[Senate Hearing 108-886]
[From the U.S. Government Publishing Office]
S. Hrg. 108-886
BANK SECRECY ACT ENFORCEMENT
=======================================================================
HEARING
before the
COMMITTEE ON
BANKING,HOUSING,AND URBAN AFFAIRS
UNITED STATES SENATE
ONE HUNDRED EIGHTH CONGRESS
SECOND SESSION
ON
EFFORTS TO ENSURE COMPLIANCE AND ENFORCEMENT OF THE BANK SECRECY ACT,
ENACTED IN 1970, WHICH AUTHORIZES THE SECRETARY OF THE TREASURY TO
ISSUE REGULATIONS REQUIRING THAT FINANCIAL INSTITUTIONS KEEP RECORDS
AND FILE REPORTS ON CERTAIN FINANCIAL TRANSACTIONS, FOCUSING ON ANTI-
MONEY LAUNDERING AND ISSUES CONCERNING DEPOSITORY INSTITUTION
REGULATORY OVERSIGHT
__________
JUNE 3, 2004
__________
Printed for the use of the Committee on Banking, Housing, and Urban
Affairs
Available at: http: //www.access.gpo.gov /congress /senate/
senate05sh.html
______
U.S. GOVERNMENT PRINTING OFFICE
25-956 WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS
RICHARD C. SHELBY, Alabama, Chairman
ROBERT F. BENNETT, Utah PAUL S. SARBANES, Maryland
WAYNE ALLARD, Colorado CHRISTOPHER J. DODD, Connecticut
MICHAEL B. ENZI, Wyoming TIM JOHNSON, South Dakota
CHUCK HAGEL, Nebraska JACK REED, Rhode Island
RICK SANTORUM, Pennsylvania CHARLES E. SCHUMER, New York
JIM BUNNING, Kentucky EVAN BAYH, Indiana
MIKE CRAPO, Idaho ZELL MILLER, Georgia
JOHN E. SUNUNU, New Hampshire THOMAS R. CARPER, Delaware
ELIZABETH DOLE, North Carolina DEBBIE STABENOW, Michigan
LINCOLN D. CHAFEE, Rhode Island JON S. CORZINE, New Jersey
Kathleen L. Casey, Staff Director and Counsel
Steven B. Harris, Democratic Staff Director and Chief Counsel
Skip Fischer, Senior Staff Professional
Stephen R. Kroll, Democratic Special Counsel
Joseph R. Kolinski, Chief Clerk and Computer Systems Administrator
George E. Whittle, Editor
(ii)
?
C O N T E N T S
----------
THURSDAY, JUNE 3, 2004
Page
Opening statement of Chairman Shelby............................. 1
Opening statements, comments, or prepared statements of:
Senator Sarbanes............................................. 2
Senator Reed................................................. 5
Senator Allard............................................... 5
Prepared statement....................................... 41
Senator Bunning.............................................. 41
WITNESSES
Susan S. Bies, Member, Board of Governors of the Federal Reserve
System......................................................... 5
Prepared statement........................................... 42
John D. Hawke, Jr., Comptroller of the Currency, U.S. Department
of the Treasury................................................ 8
Prepared statement........................................... 47
Response to a question of Senator Shelby..................... 111
Donald E. Powell, Chairman, Federal Deposit Insurance Corporation 10
Prepared statement........................................... 60
James E. Gilleran, Director, Office of Thrift Supervision, U.S.
Department of the Treasury..................................... 12
Prepared statement........................................... 67
JoAnn M. Johnson, Chairman, National Credit Union Administration. 13
Prepared statement........................................... 76
William J. Fox, Director, Financial Crimes Enforcement Network,
U.S. Department of the Treasury................................ 15
Prepared statement........................................... 79
Gaston L. Gianni, Jr., Inspector General, Federal Deposit
Insurance Corporation.......................................... 32
Prepared statement........................................... 84
Davi M. D'Agostino, Director, Financial Markets and Community
Investment, U.S. General Accounting Office..................... 34
Prepared statement........................................... 93
Additional Material Supplied for the Record
Letter to Senator Paul S. Sarbanes from John D. Hawke, Jr.,
Comptroller of the Currency, U.S. Department of the Treasury,
dated June 18, 2004............................................ 112
Letter to Senator Jack Reed from James E. Gilleran, Director,
Office of Thrift Supervision, U.S. Department of the Treasury,
dated June 9, 2004............................................. 116
(iii)
BANK SECRECY ACT ENFORCEMENT
----------
THURSDAY, JUNE 3, 2004
U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.
The Committee met at 9:45 a.m., in room SD-538, Dirksen
Senate Office Building, Senator Richard C. Shelby (Chairman of
the Committee) presiding.
OPENING STATEMENT OF CHAIRMAN RICHARD C. SHELBY
Chairman Shelby. The hearing will come to order.
The purpose of today's hearing is to examine the record of
the Federal Government in enforcing this Nation's laws against
money laundering and terrorist financing. The high-profile case
of Riggs Bank, which was recently fined $25 million for
repeated--I emphasize ``repeated''--failures to comply with the
Bank Secrecy Act, the basic anti-money laundering statutes
requiring the reporting of large cash transactions and
suspicious financial activities, has highlighted possible
deficiencies in the governmental structure for enforcing these
laws.
The Riggs case could be seen as unique. It involved that
bank's near monopoly on foreign embassy banking. It involved an
oil-rich country for which the movement of large amounts of
cash was as
routine as writing a check to pay bills is for many Americans.
Whatever cultural, political, or economic factors resulted in
Riggs' failure to comply with the law, despite repeated
assurances to its Federal overseers that it would improve in
that regard, this case cannot be seen as unique. As the General
Accounting Office will testify later today before this
Committee, the problem runs deeper than we may care to admit.
There does appear, on the basis of a number of recent money
laundering cases, as well as the case of UBS Investment Bank of
Switzerland, about which this Committee held a hearing on May
20, to be serious deficiencies on the part of the Federal
regulatory agencies vested with the authority and
responsibility to enforce this Nation's laws against money
laundering.
I mention the UBS case for a reason. In that case, the
Federal Reserve Bank of New York, responsible for ensuring that
U.S. currency was not being transferred to countries sanctioned
for their support of terrorist activities or their poor human
rights records, failed to provide adequate oversight of the
banks with which it had contracted to serve as depositories of
billions of U.S. dollars in cash. The Federal Reserve Bank
trusted that the self-generating reports provided it by UBS
were an accurate reflection of the latter's conduct. The Fed
was wrong, to the tune of $5 billion.
Similarly, the Riggs case showed a deference toward the
client financial institution that undermined the integrity of
the oversight process. Trust that Riggs would comply not just
with the terms of the law, but with the agreements intended to
bring it into compliance with the law, proved the undoing of a
process that is essential to the war against terrorism. The war
against terrorism cannot be won without serious efforts at
impeding the very types of criminal activity that seem to be
going on or went on at the Riggs Bank, as well as the UBS case.
And Riggs, as we all know, is not just about their bank's
relationship to the Embassy of Saudi Arabia. As disturbing are
the business transactions with the Government of Equatorial
Guinea, a country known for its corruption, human rights
abuses, and desperately poor population, despite vast oil
wealth.
The Riggs case, as well as that of Banco Popular, Delta
National Bank and Trust of New York, and others clearly point
to underlying problems in the approach of Federal regulatory
agencies to properly carry out their mandate to enforce the
Bank Secrecy Act.
How long banks are given to comply with the law before the
Government acts with sufficient force so as to compel
compliance is one of the issues to be addressed here today.
Others include the ability and the willingness of the agencies
represented here today to execute their enforcement function
with regard to money laundering with the same competence with
which they execute their apparently more ingrained ``safety and
soundness'' function. Their relationship to each other, to the
Financial Crimes Enforcement
Network, also represented here today, and to law enforcement
and the degree to which information essential for enforcing
anti-money laundering laws is shared among themselves in a
timely manner. For example, was the FBI informed about cease-
and-desist orders, or did it have to read about them in the
papers? What about FinCEN? Does the examination process need
repair? These are the questions that demand attention here.
Testifying here today and hopefully addressing these
questions, are Susan Schmidt Bies, Board of Governors of the
Federal Reserve System; John D. Hawke, Comptroller of the
Currency and frequent guest here; Donald Powell, the Chairman
of the Federal Deposit Insurance Corporation; James Gilleran,
Director of the Office of Thrift Supervision; JoAnn Johnson,
Chairman of the National Credit Union Administration; and
William Fox, Director, Financial Crimes Enforcement Network.
After we hear testimony from these officials, we have a second
panel comprised of Gaston Gianni, Inspector General of the
Federal Deposit Insurance Corporation; and Davi D'Agostino,
Director of the Financial Markets and Community Investment
Division of the General Accounting Office.
Senator Sarbanes.
STATEMENT OF SENATOR PAUL S. SARBANES
Senator Sarbanes. Thank you very much, Mr. Chairman. First
of all, I want to say that I strongly share your commitment to
very strong oversight by this Committee of the agencies under
our jurisdiction and, in particular, this focus on the
administration and enforcement of the Bank Secrecy Act.
The President speaks often of the war against terrorism,
and again and again people say that an essential part of the
war against terrorism is to dry up the financial resources that
the terrorist networks gain access to which enable them to
carry out their activities. The Bank Secrecy Act is part of
that effort, but the effectiveness of the BSA and the priority
which bank regulators and the Treasury Department give to its
enforcement is regrettably a very open question, underscored by
the failures of compliance and regulatory oversight at Riggs
Bank and other institutions. Riggs is the most recent one and
in the focus.
OCC examiners outlined problems in Riggs' BSA compliance
and anti-money laundering procedures as early as 1997. But
despite Riggs' well-known special circumstances, in terms of
its clients, the examiners failed to discover widespread
noncompliance with the Bank Secrecy Act. It was not until late
2002 that OCC examiners began seriously to test transactions to
see if the Riggs' program was actually producing results. We
now know that it was not.
Throughout much of the same period, Federal
counterterrorism and law enforcement officials were involved in
investigations involving accounts of some of Riggs' largest
customers. And the Federal Reserve Board was conducting
parallel oversight because of its jurisdiction over the Riggs
holding company and Edge Act subsidiary. It is not clear when
the Financial Crimes Enforcement Network, FinCEN, which is said
to administer the Bank Secrecy Act and which ultimately issued
a concurrent $25 million penalty assessment with the OCC
against Riggs, first learned of Riggs' compliance problem. It
seems clear that there was no coordinated Federal regulatory
effort relating to the audit and investigation of Riggs.
The Riggs situation in and of itself is serious, obviously.
But it may reflect a broader structural problem. No one seems
to be directly accountable for enforcement of the Bank Secrecy
Act. Congress vested authority for the Bank Secrecy Act's
administration and enforcement in the Secretary of the
Treasury, who has delegated that authority, since 1994, to the
Director of FinCEN. The Federal banking agencies examine the
compliance of depository institutions with the Bank Secrecy
Act, under authority delegated by Treasury. But they also have
a separate statutory obligation to examine for BSA compliance
procedures, employing a different set of sanctions than the
statutory penalties in the Bank Secrecy Act.
The list of agencies involved in potential BSA compliance
problems does not end there. Federal enforcement and, now,
intelligence agencies--for example, the FBI, the Bureau of
Immigration and Customs Enforcement, the Drug Enforcement
Administration, the Criminal Investigation Division of the
Internal Revenue Service--investigate potential BSA violations
in the course of their activities. State bank regulators have
their own oversight authority that extends to the Bank Secrecy
Act in the case of State-chartered institutions. Different
regulators may--in fact, likely will--regulate different parts
of increasingly integrated bank holding companies. Treasury,
through FinCEN, will become involved in compliance penalties
only in a limited number of situations in which cases are
referred to it under procedures that, according to testimony we
will be receiving today, are more than a decade old.
I am also concerned about the nature of the bank
examination procedures themselves in this area. Today's
testimony will indicate that the bank examiners review
procedures and systems in their money laundering compliance
examinations. They rarely test transactions to see if the
procedures or systems are working. It is a little bit like
going into a room and seeing that the furniture is all in place
but not placing any weight on the furniture to see whether it
will sustain the stress. It could all be hollow.
I am also concerned about reports that compliance
examiners, generally at the OCC, FDIC, and OTS, have been made
subordinate to safety and soundness examiners. This would
affect not only the Bank Secrecy Act, but also other critical
compliance areas, including, of course, consumer protection.
The unfortunate lesson of the Riggs case seems to be that,
despite the attention paid to improving the statutory tools
given to the Treasury and to law enforcement in the legislation
enacted after September 11--this Committee brought forth a
title on money laundering which was included in that
legislation, and, of course, prior legislation--the Bank
Secrecy Act is not really ``administered'' at all in any
coordinated way. Again, no one seems to be responsible for
putting the statute into effect.
I hope that today's hearing can force accelerated
discussion of these issues and place them at the top of the
anti-money laundering and counterterrorism financing agenda.
I also want to get a better sense from our witnesses of how
uniformly they are enforcing the BSA and the anti-money
laundering laws. It is my understanding that last week,
Comptroller Hawke sent a memorandum to the OCC's bank examiners
reminding them of their responsibilities in this area, and I
look forward to hearing what our other financial regulators are
doing in this regard and how seriously they take this issue.
A number of far-reaching proposals are now being made, and
the Committee may well have to address them. And, of course,
these would involve how authorities are allocated. One proposal
is to create a separate Bank Secrecy Act audit and enforcement
force at the Treasury. Another would be to create a joint BSA
audit authority under the supervision of the banking regulators
staffed by experienced examiners whose career ladders call for
rotation into the unit for several years and who audit
institutions other than those supervised by their home
agencies. Another possibility is retaining the present system,
but requiring FinCEN, so long as it is administrator of the
BSA, to receive the portion of each examination report dealing
with Bank Secrecy Act matters, and to participate in the
determination of action to take in response to deficiencies.
Another possibility, moving across the range of things,
would be to delegate full BSA penalty and administrative
authority to the bank regulators together with mandated
reporting to Treasury. Another would be to mandate transaction
testing and other upgraded examination procedures for BSA
examination.
I think it is very clear that the current system is not
working the way it should be working. The Fed imposed a $100
million on UBS AG for conducting illegal currency transactions
with four countries. Our colleague, Representative Sue Kelly,
on the House side, the Chairman of the House Financial Services
Oversight Committee, called this sanction ``a mere slap on the
wrist.'' There is very deep concern, obviously, here in the
Congress about the effectiveness of our fight against terrorist
financing. Our concern also involves organized crime, drug
cartels, and so forth. And there is not a sense that the
agencies are fully reporting for duty with respect to this
important issue.
Mr. Chairman, I look forward to hearing the testimony.
Chairman Shelby. Thank you, Senator Sarbanes.
Senator Reed.
STATEMENT OF SENATOR JACK REED
Senator Reed. Mr. Chairman, I simply want to associate
myself with Senator Sarbanes' comments and remarks, and I look
forward to hearing the testimony of the witnesses.
Thank you, Mr. Chairman.
Chairman Shelby. Senator Allard, do you have an opening
statement?
STATEMENT OF SENATOR WAYNE ALLARD
Senator Allard. I do, Mr. Chairman, have an opening
statement. I will just submit it for the record.
Chairman Shelby. Without objection, it is so ordered.
Senator Allard. I would like to thank the panel for taking
the time to testify before the Committee and you for holding
the hearing.
Chairman Shelby. Thank you.
All of your written testimony will be made part of the
hearing record. We will start with you, Governor Bies.
STATEMENT OF SUSAN S. BIES, MEMBER,
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
Ms. Bies. Thank you, Mr. Chairman and Senator Sarbanes. I
want to thank you for the opportunity to appear before this
Committee to discuss the Federal Reserve's participation in
efforts to combat money laundering and terrorist financing.
In my remarks today, I will describe for you some of the
important steps we are taking to fulfill our supervisory
mission, to guide the institutions we supervise, and, in
cooperation with the other banking and financial services
regulators and the Treasury Department, to make every effort to
use our supervisory tools to enhance the banking industry's
role in preventing and detecting money laundering and terrorist
financing activity. The Federal Reserve's anti-money laundering
program is multifaceted. It involves work in the bank
supervision area, the applications area, enforcement,
investigations, training, and coordination with law enforcement
and intelligence communities, as well as rule writing. This
morning, I will touch on some of these aspects of the Federal
Reserve's anti-money laundering program, but will concentrate
on bank supervision efforts and enforcement matters.
The Federal Reserve has long shared Congress' view that
financial institutions and their employees are on the front
lines of the efforts to combat illicit financial activity. The
Federal Reserve believes that the banking organizations it
supervises must take every reasonable step to identify,
minimize, and manage any risks that illicit financial activity
may pose to individual financial institutions and the banking
industry.
It has been our longstanding policy that Federal Reserve
supervisors incorporate a Bank Secrecy Act compliance and anti-
money laundering program component into every safety and
soundness examination conducted by a Federal Reserve Bank. This
means that on a regular examination cycle, examiners evaluate
whether a banking organization's Bank Secrecy Act and anti-
money laundering compliance program is satisfactory and are
commensurate with the organization's business activities and
risk profiles. Bank Secrecy Act and anti-money laundering
compliance has, for years, been an integral part of the bank
supervision process at the Federal Reserve. Furthermore, the
Federal Reserve's enforcement
program has a strong history of addressing both anti-money
laundering and safety and soundness problems in formal actions
when it becomes necessary.
