NCUA Initiatives
    The enforcement of the BSA and its related rules has been and 
remains a priority for NCUA. NCUA has taken numerous initiatives to 
address BSA compliance in credit unions. These initiatives fall into 
the following general categories:

 Examination Program
 Examiner Education
 Compliance Examiners
 Credit Union Education

    NCUA adopted a risk-focused examination program in 2002. Under this 
program, each credit union's examination is based on the examiner's 
analysis of risk for that particular institution. There are three 
mandatory procedures in the risk-focused 
examination program, one of which is the completion of the 
questionnaire on compliance with the BSA. The mandatory questionnaire 
was updated last year to incorporate recent provisions of the USA 
PATRIOT Act.
    NCUA educated all Federal examiners (approximately 600) for the 
implementation of the risk-focused examination and provided a specific 
session on BSA compliance. Additionally, BSA compliance is addressed in 
core training for all NCUA 
examiners. State examiners also attend NCUA compliance training 
sessions.
    NCUA participates with the other FFIEC agencies in developing and 
delivering training in this area. We have worked with our fellow 
regulators to develop guidance for the industry in implementing new USA 
PATRIOT Act regulations.
    The NCUA Examiner's Guide provides examiners with guidance in their 
review of a federally insured credit union's compliance with the BSA. 
To ensure a field focus on compliance with the USA PATRIOT Act, an 
updated version of the Examiner's Guide and the BSA questionnaire 
incorporating recent regulatory changes was issued to staff.
    In conjunction with the implementation of the risk-focused 
examination, NCUA has designated almost 30 compliance subject matter 
examiners. These examiners are called upon to assist in the examination 
of federally insured credit unions that exhibit a more complex 
operation or higher risk in compliance areas. Intensive training on the 
BSA (including the USA PATRIOT Act) was conducted at NCUA's November 
2003 Consumer Compliance Conference. Both Federal and state examiners 
attended the class. In 2002, we also provided a day-long session on the 
BSA for the compliance examiners.
    In addition to on-site reviews of BSA compliance during 
examinations, NCUA has issued several publications to educate federally 
insured credit unions on BSA and USA PATRIOT Act compliance:

 October 2001--Issued Letter to Credit Unions, 01-CU-18, NCUA 
    Request Relating to Information Pertaining to the Terrorist Attacks
 April 2002--Issued Regulatory Alert 02-RA-02, USA PATRIOT Act 
    Regulation to Improve Information Sharing
 September 2002--Issued Letter to Credit Unions 02-CU-14, 
    Detection of Terrorist Financing
 March 2003--Issued Regulatory Alert 03-RA-03, USA PATRIOT Act 
    Section 314(a) Information Requests
 May 2003--Issued Regulatory Alert 03-RA-07, Final USA PATRIOT 
    Act Regulations on Customer (Member) Identification
 October 2003--Issued Letter to Credit Unions 03-CU-16, Bank 
    Secrecy Act Compliance
 February 2004--Issued Regulatory Alert 04-RA-04, USA PATRIOT 
    Act Section 326: FAQ's for Customer Identification Program (CIP) 
    and Enclosure

    Currently, NCUA is finalizing an update to its Compliance Self-
Assessment Guide designed to assist federally insured credit unions in 
complying with regulations. With our focus on the BSA and USA PATRIOT 
Act, in October 2003 we issued this draft section to credit unions 
(attached). The guide highlights key requirements of the BSA and can be 
used as a quick reference tool for federally insured credit unions.
    Working with federally insured credit unions to ensure accurate 
point of contact information for Section 314 requests of the USA 
PATRIOT Act, NCUA revised its quarterly Call Report to capture point of 
contact information in March 2003. All credit unions must provide point 
of contact information each quarter.
    NCUA's website (www.ncua.gov) is designed to provide easy access 
for federally insured credit unions to obtain a SAR form along with 
information on the proper filing of the form. This facilitates the 
ability of a credit union to file prompt reports.
    Looking forward, NCUA is committed to maintaining a dynamic 
examination program that will assure federally insured credit unions 
have effective programs in place to minimize the risk of money 
laundering. NCUA will continue to provide guidance to federally insured 
credit unions regarding compliance with the BSA.

Conclusion
    Again, thank you, Mr. Chairman, for the opportunity to appear 
before you today on behalf of NCUA to discuss BSA compliance in the 
credit union industry. I am pleased to respond to any questions the 
Committee may have or to be a source of any additional information you 
may require.

                               ----------

                  PREPARED STATEMENT OF WILLIAM J. FOX
             Director, Financial Crimes Enforcement Network
                    U.S. Department of the Treasury
                              June 3, 2004

    Chairman Shelby, Senator Sarbanes, and members of the Committee, I 
appreciate the opportunity to appear before you to discuss the role 
that the Financial Crimes Enforcement Network (FinCEN) can and should 
play in Bank Secrecy Act compliance and enforcement matters. As I noted 
the last time I appeared before this Committee, we are indebted to the 
Committee for its leadership and commitment to 
furthering the efforts of our Government generally, and FinCEN in 
particular, to understand, detect and prevent money laundering and 
terrorist financing through the administration of the Bank Secrecy Act 
regulatory regime.
    As the delegated administrator of the Bank Secrecy Act, FinCEN 
bears responsibility for ensuring that it is implemented to achieve the 
ultimate goals of the Act--the institution of measures across the 
financial industry to prevent money laundering, terrorist financing and 
other financial crime, and the creation of records and reports highly 
useful to criminal, tax, regulatory, and counter-terrorism intelligence 
activities. While we eagerly accept this responsibility, we discharge 
it in large measure through the Federal functional regulators and the 
Internal Revenue Service, who have been delegated responsibility to 
examine for Bank Secrecy Act compliance.
    The Bank Secrecy Act regulatory system is unique in that its 
implementation involves 8 different Federal agencies. This unusual 
structure is both the Bank Secrecy Act's strength and its weakness. It 
is a strength because it builds on the existing expertise and 
examination functions of the regulators who know their industries best. 
It is a weakness because of the risk inherent in such fragmentation and 
potential for lack of accountability.
    Within this structure, FinCEN's task is to build on these strengths 
while simultaneously addressing the weaknesses. FinCEN, as the fulcrum 
must ensure that all those responsible are guided by the same 
interpretive principles and apply them in a consistent manner through a 
continuing dialogue among the regulators, the regulated industry, and 
law enforcement.
    My statement today outlines our role in this process and highlights 
the ways in which I think we can improve this process.