There is an important correlation between the areas covered
by a BSA/AML examination and an institution's overall risk
management and internal controls. Bank examiners take into
account an organization's enterprise-wide corporate governance
mechanisms and how they are applied. The Federal Reserve's bank
examiners are able to apply a broad perspective and depth of
organizational knowledge to the area of Bank Secrecy Act and
anti-money laundering compliance and to coordinate with the
examination and analytical staff to ensure that safety and
soundness and Bank Secrecy Act and anti-money laundering are
integrated and comprehensive. The Federal Reserve has found
that there is an important synergy gained by integrating safety
and soundness and Bank Secrecy Act/anti-money laundering
supervisory processes.
The Federal Reserve focuses significant resources on the
prevention and early resolution of deficiencies within the
supervisory framework. In cases where examiners have identified
a violation of the compliance program requirement, the Federal
Reserve is bound by law to take formal enforcement action. The
same law requiring us to promulgate rules requiring a
compliance program provides that if an institution fails to
establish and maintain required procedures, we must issue a
formal action requiring the institution to correct the problem.
The Federal Reserve takes this responsibility very
seriously and has issued a number of public actions against
banking organizations in fulfillment of this statutory mandate.
Over the last 3 years, for example, the Federal Reserve has
taken approximately 25 formal, public enforcement actions
addressing Bank Secrecy Act and anti-money laundering-related
matters.
In addition to taking action itself, the Federal Reserve
may refer a Bank Secrecy Act-related matter to Treasury's
FinCEN for consideration of an enforcement action based on
violations of that law.
The Federal Reserve staff coordinates enforcement actions
with other regulators or agencies, including in the area of
anti-money laundering. If a banking organization's problems
involve entities supervised by different regulators, resolution
of enterprise-wide problems may involve multiple enforcement
actions. For example, the OCC, FinCEN, and the Federal Reserve
coordinated their recent enforcement actions against Riggs
Bank, National Association; Riggs National Corporation; and
Riggs International Banking
Corporation, the national bank's Edge Act subsidiary. The
Federal Reserve coordinates its enforcement actions with State
banking supervisors on a regular basis, and enforcement actions
involving
operations of foreign banking organizations may be resolved in
cooperation with supervisors abroad. In several recent matters,
there was close coordination also with the U.S. Department of
Justice.
The Federal Reserve's Bank Secrecy Act and anti-money
laundering functions range from supervising and regularly
examining banking organizations subject to Federal Reserve
supervision for compliance with the Bank Secrecy Act and
relevant regulations, to requiring corrective actions for
detected weaknesses in their Bank Secrecy Act/anti-money
laundering program, to enhancing money laundering
investigations by providing expertise to the U.S. law
enforcement community, to providing training to U.S. law
enforcement authorities and various foreign central banks and
government agencies. Over the last 3 years, for example,
Federal Reserve experts in anti-money laundering-related
matters have participated in special reviews of funds transfers
for Federal law enforcement and intelligence authorities,
taught classes at FBI and Department of Homeland Security
training academies, held seminars for central bank and foreign
supervisor authorities in 10 countries, and engaged in
discussions on anti-money laundering-related matters at
international fora such as the Basel Cross-border Group and the
Financial Action Task Force.
Board and Reserve Bank supervisors seek to provide guidance
to banking organizations to assist them to fully understand
applicable regulatory requirements and what is expected by the
regulators. The Federal Reserve views its supervisory role as
including initiatives to enhance awareness and understanding by
banking organizations under Federal Reserve supervision and by
the industry at large.
The Federal Reserve makes its Bank Secrecy Act examination
procedures available to the banking industry and updates those
procedures by publicly issuing supervision and regulation
letters. These letters advise Reserve Bank supervisory staff
and the industry about new examination policies and protocols,
such as those associated with the USA PATRIOT Act. Federal
Reserve staff also speaks regularly before the financial
industry and issues sound practice guidance in conjunction with
other regulators and Treasury. These initiatives are meant to
respond to or anticipate questions that arise regarding anti-
money laundering requirements and to help banking
organizations' compliance efforts.
The Federal Reserve believes that banking organizations
should take reasonable and prudent steps to combat illicit
financial activities, such as money laundering and terrorist
financing, and to minimize their vulnerability to risks
associated with such activity. For this reason, the Federal
Reserve's commitment to ensuring compliance with the Bank
Secrecy Act continues to be a high supervisory priority. The
Federal Reserve has an important role in ensuring that criminal
activity does not pose a systemic threat and, as important, in
improving the ability of individual banking organizations in
the United States and abroad to protect themselves from illicit
activities.
Thank you.
Chairman Shelby. Thank you, Governor Bies.
Mr. Hawke.
STATEMENT OF JOHN D. HAWKE, JR.
COMPTROLLER OF THE CURRENCY
U.S. DEPARTMENT OF THE CURRENCY
Comptroller Hawke. Chairman Shelby, Ranking Member
Sarbanes, and Members of the Committee, I appreciate the
opportunity to discuss the work of the OCC in combating money
laundering and enforcing compliance with U.S. laws designed to
prevent our financial institutions from falling victim to
criminals and terrorists.
For the past 30 years, the OCC has placed great importance
on developing policies and procedures designed to ensure that
financial institutions have the necessary controls in place and
provide the requisite notices to law enforcement to make
certain that they do not become vehicles for money laundering.
Our examiners are dedicated. Our BSA/anti-money laundering
examination techniques are highly regarded. We have strived to
keep our exam techniques current and responsive to new
developments, and we work cooperatively and successfully with
law enforcement. For all these reasons, the situation that we
have confronted with Riggs Bank is deeply troubling, and this
Committee's keen interest in Riggs is entirely appropriate.
For this reason, I will rely today on my written testimony
for a detailed discussion of the components of the OCC's
extensive BSA and anti-money laundering program and devote my
oral testimony to the Riggs situation.
As I reviewed the record of our oversight of Riggs' Bank
Secrecy Act/anti-money laundering compliance during this
period, it become clear to me that there was a failure of
supervision. We should have been more aggressive in our
insistence on remedial steps at a much earlier time. The types
of strong formal enforcement action that we ultimately took
should have been taken earlier. We should have done more
extensive probing and transaction testing of accounts. Indeed,
our own BSA exam procedures called for transactional reviews in
the case of high-risk accounts, yet until recently that was not
done. We failed to appreciate the risks inherent in Riggs'
embassy banking business and in certain of the accounts handled
by the bank, as well as the significance of the deficiencies in
the bank's systems and controls in relation to those risks.
This is not a case where the deficiencies in these systems
and controls at Riggs were not recognized, nor was there an
absence of OCC supervisory attention to those deficiencies. But
in failing to promptly recognize the high-risk nature of the
bank's business in this regard, we did not probe as soon or as
deeply as we should have. We gave the bank too much time, based
on its apparent efforts to fix the problems we had repeatedly
noted, before we
demanded specific solutions, by specific dates, pursuant to
formal enforcement actions.
With this context, allow me to provide a brief review of
our recent supervision of Riggs. The specific shortcomings in
Riggs' BSA/AML compliance program were known to us as early as
1997. In our regular and frequent examinations, we repeatedly
identified the need for improvement in Riggs' BSA internal
audit coverage, its information systems, its internal
monitoring processes, its staff training, and its customer due
diligence requirements, and we brought those deficiencies to
the attention of Riggs management. Each time, we found
management to be apparently cooperative and responsive. And
because of this attitude, we concluded that Riggs' compliance
program was either ``satisfactory'' or ``generally adequate,''
which led us to continue to rely on various informal
supervisory remedies in dealing with the Riggs management.
In the aftermath of the September 11, 2001 tragedies, the
OCC conducted a series of antiterrorist financing reviews at
our large and high-risk banks. Riggs was included in those
targeted exams. The subsequent examination of Riggs ran from
January to May 2003 and involved extensive cooperation with law
enforcement agencies. It focused on certain suspicious
transactions involving the Saudi Embassy relationship and
culminated in a July 2003 cease-and-desist order, directing
Riggs to undertake a long list of corrective actions.
Yet when we returned to the bank in October 2003, the same
pattern surfaced. While progress had been made toward complying
with the July C&D order, a new set of problems had become
evident, this time relating to the bank's relationship with
Equatorial Guinea. Our reaction this time was fundamentally
different than before and ultimately led to the assessment of a
record $25 million civil money penalty against the bank. We
also continue to evaluate whether additional actions are
warranted.
Against this background, there are at least three important
questions that this Committee might appropriately ask. And I am
sure there are more. First, why was there a failure of
supervision in the Riggs case? Second, is our record with
regard to Riggs symptomatic of shortcomings in our BSA/AML
supervision of other national banks? And, third, what is the
OCC doing to assure that there will be no recurrence of
situations like Riggs?
To address the first two questions, I have directed our
Quality Management Division, which reports directly to me and
is analogous to an internal IG operation, to conduct a
complete, no-holds-barred, top-to-bottom review of our handling
of the Riggs situation and to report their findings and
recommendations back to me in 90 days. I have also directed QMD
to make a more general assessment of the quality of our BSA/AML
supervision and to determine whether there are other banks as
to which our compliance oversight reflects similar
shortcomings. I will be happy to share the QMD report with this
Committee when it is completed.
In order to assure that there is no recurrence of the
shortcomings evidenced in the Riggs case, I have directed a
number of other actions, which are described in my written
testimony, to improve our practices and policies and to develop
new risk-screening systems and techniques.
I have also instructed our Committee on Bank Supervision,
which is comprised of the OCC's senior supervision officials,
to communicate with all OCC examination staff to raise their
level of alert for suspicious or high-risk accounts and to
reemphasize the need for deeper investigation and transaction
testing where such circumstances exist. This communication re-
emphasizes the critical importance of our BSA/AML compliance
program and the role that program plays in helping to assure
that national banks will not be used to facilitate improper
transactions.
The Riggs episode reminds us that the Bank Secrecy Act and
money laundering issues are not only of extreme importance to
national security but they also have huge reputation
implications for the banking industry. This heightened
awareness, coupled with the many technical and other
improvements in the approach to BSA/AML supervision already
adopted or contemplated by the OCC and its sister financial
regulatory agencies, should strengthen the ability of our
financial system to resist those who would use it for improper
purposes.
Notwithstanding the Riggs situation, Mr. Chairman, the OCC
is committed to doing its part to assure that national banks
scrupulously perform their responsibilities under the laws
relating to money laundering. We stand ready to work with
Congress, with law enforcement, with the other financial
regulatory agencies, and with the banking industry to continue
to develop and implement a coordinated and comprehensive
response to the threat posed to the Nation's financial system
by money launderers and terrorists.
Thank you, Mr. Chairman.
Chairman Shelby. Mr. Powell.
STATEMENT OF DONALD E. POWELL
CHAIRMAN, FEDERAL DEPOSIT INSURANCE CORPORATION
Chairman Powell. Mr. Chairman, Senator Sarbanes, and
Members of the Committee, thank you for this opportunity to
discuss how the FDIC, along with the other bank regulatory
agencies, addresses our responsibilities under the Bank Secrecy
Act and related anti-money laundering and antiterrorism laws.
While my written testimony provides greater detail about
the FDIC's effort to prevent money laundering and terrorist
financing, I would like to focus my statement today on how the
FDIC is seeking to ensure that the American financial system is
not misused in a way that supports criminal and terrorist
activities and how bank regulators, law enforcement, and the
banking industry can work together to address money laundering
and terrorist financing.
One of the strongest ways to attack criminal and terrorist
activities is to focus on their funding sources and their
attempts to use the financial system to further their goals.
While legislative and regulatory efforts originally focused on
criminals laundering large sums of cash, the events of
September 11 expanded our reach to terrorists who seek to use
the U.S. banking system to fund their activities.
The FDIC is responsible for examining State-chartered,
nonmember banks for compliance with the Bank Secrecy Act and to
determine the effectiveness of the financial institutions'
anti-money laundering program. While the vast majority of FDIC-
supervised institutions are diligent in their efforts to
establish, execute, and administer effective Bank Secrecy Act
compliance programs, there have been instances where the
controls and efforts were lacking. In those cases, we have
implemented a range of corrective measures to ensure banks
comply with the law.
In cases where an institution's anti-money laundering
compliance program has been criticized or in cases where
previously identified deficiencies have not been corrected,
including significant violations of law, the FDIC will take
formal or informal enforcement action. The type of enforcement
action pursued by the FDIC against an institution is directly
related to the severity of the offense, management's
willingness and ability to effectively implement corrective
action, as well as the extent to which the program has failed
to identify or deter potential money laundering. In addition,
the nature of the criticism, the response to prior weaknesses
or violation notifications, and the overall risk profile of the
institution are factored into the type of supervisory action,
as well as any determination to assess civil money penalties.
The FDIC understands that all institutions are at risk. In
today's global banking environment, where funds are transferred
in an instant and communication systems make services available
nationally, even a lapse at a small financial institution
outside of a major metropolitan area can have major
implications on another location across the Nation. The more
difficult it is for criminals and terrorists to gain entry into
the American financial system, the more likely it is that they
will need to rely on less secure and less efficient means of
financing their activities.
Since the passage of the USA PATRIOT Act of 2001, the FDIC
has been involved in a number of activities aimed at supporting
our efforts to reduce the risk of terrorist financing
activities. We participated in the rulemaking process of
relevant parts of the USA PATRIOT Act, and we participated in a
number of working groups focused on counter-financing of
terrorism and the USA PATRIOT Act. In conjunction with this,
and in part to address some recommendations identified in a
recent inspector general report, the FDIC has undertaken or
established a number of initiatives to enhance our enforcement
of the Bank Secrecy Act.
First, consistent with the increased importance of the BSA,
the additional workload associated with the USA PATRIOT Act and
greater emphasis on international efforts to combat terrorism
financing, we are dedicating more staff to oversight of our
anti-money laundering and PATRIOT Act efforts. Currently, the
FDIC has more than 150 Bank Secrecy Act subject matter experts
nationwide. The FDIC expects to double this number over the
next 18 months.
Second, the FDIC is requiring that all examiners complete
additional formal training on anti-money laundering and PATRIOT
Act issues by the end of this year. This computer-based
training also will be offered to all State banking authorities
and other regulators who wish to provide additional training
for their staff.
Third, the FDIC is reviewing all written guidance for
examiner and industry use to assure that it is current and
provides clear direction.
Fourth, beginning this month, in those instances where the
State banking authority does not conduct Bank Secrecy Act
exams, the FDIC will send an examiner to conduct an examination
for BSA and anti-money laundering compliance concurrent with
the State authority's safety and soundness examination. While
the FDIC reviews BSA compliance each time it examines a State-
chartered nonmember bank, not all States conduct similar
examinations. This initiative will ensure that all FDIC-
supervised banks are reviewed for money laundering and
terrorist financing activity during every examination cycle.
Fifth, the FDIC has centralized the monitoring process for
FDIC-supervised banks with serious anti-money laundering
program deficiencies. This ensures a consistent supervisory
approach is applied on a national basis. In addition, the FDIC
recently centralized the process for referring violations to
FinCEN, which provides consistency in reporting. These
centralization efforts will enable us to analyze historical
data internally to identify emerging trends and issues among
FDIC-supervised banks.
Sixth, the FDIC will continue its participation in the Bank
Secrecy Act Advisory Group, which is a public-private
partnership engaged in the evaluation of strategies to detect
and prevent money laundering and terrorist financing schemes.
These initiatives are underway and ongoing.
There is more we can do. Here are some ideas we are
exploring within the FDIC and the broader Government to further
buttress our efforts: Work toward a smarter BSA that
accomplishes the mission more efficiently through more useful
and timely filing by banks; Encourage the use of Section 314
safe harbor language in the law to foster meaningful dialogue
between institutions about suspicious transactions; Tear down
the wall between industry and Government and foster better
dialogues about the broader threats, current criminal and
terrorist practices, and about the way institutions' BSA
filings are put to use; Enhance and solidify the perception of
invulnerability. Any criminal or terrorist should know that if
he uses the U.S. banking system to transfer value, he will be
caught.
In conclusion, the FDIC is fully committed to preventing
the use of the financial system to support criminal or
terrorist activities. Only through a strong and comprehensive
supervisory response and the continued full commitment of the
industry can we create an environment where terrorists know
that any attempt to use the American financial system to fund
their operations poses an unacceptable risk of discovery.
This concludes my testimony. Thank you.
Chairman Shelby. Mr. Gilleran.
STATEMENT OF JAMES E. GILLERAN
DIRECTOR, OFFICE OF THRIFT SUPERVISION
U.S. DEPARTMENT OF THE TREASURY
Director Gilleran. Chairman Shelby, Senator Sarbanes,
Members of the Committee, the OTS fully supports the Bank
Secrecy Act and the U.S. PATRIOT Act, and we are dedicated to
make sure that our agencies and our licensees completely carry
out their responsibilities under them.
In the last 10 months, of our 916 institutions we have
completed 476 BSA examinations. Of those 476 examinations, we
found 167 associations with BSA violations. The number of
violations in those associations in total were 342. All of
those violations were addressed prior to the completion of our
examinations and did not lead to any more formal action since
the institutions completely accepted our findings and made
changes immediately. We have 7 actions that have come out of
that effort that have been more formal in nature, have resulted
in cease-and-desist orders and in civil money penalties. And we
have 4 or 5 more that are in process.
To put the number of violations, though, into perspective,
342, in adding up the number of potential violations that are
embedded in the OTS and Treasury regulations, they number over
200 for each institution. So the possibility of the number of
violations in those approximately 500 examinations was over
100,000 potential violations. So the regulations are extremely
detailed and, of course, our examination procedures are
appropriately detailed but risk-focused.
We have also participated in trying to conduct educational
programs for the industry. We have provided additional training
for our staff. We have greatly expanded the number of examiners
who are BSA trained. We have halved the interval between BSA
examinations from 24 to 36 months to 12-month to 18-month
intervals. We have developed and implemented enhanced scoping
and examination procedures. We have implemented a new BSA
tracking and monitoring information system. We have improved
internal controls governing internal data collection. We have
bolstered our off-site BSA monitoring programs. We have adopted
more robust and stringent enforcement policies. We have
implemented the new BSA quality assurance and audit program.
And we have improved our internal communications and external
communications and coordinated closely with other financial
regulatory agencies, Department of the Treasury, and law
enforcement.
I await your questions.
Chairman Shelby. Thank you.
Ms. Johnson.
STATEMENT OF JOANN M. JOHNSON
CHAIRMAN, NATIONAL CREDIT UNION ADMINISTRATION
Ms. Johnson. Chairman Shelby, Senator Sarbanes, and Members
of the Committee, thank you for the invitation to testify
before you today on behalf of the National Credit Union
Administration on the enforcement of the Bank Secrecy Act.
Congress enacted the BSA to prevent credit unions and other
financial institutions from being used as intermediaries for
the transfer or deposit of money derived from criminal
activity. NCUA is the regulatory authority that monitors
federally insured credit unions for compliance with the BSA.
I am pleased to report to the Committee that federally
insured credit unions have a good record of compliance with the
requirements of the BSA. Credit unions are also substantially
in compliance with Sections 314, Information Sharing, and
Section 326, Customer Identification Program, of the USA
PATRIOT Act.
At the end of 2003, NCUA insured 9,399 credit unions.
Almost 50 percent of federally insured credit unions have
assets less than $10 million. These credit unions are less
likely to have transactions that trigger the recordkeeping and
recording requirements of the BSA. Additionally, approximately
one-third of Federal credit unions have a single common bond
sponsor. Officials in smaller credit unions often have a more
intimate understanding of their members' transactions, which
facilitates their compliance with the requirements of the BSA.
Consequently, money laundering has not been a major problem for
credit unions.
Nevertheless, much has changed since the terrorist attacks
of September 11. NCUA recognizes that some federally insured
credit unions may be targeted by individuals or groups seeking
to launder money.
The Federal Credit Union Act requires NCUA to assure BSA
compliance in federally insured credit unions. Federally
insured credit unions are required to have BSA compliance
programs that effectively monitor their daily operations to
assure compliance with all applicable rules and regulations.
In fact, the risk-focused examination program used by NCUA
examiners and State credit union examiners directs that a
review of compliance with the BSA be completed at every
examination. All examinations of federally insured credit
unions completed by a State regulator are reviewed by NCUA
staff. It should be noted, however, that NCUA does not review
examinations of privately insured credit unions and does not
have enforcement authority for BSA compliance in those credit
unions.
During the examination of the 7,500 federally insured
credit unions in 2003, NCUA determined that there were 334
violations of the BSA. The violations were in 261 credit
unions, representing 3.5 percent of all credit unions examined.
The most common violations fell into three categories:
Inadequate written policy, 63 percent; inadequate customer
identification program, 8 percent; or
inadequate currency transaction reporting procedures, 7
percent.
Of the 334 violations, credit union officials working with
an examiner, corrected or agreed to correct 99 percent of the
violations during the on-site examination.
In instances when violations at a federally insured credit
union persist and/or are more severe, NCUA has several options
to initiate corrective action. They range from a letter from
the NCUA
Regional Director to formal administrative action, including
conservatorship.
NCUA will use a formal administrative action when necessary
to correct BSA violations. This has occurred twice in the
recent past. NCUA placed one institution into conservatorship
and issued a cease-and-desist order against another.
NCUA has taken numerous initiatives to address BSA
compliance in credit unions. These initiatives fall into the
following
general categories: Examination program, examiner training,
compliance examiners, and credit union education.
In addition to on-site reviews of BSA compliance during
examinations, NCUA has issued several publications to educate
federally insured credit unions on BSA and USA PATRIOT Act
compliance.
Looking forward, NCUA is committed to maintaining a dynamic
examination program that will assure federally insured credit
unions have effective programs in place to minimize the risk of
money laundering. NCUA will continue to provide guidance to
federally insured credit unions regarding compliance with the
BSA.
Again, thank you, Mr. Chairman, for the opportunity to
appear before you today on behalf of NCUA to discuss BSA
compliance in the credit union industry. I am pleased to
respond to any questions the Committee may have or be a source
of any additional information you may require.
Thank you.
Chairman Shelby. Thank you.
Mr. Fox.
STATEMENT OF WILLIAM J. FOX
DIRECTOR, FINANCIAL CRIMES ENFORCEMENT NETWORK
U.S. DEPARTMENT OF THE TREASURY
Mr. Fox. Thank you, Mr. Chairman, Senator Sarbanes, and
distinguished Members of the Committee. I appreciate the
opportunity to appear before you here today to discuss the role
that the Financial Crimes Enforcement Network can and should
play in Bank Secrecy Act compliance and enforcement matters. It
is truly an honor for me to appear with this distinguished
panel. As I stated the last time I appeared before this
Committee, we very much appreciate the leadership and
commitment and oversight of this Committee and its staff on
these important issues that are the focus of today's hearing. I
have prepared a statement and have submitted it for the record,
and I will keep these remarks very brief.
FinCEN is the delegated administrator of the Bank Secrecy
Act. Through that delegation, FinCEN is answerable to the
Secretary of the Treasury for ensuring that the ultimate goals
of the Act are achieved. While we eagerly accept this
responsibility, this responsibility is not ours alone. The
distinguished ladies and gentlemen on this panel with me today
and the agencies they represent, as well as other agencies such
as the Securities and Exchange Commission and the Internal
Revenue Service, have been delegated responsibility to examine
financial institutions for BSA compliance.
Indeed, presently implementation of the Bank Secrecy Act's
regulatory regime involves eight different Federal agencies and
three SRO's. This unusual structure is both a strength and a
weakness. The weaknesses are obvious and sometimes clearly
manifested. To diffuse responsibility across so many
bureaucracies can cause, and indeed on occasion has caused,
inconsistency in application, lack of clarity on purpose, and,
more importantly, a lack of accountability. However, let me
submit to you that, if managed properly, this structure can
also be a strength because it builds upon the existing
expertise and examination functions of the regulators who know
their industries best. This structure leverages resources where
resources would otherwise be completely insufficient and
possibly duplicative, and the current structure exploits the
knowledge base, experience, and resources of these disparate
regulators who, again, know their industries best.
I view it as FinCEN's responsibility to work with my
colleagues at this table to help manage this structure, to
build on the strengths our diverse partners bring to the table.
In other words, administration of the Bank Secrecy Act means
oversight, it means coordination, and it means ensuring
consistency of application.
When I appeared before this Committee in April, I outlined
a number of challenges I perceived as I came to learn more
about FinCEN. In my view, of all of those challenges, there are
no challenges as important to FinCEN as the proper and
appropriate implementation of the Bank Secrecy Act's regulatory
regime. Much of our work has been and is devoted to the goal of
maximizing industry compliance with that regime. We have new
leadership of our regulatory team at FinCEN. We have also
developed some short-term priorities for FinCEN in this area
and on these issues to better understand the industries we
regulate, assist our regulator partners in the examination
process, and to further enhance our own capabilities to enforce
the regulatory regime we have been asked to administer.
We also have several ideas on how to better manage and
coordinate the implementation of this regulatory regime on
which we will engage our regulatory partners. The specifics of
those priorities and the ideas that we have are set forth in my
written testimony so I will not recite them here. What I want
you to know, Mr. Chairman, is that I clearly understand how
important this set of issues is to the success of our country's
anti-money laundering and counter-
terrorism finance efforts, dare I say it, to our country's
security. The implementation of this risk-based system is a
delicate matter that demands balance, consistency, and clarity.
For example, the cornerstone of the Bank Secrecy Act,
suspicious activity reporting, requires financial institutions
to make judgment calls. If we fail in properly implementing
this regime, if we get it wrong, the entire system fails. In
other words, if as regulators we do not keep our focus on the
implementation of appropriate anti-money laundering programs
that generate proper reporting, there could be two equally
unacceptable outcomes. Compliance, for example, is not about
second-guessing individual judgment calls made by financial
institutions whether a particular transaction is suspicious. If
we go down that path, financial institutions as small ``c''
conservative institutions will merely file on everything to
protect themselves from regulatory risk. If, on the other hand,
we are too lax when it comes to ensuring institutions or
implementing these programs, proper reporting simply will not
be generated. Either scenario represents a failure of
implementation, in my view.
Mr. Chairman and distinguished Members of this Committee,
you should know that you have my commitment and the commitment
of the women and men of FinCEN to do all in our power to ensure
the appropriate and robust implementation of this critical
regulatory regime. We appreciate this Committee's continued
support and focus on these critical issues. Again, I appreciate
very much the opportunity to be here today, and hopefully our
presence here will add to this important conversation.
I will be happy to answer any questions the Committee may
have.
Chairman Shelby. Thank you. I thank all of you.
We have all heard former President Reagan's statement:
``Trust, but verify.'' What I fear here is that there has been
a lot of trust and no verification for many years.
Mr. Hawke, for the record's sake here, would you indicate,
the first BSA compliance issue at Riggs, when it was noted by
an OCC examiner? And when was final action taken with respect
to the particular BSA compliance problems, in other words, the
gap there, beginning to the end?
Comptroller Hawke. I have reviewed the record back to 1997,
Mr. Chairman, and in 1997, we noted certain shortcomings in
their compliance program.
Chairman Shelby. What did you do about it?
Comptroller Hawke. First of all, we graded their program
``satisfactory,'' which in retrospect was clearly not warranted
in view of----
Chairman Shelby. In other words, you did not do anything.
Comptroller Hawke. No. We told them that they had to make
certain improvements in their Bank Secrecy Act compliance. They
went through the motions of making those changes, and as we
came back----
Chairman Shelby. Did you go through the motions of checking
them, too?
Comptroller Hawke. We did. In subsequent examinations, we
found that they had not fully complied, and we continued to
push them to do it.
Chairman Shelby. What did you do about it when you knew
they had not complied? Nothing?
Comptroller Hawke. As I said in my oral statement, Mr.
Chairman, we did not take swift enough and strong enough
action.
Chairman Shelby. Could you just for a minute discuss the
procedures for routine Bank Secrecy Act examinations? Just give
us a scenario.
Comptroller Hawke. We have about 40 full-time Bank Secrecy
Act compliance examiners and a team of about three specialists
in the Washington headquarters who set policies. In our large
banks, Bank Secrecy Act compliance is a regular part of the
ongoing responsibilities of the resident teams at those large
banks. In those banks where we do not have full-time resident
teams, Bank Secrecy Act compliance is part of their regular on-
site examination.
Chairman Shelby. How many, if you could quantify--and if
you cannot do it here, do it for the record--violations did you
pick up at Riggs? There had to be a lot of them.
Comptroller Hawke. There were plenty of violations at
Riggs.
Chairman Shelby. Over many, many years, right?
Comptroller Hawke. At the beginning of the process, the
violations were inadequate control systems, inadequate
training, and the like. As we developed further familiarity
with that program, it was clear that the violations included
failure to file suspicious activity reports in situations where
they were called for.
Chairman Shelby. Would it be fair to say that the scrutiny
of the BSA was in name only? In other words, there is not a lot
of verification, there is not a lot of compliance? Seven years'
worth of violations and nothing really happened.
Comptroller Hawke. I am not sure I would characterize it
quite that way.
Chairman Shelby. Close to it?
Comptroller Hawke. I think the problem, Mr. Chairman, was
not that we were not identifying shortcomings in their
compliance program. We were. We were insufficiently robust in
assuring that they were correcting those----
Chairman Shelby. In other words, you did not do anything
about it, just plain English.
Is that right?
Comptroller Hawke. We did not take swift enough action or
strong enough action.
Chairman Shelby. Okay. If we know this has gone on at Riggs
under your supervision, as you are the Comptroller of the
Currency, how many other hundreds of thousands, perhaps, of
exam reports in your files which document serious and
unaddressed BSA compliance issues at national banks throughout
the country? Does that concern you?
Comptroller Hawke. It certainly is an appropriate question.
I do not have any reason to think that Riggs represents a
systemic problem. But I have directed----
Chairman Shelby. But you do not know that.
Comptroller Hawke. I have directed our Quality Management
Division to make exactly that kind of inquiry and to report
back to me on it.
Chairman Shelby. Mr. Hawke, in addition to the Saudi and
Equatorial Guinea accounts, Riggs held numerous other foreign
accounts, including what many characterize as what we would
call high-risk by FinCEN and OFAC. They include, among others,
Burma, Cuba, the Sudan, Iraq, Iran, Syria, and Nigeria. If
Riggs' BSA/AML internal controls were so deficient, which is a
given, should we be concerned, in other words, should you be
concerned that many of these other embassy and special interest
accounts could suffer similar inadequacies and violations?
Comptroller Hawke. That is certainly a concern, and we have
been addressing that concern in a number of ways over the last
year and a half.
Chairman Shelby. Will you give us a report to the Committee
on what you have done, especially in these particular ones we
have raised here?
Comptroller Hawke. I would be happy to, Mr. Chairman.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Thank you very much, Mr. Chairman.
Mr. Fox, you are the Administrator of the Bank Secrecy Act.
Is that correct?
Mr. Fox. Yes, sir.
Senator Sarbanes. When did FinCEN learn of the problems at
Riggs Bank?
Mr. Fox. I believe the first we learned of the problems at
Riggs Bank from the Comptroller's office was in June 2003.
Senator Sarbanes. June 2003?
Mr. Fox. I believe, yes.
Senator Sarbanes. Well, now, we just heard in response to
the questions from Chairman Shelby that the Comptroller's
office, as I understand Mr. Hawke's answer--and he can correct
me--had identified shortcomings at Riggs as early as 1997. Is
that correct?
And the first you knew as the Administrator of the Bank
Secrecy Act, that there were such shortcomings, was when in
2003?
Mr. Fox. June 2003, Senator. That is what I am told. I was
not there at FinCEN at the time, but that is what I am told.
Senator Sarbanes. You are the Administrator of this Act. Do
you not think there is something amiss when these shortcomings
are being identified and you are not told about it?
Mr. Fox. I actually think, sir, that we have a
responsibility to engage our regulator partners to make sure
that this communication is occurring on a regular and
consistent basis.
Senator Sarbanes. Am I to take it from that answer that to
your perception the same possibility would exist with respect
to the other agencies? There is no established reporting
procedure which lets you, as the Administrator of the Bank
Secrecy Act, know at a fairly early point that these regulators
have discovered deficiencies in the workings of their financial
institutions with respect to the Bank Secrecy Act?
Mr. Fox. What I have found, Senator, since I have been
there, is that communication occurs on an ad hoc basis, and I
believe that that is not a wise course to follow. I believe
that it should be routinized and we should have better, more
established, consistent channels of communication if we are
going to administer the Act effectively and efficiently.
Senator Sarbanes. Let me ask the panel: When was the last
time those on the panel, the regulators, including the
Administrator of the Bank Secrecy Act, from the Treasury, Mr.
Fox, met together to discuss and review programs and policies
for coordination of the application of the Bank Secrecy Act?
Mr. Fox. Sir, we had a meeting. I believe it was as
recently as last month. It might be the month before. I can get
you the exact date if you like. We have a group that we call
affectionately, the SAR owners group, which includes all of the
bank regulators, the functional regulators, and we met for an
afternoon at FinCEN, and discussed just a number of issues that
relate to this.
Senator Sarbanes. And this included the people at this
table?
Mr. Fox. No, sir. It was their staff that handled these
types of issues for them.
Senator Sarbanes. Let us take it a level above you and go
to the Secretary of the Treasury. Are you the administrator by
delegation from the Secretary of the Treasury?
Mr. Fox. Yes, sir.
Senator Sarbanes. When was the last time, Ms. Bies, that
you and these other top regulators here, and the Secretary of
the Treasury--although if he sent Mr. Fox, I will accept that
for the moment--met in order to discuss Bank Secrecy Act
matters?
Ms. Bies. Senator, I have not had such a meeting. I am not
aware whether any of the other governors have. I can follow up
on that and let you know.