Background
    By virtue of a delegation order from the Secretary of the Treasury 
and a statute passed as part of the USA PATRIOT Act, FinCEN is charged 
with the responsibility of administering the regulatory regime of the 
Bank Secrecy Act. Among other things, we issue regulations and 
accompanying interpretive guidance; collect, analyze and maintain the 
reports and information filed by financial institutions under the Bank 
Secrecy Act; make those reports and information available to law 
enforcement and regulators; and ensure financial institution compliance 
with the regulations through enforcement actions aimed at applying the 
regulations in consistent manner across the financial services 
industry. FinCEN also plays an important role in analyzing the Bank 
Secrecy Act information collected to support law enforcement, 
identifying strategic money laundering and terrorist financing trends 
and patterns, and identifying Bank Secrecy Act compliance issues.
    FinCEN was created as an office within Treasury in 1990. Its 
original mission was focused on analysis--both tactical and strategic--
of data collected under the Bank Secrecy Act along with other financial 
data. Treasury's Office of Financial Enforcement (OFE) was originally 
responsible for the administration of the Bank 
Secrecy Act regulatory regime. In 1994, Treasury merged OFE into FinCEN 
and delegated the responsibility to administer the regulatory regime to 
FinCEN. Treasury sought to link the analytical functions with the 
administration of the regulatory regime that dictated the information 
that financial institutions were required to record and report. Adding 
responsibilities for administering the regulatory regime strengthened 
and expanded FinCEN's analytical and intelligence abilities.

Compliance Examination
    While FinCEN is responsible for ensuring compliance with the Bank 
Secrecy Act regulatory regime, FinCEN does not itself examine financial 
institutions for compliance. Instead, FinCEN taps the resources and 
expertise of other Federal agencies and self-regulatory organizations 
by relying on these agencies to conduct compliance exams, through 
delegations of authority that largely predated FinCEN. Examination 
responsibility has been delegated to other Federal regulators as 
follows:

 Depository Institutions--The Board of Governors of the Federal 
    Reserve, the 
    Office of the Comptroller of the Currency, the Federal Deposit 
    Insurance Corporation, the Office of Thrift Supervision, and the 
    National Credit Union Administration have been delegated authority 
    to examine the depository institutions they regulate for Bank 
    Secrecy Act compliance.
 Securities Broker-Dealers, Mutual Funds, and Futures 
    Commission Merchants/Introducing Brokers--FinCEN has delegated 
    examination authority to the Securities and Exchange Commission and 
    the Commodity Futures Trading Commission, and relies on their self-
    regulatory agencies (such as the NASD, the NYSE, and the NFA) to 
    examine these entities for compliance.
 Other Financial Institutions--The Internal Revenue Service 
    (Small Business/Self-Employed Division) has been delegated 
    responsibility for examining all other 
    financial institutions subject to Bank Secrecy Act regulation for 
    compliance, including, for example, depository institutions with no 
    Federal regulator, casinos, and Money Services Businesses (MSBs).

    Even in the absence of examiners, FinCEN has an important role in 
supporting the examination regime created through our delegations. 
FinCEN's role involves providing prompt Bank Secrecy Act interpretive 
guidance to regulators, policy makers and the financial services 
industry, and ensuring the consistent application of the Bank Secrecy 
Act regulations across industry lines, most notably through the 
rulemaking process and subsequent guidance. We promote Bank Secrecy Act 
compliance by all financial institutions through training, education 
and outreach. We support the examination functions performed by the 
other agencies by providing them access to information filed by 
financial institutions in suspicious activity reports, currency 
transaction reports, and other Bank Secrecy Act reports. We also 
facilitate cooperation and the sharing of information among the various 
financial institution regulators to enhance the effectiveness of Bank 
Secrecy Act examination and, ultimately, industry compliance.
    FinCEN has played a more robust role with the Internal Revenue 
Service to develop an examination regime for the many categories of 
businesses that are newly subject to anti-money laundering regulation. 
For example, we have worked extensively with the Internal Revenue 
Service to improve their examination procedures and capabilities for 
money services businesses,\1\ including providing training, reviewing 
exam procedures and the setting of priorities and goals. Finally, 
although done only to a limited extent now, we do provide some 
assistance with examination targeting and prioritization.
---------------------------------------------------------------------------
    \1\ Under the Bank Secrecy Act and FinCEN's implementing 
regulations, any person or group of persons doing business in the 
United States in one of the following capacities is defined as a money 
services business (MSB): currency dealers or exchangers; check cashers; 
issuers, sellers, or redeemers of travelers' checks, money orders, or 
stored value; and money transmitters.
---------------------------------------------------------------------------
Enforcement
    FinCEN has retained the authority to pursue civil enforcement 
actions against financial institutions for noncompliance with the Bank 
Secrecy Act and the implementing regulations. Under the Bank Secrecy 
Act, FinCEN is empowered to assess civil monetary penalties against, or 
require corrective action by, a financial institution committing 
negligent or willful violations.
    Generally, FinCEN identifies potential enforcement cases through 
(1) referrals from the agencies examining for Bank Secrecy Act 
compliance; (2) self-disclosures by financial institutions; and, (3) 
FinCEN's own inquiry to the extent it becomes aware of possible 
violations. Referrals from the examining agencies are regularly made to 
FinCEN. It should be noted that under Title 12, the banking regulators 
have authority to enforce certain regulations that fall under that 
statute as well as under the Bank Secrecy Act, such as the requirement 
that depository institutions have anti-money laundering programs. In 
addition, the Internal Revenue Service has authority to enforce certain 
Bank Secrecy Act requirements including the IRS/FinCEN Form 8300 
reporting for nonfinancial trades and businesses, and the Report of 
Foreign Bank and Financial Accounts by individual and entities.

Efforts to Enhance Bank Secrecy Act Compliance
    Much of our work within FinCEN is devoted to the goal of maximizing 
industry compliance with the Bank Secrecy Act regulatory regime. But as 
the complexity of the regulatory regime, and the obligations imposed, 
continue to grow, our efforts must grow as well. Below, my statement 
outlines my priorities within FinCEN, in the short-term, to better 
enable us to assist the regulators in the examination process and 
further enhance our own capabilities to enforce the regulatory regime. 
I also have included a few ideas to consider as we look for ways to 
further enhance Bank Secrecy Act compliance and examination 
consistency.

Short-Term Goals
    As I have explained previously, we are in the process of realigning 
FinCEN to position ourselves to better fulfill our mission. As part of 
this, we will be restructuring our regulatory section to focus 
resources and create efficiencies around the functions of Bank Secrecy 
Act examination and enforcement:

Creation of an Examination Program Office
    Within FinCEN's regulatory office, we will create a new program 
office devoted solely to the Bank Secrecy Act examination function. 
Currently, the affected substantive program area handles examination 
related issues on an ad-hoc basis. For example, individuals responsible 
for the Money Services Business program have taken a primary role in 
working with the Internal Revenue Service to develop and enhance their 
examination regime. The new structure will consolidate all examination 
support functions and better enable FinCEN to provide the necessary 
support to regulatory agencies conducting Bank Secrecy Act compliance 
exams. As an initial priority, FinCEN plans to focus on assisting the 
Internal Revenue Service in its examination function, particularly in 
light of the new regulations that FinCEN has and will issue to bring 
thousands of additional businesses under the Bank Secrecy Act anti-
money laundering program provision.

Dedication of Analytical Resources to Compliance Support and 
        Examination

Targeting
    We will also be providing specific analytical support to our 
Examination Office. Our analysts will exploit the Bank Secrecy Act and 
other data to identify, review and, through the Examination Office, 
refer anomalies involving specific financial institutions to the 
appropriate regulator for review and examination. They will use the 
information to assist the regulators in examination targeting by 
identifying high-risk financial institutions or problem compliance 
areas to help the regulators prioritize and direct examination 
resources. The analysts will also work toward identifying new and 
emerging vulnerabilities that should be addressed through the 
examination process. We intend to work closely with the regulators in 
this process.

Renewed Focus and Resources to Provide Interpretive Guidance
    As the complexity of the Bank Secrecy Act regulatory regime grows, 
so does the need for interpretive guidance. As part of our 
reorganization, we are placing a renewed focus and resource commitment 
on the provision of guidance, both in the form of more comprehensive 
guidance documents as well as more immediate responses to specific 
inquiries. With respect to the former, we intend to begin the process 
of issuing staff commentaries to the various provisions of the Bank 
Secrecy Act. This will involve close consultation with the regulators. 
Separately, we look to leverage existing and develop additional 
industry experts to provide prompt guidance to specific questions as 
they arise, especially during the course of an examination. This will 
also require our working with the regulators to ensure that they know 
what mechanisms are available through which such guidance can be 
obtained.

Review Enforcement Referral Guidelines and Reporting Requirements
    To improve the Bank Secrecy Act civil enforcement process, FinCEN 
intends to review the utility of developing updated guidelines to 
assist the Federal banking agencies, Internal Revenue Service and other 
agencies, as appropriate, in determining how and when to refer matters 
involving significant, alleged violations of the Bank Secrecy Act to 
FinCEN for consideration of civil money penalties. Currently, upon 
discovery of significant Bank Secrecy Act deficiencies during 
examination cycles, the Federal banking agencies, Internal Revenue 
Service and the Securities and Exchange Commission rely on a memo 
predating the creation of FinCEN on such matters. If appropriate, we 
will work closely with the regulators to revise these guidelines.
    In addition, the regulations delegating Bank Secrecy Act 
examination authority to the banking regulators provide that periodic 
reports shall be made, in a form and timeframe prescribed by Treasury. 
By memorandum, dated June 6, 1979, Treasury prescribed the form and 
timing of the periodic reports to be received from the banking 
regulators, including the number of apparent Bank Secrecy Act 
violations discovered during the examination process. However, since 
its inception such reporting has been sporadic and it has not proved 
helpful. As a result, FinCEN plans on reviewing the utility of 
receiving periodic reports, in a mutually agreed to format, to better 
enable FinCEN to review Bank Secrecy Act compliance and examination 
findings on a national basis across agency lines; such as, for example, 
reporting of remedial actions undertaken by financial institutions as a 
result of consent orders, memorandum of understanding, board 
resolution, supervisory letter, or other enforcement mechanisms.

MSB Compliance
    A top priority for FinCEN is the prevention of the financing of 
terrorism. One aspect of achieving this goal is finding better ways to 
provide information to the regulated community to better identify 
potential terrorist activity. One area of particular focus in this 
regard will be money services businesses. Money services businesses 
continue to require more attention and resources, and FinCEN will 
undertake an initiative to educate segments of this industry most 
vulnerable to terrorist abuse of their financial services. These 
segments include small businesses that typically offer money remittance 
services, check cashing, money orders sales, and informal value 
transfer systems. Working with our colleagues in law enforcement, we 
hope to enhance our outreach programs to include training on how 
terrorists have and may continue to use money services businesses; the 
reason for and importance of the registration requirement; and the 
importance of complying with the anti-money laundering compliance 
program, reporting and recordkeeping requirements of the Bank Secrecy 
Act, especially suspicious activity reporting. In fact, suspicious 
activity reporting for money services businesses should be streamlined 
by permitting the use of a simplified form to file, which we are 
currently developing.

Ideas for Enhanced Coordination
    Coordination among the regulators, industry, and law enforcement is 
the lynchpin of effective Bank Secrecy Act compliance. Since the 
passage of the USA PATRIOT Act, cooperation has only improved. On our 
side, we have developed a much closer working and collaborative 
relationship with the regulators on all aspects of Bank Secrecy Act 
administration. This has been reflected in the process of developing 
the new regulations, conducting outreach and training for the industry, 
and focusing on specific compliance issues. Indeed, provisions of the 
Act such as the customer identification section required that FinCEN 
and the regulators issue regulations jointly.
    With respect to examinations, last month the Bank Secrecy Act 
Advisory Group formed a subcommittee devoted to identifying ways to 
better ensure examination consistency among the various regulatory 
agencies and industries. Representatives from industry, the regulatory 
agencies, and law enforcement will participate. This subcommittee is 
yet another vehicle through which FinCEN and the regulators can address 
the range of examination issues with the common goal of enhancing 
compliance on a national basis.
    In this context and elsewhere, we will all have to identify 
creative ways to facilitate continued cooperation. Some ideas that I 
hope to explore with my colleagues include:

Identification of Common Compliance Deficiencies
    Better identification of compliance issues revealed through the 
examination process on an interagency scale is an essential aspect of 
enhancing the overall effectiveness of the Bank Secrecy Act regulatory 
regime. FinCEN could serve a key role in facilitating that process by 
encouraging the regular sharing of common compliance deficiencies 
uncovered by the regulators. Summaries of deficiencies identified in 
financial institutions will expose areas to be addressed, interpretive 
questions to be answered, or even inconsistencies with the regulations 
themselves. Based on this 
information, FinCEN and the regulators would be able to focus its 
outreach and guidance efforts on emerging, possibly systemic problem 
areas affecting one or more financial industries. Similarly, regulators 
would be able to better focus their examination resources on such 
areas. This data would also enhance the ability of FinCEN and the 
regulators to target their examinations and develop strategic 
examination goals across industry lines.

Continued Collaboration on Examination Procedures
    To varying degrees, FinCEN has provided input into the development 
of examination procedures for the banking regulators and the Internal 
Revenue Service. In fact, FinCEN is working with Internal Revenue 
Service now to revise its Bank Secrecy Act Examination Manual, which 
guides the conduct of Bank Secrecy Act examinations and is used as a 
training template for Bank Secrecy Act examiners. This is an important 
way in which FinCEN can communicate our examination priorities to the 
regulators and better ensure a consistent examination process by the 
various agencies. We have also begun to participate on a limited scale, 
resources permitting, as observers in exams performed by our regulatory 
partners.

Joint Examiner Training
    As a complement to the established mechanisms through which the 
regulators train their examiners, we will explore joint training 
opportunities that will afford FinCEN the opportunity to supplement the 
training provided with programs specifically targeted toward our Bank 
Secrecy Act compliance goals, including the possibility of our 
participating in multiagency anti-money laundering training at the 
Federal Financial Institution Examination Counsel.
    We have done such training already. For example, FinCEN has 
conducted joint training of Internal Revenue Service examiners on 
various Title 31 and USA PATRIOT Act requirements in recent IRS 
Examiner training classes. FinCEN also will be conducting training at 
an upcoming meeting of Internal Revenue Service supervisory level 
personnel who have Bank Secrecy Act examination responsibility. By 
training at the supervisory level (training-the-trainer), FinCEN can 
leverage its limited resources to help ensure that IRS Bank Secrecy Act 
supervisory personnel deliver the appropriate message concerning the 
content of Bank Secrecy Act exams to the Internal Revenue Service field 
exam staff.