Senator Sarbanes. Are you the governor that is the point
person----
Ms. Bies. I chair the Committee on Supervision Regulation,
so it would be--I would probably be the one, and I have not had
such a meeting at that level.
Senator Sarbanes. Mr. Hawke.
Comptroller Hawke. I am not aware of any meeting during my
tenure, Senator Sarbanes, of principals to discuss Bank Secrecy
Act matters.
Senator Sarbanes. Mr. Powell.
Chairman Powell. Two meetings, Senator. First of all, Vice
Chairman Reich met with Mr. Fox about, I am guessing, 3 to 4
weeks ago to discuss this particular issue. Then I met with----
Senator Sarbanes. Four weeks ago?
Chairman Powell. Three to 4 weeks ago. I met with the
Secretary of the Treasury within the last 10 days. Among other
things, we talked about BSA.
Senator Sarbanes. Now, that was just between you and them
though. It was not a general meeting of the regulators?
Chairman Powell. It was not a general meeting.
Senator Sarbanes. It seems to me that you all might
presumably learn something from one another in this arena.
Mr. Gilleran.
Director Gilleran. FinCEN is involved in all 7 of our
cease-and-desist orders that have culminated from our
examinations in the last year, and our people have met with
FinCEN on several occasions in a formal way. I myself have not
participated personally.
Senator Sarbanes. Ms. Johnson.
Ms. Johnson. I am not aware of a formally organized meeting
that may have been attended by Former Chairman Dollar and then
by myself.
Senator Sarbanes. Is it an outlandish idea to think that a
coordinated meeting of the regulators and FinCEN with respect
to the Bank Secrecy Act on some periodic basis would be a good
idea?
Chairman Powell. It is a good idea, Senator.
Comptroller Hawke. I completely agree, Senator. I think
sharing information and experiences at the principal level
would be very useful.
Senator Sarbanes. Mr. Chairman, I have other questions, but
my time is up, and I will yield.
Chairman Shelby. We have another round.
Senator Reed, thank you for your indulgence.
Senator Reed. Thank you, Mr. Chairman, and thank you for
your testimony, ladies and gentlemen.
Mr. Hawke, why were criminal charges not brought in this
matter with respect to Riggs? Is there a provision to allow
criminal charges?
Comptroller Hawke. Senator Reed, Riggs is a matter of
ongoing investigation, and I think I need to be rather
circumspect in talking about what may be coming out of the
ongoing discussions relating to Riggs.
Senator Reed. Fine. There is a general question you might
also want to be circumspect. That is, the motivation behind
these violations, which are rampant over many years. It would
be one thing if it was just inattention or, lax recordkeeping.
It would be something else if it was just designed to avoid
regulation to induce business, and a third category, obviously,
if there was some malign motive of cooperating with people who
are criminals or worse. I do not know if you want to comment on
that?
Comptroller Hawke. Yes, I would like to comment on that,
Senator, because Riggs was not an unsophisticated country bank.
They were a long-established, significant bank in the Nation's
Capital. As I look back over the record and ponder the same
kind of question that you have raised, it seems to me that
there was an inherent tension involved in Riggs' business
objective, which was essentially to monopolize the embassy
banking business. They had 95 percent of the embassies in
Washington, 50 percent of the embassies in London, and they put
a very high degree of importance on that business. But that was
a very high-risk business from a Bank Secrecy Act point of
view. There was an inherent conflict, an inherent tension
between that business objective and the responsibility for
robust compliance with the Bank Secrecy Act.
Senator Reed. Thank you.
Governor Bies, there is another related case, and that is
UBS Investment Bank of Switzerland with respect to the extended
custodial inventory program. A $100 million fine, I presume a
civil fine?
Ms. Bies. Yes, it was a civil fine, yes, sir.
Senator Reed. Is there any contemplation of criminal
charges?
Ms. Bies. I think I again need to be circumspect around
that right now while we continue to get the full information.
Senator Reed. Let me pose the same question I posed to Mr.
Hawke. What is your sense of the motivation, given there are a
range of motives and some of them are, none of them are
acceptable, but some are more serious and sinister than others.
Ms. Bies. Again, I do not want to comment on the motives.
The only thing I will comment is that when you have collusion
to manage the information that comes to the Federal Reserve,
there is some kind of intent, and that also the collusion made
it difficult for us to detect it, and as a result of this we
are looking; we have already changed procedures, and we are
going in to test those procedures in the future to try to see
if there is a way we could have detected this despite the
collusion.
Senator Reed. Thank you, Governor Bies.
Mr. Gilleran, the GAO report, at least my understanding of
it, suggests that in a survey of 986 thrifts from January 2000
to October 2002, they discovered BSA violations at 180, which
seems to be almost 20 percent. That causes you concern?
Director Gilleran. It certainly does, and we have responded
to that report, and we are appreciative of their comments in
this area, and we have adjusted our system accordingly. We have
improved our information system and that period of time was
prior to the USA PATRIOT Act, and the focus of course now is
much greater, but I think that review was a good one for us,
and we are now presently being reviewed by the GAO also in the
same area. I think outside reviews are helpful.
Senator Reed. Thank you. The obvious question that I will
just pose to the panel, is there any legislative authority that
you need in addition to the existing statutes to better
coordinate, better implement, and better enforce? I say that
because I spend time on the Armed Services Committee also and
we spend a lot of hours on the war, on terror and threats to
the Nation. And you might have a more decisive role in
frustrating attacks against America than many of our uniformed
officers, if you can control the monies.
Ms. Johnson.
Ms. Johnson. Senator, there is one area that NCUA would
have interest in. The Exam Parity Act of 1998 gave NCUA
authority to perform examinations of third-party vendors, and
the Act contained a sunset provision, and that authority
expired in December 31, 2001. The other regulators do have that
indefinite examination authority over third-party vendors, and
that may be helpful.
Senator Reed. Thank you.
Comptroller Hawke. Could I just add something, Senator
Reed?
Senator Reed. Yes, sir.
Comptroller Hawke. The legal requirements that we as
regulators enforce are very far-reaching and very demanding.
They go essentially, though, to process, to the maintenance of
control systems, to training, to the maintenance of compliance
officers, to the filing of currency transaction report, and the
filing of suspicious activity reports.
I think those statutes provide a very strong framework for
the regulators to assure, if they are carrying out their
responsibilities properly, that the banks, which have the
primary information about transactions, are doing their job in
identifying who their customers are, knowing what kinds of
transactions are going through their accounts, and filing all
the appropriate reports. It is the job of law enforcement to
take the output of that process and to determine whether there
are actual money laundering transactions or terrorist financing
transactions that are going through the system.
I think that the statutory framework is strong and adequate
if we fulfill our responsibilities and the banks fulfill theirs
in meeting the requirements to have the right kind of controls,
to have the right kind of systems, and to do the right kind of
reporting.
Senator Reed. Thank you.
Thank you, Mr. Chairman.
Chairman Shelby. Thank you, Senator Reed.
Director Gilleran. Just to respond further to Senator Reed,
in my written statement I have made some recommendations for
increased communications and better flow of information from
law enforcement back to the institutions we regulate, because I
think one of the problems here is the institutions do not know
to what end a lot of the information that they are providing
results in, and I think that would help them to better focus on
a problem if they had more feedback.
At the same time I would like to see, and I think my fellow
regulators agree, that we should have a working group set up at
the Federal Financial Institution Council focusing on Bank
Secrecy Act, and I would like to have FinCEN be part of that. I
think that is the appropriate forum under which we can all
communicate.
But I think enhanced communication of information is very
important in this process.
Senator Reed. Thank you, Mr. Chairman.
Chairman Shelby. Mr. Hawke, as I understand it from talking
with you yesterday, if someone withdraws, we will just use $1
million, at Riggs Bank, $1 million in cash. And the bank files
a notice of that with you, with the transaction report. Is
there a second step that has to be done dealing with the Bank
Secrecy Act? In other words, is it a two-step process? Would
that be a little suspicious, $1 million?
Comptroller Hawke. I think a $1 million cash transaction
would inherently raise----
Chairman Shelby. Should have set off an alarm somewhere at
the Comptroller of the Currency if you had known.
Comptroller Hawke. It should have set off alarms at the
bank, which is the first place that the transaction would be
noticed.
Chairman Shelby. Unless the bank perhaps was maybe not
filing that second report? Was it incumbent upon them to file
two reports, one the transaction itself, the withdrawal?
Comptroller Hawke. There are statutory and regulatory
standards that define the circumstances for filing suspicious
activity reports, and it is the bank's obligation in the first
instance to make sure that they are filing suspicious activity
reports where there is a suspicious transaction.
Chairman Shelby. So it is a two-step process, was it not?
That is what I am getting at.
Comptroller Hawke. That is right.
Chairman Shelby. The first one they file, and they did
file, as I understand?
Comptroller Hawke. That is right.
Chairman Shelby. But they did not file the suspicious
activity report, although in some cases there is $1 million in
cash withdrawn; is that correct?
Comptroller Hawke. That is correct.
Chairman Shelby. Mr. Fox, I know there is an ongoing
investigation, but it suggests to me maybe there is a
conspiracy or something going on at Riggs. They file one report
and do not file the others, you know, something is going on in
the bank. Does that trigger anything with you?
Mr. Fox. Senator, I agree that $1 million cash transaction
generally should set off alarms, and I think it does at most
institutions if such transactions occur. I really cannot
comment on what----
Chairman Shelby. I know, not on an ongoing investigation.
Mr. Fox. Yes, sir.
Chairman Shelby. Mr. Hawke, as you fully confident as we
speak today, after looking back in the Comptroller of the
Currency's Office, that your examiners fully understand the
significance of BSA compliance? We know they understand the
safety and soundness compliance, which is important.
Comptroller Hawke. Senator, if they do not understand it
today, we have a very serious problem. I think they do. We have
emphasized it repeatedly. We are in the process of revising our
examination handbook for Bank Secrecy Act. I directed our
Committee on Bank Supervision to send out a very strong message
to all of our examination personnel to reemphasize the
importance of Bank Secrecy Act compliance and the need for
transaction testing and the need to be extremely cautious and
sensitive about identifying transactions that raise questions.
Chairman Shelby. Governor Bies, how many cases, if any, has
the Federal Reserve referred to FinCEN in the past year?
Ms. Bies. Total number of cases I may have to get back to
you, sir.
Chairman Shelby. I heard it was zero, that it was no
referrals.
Ms. Bies. No, that is not true. That is not true. We have a
good working relationship. We have the history of the 25 cases
I cited. We actually referred cases to FinCEN, and in some
cases they took formal action.
Chairman Shelby. Will you furnish that to the Committee?
Ms. Bies. We will get you a list, yes, sir.
Chairman Shelby. What criteria is used in determining
whether to refer a case to FinCEN from let us say the Board of
Governors of the Fed?
Ms. Bies. When we go in and do the testing as part of the
examination procedure, we will look at the facts that we find
and determine the violations. Sometimes also, I want to
emphasize that the tests we perform, since they are samples, we
may not detect the errors, but that is why it is so important
we work with FinCEN and law enforcement because like in Banco
Popular, they gave us a heads up on particular customers that
we could then target for this testing, and were able to work
with them to prove the case. So the information sharing is
critical with law enforcement, both Department of Justice as
well as FinCEN, to make sure we are effective jointly, because
together we can find more than individually working.
Chairman Shelby. Mr. Fox, do you recall any referrals from
the Federal Reserve to FinCEN?
Mr. Fox. Senator, I would like to get back to you with that
number, particularly based on the Governor's comments. I just
would like to get back and make sure we do not leave anything
incorrect.
Chairman Shelby. That what you told us before is right?
Mr. Fox. Yes.
[Laughter.]
I want to be right, sir.
Chairman Shelby. Mr. Fox, has FinCEN ever encountered
resistance from bank regulators to the kind of communication
you believe is essential to your mission of law enforcement?
Mr. Fox. Sir, since I have been an FinCEN, absolutely not.
In fact, one of the gratifying things that has occurred for me
since I have been at FinCEN, since December 2003, is the
willingness of the staff of the regulators to engage in this
way.
I think we are working on these issues and working on them
hard, and I think this is getting better. That is my
perception. I cannot speak about the past.
Chairman Shelby. To all you as regulators, since September
11, 2001, what has changed? Have you become more aware of the
importance of terrorist financing and so forth? In other words,
what have you done since September 11, 2001?
Comptroller Hawke. Mr. Chairman, I think that the awareness
of not only the regulators, but also everybody in Government
has been significantly heightened since September 11. There are
a number of supervisory actions that we have taken in this area
including horizontal reviews of all of our large bank
compliance programs, as well as many of the mid-size bank
compliance programs. As I said before, we have revised our
examination procedures, and our examination handbook. We are
creating a database of SAR's. We are redoing a lot of things
that have commended themselves to us because of the awareness
that came from September 11.
Chairman Shelby. Mr. Hawke, is there written guidance for
examiners on when to refer violations to FinCEN? I would ask
Mr. Powell and Mr. Gilleran the same question.
Comptroller Hawke. I believe there are referral guidelines,
Mr. Chairman, and those guidelines generally provide for
referral of systematic serious violations to FinCEN.
Chairman Shelby. Would this be true of the Board of
Governors?
Ms. Bies. Yes, sir.
Chairman Shelby. Mr. Powell, the FDIC?
Chairman Powell. Yes, sir. May I comment on your earlier
question?
Chairman Shelby. Absolutely.
Chairman Powell. Obviously, I think there is a heightened
awareness. We have dedicated more personnel. We have adopted
new policies, and new procedures. Training is intensified. Let
me make a couple of comments.
I think policies, controls, oversight, testing, training
are terribly important. I think it is important, in the line of
questioning, that we fill in the box and that we make the
appropriate reference to law enforcement. All those are
critically important. But I do not think it is as important as
the culture or the oversight of management. I think until
management is committed, including the regulatory agencies----
Chairman Shelby. At the top.
Chairman Powell. It is a mindset, a proactive commitment.
The procedures are important, but not like the attitude in our
culture at the top.
Chairman Shelby. Governor Bies.
Ms. Bies. Mr. Chairman, I would like to echo what Mr.
Powell just said, and to emphasize that at the Federal Reserve,
one of the things we really focus on in terms of the quality
assurance around our examination procedures is when we do find
breaks in controls, that we take it very seriously and go back
and say, what could we have done better, and improve it.
For example, after Banco Popular, we went back and made
significant changes in the way we were reviewing money
laundering, the Bank Secrecy Act, and have put those changes in
place.
For the USA PATRIOT Act for those different parts of it
where the required rules have been issued, we have already
drafted new examination procedures. They are out in pilot,
being actively tested by our examination force now to make sure
they will be effective and have the intended results. We will
adjust them if they do not get the results we are expecting. We
just view this as a continuous process that every one of these
events reminds us there are new ways that people are finding to
use the banking system for illicit purposes, and whenever we
find another way it is done, it is our job to respond promptly
and make sure that is added to the arsenal of information that
our examiners have out in the field to deal with this promptly.
Chairman Shelby. Mr. Fox, how can you be sure that the
banking regulators are referring violations to you under
consistent criteria; how do you do that?
Mr. Fox. Mr. Chairman, I think we have an agreement that
was signed in 1990, or it may even have been signed before
FinCEN became a bureau, certainly before it became the
Administrator of the Act. Sir, that agreement needs to be
revisited and along with our colleagues at the table here we
need to come up with some pretty set criteria and guidelines so
that we are all working from the same page.
But I think again, sir, I would answer your question
directly in saying that the best thing that we can do is engage
these regulators. They are doing, from our perspective, very
good work out there, and I think it is our responsibility to
keep, if anything, maybe even be annoying at times, to keep
reminding them that this is important and that we need to
communicate and we need to do this in a right way. I think that
is the best and most effective way to do it under this current
system.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. Thank you very much, Mr. Chairman.
I have to say to the panel, I do not perceive a sense of
urgency in dealing with this matter. I appreciate that the bank
regulators have had a traditional focus on safety and
soundness. And I understand that if something went wrong with
safety and soundness, we would have you in here at the table
and saying, ``Why did you not meet your mission? Here we have
had a breakdown in safety and soundness and it is affecting the
whole financial system.''
But these compliance questions are important as well. Now,
some of them involve a lot of consumer protection and I am not
going to move over into that arena, although that is an arena
that I think is quite important, and I think there has been a
tendency on the part of the regulatory agencies not to give it
appropriate focus and attention and importance. But Bank
Secrecy Act compliance could well go to some basic question of
our Nation's security.
The Army announced today that they are going to keep
thousands of active duty and reserve soldiers who are nearing
the end of their volunteer service commitments, they are going
to keep them in and have them serve an entire tour overseas. So
it is really being transformed from a voluntary service into
mandatory service. Now, the Army is under a lot of stress,
which is resulting in this, but I mean, in a sense, emergency
measures are being taken all over the place.
And dealing with money laundering and terrorist financing
is of critical importance. Now, we did not pay enough attention
to it before. We had drug cartels, we had crime syndicates
using money laundering and so forth. Great resistance. The
Justice Department came to us, when we did the USA PATRIOT Act
and wanted this title and a lot of the authorities which
previously they had not been able to obtain. It is clear why.