Conclusion
    Mr. Chairman, we appreciate your Committee's continued support in 
our efforts to ensure the effectiveness of Bank Secrecy Act examination 
and enforcement programs. This concludes my remarks. I will be happy to 
answer your questions.

              PREPARED STATEMENT OF GASTON L. GIANNI, JR.
        Inspector General, Federal Deposit Insurance Corporation
                              June 3, 2004

    Mr. Chairman, Ranking Member Sarbanes, and Members of the 
Committee, I am pleased to testify before you today as you conduct this 
hearing on the Federal financial regulatory agencies' enforcement of 
the Bank Secrecy Act (BSA). We appreciate and thank the Committee for 
its interest in gaining a greater understanding of how the Government 
is combating terrorist financing and money laundering. The Committee, 
the regulators, and our office clearly have a mutual interest in 
assuring the public that the best possible efforts are made to deter 
such dangerous and illegal activities.
    Today, I will present a historical perspective on the Bank Secrecy 
Act and discuss the BSA-related work my office has done over the past 
several years. I will also offer our views on the challenges that the 
Congress and the financial regulators face going forward in this 
critical area.

The Bank Secrecy Act of 1970
    The Bank Secrecy Act of 1970 requires all financial institutions to 
maintain appropriate records and to file certain reports that are used 
in criminal, tax, or regulatory investigations and proceedings. The 
BSA's implementing regulation, 31 CFR Part 103, is also used to aid law 
enforcement agencies in the investigation of suspected criminal 
activity such as illegal drug activities, income tax evasion, and money 
laundering by organized crime. The BSA consists of two parts--Title I, 
Financial Recordkeeping, and Title II, Reports of Currency in Foreign 
Transactions.

 Title I authorizes the Secretary of the Treasury (Treasury 
    Department) to issue regulations requiring institutions to maintain 
    certain records related to financial transactions.
 Title II directs the Treasury Department to prescribe 
    regulations governing the reporting of certain transactions by and 
    through financial institutions in excess of $10,000. A financial 
    institution must file a Currency Transaction Report (CTR) with the 
    Treasury Department for each cash transaction over $10,000 or 
    multiple cash transactions by an individual in 1 business day or 
    over a period of days aggregating over $10,000. The BSA also 
    requires financial institutions to file Suspicious Activity Reports 
    (SAR) with the Treasury Department when suspected money laundering 
    activity, terrorist financing, or other BSA violations occur, such 
    as the use of shell entities, check kiting, or embezzlement.

BSA Requirements for FDIC-Supervised Institutions
    The FDIC is currently the primary Federal regulator for 
approximately 5,300 financial institutions. In that role, the 
Corporation has implemented rules and regulations in addition to those 
issued by the Treasury Department that require each FDIC-supervised 
institution to develop and administer a BSA program to ensure 
compliance with the BSA and 31 CFR Part 103. Institutions' BSA programs 
should include:

 a written BSA program approved by the institution's board of 
    directors,
 a system of internal controls to assure ongoing compliance,
 independent testing for compliance with the BSA and 31 CFR 
    Part 103 to be conducted by bank personnel or an outside party,
 designation of individual(s) responsible for coordinating and 
    monitoring compliance with the BSA, and
 training in BSA requirements for appropriate personnel.

Examination Authority and Procedures
    Although the Treasury Department has overall authority for BSA 
enforcement and compliance, its regulations delegate authority to 
financial institution regulatory agencies, including the FDIC, to 
examine financial institutions for compliance. In this capacity, the 
FDIC has authority to (1) examine the institutions it supervises for 
compliance with the BSA, (2) refer BSA violations to the Treasury 
Department, and (3) impose regulatory actions for BSA violations. The 
FDIC is also required by the Federal Deposit Insurance Act (FDI Act) 
to:

 prescribe regulations requiring insured depository 
    institutions to establish and maintain procedures reasonably 
    designed to ensure and monitor compliance with the BSA,
 review such procedures during their examinations of these 
    institutions, and
 enforce compliance with the BSA monetary transaction 
    recordkeeping and report requirements.

    The Division of Supervision and Consumer Protection (DSC) at the 
FDIC is responsible for promoting the safety and soundness of FDIC-
supervised institutions, and examining financial institutions' 
compliance with applicable laws and regulations such as the BSA.
    According to the Chairman's testimony for today's hearing, the FDIC 
has conducted almost 11,000 BSA examinations since 2000.

Communication and Training
    The FDIC has taken steps to ensure that its supervised financial 
institutions and examiners are aware of BSA requirements and that its 
examinations of financial institutions include a review of BSA 
requirements. The FDIC also issues regulations, Financial Institution 
Letters, and other guidance to the financial institutions that it 
supervises; updates Corporation examination and training materials; and 
ensures that DSC examiners are adequately trained to monitor BSA 
compliance.

Risk-focused Examination Procedures
    DSC requires examiners to use risk-focused examination procedures 
to assess BSA compliance. To accomplish this, examiners may use (1) 
core procedures that are considered during the basic review, (2) 
expanded procedures that are used to target concerns identified during 
the basic review, and (3) impact analyses to assess the seriousness of 
identified deficiencies. To assess the impact of deficiencies 
identified during the basic and expanded reviews, examiners determine 
whether BSA violations and weaknesses:

 are serious and indicate the need for civil money penalties,
 necessitate referrals to law enforcement agencies,
 necessitate a cease-and-desist order for cases in which a 
    mandatory BSA compliance program was not established or maintained, 
    or other supervisory action to correct prior noncompliance, and
 affect the safety and soundness of the institution.

When Violations Should Be Referred to the Treasury Department
    According to referral guidelines issued by the Treasury 
Department's Office of Financial Enforcement in October 1990, the 
Treasury Department has a zero tolerance level for violations of the 
BSA but recognizes that BSA violations are of a varying nature. The 
guidelines state, ``Because the determination process often is 
subjective, sound examiner judgment and experience also are required.'' 
To assist with the determination process for referrals to the Treasury 
Department, the guidelines 
instruct examiners to ``assess all of the facts and circumstances 
surrounding the violations,'' including whether:

 the violations represent an isolated incident caused by human 
    error;
 the deficiencies are indicative of significant noncompliance 
    with the BSA and/or systemic weaknesses in the institution's BSA 
    compliance program;
 the types and nature of the violations are serious;
 the violations are the result of blatant, willful, or flagrant 
    disregard for BSA requirements;
 there is a pattern of noncompliance with one or more sections 
    of the regulations;
 the violations result from inadequate policies, procedures, or 
    training programs; and
 the violations result from a nonexistent or seriously 
    deficient compliance program.

    DSC procedures require examiners to use the Treasury Department's 
guidelines to determine when a referral is appropriate.