Some banking institutions come to us and say that clients
are moving to off-shore jurisdictions because they have to go
through these procedures here. Apparently they want to move hot
money, and they go somewhere else in order to try to do it,
which of course leads to the question of who is responsible for
interacting in order to curb what is being done in other
jurisdictions.
But we have to devise a way for compliance to have a higher
status, and I am trying to figure out how that can be done
while at the same time, you can continue to ensure safety and
soundness. Let me ask a couple of questions.
First of all, I take it from the responses we have already
received that the Treasury Secretary, interacting with the head
regulators who are here today, could establish periodic
meetings to consider the application of the Bank Secrecy Act
and how to enhance its enforcement with respect to all of the
financial institutions; is that correct? We do not have to pass
legislation in order for that to happen; is that correct?
[Witnesses nodded affirmatively.]
I also gather most people think it is a good idea. I see
everyone nodding.
Mr. Fox, would you go back and tell Treasury Secretary Snow
of this conversation we had here and see if we can get such a
first meeting underway and then subsequent meetings to follow
up? I mean, there is a lot of exchange that can take place here
that I think will enhance the application of the Act. This is
an important matter--I keep coming back to it--in the fight
against terrorism.
Mr. Fox. You have my word, sir, I will do that. I agree
with you.
Senator Sarbanes. Yes, okay.
Now, I want to ask about the subordination of the
compliance function at the various agencies to the safety and
soundness examiners. The Fed maintains separate Safety and
Soundness and Compliance Divisions, and that seems to me to
give an extra impetus or focus to compliance and enables the
development of enhanced expertise in that arena. I mean, the
Safety and Soundness people have plenty to do in and of itself,
and I think if you put the Compliance people under them, you
may have a bit of a problem or maybe you will have quite a big
problem.
Now, as I understand it, the Compliance examiners at the
other agencies have now been placed under the Safety and
Soundness structure; is that correct?
Director Gilleran. That is not true at the OTS.
Senator Sarbanes. It is not true at the OTS?
Director Gilleran. No.
Senator Sarbanes. You have a separate Compliance Division?
Director Gilleran. No, we have cross-trained, and therefore
we see no distinction between Compliance and Safety and
Soundness. We think that Compliance is part of Safety and
Soundness. We have cross-trained our people so that they are
completely able to do the compliance work, as well as safety
and soundness work. We think that is the proper way to both
train people and to carry out the examination process.
Senator Sarbanes. Mr. Powell.
Chairman Powell. Ours is separate, as you know, Senator.
But one comment. I want to be sure I do not mislead you. BSA is
part of the safety and soundness exam at the FDIC, and the
reason for that is that we believe our BSA people should be
trained more than in just the compliance effort, understand the
bank operations, the assets and the liabilities. We found that
terrorists sometimes get loans and just do not pay them back.
So the BSA is part of the safety and soundness examination. The
examiner are uniquely and specially trained. As I mentioned in
my testimony, we have specialists. We have 150 of them at the
FDIC that do nothing but the BSA work.
Senator Sarbanes. Well, with respect to both of you, does
this response also apply to the other laws in which you have a
compliance responsibility?
Chairman Powell. No, sir. We have specialists in compliance
that are specialists in consumer laws and other related
compliance laws.
Senator Sarbanes. Are they under the safety and soundness
people?
Chairman Powell. They are under the Division of Supervision
and Consumer Protection. We have a safety and soundness
section, and we have a compliance section.
Senator Sarbanes. And the OCC?
Comptroller Hawke. I do not think it is accurate, Senator
Sarbanes, to say that compliance supervision has been
subordinated to safety and soundness supervision. We have, as
the other agencies do, specialists in the compliance area, and
each one of our banks has an examiner in charge. The examiner-
in-charge of each of the 24 largest banks is responsible for
all aspects of supervision of that bank. He will have Safety
and Soundness people reporting to him, he will have Compliance
people, he will have Asset Management people and IT people all
reporting to him. So, at the top of the pyramid, with respect
to any one of our large banks, there is a single point of
accountability who will have responsibility both for safety and
soundness and compliance.
One other point, Senator Sarbanes, the nature of the
responsibilities that we have in the Bank Secrecy Act
compliance area is procedural and process-oriented, very much
the same as the nature of the responsibilities we have in the
safety and soundness area. Our examiners look at the adequacy
of systems, the adequacy of controls, the adequacy of training.
It is the same kind of methodology that is brought to bear on
the safety and soundness side. So there is a great deal of
similarity between the two disciplines.
Senator Sarbanes. Well, now, as I understand it, the OCC
recently realigned its compliance organizational structure; is
that correct?
Comptroller Hawke. We did not really realign it. We
eliminated an intermediate level of management and replaced
them with compliance experts in that chain of command.
Senator Sarbanes. Well, now in the directive sent out by
your Deputy Comptroller for Compliance, where they say you are
going to ``closely align our Compliance Program with our Safety
and Soundness Program,'' and then you move the Compliance field
examiners to report to the ADC's in the field offices. That is
a change.
Comptroller Hawke. Right. That is with respect to the
community banks. With respect to the large banks, as I
described, it is the examiner-in-charge of the large bank who
has the consolidated responsibility for all aspects of
supervision: safety and soundness, compliance----
Senator Sarbanes. And then let me go on. That same memo
says, and I am concerned about this, ``Given the changes that
are occurring in the banking industry, we anticipate that the
number of field compliance specialists and ADC's at the Band 7
level will in the future exceed the volume of traditional
compliance work at that level. Therefore, we are offering
buyouts to the Compliance examiners and Compliance ADC's who
occupy Band 7 positions.''
Now, at a time when the OCC seems to be taking on more
compliance responsibilities, both Bank Secrecy and Consumer
Protection, it is not quite clear to me how you can be buying
out your Compliance examiners, in terms of meeting your
responsibilities.
Comptroller Hawke. We are not reducing the number of
Compliance people that we have in the organization as a whole,
Senator Sarbanes, and we are trying to promote, as Chairman
Powell and Director Gilleran indicated, the broadening of the
expertise of our examiners, generally.
Senator Sarbanes. Let me ask, do you have----
Comptroller Hawke. We do not intend to reduce the number of
Compliance examiners.
Senator Sarbanes. Then, that has not happened? You are not
buying out Compliance examiners?
Comptroller Hawke. No. I am not sure which memo you are
reading from, Senator.
Senator Sarbanes. It was a notice sent in March 2004 by Ann
Jaedicke, Deputy Comptroller for Compliance.
Comptroller Hawke. We put out a memo in May 2004,
describing what was going on with respect to compliance, and we
made very clear in that memo that we do not intend to reduce
the number of Compliance examiners.
Senator Sarbanes. Could you furnish us a copy of that memo.
Comptroller Hawke. Yes, sir. I would be happy to.
Ms. Bies. Senator Sarbanes, can I respond to the comment? I
did not have a chance.
The one thing I would like to point out, in the Federal
Reserve System, we created, in 1993, at the Board level, a
group, an officer who was really responsible for all of the BSA
and anti-money laundering supervision, and we have expanded
that group as need has occurred over the last few years.
The reason we have specialists within Supervision and
Regulation at the Board is to help design the policies and help
us identify when there are weaknesses that need to be addressed
out in the field exams. Within the Reserve Banks, which is
where our examiners reside, is each of the 12 Reserve Banks,
the examiners are part of the supervisory group within that
Reserve Bank.
But these, as we have gone from just money laundering with
criminal activity to now bank secrecy, where you are involving
maybe activities that go through legitimate funding sources
that end up in terrorist hands, it gets more and more difficult
to identify the sources of funding. And so one of the things we
are trying to do is to work aggressively with law enforcement
to help identify back to the banks where there are particular
cases, whether they need to do follow-up.
So it is really a team effort. It is identifying policy and
procedures at the Board level, using that to strengthen the
activities in the Reserve Banks, and then work in the field by
the examiners also giving us indications back up to the top
where the supervisory process needs to change. But it is
integrated within the overall supervision for the Bank Secrecy
Act anti-money laundering. It is all within our supervisory
responsibility of the Division of Banking Supervision and
Regulation.
Senator Sarbanes. That is very helpful. Thank you.
Chairman Shelby. Is there a set number of warnings that a
financial institution receives, Mr. Hawke? In other words, is
there a number of years that generally pass between an initial
warning regarding a BSA compliance and imposition of a penalty?
Comptroller Hawke. No, not at all, Senator. I think that is
an issue that has to be decided in each case. Clearly, in the
Riggs case, we gave them too much latitude over too long a
period of time.
Chairman Shelby. Trusted them too much?
Comptroller Hawke. Well, it is not so much that we trusted
them too much. We were insufficiently----
Chairman Shelby. Wait a minute now. Are you saying you did
not trust them? I thought you told me before, and others have
said, that a lot of the relationship with a bank is trust.
Comptroller Hawke. In the Riggs case, it was not a question
of our trusting the management. We saw things that needed to be
fixed. We told them that they had to be fixed. Where we were
guilty of a shortfall in not coming in robustly and soon
enough.
Chairman Shelby. There was no follow-through, in other
words, by the Comptroller of the Currency's Office, basically;
is that correct?
Comptroller Hawke. The follow-through was not strong enough
early enough.
Chairman Shelby. Well, did it exist at all?
Comptroller Hawke. We eventually----
Chairman Shelby. No, I mean from 1997 until recently, did
it exist?
Comptroller Hawke. Eventually, it did. In 2003, we issued a
cease-and-desist order. We waited too long to do that.
Chairman Shelby. Six years.
Comptroller Hawke. We should have taken stronger action
earlier. There is no question about that.
Chairman Shelby. Chairman Powell, briefly, the Hudson
United Bank Corporation, one of the most recent BSA-related
cease-and-desist order involves the Hudson United Bank of New
Jersey. Would you briefly walk us through the history of this
case. What was the FDIC's role in determining what measures
would be taken in responding to information pointing to
Hudson's failure to comply with the Bank Secrecy Act? What was
your agency's assessment of Hudson's risk prior to detection of
its failure to comply with the Bank Secrecy Act?
Chairman Powell. I am not sure I can answer those,
specifically, Mr. Chairman, but I can tell you that I have been
briefed on that particular issue within the last 30 days. I
think our people were very aggressive in assessing the
enforcement action against that particular institution, after
findings that had occurred over the last 12 to 24 months.
Chairman Shelby. Mr. Fox, in the past here, in the
Committee, and Senator Sarbanes has been here longer than I
have, and this is my 18th year, but I can tell you in the past
we have addressed the issue of regulatory forbearance as it
related to the solvency of bank safety and soundness.
We learned the hard way right here, and the regulators
learned, too, that when regulators let banks that were in
trouble get by, when those banks later failed, it cost the U.S.
taxpayers billions and billions of dollars.
What is your view with respect to the dangers of regulatory
forbearance in BSA compliance cases?
Mr. Fox. Oh, it cannot even enter the conversation, Mr.
Chairman. I believe that the information collected under the
Bank Secrecy Act is absolutely critical to the security of our
country.
Chairman Shelby. That is right.
Mr. Fox. And I will tell you something that I hope is
heartening. It has been my perception, since I have been at
FinCEN, I have not seen any such regulatory forbearance among
these regulators, but I do not think we could ever be in a
situation where we would allow something like that to happen.
Chairman Powell. Senator, I think the bank regulators----
Chairman Shelby. Chairman Powell.
Chairman Powell. I am concerned, to some extent. I think
that bank regulators and the industry we supervise recognize
this is national security. Safety and soundness is one issue,
but this is equal or superior to safety and soundness--the
national security of this country. And I think there is
heightened oversight on the BSA.
Chairman Shelby. A high priority.
Chairman Powell. Absolutely. I think bankers, I would not
underestimate the seriousness of the BSA enforcement. It is a
national security issue. It is lives and deaths. The other is
dollars. And I think, clearly, our resolve is very strong that
we enforce the Bank Secrecy Act.
Chairman Shelby. But when there is a 6-year lapse there,
that is more than troubling.
Senator Sarbanes, do you have any other comments?
Senator Sarbanes. I do not think so.
Chairman Shelby. I want to thank the panel, all of you, for
your time and your participation. We have a number of questions
for the record, and we have some Members that are tied up in
other hearings, and we will keep the record open for that.
Mr. Fox, all of you, thank you very much.
Senator Sarbanes. Mr. Chairman, I think, as they depart, we
should leave them with a message that this is a matter which, I
presume, the Committee intends to follow very closely, given
its importance.
Chairman Shelby. Absolutely. We have no choice in our
oversight, as we know. This is important, and we are expecting
Mr. Fox, and we believe that he is going to be working with you
very, very closely regarding this.
Mr. Fox. We welcome that oversight, Mr. Chairman, Senator
Sarbanes. Thank you.
Chairman Shelby. Thank you very much, all of you.
Our second panel will be Gaston Gianni, Jr., Inspector
General, the Federal Deposit Insurance Corporation, and Ms.
Davi D'Agostino, Director, Financial Markets and Community
Investments, General Accounting Office.
I want to welcome the second panel. We appreciate your
forbearance here today. We had some very important witnesses
here, as you people know well.
Mr. Gianni, we will start with you. Your written testimony
has been made part of the record. And without objection, you
proceed as you wish.
STATEMENT OF GASTON L. GIANNI, JR.
INSPECTOR GENERAL
FEDERAL DEPOSIT INSURANCE CORPORATION
Mr. Gianni. Thank you, Mr. Chairman.
Mr. Chairman, Senator Sarbanes, and Members of the
Committee, I am pleased to testify before you today. We
appreciate and thank the Committee for its interest in gaining
a greater understanding of how Government is combatting
terrorist financing and money laundering.
What I would like to do is just briefly summarize my
testimony, having it included for the record.
By way of perspective, the FDIC Chairman's testimony
indicated that FDIC has conducted almost 11,000 Bank Secrecy
examinations since 2000. Over the past several years, in line
with our
responsibilities under the Inspector General Act, my office has
conducted three audits that address the FDIC's efforts to
design and implement a supervisory program to examine
institutions' compliance with provisions of the Bank Secrecy
and then more recently the USA PATRIOT Act.
Overall, these audits identified that the Corporation has
taken steps to implement a risk-focused approach to
examinations. However, improvements were needed. I am pleased
to report to you this morning that the Corporation has
corrective actions completed or in process to address all of
our recommendations.
We issued our first report, the ``Examination Assessment of
Bank Secrecy Compliance Act,'' in March 2001 and concluded
that, first, examiners did not adequately document their Bank
Secrecy examination planning and procedures; second, examiners
did not consistently document the work they performed in risk-
scoping as
required by the Corporation; and, last, the examiners were not
taking full advantage of the information that was available at
FinCEN.
We made recommendations to enforce the documentation
requirements and to make fuller use of the information at
FinCEN.
We issued our second report in September 2003, related to
our review of whether FDIC had developed and implemented
adequate procedures to examine financial institutions'
compliance with the USA PATRIOT Act. We focused on Title III of
the Act, which addressed anti-money laundering measures and
currency crimes and protection.
The Division of Supervision and Consumer Protection had
advised the FDIC-regulated institutions of the new Title III
requirements in cases where the Department of the Treasury had
issued final rules implementing Title III provisions, but had
not established guidance for their examiners. The Corporation
was either coordinating the issuance of uniform procedures with
an interagency steering committee or waiting for Treasury to
issue additional final rules. This delay was of particular
concern for Title III provisions addressing money laundering
deterrents and verification of customer identification.
Again, we recommended that FDIC issue interim guidance and
procedures and then work closely with their interagency
counterparts to ensure timely issuance of final guidance.
Our most recent audit related to Bank Secrecy focused on
actions taken by FDIC in its supervisory capacity to ensure
that FDIC-supervised institutions implemented effective
corrective actions to BSA violations.
Of the over 5,600 institutions that the FDIC supervised
during the time period of our audit, which would cover the time
period of 1997 through the year 2003, approximately 47 percent
of the institutions had been cited at least one time for a BSA
violation. Those violations included citations for not
complying with Treasury requirements, as well as the FDIC's
policies and procedures as to how a program is supposed to be
developed.
In those institutions where violations were cited, 458--
approximately 17 percent--had been cited for repeat Bank
Secrecy violations. Our audit results raised concerns related
to four general areas: The extent of regulatory action on
significant and repeat violations; the consistency of reporting
of deficiencies and violations; the timing of follow-up and
corrective actions taken by the institutions; and then handling
of those referrals to the Department of the Treasury.
Our audit showed a high rate of significant and repeat
violations, many of which were not subject to regulatory
actions. Our sample included 27 institutions with repeat
violations. Of those 27 institutions, 17--63 percent--were not
subject to regulatory action for their repeat violations,
although other supervisory efforts such as follow-up
correspondence to bank management and visitations may have been
in progress. Of the 10 institutions that were subject to
regulatory actions, only one was subject to a cease-and-desist
order and the other 9 were subject to informal actions.
Not all Bank Secrecy deficiencies that the Corporation's
examiners described in their reports were cited as violations
in the reports and tracked in the FDIC information systems.