The Treasury Department or the FDIC can take Regulatory Actions when
BSA Violations are Identified
    Failure by a financial institution to comply with the BSA can 
result in regulatory sanctions by either the Treasury Department or the 
FDIC. The BSA and its underlying regulations give the Treasury 
Department the authority to assess civil money penalties for violations 
and to authorize criminal prosecution. The FDIC is required to report 
all identified BSA violations and to refer violations that warrant 
penalties to the Treasury Department's Financial Crimes Enforcement 
Network (FinCEN). The FinCEN was established to administer BSA and 
provide a government-wide, multisource intelligence and analytical 
network. Such referrals, however, do not preclude the FDIC from taking 
regulatory action when BSA violations are identified. For example, as 
cited in 12 U.S.C. 1818(s), the FDIC shall issue a cease-and-desist 
order to any FDIC-supervised institution that fails to establish and 
maintain appropriate BSA procedures or to correct any previously 
reported problem with the procedures.
    The Corporation has reported that, since 2001, it has issued 30 
formal enforcement actions against 25 financial institutions and 3 
individuals to address BSA 
violations--25 of these actions were cease-and-desist orders. 
Regulatory action, however, also includes informal actions such as bank 
board resolutions or memorandums of understanding to facilitate 
corrective action(s) from bank management. Since 2001, the Corporation 
reports that FDIC-supervised institutions have entered into 53 informal 
actions with BSA-related provisions. Finally, the FDIC often uses other 
supervisory actions such as correspondence and follow-up visitations or 
examinations to promote compliance with BSA and implementing guidance.

BSA became a Higher Priority after the Events of September 11
    Prior to the tragic events of September 11, 2001, BSA had played a 
significant role in preventing banks and other financial service 
providers from being used as intermediaries for, or to hide the 
transfer or deposit of, money derived from criminal activity associated 
with organized crime and international drug traffickers. BSA became 
more of a national priority following September 11.

The USA PATRIOT Act
    In October 2001, the Congress enacted the United and Strengthening 
America by Providing Appropriate Tools Required to Intercept and 
Obstruct Terrorism Act of 2001--the USA PATRIOT Act. This Act expanded 
the Treasury Department's authority initially established under the BSA 
to regulate the activities of U.S. financial institutions, particularly 
their relations with individuals and entities with foreign ties. 
Provisions of the USA PATRIOT Act augmented the BSA money laundering 
provisions, making it a useful tool in tracing terrorist financing 
activities. The Act also elevated the status of FinCEN within the 
Treasury Department and emphasized its role in fighting terrorist 
financing. In addition to administering the BSA, FinCEN is responsible 
for expanding the regulatory framework to other industries (such as 
insurance and securities brokers and dealers) vulnerable to money 
laundering, terrorist financing, and other crimes.

FDIC's Post-September 11 Initiatives
    DSC has been proactive in the development and issuance of 
interagency examination guidance and has participated in working groups 
led by the Federal Financial Institutions Examination Council to 
develop and implement examiner training related to the enforcement of 
BSA and USA PATRIOT Act provisions. Additionally, DSC has organized and 
participated in numerous outreach programs intended to inform and 
educate the banking industry of USA PATRIOT Act compliance 
requirements. Further, DSC has indicated that it has been involved in 
various interagency and joint law enforcement initiatives, including:

 participation in the Financial Action Task Force's (FATF) 
    Working Group on International Financial Institutions Issues, which 
    establishes international anti-money laundering standards;
 participation in the Basel Committee decisionmaking process in 
    reviewing the ``Know Your Customer'' risk management report;
 participation in working groups and technical assistance 
    missions sponsored by the Departments of State and Treasury, which 
    are designed to assess vulner-
    abilities to terrorist financing activity worldwide and to develop 
    and implement plans to assist foreign governments concerning these 
    issues; and
 serving as point-of-contact liaison between FinCEN and FDIC-
    supervised institutions in the USA PATRIOT Act Section 314(a) 
    terrorist-subject biweekly searches.

FDIC OIG Work that Addresses BSA-Related Issues
    My office has conducted three audits that address the FDIC's 
efforts to design and implement a supervisory program to examine 
institutions' compliance with provisions of the BSA and the more 
recently enacted USA PATRIOT Act. The first two audits addressed FDIC 
examiners' planning and conduct of BSA examinations and the 
Corporation's implementation of policies and procedures stemming from 
USA PATRIOT Act requirements. They were both conducted as part of our 
responsibility to provide coverage of the FDIC's supervision 
activities. The third and most recent audit primarily focused on 
supervisory actions taken by the FDIC to ensure institutions implement 
effective corrective action to address BSA violations. This audit was 
initiated in response to interest expressed by staff of the 
Subcommittee on Oversight and Investigations, House Committee on 
Financial Services.
    Overall, these audits identified that the Corporation had taken 
steps to implement a risk-focused examination program for BSA. However, 
improvements were needed to ensure that institutions were fully 
complying with, and the FDIC was effectively enforcing provisions of, 
the Act.
    I will now discuss more details of each audit, with the focus being 
on our findings and recommendations and the FDIC's corrective actions 
to address them.

Examination Assessment of Bank Secrecy Act Compliance
    By way of background, in the wake of a much-publicized Bank of New 
York money laundering scandal in 1999, the question of whether the BSA 
and its implementation were effective gained renewed interest from the 
legislative and executive branches of the Federal Government. Of 
particular note, the Departments of Treasury and Justice jointly issued 
a revised National Money Laundering Strategy in March 2000 assigning 
responsibility for implementing parts of the strategy to bank 
regulatory agencies, including the FDIC, to enhance efforts to prevent 
money laundering. The regulatory agencies were specifically tasked with 
reviewing existing examination procedures, and where necessary, 
revising, developing, and implementing new examination procedures that 
would ensure anti-money laundering supervision is risk focused. In 
light of the interest and new requirements, we conducted an audit in 
2000 to determine the extent to which the FDIC's examiners reviewed 
FDIC-regulated institutions' compliance with the BSA during the course 
of safety and soundness examinations.
    In March 2001, we issued Audit Report No. 01-013, Examination 
Assessment of BSA Compliance. In the report, we concluded that 
examiners did not adequately document their BSA examination planning or 
procedures. In general, there was little justification for the 
examiners' decisions to omit or include procedures based on their 
evaluation of risk at the institutions being reviewed. Similarly, after 
completing the risk-scoping process, examiners did not consistently 
document the work they performed as required by the Corporation's 
Manual of Examination Policies. As a result, we could not always 
determine the extent to which examiners reviewed institutions' 
compliance with BSA provisions. We also found that examiners could have 
improved examination planning by taking full advantage of the FinCEN 
databases that contain information on CTR's and SAR's. At the time of 
our report, one region was compiling this information in a report and 
disseminating it to examiners. The report showed whether institutions 
had significant changes in the volume of SAR and CTR filings since the 
previous examination and could be used to determine whether the scope 
of the BSA examination should be expanded.
    We recommended that management (1) reinforce risk focusing guidance 
for BSA examinations and ensure that documentation requirements for 
examination planning and procedures were followed and (2) require that 
all FDIC regions provide 
examiners with CTR and SAR information for the purpose of planning BSA 
examinations. Management implemented these recommendations.