Such deficiencies may receive less attention from bank
management or in FDIC's follow-up system.
In many instances, the Corporation followed up or pursued
regulatory action for certain violations before the next
examination or received evidence from bank management, FinCEN,
or others that the violation had been corrected.
However, for nearly one-third of the 82 reports that we
reviewed, examiners waited until the next examination to follow
up on some or all of the Bank Secrecy violations.
In some cases, more than 1 year, and up to 5 years, passed
before bank management took corrective action that was
effective or before the FDIC applied regulatory actions. About
two-thirds of the violations sampled took longer than 1 year to
correct.
FDIC's policy of alternating examinations with State
regulatory agencies also contributed to this time lag.
Specifically, 45 of the 72 exam reports that we reviewed from
State regulatory agencies did not address Bank Secrecy
compliance. These were the institutions that had violations. We
reviewed the State reports. They did not cite any specific
information regarding the Bank Secrecy violations. Therefore,
the FDIC could not rely on those exams. Consequently, follow-up
by the FDIC did not occur until the next examination;
generally, 2 to 3 years after the violations were initially
filed.
While many institutions had been cited for BSA violations,
there were only 34 referrals to the Treasury Department during
this period. Most of these referrals were made by one FDIC
regional office. We determined that when a referral to the
Treasury Department had been made, Treasury had taken action.
Based on our work and in light of the increased
Congressional interest in BSA compliance and emphasis on
national security concerns, we have made recommendations that
the Corporation reevaluate and update its examination guidance
to help ensure adequate examiner follow-up and timely
corrective action by bank management; discuss and update the
referral policy with the Treasury Department; encourage State
coverage of Bank Secrecy Act compliance; and develop
alternative procedures to compensate for the lack of State
coverage.
Looking ahead, Mr. Chairman, there are key questions that
FDIC should consider in conjunction with the Treasury
Department and the other financial regulators as it looks to
improve the Bank Secrecy program.
First, is risk-scoping Bank Secrecy examinations and
follow-up still the most effective approach to uncovering money
laundering and terrorism financing?
Second, are the policies and procedures for reporting
certain cash transactions and Bank Secrecy violations to the
Treasury Department, some of which date to the early 1990's,
currently effective?
And, last, is the information reported to FinCEN by
financial institutions and regulators effectively evaluated and
does it ultimately result in timely preventive actions?
Mr. Chairman, we appreciate the opportunity to participate
in these hearings. We are prepared to assist in addressing
these issues and have additional audits planned in this area.
I would be pleased to answer any questions that you may
have.
Chairman Shelby. Thank you.
Ms. D'Agostino.
STATEMENT OF DAVI M. D'AGOSTINO, DIRECTOR
FINANCIAL MARKETS AND COMMUNITY INVESTMENT
U.S. GENERAL ACCOUNTING OFFICE
Ms. D'Agostino. Thank you, Mr. Chairman, Ranking Member
Sarbanes, and Members of the Committee.
I am very pleased to be here today before you and along
with the FDIC IG on this panel to discuss a number of issues
concerning Federal regulators' oversight of banks, thrifts and
credit unions for Bank Secrecy Act or BSA compliance, and our
ongoing work for this Committee on this matter.
Several recent cases imposing large civil money penalties
on depository institutions have increased attention on industry
compliance with, and Government enforcement of, the BSA. My
oral
summary will focus on, one, selected recent enforcement actions
taken against depository institutions for BSA violations, and
two, the scope and approach of our ongoing work that we are
doing for this Committee on BSA examinations, violations
identified and the various levels of enforcement and penalties
imposed for them.
First, in the last few years and as recently as last month,
the financial regulators, FinCEN and the Courts have taken
actions against a number of depository institutions for
significant BSA violations. Recent enforcement actions show
that various types of depository institutions have had BSA
violations. These actions also raise the issue of the
timeliness of the identification of the BSA violations and the
enforcement actions taken by the regulators. For example, an
individual who was later convicted of money laundering offenses
had apparently deposited $21 million in cash at Banco Popular
de Puerto Rico, between 1995 and 1998. The bank had not
investigated or reported this activity to FinCEN or to law
enforcement until 1998, years after the suspicious activity had
taken place.
In 1999, the bank's regulator expanded its examination
scope for BSA compliance based on information it received from
law enforcement. Its findings then led to Justice, FinCEN, and
the bank regulator, imposing penalties and entering into a
deferred prosecution agreement with the bank. These actions
were all taken for violating the BSA's suspicious activity
reporting requirement.
More recently Riggs Bank was assessed a $25 million civil
money penalty for BSA violations including the failure to
maintain an effective BSA compliance program and failure to
monitor and report large transactions involving foreign
embassies. Although OCC, Riggs' regulator, testified yesterday
and again today that they had identified the problems early on,
apparently as early as 1997, and used supervisory measures in
efforts to get improvement at the bank, these efforts in this
case proved to have limited effect.
In 2003, OCC deemed the bank to be systemically deficient
and the bank entered into a consent order. In 2004, when the
bank still was not in full compliance, they were assessed the
penalty.
In recent years, we have issued a number of reports dealing
with regulatory oversight of AML activities, anti-money
laundering activities, of financial institutions, and my
written statement that has been submitted for the record goes
into more detail on those. Our statement also highlights some
of the work done by the IG's, the Inspectors General, on which
we are relying quite heavily to help us get up the curve to do
the massive amounts of work that we are doing for you in your
most recent December request.
Our current work is actually the most comprehensive review
we think that we have done at GAO on BSA issues. In that work
our primary objectives are to determine first, how the five
regulators' risk-focused examinations assess BSA compliance;
second, the extent to which the regulators identified BSA and
AML violations and take supervisory actions; and third, the
consistency of BSA compliance examination procedures and the
interpretation of violations across the regulators.
To answer these questions we plan to review the reliability
of the data systems that the regulators use to track the
violations themselves. As FDIC's IG's work has pointed out,
there are some problems with the systems and what data is
included and not included by the examiners in the database that
is used.
Second, from the samples we plan to pull from all of the
regulators of BSA compliance examinations over a 4-year period,
we plan to analyze the work papers, and this will allow us to
determine the following things: The areas the exams did and did
not cover, the nature of BSA violations identified, whether or
not the regulators somehow curtailed their BSA compliance
exams, and the basis for the decisions to do so. We are also
going to be tracking the supervisory actions taken to correct
violations that have been identified, and we will examine the
ramifications, if any, of Treasury not delegating authority to
the bank regulators to assess BSA compliance penalties as
mandated by statute in 1994.
We are also in the process of putting together a picture of
the statutory authorities, the players and the layers of types
of violations and enforcement actions, and the penalties,
including when they are civil and when they are criminal. I
hear a lot of confusion at each of these hearings that we are
monitoring over the spring over what is a deficiency versus
what is a violation? What is a recordkeeping violation versus a
program violation? We hope to sort through all of that and
review when certain kinds of penalties make sense. We are
working with Justice, the bank regulators and Treasury to try
to tease that out and make some sense of it as well as wade
through all of the various legislation and authorities that are
in place.
With that said, Mr. Chairman, Ranking Member Sarbanes, I
will conclude my statement and will answer any questions you
have of us.
Chairman Shelby. The General Accounting Office has prepared
a number of reports on money laundering and terrorist financing
over the years. Do you believe that there are systemic problems
that resulted in Riggs case being unaddressed for so many
years? You heard the testimony earlier. You know the case. A
lot of years.
Ms. D'Agostino. Yes. It did seem to go on for quite some
time. From the pieces that we are putting together from the
testimonies of the OCC representatives, it appears that OCC was
trying to ``push on a string'' at Riggs with the bank's
management, and when you push on a string, you don't get
resistance and you don't make progress. It seems as if it did
last a long time.
Whether or not it is systemic, I do not think that we can
say today. We hope that our work for the Committee will provide
some insight into that question.
Chairman Shelby. Would you say it is lack of due diligence
then?
Ms. D'Agostino. OCC was aware and trying to work with the
bank's management.
Chairman Shelby. Well, they were trying, but were they----
Ms. D'Agostino. They were pushing on the string.
Chairman Shelby. I love your phrase.
Ms. D'Agostino. Yes. And it is very frustrating.
Chairman Shelby. You have tried to push one, have you not?
Ms. D'Agostino. Yes, sir.
Chairman Shelby. Senator Sarbanes.
Senator Sarbanes. I want to follow up the Chairman's
question right there on whether there was a problem with the
system. In the Banco Popular case which you cited, there
eventually was a settlement in that case, correct?
Ms. D'Agostino. There was a deferred prosecution. It was
one of the early uses by Justice, I think, of this interesting
tool.
Senator Sarbanes. But the settlement agreement indicated,
and I am now quoting from it, ``During the period of 1995
through 1998, the Federal Reserve, through the Federal Reserve
Bank of New York, conducted four examinations of Banco Popular.
These examinations did not contain any criticism of Banco
Popular's BSA compliance policies or procedures.'' And
apparently they only noticed it when the Fed got a tip from a
Federal law enforcement official, and ordered a special
targeted examination of the bank.
I ask the Chairman if I could ask that question right now.
Chairman Shelby. You can.
Senator Sarbanes. Because it follows up exactly on his
point. I mean there is something wrong. The system is not
working right, is it?
Ms. D'Agostino. It is not working swiftly from the
appearance of these two cases, and I think the FDIC IG's work
indicates it can take a long time to go through the supervisory
process of trying to take informal and formal supervisory
action, sometimes without much effect.
Yet at the same time--again--there is much we do not know,
because we are still doing our work. For example, we do not
know to what extent informal supervisory actions have been
effective and timely. So, I think by starting with these cases
which are very enlightening, we still may be missing the whole
picture. Some of the things that we can learn by looking at
more closed cases for the Committee, is how this layering of
authorities, layering of players, and interaction between bank
regulators and law enforcement, fits together and works--not
only where it breaks down but also where it may work well. That
is what we hope to get at in our systematic review of the
regulators' data and through sampling exams for the Committee.
Chairman Shelby. Mr. Gianni, how could the FDIC better use
its supervisory and enforcement authority, which they have a
lot there, to address BSA violations? Is BSA violations deemed
an important mission at the FDIC, and if not, why not?
Mr. Gianni. I think after today's hearing, I believe it is
a priority within the Corporation. I think that clearly the
work of my office would lead me to say that the examiners, the
evidence would show that the examiners were in fact identifying
problems. The issue became what happened after the
identification? How hard did we push to get the problems
resolved? What was the management support? This morning,
Chairman Powell said that if you do not have the culture and
you do not have the tone at the top, if I might use a phrase,
to say that this is important, you tend to try to go after the
approach that will have the least impact in disrupting the
relationship with the institution. So you take the least
aggressive action first. And if they do not follow through on
that, then you go up a step. That takes time. Then if they do
not take action on the second time, you go up to the last or
cease and desist.
So it takes time to go through this process of increased
regulatory action. I think we need to, the Corporation needs to
reexamine at that.
Chairman Shelby. Is it troubling to both of you that in the
Riggs situation, the second report that I talked about later
was almost always ignored, the BSA, bank suspicious activity
report? They filed the transaction report, but they did not do
the other one.
Ms. D'Agostino. The SAR.
Chairman Shelby. Is that troubling?
Ms. D'Agostino. Yes, it is. Although we do know from our
previous work, that banks spend a lot of time doing their own
investigation before they put together one of these reports.
And again, I am not familiar with all of the facts and
circumstances surrounding, for example, the Saudi account case,
and whether or not this activity was unusual or suspicious for
the Saudi account. It could have been routine that they pulled
and moved millions of dollars in and out every day from their
accounts. We just do not know enough about it.
Chairman Shelby. But you are studying it closely.
Ms. D'Agostino. We are. We are watching it every day. We
are not going to be able to get all the details until cases are
closed, and so that makes our job a little more difficult.
Chairman Shelby. How often are banks, ma'am, examined? In
other words, have the regulators adhered to their examination
cycle with respect to the Bank Secrecy Act enforcement?
Ms. D'Agostino. We have not gotten that far yet in our
work, but we will include this question in our scope.
Chairman Shelby. Is that not an important question?
Ms. D'Agostino. Sure. How often do they go in and look at
BSA compliance?
Chairman Shelby. Will you be addressing this in your
ongoing study at the General Accounting Office?
Ms. D'Agostino. Sure. That will be one of many factors.
Chairman Shelby. Mr. Gianni.
Mr. Gianni. Mr. Chairman, I can report that the
Corporation, is complying with the statute of ensuring that
banks are examined at least every 18 months, and in some cases
every year.
Chairman Shelby. What about information sharing with regard
to the Federal Deposit Insurance Corporation? If you just
briefly tell the Committee the normal process which by FDIC
information, the way they work the Bank Secrecy Act compliance,
is shared with the other agencies like Treasury and anybody
else.
Mr. Gianni. There are a number of committees and groups
that address bank secrecy type issues. I do not think there is
a comprehensive process in place currently to share the
information as it relates to bank secrecy and to pull all of
this information together to see whether there are trends,
anomalies, or issues that need to be addressed.
I think first of all, all of the information that we
accumulate within the Corporation is not passed on to FinCEN,
and so with FinCEN's greater responsibility and the will to
bring the regulators together, I think it is a good first step
that the Committee has achieved. The parties can begin to
better share information to see whether information that is
housed within the FDIC is similar to information that is housed
in one of the other regulatory agencies. Again, it is not
unlike what is going on between the CIA and the FBI now as it
relates to our intelligence sharing.
Chairman Shelby. But it is very important in both instances
to share information.
Mr. Gianni. I would agree with you, sir, and I think what
happened, sir, is that when September 11 tragically occurred,
we had a sea change of priorities within our country, and we
had the passage of the USA PATRIOT Act, but I believe that the
risks associated to that, or potential risks associated to that
were underestimated by the bank regulators. It is now being
recognized that it is a part of our national defense, and I
believe that the regulators will have the will and commitment
to step up and to address these issues in a unified manner.
Chairman Shelby. Both of you, you at the FDIC as Inspector
General, and you at the General Accounting Office are
continuing to work in this area. What are some of the steps you
are into?
Ms. D'Agostino. One of our major efforts relates to
assessing the systems that each regulator has and the separate
sets of data that are housed in their own IT units. We are
going to have to go through all of them--luckily FDIC has done
some work ahead of us on that--and try to get a good fix on
what kind of data are and are not included. We will design our
work around the systems and the data available within them, and
check the reliability of them.
That is what we are involved in right now. It is basically
an audit within an audit, to see how reliable the information
is before we use it to report to you information and analysis.
That is a big piece of our undertaking for the Committee.
Again, we are looking at the authorities and the penalties
and how it all works in practice.
Chairman Shelby. Thank you.
Mr. Gianni. Mr. Chairman, I think we are going to work
closely with the GAO. We do not want to duplicate. We want to
try to identify how we can complement the GAO in its efforts to
try to address the request from the Committee.
There are several areas where I think that we could make a
contribution. Clearly, I think that this practice of risk
focusing might be appropriate for the initial go-round, but
risk focusing for follow-up action may not be the appropriate
way. So, we need to think a bit more about risk scoping and how
that applies to bank secrecy.
Second, I think clearly the agencies are concerned about
regulatory burden. Having said that, we have to think through
how we have gone about implementing the various laws and
regulations, and to see whether there may be a streamlined way
of still accomplishing the legislative objectives that were set
out by the Congress, yet, doing it in a much more efficient
way. The Corporation has a process working with the other
regulators to look at that.
The last thing I would like to talk about is--it was raised
this morning--I think I would like to look at the Hudson case
to see the similarities that might exist, and just pursue that
from an intellectual standpoint to see if there are some
lessons learned that we might be able to help the Corporation
on.
Chairman Shelby. You are in a position to do that.
Mr. Gianni. Yes, I am, sir.
Chairman Shelby. And I hope you will. To both of you, will
you hopefully finish your work in this area before the year is
out? This is just June 1. I know it is a big undertaking, but
it is an important and timely undertaking. You cannot put a
calendar day on it.
Ms. D'Agostino. We have not yet committed to a date to the
Committee for issuing our final report. We are considering
whether there might be ways where we could report on an interim
basis on different pieces of this fairly large request you have
made of us, so that you do not have to wait so long to receive
our results.
Chairman Shelby. Sure. We appreciate that.
Could you both briefly expand on comments regarding the
vulnerability of the risk-based approach to the oversight
process? For example, when you determine what constitutes
suspicious activity, is that pretty subjective? You have
criteria to go by, you have to have something that triggers
something at the regulatory agencies?
Mr. Gianni. There are certainly guidelines out that have
been written to help the examiners, but it is judgment. It
comes down to judgment. When you have judgment being made----
Chairman Shelby. Critical evaluation of something.
Mr. Gianni. It is a critical judgment. When you have those
types of critical judgments being made within a framework, it
is important to make sure those judgments get reviewed not only
on an individual basis, but also on a collective basis to see
if there are areas where we can help refine the guidance,
further improve the guidance, so stronger and better judgments
are made in the future.
Chairman Shelby. Do you believe that the regulatory
structure we have today, if used diligently, would be
sufficient in the future, or do we need to look somewhere else?
Mr. Gianni. I personally think that the bank regulators,
working together, can accomplish what needs to get
accomplished.
Chairman Shelby. Is the Riggs case a wake-up call and some
of the others, hopefully?
Mr. Gianni. I believe Riggs is a wake-up call, as well as
the fact that the Committee has seen fit to have oversight. I
personally do not underestimate the power of Ccongressional
oversight.
Chairman Shelby. Do you have a comment?
Ms. D'Agostino. I agree with the FDIC IG. I think training
and keeping up to date on the most current approaches by the
money launderers and terrorist financiers, and anything that
law enforcement could help put together to better inform the
examiners would be useful too. But I am not sure that structure
is the only issue. I do think that the leadership, the
oversight, and that tone at the top, as Mr. Gianni pointed out,
are very important in keeping attention properly focused on
AML.
Chairman Shelby. You both have your hands full, but we
appreciate the job you are doing and the attitude that you
have, and we will have you back before the Committee.
Thank you very much for the work and your commitment.
Ms. D'Agostino. Thank you.
Mr. Gianni. Thank you, Mr. Chairman.
Chairman Shelby. The hearing is adjourned.
[Whereupon, at 12:10 p.m., the hearing was adjourned.]
[Prepared statements, response to written questions, and
additional material supplied follows:]
PREARED STATEMENT OF SENATOR WAYNE ALLARD
I would like to thank Chairman Shelby for holding this hearing to
examine the enforcement of the Bank Secrecy Act. Since 1970, the Bank
Secrecy Act has been an important tool the Government uses to combat
money laundering and the financing of terrorism. This statute has taken
on even more significance through the USA PATRIOT Act as the
international monetary system has been manipulated by terrorists. The
Act requires all financial institutions to maintain records and file
reports that are used in criminal, tax, or regulatory investigations
and proceedings. Seeing that these requirements are met is a daunting
task, yet critical to the ultimate safety of people around the world.
The Committee has held three oversight hearings on terror financing
this year, which I believe have helped initiate significant
improvements to the existing counterterror finance programs within the
Treasury Department. I look forward to today's discussion on the
specific procedures on how suspicious activities and transactions are
detected, and more particularly, how they are dealt with when they are
found. That is where there have been problems in recent months and it
is vital that we determine how to catch money launderers in a timely
fashion. An effective way to track down terrorists is by tracing their
financial transactions, and so I look forward to progress made in this
area.
I would like to thank our witnesses for coming to testify and look
forward to hearing how your offices enforce the Bank Secrecy Act.
----------
PREPARED STATEMENT OF SENATOR JIM BUNNING
Thank you Mr. Chairman for holding this very important oversight
hearing and I would like to thank all of our witnesses here today.
Like many Americans, I was very surprised to hear the reports out
of Iraq of our soldiers finding large sums of U.S. currency in a
country that our Nation has imposed sanctions upon. I was even more
surprised to find out that the cash was traced directly to the New York
Federal Reserve. I was somewhat relieved to find out the New York Fed
did nothing wrong in this particular instance, though I am concerned
some of our allies were skirting our sanctions. However, when the Fed
investigated the cash in Iraq, they uncovered many serious problems in
the Extended Custodial Inventory Program. The program, which was set up
to ensure a supply of currency and recover and replace worn out
currency, showed some very disturbing abuses. UBS, who ran the program
in Switzerland, falsified documents and sent currency to countries on
our sanctions list.
Equally disturbing were the reports of the Riggs bank scandal.
Riggs was skirting Bank Secrecy Act procedures, and moving large sums
of cash without making Suspicious Activity Reports or SAR's. SAR's are
not something that are that obscure. They were even mentioned on an
episode of the Sopranos. Surely a banker would know to file them. The
only conclusion could be that the SAR's were knowingly not filed. The
OCC has recently fined Riggs $25 million. But I am very concerned why
the Riggs scandal lasted as long as it did. And I want to make sure
this type of problem does not happen again.
There seemed to be a lapse in oversight by the regulators in both
of these cases. I am glad all of the regulating agencies are
represented today so we can find out their take on the Bank Secrecy Act
and the USA PATRIOT Act and if they believe any of their regulated
institutions are involved in similar practices. I would like to know,
if the Fed and OCC, without jeopardizing any possible investigations,
can you tell us if there are any other similar problems out there on
the horizon in the other institutions you regulate.
I would also like to know from all of you, what you think of the
Bank Secrecy Act and the USA PATRIOT Act. Should they be expanded or
contracted. Where and how can they be improved? Do they need to be
tweaked or overhauled? We must make sure we are making the best use of
our resources to ensure we are doing whatever we can to choke off the
financial lifeblood to terrorists. We can and must do better. Too much
is at stake.
Once again, thank you Mr. Chairman for holding this hearing and I
thank our witnesses for testifying today. Hopefully we can get to the
bottom of this.
PREPARED STATEMENT OF SUSAN S. BIES
Member, Board of Governors of the Federal Reserve System
June 3, 2004
Mr. Chairman, thank you for the opportunity to appear before the
Senate Committee on Banking, Housing, and Urban Affairs to discuss the
Federal Reserve's participation in efforts to combat money laundering
and terrorist financing. The Federal Reserve and the other Federal
financial institutions supervisory agencies play a critical role in
these efforts, and the Federal Reserve is actively engaged in a number
of initiatives to refine and strengthen examination protocols in this
area and to effectively deploy resources to prevent, identify, and
address problems at the banking organizations supervised by the Federal
Reserve.
In my remarks today, I will describe for you some of the important
steps we are taking to fulfill our supervisory mission, to guide the
institutions we supervise, and, in cooperation with the other banking
and financial services regulators and the Treasury Department, to make
every effort to use our supervisory tools to enhance the banking
industry's role in preventing and detecting money laundering and
terrorist financing. The Federal Reserve's anti-money laundering
program is multifaceted. It involves work in bank supervision,
applications, enforcement, investigations, training, coordination with
the law enforcement and intelligence communities, and rule writing.
This morning, I will touch on some of these aspects of the Federal
Reserve's anti-money laundering program, but will concentrate on bank
supervision efforts and enforcement matters.
I would like to begin with a few words about the Federal Reserve's
supervisory philosophy in this area. The Federal Reserve has long
shared Congress's view that financial institutions and their employees
are on the frontline of the effort to combat illicit financial
activity. The Federal Reserve believes that the banking organizations
it supervises must take every reasonable step to identify, minimize,
and manage any risks that illicit financial activity may pose to
individual financial institutions and the banking industry.
Accordingly, the Federal Reserve has required the financial
institutions it supervises to put in place appropriate controls and
risk management mechanisms, and has also devoted extensive resources to
issuing guidance on legislative and regulatory requirements and sound
banking practices, as well as to coordinating supervisory efforts with
other agencies. In addition, the Federal Reserve uses its enforcement
authority, where necessary, in the event that serious problems or risks
cannot be satisfactorily addressed in the supervisory process.
Supervisory Strategy and Procedures for Anti-Money Laundering
and Counter Terrorist Financing
It has been our longstanding policy that Federal Reserve
supervisors incorporate a Bank Secrecy Act compliance and anti-money
laundering program component into every safety and soundness
examination conducted by a Reserve Bank. This means that on a regular
examination cycle, examiners seek to determine if a banking
organization's Bank Secrecy Act (BSA) and anti-money laundering (AML)
compliance
programs are satisfactory and are commensurate with the organization's
business activities and risk profiles. Examinations are conducted at
the State member banks, bank holding companies, Edge Act corporations,
and U.S. branches and agencies of foreign banks supervised by the
Federal Reserve. Every Reserve Bank has BSA/AML specialists and
coordinators on its staff, and, since the late 1980's, the Board has
had an anti-money laundering program in its supervision division
overseen by a senior official. Simply put, Bank Secrecy Act and anti-
money laundering compliance has for years been an integral part of the
bank supervision process at the Federal Reserve. Furthermore, the
Federal Reserve's enforcement program has a strong history of
addressing both anti-money laundering and safety and soundness problems
in formal actions, where necessary. While the number of actions may
fluctuate somewhat from year to year, the Federal Reserve's exercise of
its enforcement authority has been consistently strong and timely.
The Federal Reserve supervision process includes both on-site
examinations and off-site surveillance and monitoring. The Federal
Reserve generally conducts an on-site examination of each bank it
supervises once every 12 to 18 months, and at each examination staff
reviews the institution's anti-money laundering procedures and its
compliance with the Bank Secrecy Act, as amended by the USA PATRIOT Act
and new Treasury regulations. For large, complex banking organizations,
the safety and soundness examination process is continuous, and anti-
money laundering and BSA compliance is incorporated into examinations
conducted throughout the year. The Federal Reserve always includes BSA/
AML examinations in the supervisory strategy for every banking
organization we supervise.
A key component of anti-money laundering examinations is the
institution's compliance with the BSA compliance program requirement.
The Federal Reserve and the other Federal banking agencies have
compliance program requirements for institutions they supervise. In
general, the rules require a bank to establish, maintain, and document
a program that includes:
a system of internal controls to ensure ongoing compliance
with the BSA,
independent testing of the bank's compliance with the BSA,
training of appropriate bank personnel, and
the designation of an individual responsible for coordinating
and monitoring day-to-day compliance with the BSA.
The Federal Reserve works to ensure that the banking organizations
we supervise understand the importance of having in place an effective
anti-money laundering program. When a Reserve Bank conducts a BSA/AML
examination of a banking organization under its supervision, the four
components of the program establish the framework for the examination.
To properly evaluate the effectiveness of a banking organization's
anti-money laundering program, the Federal Reserve has developed
comprehensive examination procedures and manuals, and regularly
provides training for its examiners. The BSA/AML examination procedures
are currently under revision to reflect newly issued regulations under
the USA PATRIOT Act.
The Federal Reserve's BSA examinations are risk-focused. While a
``core'' BSA examination is required of all banking organizations,
risk-focused procedures allow examiners to apply the appropriate level
of scrutiny to higher-risk business lines, where necessary, and
alleviate burden where high-risk products or customers are not present.
In other words, a small State member bank with a low-risk customer base
receives a considerably different and less burdensome BSA/AML
examination than a large, complex banking organization with
international operations.
The Examination Process
During every safety and soundness examination of banking
organizations under Federal Reserve supervision, bank examiners
specially trained in BSA requirements review the institution's previous
and current compliance with the BSA. Examiners first determine whether
the institution has included BSA/AML procedures in all of its
operational areas, including retail operations, credit, private
banking, and trust, and has adequate internal control procedures to
detect, deter and report money laundering activities, as well as other
potential financial crimes. As part of such an examination, bank
examiners also review an institution's fraud detection and prevention
capabilities, and its policies and procedures for cooperating with law
enforcement (whether through responding to subpoenas, acting on
information requests under Section 314 of the USA PATRIOT Act, or
otherwise).
Our supervision policy guidance in this area requires that
examiners also conduct a review of the databases of Suspicious Activity
Reports (SAR's) and Currency Transaction Reports (CTR's) to determine
if the banking organization that is about to be examined has filed such
reports and that they appear complete and timely. Examiners are not
doing this to count the number of SAR's and CTR's, to compare their
findings against other institutions, or to base any criticisms solely
on a numerical count, but rather to make sure, for example, that the
bank or U.S. branch of a foreign bank understands its obligations in
this critical area and has taken steps to fulfill its responsibilities
by filing timely and accurate reports with law enforcement and bank
regulators.
The on-site examination begins as a review of the institution's
written compliance program and documentation of self-testing and
training, as well as a review of the institution's system for capturing
and reporting certain transactions pursuant to the Bank Secrecy Act,
including any suspicious or unusual transactions possibly associated
with money laundering or other financial crimes. Transaction testing is
generally conducted to verify these systems.
In those instances where there are deficiencies in the BSA/AML
program, including failures to adequately document self-testing or
training, obvious breakdowns in operating systems, or failures to
implement adequate internal controls, the Federal Reserve's examination
procedures require examiners to conduct a more intensified second-stage
examination that would include the review of source documents and
expanded transaction testing, among other steps.
There is an important correlation between the areas covered by a
BSA/AML examination and an institution's overall risk management and
internal controls. Thus, bank examiners take into account an
organization's enterprise-wide corporate governance mechanisms and how
they are applied. The Federal Reserve's bank examiners are able to
apply a broad perspective and depth of organizational knowledge to the
area of BSA/AML and to coordinate with examination and analytic staff
to ensure that the safety and soundness and BSA/AML examinations are
integrated and comprehensive. The Federal Reserve has found that there
is an important synergy gained by integrating the safety and soundness
and BSA/AML supervisory processes.
Enforcement Actions
The Federal Reserve focuses significant resources on the prevention
and early resolution of deficiencies within the supervisory framework.
When problems are identified at a banking organization, they are
typically communicated to the management and directors in a written
report. The management and directors are requested to address
identified problems voluntarily and to take measures to ensure that the
problems are corrected and will not recur. Most problems are resolved
promptly after they are brought to the attention of a banking
organization's management and directors.
In some instances, however, examiners identify problems relating to
anti-money laundering measures that are pervasive, repeated, unresolved
by management, or otherwise of such serious concern that use of the
Federal Reserve's enforcement authority is warranted. If the problem
does not require a formal action, the Reserve Banks have the authority
to take informal, nonpublic supervisory action, such as requiring the
adoption of an appropriate resolution by an institution's board of
directors or the execution of a memorandum of understanding between an
institution and the Reserve Bank.
When informal action will not suffice, the Federal Reserve has
authority to take formal, public enforcement action to compel the
management and directors of a banking organization to address anti-
money laundering and BSA compliance problems. These actions include
written agreements, cease-and-desist orders, and civil money penalties,
and are legally enforceable in court. These actions are not delegated
to the Reserve Banks, and are undertaken only with the concurrence of
the Board's General Counsel and the Board's Director of the Division of
Banking Supervision and Regulation. Because these actions are public,
they can have a significant impact on a banking organization,
particularly one that is a public company. In determining whether
formal action is appropriate, Federal Reserve staff considers all
relevant factors, including the nature, severity, and duration of the
problem, the anticipated resources and actions necessary to resolve the
problem, and the responsiveness of the directors and management.
In cases where examiners have identified a violation of the
compliance program requirement, the Federal banking agencies are bound
by law to take formal enforcement action. The same law requiring the
banking agencies to promulgate rules requiring the four-part compliance
program that I discussed earlier provides that if an institution fails
to establish and maintain the required procedures, or if it has failed
to correct any previously identified problem with the procedures, then
the agency must issue a formal action requiring the institution to
correct the problem. The Federal Reserve takes this responsibility very
seriously and has issued a number of public actions against banking
organizations in fulfillment of this statutory mandate. Federal Reserve
staff exerts every effort to ensure that this statute is implemented
consistently, and Board staff acts as a central coordinator for the
examination and enforcement staff at the different Reserve Banks. Over
the past 3 years, for example, the Federal Reserve has taken
approximately 25 formal, public enforcement actions addressing BSA/AML-
related matters. Actions have been taken against large banking
organizations as well as smaller ones--the one constant is that the
examination process identified regulatory violations in the
organizations' compliance programs that, under the law, mandated the
supervisory actions.
In addition to taking action itself, the Federal Reserve may refer
a BSA-related matter to Treasury's Financial Crimes Enforcement Network
(FinCEN) for consideration of an enforcement action based solely on BSA
violations, rather than a program failure or issues relating to safety
and soundness. Treasury has delegated to the Federal financial banking
agencies the authority to examine for BSA compliance those institutions
they normally examine for safety and soundness; however, Treasury has
not delegated the authority to take an enforcement action, such as the
assessment of a fine, for violations of the Bank Secrecy Act.
Federal Reserve staff coordinates enforcement actions with other
regulators or agencies, including in the area of anti-money laundering.
If a banking organization's problems involve entities supervised by
different regulators, resolution of enterprise-wide problems may
involve multiple enforcement actions. For example, the Office of the
Comptroller of the Currency (OCC), FinCEN, and the Federal Reserve
coordinated their recent enforcement actions against Riggs National
Corporation; Riggs Bank, N.A.; and Riggs International Banking
Corporation, the bank's Edge Act subsidiary, to ensure consistency and
concurrent resolution of open issues. The Federal Reserve coordinates
enforcement actions with State banking supervisors on a regular basis,
and enforcement actions involving operations of foreign banking
organizations may be resolved in cooperation with supervisors abroad.
In several recent matters, there was close coordination with the U.S.
Department of Justice as well.
The Applications Process
Before I describe some more aspects of the Federal Reserve's
supervisory process, let me touch on a very important component of the
Federal Reserve's anti-money laundering process--the processing of
applications and notices filed with the Board. The Federal Reserve has
had a longstanding practice of considering an applicant's compliance
with anti-money laundering laws in evaluating various applications,
including bank mergers and acquisitions of insured depositories by bank
holding companies as well as applications filed by foreign banks to
establish U.S. banking offices under the Foreign Bank Supervisory
Enhancement Act. The USA PATRIOT Act included a provision memorializing
our practice in the application area and required the Board to take
into account the effectiveness of an applicant's BSA compliance program
when it considers applications under various laws.