FDIC's Implementation of the USA PATRIOT Act
    As discussed earlier, the USA PATRIOT Act broadened authority and 
required regulations to combat money laundering that were already 
established under the BSA to facilitate the prevention, detection, and 
prosecution of international money laundering and the financing of 
terrorism. Our review of the FDIC's implementation of the USA PATRIOT 
Act focused on Title III of the Act, which is entitled the 
International Money Laundering Abatement and Anti-terrorist Financing 
Act of 2001. Title III includes provisions related to (1) international 
counter-money laundering and related measures, (2) BSA amendments and 
related improvements that supplement the United States' authority to 
detect money laundering provided under the BSA, and (3) currency crimes 
and protection.
    The objective of our audit was to determine whether the FDIC had 
developed and implemented adequate procedures to examine financial 
institutions' compliance with the USA PATRIOT Act. We issued our final 
report on the audit entitled The FDIC's Implementation of the USA 
PATRIOT Act, Audit Report No. 03-037, on September 5, 2003. We 
concluded that DSC's existing BSA examination procedures covered 
certain USA PATRIOT Act, Title III requirements. In addition, DSC had 
advised FDIC-regulated institutions of the new requirements in cases in 
which the Treasury Department had issued final rules implementing the 
Title III provisions. However, DSC had not issued guidance to its 
examiners for those provisions requiring new or revised examination 
procedures because DSC was either coordinating the issuance of uniform 
procedures with an interagency steering committee or waiting for the 
Treasury Department to issue final rules. This delay in issuing 
examination guidance was of particular concern when the Treasury 
Department had issued final rules for Title III provisions addressing 
money laundering deterrents and verification of customer identification. 
We noted that timely issuance of examiner guidance would have helped 
ensure institutions' full compliance with USA PATRIOT Act provisions 
sooner.
    We recommended that the FDIC: (1) issue interim examination 
procedures for those sections for which the Treasury Department has 
already issued final rules and (2) work with its interagency 
counterparts to issue examination guidelines concurrently with the 
Treasury Department's issuance of final rules for institutions' 
implementation of Title III provisions. The FDIC concurred with both 
recommendations and took responsive corrective action. More 
specifically, the FDIC issued interim BSA examination procedures in 
August 2003, which included steps for reviewing institution compliance 
with applicable provisions of the USA PATRIOT Act and in October 2003, 
issued the final examination guidelines developed in consultation with 
the other financial institution regulators.
    While not the result of our audit, FDIC has also trained its bank 
examination staff on the USA PATRIOT Act and incorporated BSA and Anti-
Money Laundering topics into one of its core examination schools. Also, 
the FDIC is working with the other Federal banking regulators and the 
Conference of State Bank Supervisors to revise examiner training 
programs to incorporate provisions of the USA PATRIOT Act. Furthermore, 
the FDIC has reported changing its application review program to 
consider prohibitions against certain types of relationships with 
financial institutions, particularly foreign shell banks. The 
Corporation has also amended its policies to consider the effectiveness 
of an insured depository institution's anti-money laundering 
activities--including those of overseas branches--when evaluating a 
proposed merger transaction.

Supervisory Actions Taken for Bank Secrecy Act Violations
    Our most recent audit related to the BSA was done in response to 
interest expressed by the staff of the Subcommittee on Oversight and 
Investigations, House Committee on Financial Services. The audit 
focused on actions taken by the FDIC in its supervisory capacity to 
ensure that FDIC-supervised institutions implement effective corrective 
action to address BSA violations. Our audit results in this case raised 
concerns related to four general areas:

 Extent of Regulatory Action on Significant and Repeat 
    Violations
 Consistency of Reporting of Deficiencies and Violations
 Timing of FDIC Follow-Up and Corrective Actions on BSA 
    Violations
 Handling of Filings and Referrals to the IRS and Treasury 
    Department
Audit Took Approach Consistent with Prior Treasury OIG Report on BSA
    Our audit approach was modeled after a report issued by the 
Department of the Treasury OIG entitled OTS: Enforcement Actions Taken 
for Bank Secrecy Act Violations, Report No. OIG-03-095, dated September 
23, 2003. The objectives of the Treasury OIG audit were to determine:

 whether the Office of Thrift Supervision took timely and 
    sufficient supervisory enforcement actions against thrifts with 
    substantive BSA violations;
 enforcement actions, when taken, adequately addressed all 
    substantive BSA violations identified by examiners;
 OTS's systems to track and monitor BSA examinations results 
    were accurate and reliable.

    The Treasury OIG determined that greater use of forceful and timely 
enforcement sanctions were warranted for BSA violations; enforcement 
actions were not always taken timely or were not always thorough for 
substantive BSA violations; \1\ and BSA examination data errors existed 
in OTS' automated system used to monitor the results of all 
examinations, including BSA.
---------------------------------------------------------------------------
    \1\ The Treasury OIG defined substantive BSA violations as those 
that resulted from the failure to develop and implement a BSA program 
with the basic BSA minimum requirements and the nonfiling of CTR's and 
SAR's.
---------------------------------------------------------------------------
    The objective of our audit was to determine whether the FDIC 
adequately follows up on BSA violations reported in examinations of 
FDIC-supervised financial institutions to ensure that they take 
appropriate corrective action. The scope of our audit included 
examinations conducted by the FDIC or State regulatory agencies, and 
examinations in which the FDIC participated in a joint capacity with 
State regulatory agencies from January 1, 1997 through September 30, 
2003.

The FDIC Had Cited a Significant Number of Institutions for BSA 
        Violations
    Of the 5,662 financial institutions that the FDIC supervised (on 
average) during the time period covered by our audit, 2,672 
institutions (approximately 47 percent) had been cited for at least one 
BSA violation. Those violations included citations for not complying 
with the Treasury Department's Financial Recordkeeping and Reporting 
Requirements, that is, filing CTR's, and not adequately implementing 
BSA compliance programs as required by the FDIC's Rules and 
Regulations. Of those 2,672 institutions, 458 (approximately 17 
percent) had been cited for repeat BSA violations.

Audit Shows High Rate of Significant and Repeat Violations, Many of 
        Which
Were Not Subject to Regulatory Action
    We selected a random sample of institutions with violations for 
detailed review. The random sample consisted of 22 institutions 
selected from the 8 DSC regional or area offices, and another 19 
institutions consisted of a judgmental sample of institutions with 
repeat violations for a total of 41 institutions reviewed. We 
determined that

 35 of the 41 institutions (86 percent) were cited for 
    violations related to the Treasury Department's financial 
    recordkeeping and reporting requirements as prescribed in 31 CFR 
    Part 103, and
 29 of the 41 institutions (71 percent) were cited for 
    deficient BSA compliance programs that did not meet the minimum 
    requirements of the FDIC Rules and Regulations.

    Regarding violations of the Treasury Department's Regulations at 31 
CFR Part 103, these financial institutions were most frequently cited 
for failing to: File CTR's for nonexempted transactions over $10,000; 
maintain records on sales of monetary instruments of $3,000 through 
$10,000; furnish information required in CTR's, file CTR's timely, or 
retain CTR's for 5 years; and treat multiple transactions totaling over 
$10,000 as a single transaction.
    With respect to the FDIC's Rules and Regulations Section 326.8, the 
41 financial institutions in our sample were most frequently cited for 
lack of independent testing of BSA compliance; failure to develop or 
implement an adequate BSA compliance program; inadequate system of 
internal controls for BSA compliance; and failure to provide adequate 
BSA training.
    We also determined that 27 of the 41 institutions had repeat BSA 
violations. Of those 27 repeat institutions, 17 institutions (63 
percent) were not subject to regulatory action for their repeat 
violations, although other supervisory efforts such as follow-up 
correspondence to bank management and visitations may have been in 
progress. Of the 10 institutions that were subject to regulatory 
action, only 1 was subject to a cease-and-desist order.\2\ DSC policy 
states that repeat violations cannot be tolerated and that cease-and-
desist orders should be initiated in such cases.
---------------------------------------------------------------------------
    \2\ The FDIC imposed a regulatory action for one institution that 
did not have repeat violations bringing the total number of regulatory 
actions taken for the sample we reviewed to 11.
---------------------------------------------------------------------------
    In addition, Section 8(s) of the FDI Act states that, ``If the 
appropriate Federal banking agency determines that an insured 
depository institution . . . has failed to correct any problem with the 
[BSA] procedures . . . which was previously reported . . . by such 
agency, the agency shall issue an order . . . requiring such depository 
institution to cease-and-desist from its violation . . ..'' In response 
to our audit, the FDIC concluded that it was not required to issue 
cease-and-desist orders in the case of every repeat BSA violation. The 
Corporation believes that enforcement authority always involves some 
element of discretion, including consideration of the nature of the 
violation and supervisory judgment as to how best to address the 
violation. As part of its response to our report, the Corporation 
provided a legal opinion by its General Counsel that addresses 
Congress's intent in Section 8(s). The opinion stated that:

        The absence of a mandate to bring a cease-and-desist action to 
        address every violation of Section 8(s) or the regulations does 
        not imply that the alternative is to take no action. To the 
        contrary, the statutory intent must be to take an appropriate 
        corrective action based upon the severity of the problem, the 
        risk it poses, and the bank's willingness to comply 
        expeditiously.

    We concur with the Counsel's guidance. However, as noted 
previously, our audit identified cases where DSC had not taken 
regulatory action to address repeat violations of BSA requirements.

FDIC's Reporting and Follow-Up On BSA Violations
    For the 41 banks in our sample, we reviewed 82 reports of 
examination that cited apparent and often multiple BSA violations. We 
noted that not all BSA deficiencies described in DSC's examination 
reports were cited in the violations section of the reports and tracked 
in the FDIC's information system. For 25 (30 percent) of the 82 
reports, DSC waited until the next examination to follow up on some or 
all of the BSA violations, and corrective actions to address cited 
violations often took more than 1 year. Also, DSC's regional offices 
took various approaches to handling violations related to the filing of 
CTR's and to referring bank violations to the Treasury Department. 
Finally, we found that while many institutions had been cited for BSA 
violations, there were few referrals to the Treasury Department during 
the audit period, and most were made by one FDIC region.

Inconsistencies in Describing Deficiencies and Citing Violations

    In reviewing DSC's reports of examination, we observed several 
instances of BSA deficiencies described in the reports but not cited in 
the Violations of Laws and Regulations section of the reports. On the 
other hand, we also noted instances of BSA deficiencies similar to 
those described that were cited as violations. Deficiencies that are 
described in the reports of examination but not cited as violations may 
receive less attention from bank management or in follow-up by DSC. 
According to DSC officials, the examiners exercise judgment in 
determining the significance of BSA concerns. That judgment includes 
determining whether the weaknesses constitute:

 apparent violation of laws or regulations, meriting inclusion 
    in the violations section of the examination report, or
 noncompliance with DSC guidelines, meriting only mention in 
    the report as matters for bank management's attention, which may be 
    sufficient to eliminate concern.

Follow-up and Correction of Violations Was Not Always Timely

    DSC's process for following up on violations cited in reports of 
examination includes:

 a request for the report to be considered in the bank's next 
    board meeting, with a record of actions taken entered into the 
    minutes;
 a request for bank management to provide a response indicating 
    the actions taken to eliminate each cited violation or deficiency; 
    and
 follow-up of the corrective actions at the next examination.

    For the institutions included in our sample, we checked how often 
and by what method DSC followed up on whether corrective actions had 
been taken. We considered evidence related to DSC's follow-up actions 
or the banks' corrective actions, as well as information from the 
Treasury Department. As a result of our analysis of the process and our 
review of the 82 reports that cited apparent BSA violations, we found 
that:

 For 20 reports, DSC followed up or pursued regulatory action 
    for certain violations before the next examination, including 
    additional correspondence, visitations, and regulatory actions such 
    as bank board resolutions, memorandums of understanding, or cease-
    and-desist orders.
 For 42 reports, DSC received evidence from bank management, 
    Treasury's FinCEN, or the Internal Revenue Service (IRS) that 
    certain violations had been corrected before the next examination, 
    and in many of these instances, corrective action took place before 
    the examination was completed.
 For 25 reports, DSC waited until the next examination to 
    assess the adequacy of bank corrective actions for certain 
    violations.\3\
---------------------------------------------------------------------------
    \3\ Note that the numbers do not total 82 because DSC used 
different follow-up actions for some examination reports that cited 
multiple violations.

    We also observed that DSC regional and field offices exercised wide 
discretion in deciding whether and when to follow up on the violations 
or take regulatory action. In some cases, more than 1 to 5 years passed 
before (1) bank management took corrective action that was effective to 
prevent repeat violations or (2) DSC applied regulatory actions to 
address continuing violations. As shown below, about two-thirds of the 
violations took longer than 1 year to correct.

                  Time Taken to Address BSA Violations
------------------------------------------------------------------------
        LENGTH OF TIME FOR ACTION            NUMBER OF INSTITUTIONS *
------------------------------------------------------------------------
12 months or less.......................                             27
------------------------------------------------------------------------
13 months-24 months.....................                             13
------------------------------------------------------------------------
25 months-36 months.....................                             16
------------------------------------------------------------------------
37 months-48 months.....................                             10
------------------------------------------------------------------------
49 months-60 months.....................                              1
------------------------------------------------------------------------
More than 60 months.....................                              8
------------------------------------------------------------------------
* The number of institutions will exceed the 41 sampled institutions
  because the length of time varied for institutions with multiple BSA
  violations.
Source: OIG analysis of ViSION data and review of evaluation reports and
  supplemental information provided by DSC for the 41 sampled
  institutions.

    DSC officials stated that follow-up on BSA violations often occurs 
at the next FDIC examination rather than between examinations. Although 
the FDIC can conduct visitations between regularly scheduled 
examinations, we identified only a few visitations based on information 
provided by DSC that addressed BSA violations.
    Generally, the FDIC alternated examinations of the sampled 
institutions with State regulatory agency examinations for those 
institutions. However, 45 of the 72 examination reports we reviewed 
from state regulatory agencies did not specifically address BSA 
compliance. Therefore, the FDIC could not rely on those examinations to 
determine whether bank management took corrective actions to address 
previously cited violations or to identify any new BSA violations. 
Consequently, follow-up by the FDIC on some previously cited BSA 
violations did not occur until the next FDIC examination--generally 24 
to 36 months after the violations were initially identified. This delay 
in ensuring that BSA violations are corrected could result in 
additional or continued BSA violations and could hinder the detection 
of criminal activity.

Handling of Violations Related to CTR's

    We also noted variations in the handling of violations related to 
CTR's. While conducting examinations, examiners identified instances in 
which financial institutions had improperly exempted customers from 
currency transaction reporting requirements or otherwise failed to file 
CTR's. According to DSC guidance, CTR's must be filed with the IRS 
within 15 days following the date of the transaction (25 days if the 
financial institution files electronically). For those institutions 
that did not file CTR's within the specified timeframe, FinCEN requests 
that examiners have bank officials request permission to backfile 
CTR's. DSC regional offices did not handle violations related to the 
backfiling of CTR's in a consistent manner. Some offices required the 
institutions to request permission to backfile, while other offices 
allowed the institutions, in cases that involved one or two CTR's, to 
file without requesting permission to backfile.

Handling of Referrals to the Treasury Department

    DSC referrals of bank violations to the Treasury Department were 
infrequent. According to information provided by DSC, while 2,672 
institutions were cited for violations, there were only 34 referrals 
made from January 1, 1997 through December 31, 2003, and most of these 
referrals were made by one DSC regional office. DSC officials added 
that, since the Treasury Department has access to FDIC information on 
BSA violations through a shared information system, further reporting 
is not required. The Treasury Department sometimes requests copies of 
applicable examination reports based on its analysis of the violations. 
The following actions have 
resulted from the referrals made by the FDIC from January 1, 1997 
through December 31, 2003

 27 institutions received cautionary letters or letters of 
    warning from the Treasury Department,
 1 institution received a civil money penalty,
 3 referrals were resolved by other means, and
 3 referrals were still open.

    In summary, the Treasury Department took action when referrals were 
made but, in our assessment, FDIC only did so infrequently.
Report Recommends Strengthening Guidance Related to BSA Monitoring and
Follow-Up Processes
    We concluded in our report that the FDIC had adequately followed up 
on some BSA violations to ensure bank management has taken appropriate 
corrective action. However, more could be done to better ensure that 
prompt and effective actions are taken by bank management to ensure 
compliance with BSA regulations.
    In light of the increased Congressional interest in BSA compliance 
and emphasis on national security concerns, we recommended that the 
Corporation:

 reevaluate and update its examination guidance to help ensure 
    adequate examiner follow-up and timely corrective action by bank 
    management;
 discuss and update the referral policy with the Treasury 
    Department; and
 encourage State coverage of BSA compliance, and develop 
    alternative processes to compensate for the lack of State coverage 
    of BSA compliance.

FDIC Management Agreed with Recommendations and Is Taking Steps to 
        Improve
Its BSA Program
    DSC management agreed with our recommendations. DSC had taken steps 
to initiate a reevaluation and update of its guidance, with interagency 
cooperation, to address formal supervisory actions, follow-up actions, 
citation of apparent violations, and recordkeeping and backfiling of 
CTR's. DSC also agreed to work with the FDIC Legal Division to clarify 
and update, as necessary, enforcement action guidance on BSA.
    Further, DSC management agreed to pursue clarification of referral 
procedures with the Treasury Department. Finally, DSC agreed to focus 
on strengthening processes to address variations in the State 
examination coverage of BSA and believed doing so would increase the 
consistency and reliability of the follow-up to its BSA examinations.

Looking Ahead
    Mr. Chairman, the goal of identifying and cutting off terrorist 
funding is an essential one. The Government's success in accomplishing 
that goal is dependent upon 
collecting and analyzing necessary information, and disseminating and 
sharing that information among appropriate law enforcement and 
regulatory agencies. To that end, the Congress passed the BSA, and 
later, the USA PATRIOT Act, to establish requirements and coordination 
mechanisms for creating this free flow of information. While the FDIC 
has been a leader in many initiatives aimed at complying with these two 
Acts, we found and the Corporation has acknowledged it can do more. In 
light of the knowledge we have gained since September 11 and more 
recent terrorist threats, there are key questions that the FDIC should 
consider, in conjunction with the Treasury Department and the other 
financial regulators, as it looks to improve its BSA program.

 Is risk-scoping BSA examinations and follow-up still the most 
    effective approach to deterring money laundering and terrorist 
    financing?
 Are the policies and procedures for reporting certain cash 
    transactions and BSA violations to the Treasury Department, some of 
    which date to the early 1990's, currently effective?
 Is the information reported to FinCEN by financial 
    institutions and regulators effectively evaluated and does it 
    ultimately result in timely preventive actions?

    Mr. Chairman, we appreciate the opportunity to participate in this 
hearing. We are prepared to assist in addressing these issues and have 
additional audits planned in this area to help ensure that financial 
institutions, through efficient and effective supervision by the FDIC, 
will remain vigilant in implementing BSA programs that assist in 
preventing money laundering and terrorism. I would be pleased to answer 
any questions the Committee may have at this time.



           RESPONSE TO A QUESTION OF SENATOR SHELBY 
                    FROM JOHN D. HAWKE, JR.

A.1. Mr. Hawke, in addition to the Saudi and Equatorial Guinea 
accounts, Riggs held numerous other foreign accounts, including 
what many characterize as what we would call high-risk by 
FinCEN and OFAC. They include, among others, Burma, Cuba, the 
Sudan, Iraq, Iran, Syria, and Nigeria. If Riggs' BSA/AML 
internal controls were so deficient, which is a given, should 
we be concerned, in other words, should you be concerned that 
many of these other embassy and special interest accounts could 
suffer similar inadequacies and violations?

A.1. OCC examiners reviewed Riggs Bank's OFAC controls during 
the January 2003 BSA examination and did not find any problems 
with the bank's handling of OFAC country accounts. The 
examiners reviewed the details of the Iraqi blocked accounts 
and did not identify any deficiencies or noncompliance with 
OFAC regulations. Subsequently, OCC examiners obtained and 
confirmed that appropriate licenses were acquired for Riggs or 
their banking customers to open accounts or transact business 
within OFAC sanctioned countries of Burma, Cuba, Iran, Iraq, 
the Sudan, Syria, and Yugoslavia (Balkans). The bank's OFAC 
compliance procedures used in the opening account process have 
also been assessed in subsequent exams and found to be 
satisfactory.
    Most of the above-mentioned OFAC sanctioned countries 
having either Embassy or Mission accounts within Riggs's 
Embassy Banking Division were closed in June 2004 as part of 
the bank's decision to exit high-risk Embassy accounts. There 
is one exception of an Iranian account that remains open and 
blocked as required by OFAC. Under the terms of the cease-and-
desist orders, the bank is required to review the activity in 
all high-risk Embassy accounts going back to January 1, 2001, 
to ensure that Suspicious Activity Reports are filed where 
appropriate. The OCC will evaluate Riggs Bank's compliance with 
this and other requirements of the cease-and-desist orders in 
October of this year.