Under our longstanding protocols as well as the new law, every
application matter considered by the Federal Reserve includes a BSA/AML
compliance-related component whereby staff has to make specific
judgments regarding an applicant's compliance with the law in this
important area. While I cannot, of course, comment on specific cases, I
can report to you that Board staff has on some recent occasions advised
banking organizations considering expansion or other activities
requiring the filing of applications with the Federal Reserve to
concentrate instead on their BSA/AML programs. While not the full
equivalent of an enforcement action, I am sure that you can appreciate
the fact that every banking organization that is seeking or planning on
seeking Federal Reserve approval of an application makes every effort
possible to ensure that its anti-money laundering program is considered
to be fully satisfactory by examiners and that any deficiencies that
may be identified are addressed as expeditiously as possible. The
applications process gives the Board a strong tool in the BSA/AML area.
Guidance to Banking Organizations
Turning back to the Federal Reserve's normal supervision process,
Board and Reserve Bank supervisors seek to provide guidance to banking
organizations to assist them to fully understand applicable regulatory
requirements and what is expected by the regulators. While financial
institutions are, of course, fully responsible for their own
compliance, the supervisors play an important role in ensuring that
regulatory requirements are correctly understood and uniformly applied.
This is particularly true in areas such as compliance with new
regulations promulgated since the USA PATRIOT Act.
The Federal Reserve views its supervisory role as including
initiatives to enhance awareness and understanding by examiners
throughout the Federal Reserve System, by banking organizations under
Federal Reserve supervision, and by the financial industry at large. To
promote a full understanding of anti-money laundering
requirements, the Federal Reserve issues Supervision and Regulation
letters, which are used to advise Reserve Bank supervisory staff,
supervised institutions, and the banking industry about policy matters;
provides on-going training to examiners; speaks regularly before the
financial industry; and issues guidance in conjunction with other
regulators and Treasury. These initiatives are meant to respond to or
anticipate questions that arise regarding anti-money laundering
requirements. The Federal Reserve is keenly aware of the resources that
anti-money laundering and counter-terrorist financing requirements
demand of financial institutions and believes that it is our duty to
assist them in meeting their obligations.
Federal Reserve Resource Commitment
The Federal Reserve's BSA/AML function ranges from supervising and
regularly examining banking organizations subject to Federal Reserve
supervision for compliance with the BSA and relevant regulations, to
requiring corrective action for
detected weaknesses in BSA/AML programs, to enhancing money laundering
investigations by providing expertise to the U.S. law enforcement
community, and to providing training to U.S. law enforcement
authorities and various foreign central banks and government agencies.
Over the past 3 years, for example, Federal Reserve experts in BSA/AML-
related matters have participated in special reviews of funds transfers
for Federal law enforcement and intelligence authorities, taught
classes at FBI and Department of Homeland Security training academies,
held seminars for central bank and foreign supervisory authorities in
over 10 countries, including Botswana, Mexico, Russia, and the United
Arab Emirates, and engaged in discussions on AML-related matters at
international fora such as the Basel Cross-border Group and the
Financial Action Task Force on Money Laundering (FATF).
Over the course of the past 10 plus years, the Federal Reserve's
anti-money laundering program has grown dramatically. From a senior
official at the outset assigned to coordinate the Federal Reserve's BSA
activities in the late 1980's, to the creation and staffing in early
2004 of a new section within the Board's Division of Banking
Supervision and Regulation dedicated solely to anti-money laundering
efforts (the Anti-Money Laundering Policy and Compliance Section), the
Federal Reserve continues to commit a growing number of its resources to
BSA/AML compliance. In 1993, the Federal Reserve System began the practice
of designating a senior examiner at each of the 12 Reserve Banks to
serve as a Bank Secrecy Act coordinator for the BSA examiners at that
Reserve Bank. The number of senior BSA examiners throughout the System
has grown tremendously, particularly since the enactment of the USA
PATRIOT Act and the increasing complexity of BSA examinations. The web
of BSA examiners throughout the Federal Reserve System is brought
together through a direct communication channel with the Board's AML
Policy and Compliance Section. This communication is an important tool
for gathering examination experiences and providing consistent guidance
throughout the Federal Reserve System.
By any standard, the Federal Reserve has taken a leadership role in
the U.S. Government's and international banking and regulatory
community's anti-money laundering efforts.
Supervisory Coordination
Due to the complexity of financial institutions today, it is
imperative that the Federal Reserve coordinate with a long list of
agencies on issues tied to the Bank Secrecy Act. First, the Federal
Reserve views the Department of the Treasury and FinCEN as important
partners due to their leadership role in administering the Bank Secrecy
Act. In addition, for a number of complex financial institutions, the
Federal Reserve shares supervisory and regulatory responsibilities with
the OCC, Federal Deposit Insurance Corporation, and the Office of
Thrift Supervision at the Federal level, with the banking agencies of
the various States, and with foreign banking authorities for the
international operations of U.S. banks and the operations of foreign
banks in the United States.
This network of partners requires a high degree of coordination.
The regulatory authorities communicate constantly regarding BSA-related
matters. For example, among bank regulators, there are a number of
electronic systems in place that allow secure access to examination
information. This allows regulators to monitor the status of
organizations under their direct or indirect purview. It is also the
Federal Reserve's practice to notify relevant functional regulators
when a supervisory action may have impact on an institution subject to
their supervision.
In addition, bank regulators collaborate in the development of
consistent examination procedures and examiner training. The USA
PATRIOT Act required a surge of rulemaking activity, and the Federal
Reserve and its regulatory colleagues continue to advise Treasury as it
completes this important work.
Law Enforcement Coordination
The Federal Reserve routinely coordinates with Federal and state
law enforcement agencies with regard to potential criminal matters,
including anti-money laundering and financial crime activities. This
coordination may occur when the Federal Reserve takes action to address
matters that are also addressed in a criminal proceeding, when the
financial condition of a bank is affected by a criminal matter, or when
law enforcement draws on Federal Reserve staff expertise in its
investigative work. The Federal Reserve maintains open channels of
communication with law enforcement, whether through interagency working
groups or through informal staff level contacts.
Conclusion
The Federal Reserve believes that banking organizations should take
reasonable and prudent steps to combat illicit financial activities
such as money laundering and terrorist financing, and to minimize their
vulnerability to risks associated with such activity. For this reason,
the Federal Reserve's commitment to ensuring compliance with the Bank
Secrecy Act continues to be a high supervisory priority. The Federal
Reserve has an important role in ensuring that criminal activity does
not pose a systemic threat, and, as important, in improving the ability
of individual banking organizations in the United States and abroad to
protect themselves from illicit activities.
Thank you again for inviting me today to explain the Federal
Reserve's work in this important area.
PREPARED STATEMENT OF JOHN D. HAWKE, JR.
Comptroller of the Currency
U.S. Department of the Treasury
June 3, 2004
Introduction
Chairman Shelby, Ranking Member Sarbanes, Members of the Committee,
I appreciate the opportunity to appear before you today to discuss the
challenges we at the Office of the Comptroller of the Currency (OCC)--
and other financial institution regulators--face in combating money
laundering in the U.S. financial system, and how we are meeting those
challenges. I will also address the enforcement actions in this area we
have recently taken against Riggs Bank N.A.
As the regulator of national banks, the OCC has long been committed
to the fight against money laundering. For more than 30 years, the OCC
has been responsible for ensuring that the banks under its supervision
have the necessary controls in place and provide requisite notices to
law enforcement to assure that those banks are not used as vehicles to
launder money for drug traffickers or other criminal organizations. The
tragic events of September 11 have brought into sharper focus the
related concern of terrorist financing. Together with the other Federal
banking agencies, the banking industry, and the law enforcement
community, the OCC shares the Committee's goal of preventing and
detecting money laundering, terrorist financing, and other criminal
acts and the misuse of our Nation's financial institutions.
The cornerstone of the Federal Government's anti-money laundering
(AML) efforts is the Bank Secrecy Act (BSA). Enacted in 1970, the BSA
is primarily a recordkeeping and reporting statute that is designed to
ensure that banks and other financial institutions provide relevant
information to law enforcement in a timely fashion. The BSA has been
amended several times, most recently through passage of the USA PATRIOT
Act in the wake of the September 11 tragedy. Both the Secretary of the
Treasury, through the Financial Crimes Enforcement Network (FinCEN),
and the Federal banking agencies, have issued regulations implementing
the BSA, including regulations requiring all banks to have a BSA
compliance program, and to file reports such as suspicious activity
reports (SAR's) and currency transaction reports (CTR's).
Due to the sheer volume of financial transactions processed through
the U.S. financial system, primary responsibility for compliance with
the BSA and the AML statutes rests with the Nation's financial
institutions themselves. The OCC and the other Federal banking agencies
are charged with ensuring that the institutions we supervise have
strong AML programs in place to identify and report suspicious
transactions to law enforcement, and that such reports are, in fact,
made. Thus, our supervisory processes seek to ensure that banks have
systems and controls in place to prevent their involvement in money
laundering, and that they provide the types of reports to law
enforcement that the law enforcement agencies, in turn, need in order
to investigate suspicious transactions that are reported.
To accomplish our supervisory responsibilities, the OCC conducts
regular examinations of national banks and Federal branches and
agencies of foreign banks in the United States. These examinations
cover all aspects of the institution's operations, including compliance
with the BSA. Our resources are concentrated on those institutions, and
areas within institutions, of highest risk. In cases of noncompliance,
the OCC has broad investigative and enforcement authority to address
the problem.
Unlike other financial institutions, which have only recently
become subject to compliance program and SAR filing requirements, banks
have been under such
requirements for years. For example, banks have been required to have a
BSA compliance program since 1987, and have been required to file SAR's
(or their predecessors) since the 1970's. Not surprisingly, most banks
today have strong AML programs in place, and many of the largest
institutions have programs that are among the best in the world. There are
now approximately 1.3 million SAR's in the centralized database that is maintained by FinCEN. While the USA PATRIOT Act further augmented the due diligence and reporting requirements for banks in several key areas, one
of its primary objectives was to impose requirements on nonbanking
institutions that had long been applicable to banks.
The OCC's efforts in this area do not exist in a vacuum. We have
long been active participants in a variety of interagency working
groups that include representatives of the Treasury Department, law
enforcement, and the other Federal banking agencies. We also work
closely with the FBI and other criminal investigative agencies,
providing them with documents, information, and expertise on a case-
specific basis. In addition, when we are provided with lead information
from a law enforcement agency, we use that information to investigate
further to ensure that BSA compliance systems are adequate.
We continue to work to improve our supervision in this area and we
are constantly revising and adjusting our procedures to keep pace with
technological developments and the increasing sophistication of money
launderers and terrorist financers. For example, along with the other
Federal banking agencies, the OCC recently developed examination
procedures to implement several key sections of the USA PATRIOT Act,
and we expect to be issuing a revised version of our BSA Handbook by
year end. We have also recently initiated two programs that will
provide stronger and more complete analytical information to assist our
examiners in identifying banks that may have high money laundering
risk. Specifically, we are developing a database of national-bank filed
SAR's with enhanced search and reporting capabilities, and we also are
developing and will implement nationwide, a new risk assessment process
to better identify high-risk banks. Additionally, we are exploring with
FinCEN and the other banking agencies better ways to use BSA
information in our examination process to better identify risks and
vulnerabilities in the banking system.
Recent events surrounding Riggs Bank N.A. have heightened interest
in how the banking agencies, and the OCC in particular, conduct
supervision for BSA/AML compliance. Together with FinCEN, the OCC
recently assessed a record $25 million civil money penalty (CMP)
against Riggs Bank N.A. The OCC also imposed a supplemental cease-and-
desist (C&D) order on the bank, requiring the institution to strengthen
its controls and improve its processes in the BSA/AML area. Along with
the C&D order we issued against the bank in July 2003, these and other
actions we have taken have greatly reduced the bank's current risk
profile.
However, with the benefit of hindsight, it is clear that the
supervisory actions that we previously took against the bank were not
sufficient to achieve satisfactory and timely compliance with the BSA,
that more probing inquiry should have been made into the bank's high
risk accounts, and that stronger, more forceful enforcement action
should have been taken sooner. While we do not believe that Riggs is
representative of the OCC's supervision in the BSA/AML area, we are
nonetheless taking a number of steps to guard against a repeat of this
type of situation. In this regard, I have directed that our Quality
Management Division commence a review and evaluation of our BSA/AML
supervision of Riggs and make recommendations to me on several issues
concerning our approach to and the adequacy of our BSA/AML supervision
programs generally, and particularly with respect to Riggs.
Background and Legal Framework
In 1970, Congress passed the ``Currency and Foreign Transactions
Reporting Act'' otherwise known as the ``Bank Secrecy Act'' (BSA),
which established requirements for recordkeeping and reporting by
private individuals, banks, and other financial institutions. The BSA
was designed to help identify the source, volume, and movement of
currency and other monetary instruments into or out of the United
States or being deposited in financial institutions. The statute sought
to achieve that objective by requiring individuals, banks, and other
financial institutions to create a paper trail by keeping records and
filing reports of certain financial transactions and of unusual
currency transfers. This information then enables law enforcement and
regulatory agencies to pursue investigations of criminal, tax, and
regulatory violations.
The BSA regulations require all financial institutions to submit
various reports to the Government. The most common of these reports
are: (1) FinCEN Form 104 (formerly IRS Form 4789)--Currency Transaction
Report (CTR) for each payment or transfer, by, through or to a
financial institution, which involves a transaction in currency of more
than $10,000; and (2) FinCEN Form 105 (formerly Customs Form 4790)--
Report of International Transportation of Currency or Monetary
Instruments (CMIR) for each person who physically transports monetary
instruments in an aggregate amount exceeding $10,000 into or out of the
United States. Bank supervisors are not responsible for investigating
or prosecuting violations of criminal law that may be indicated by the
information contained in these reports; they are, however, charged with
assuring that the requisite reports are filed timely and accurately.
The Money Laundering Control Act of 1986 precludes the
circumvention of the BSA requirements by imposing criminal liability
for a person or institution that knowingly assists in the laundering of
money, or who structures transactions to avoid reporting. It also
directed banks to establish and maintain procedures reasonably designed
to assure and monitor compliance with the reporting and recordkeeping
requirements of the BSA. As a result, on January 27, 1987, all Federal
bank regulatory agencies issued essentially similar regulations
requiring banks to develop procedures for BSA compliance. The OCC's
regulation requiring that every national bank maintain an effective BSA
compliance program is set forth at 12 CFR Sec. 21.21 and is described
in more detail below.
Together, the BSA and the Money Laundering Control Act charge the
bank regulatory agencies with:
overseeing banks' compliance with the regulations described,
which direct banks to establish and maintain a BSA compliance
program;
requiring that each examination includes a review of this
program and describes any problems detected in the agencies' report
of examination; and
taking C&D actions if the agency determines that the bank has
either failed to establish the required procedures or has failed to
correct any problem with the procedures which was previously cited
by the agency.
The Annunzio-Wylie Anti-Money Laundering Act, which was enacted in
1992, strengthened the sanctions for BSA violations and the role of the
Treasury Department. It contained the following provisions:
a so-called ``death penalty'' sanction, which authorized the
revocation of the charter of a bank convicted of money laundering
or of a criminal violation of the BSA;
an authorization for Treasury to require the filing of
suspicious-transaction reports by financial institutions;
the grant of a ``safe harbor'' against civil liability to
persons who report suspicious activity; and
an authorization for Treasury to issue regulations requiring
all financial institutions, as defined in BSA regulations, to
maintain ``minimum standards'' of an AML program.
Two years later, Congress passed the Money Laundering Suppression
Act, which primarily addressed Treasury's role in combating money
laundering. This statute:
directed Treasury to attempt to reduce the number of CTR
filings by 30 percent and, to assist in this effort, it established
a system of mandatory and discretionary exemptions for banks;
required Treasury to designate a single agency to receive
SAR's;
required Treasury to delegate CMP powers for BSA violations to
the Federal bank regulatory agencies subject to such terms and
conditions as Treasury may require;
required nonbank financial institutions to register with
Treasury; and
created a safe harbor from penalties for banks that use
mandatory and discretionary exemptions in accordance with Treasury
directives.
Finally, in 2001, as a result of the September 11 terror attacks,
Congress passed the USA PATRIOT Act. The USA PATRIOT Act is arguably
the single most significant AML law that has been enacted since the BSA
itself. Among other things, the USA PATRIOT Act augmented the existing
BSA framework by prohibiting banks from engaging in business with
foreign shell banks, requiring banks to enhance their due diligence
procedures concerning foreign correspondent and private banking
accounts, and strengthening their customer identification procedures.
The USA PATRIOT Act also:
provides the Secretary of the Treasury with the authority to
impose special measures on jurisdictions, institutions, or
transactions that are of ``primary money-laundering concern;''
facilitates records access and requires banks to respond to
regulatory requests for information within 120 hours;
requires regulatory agencies to evaluate an institution's AML
record when considering bank mergers, acquisitions, and other
applications for business combinations;
expands the AML program requirements to all financial
institutions; and
increases the civil and criminal penalties for money
laundering.
The OCC and the other Federal banking agencies have issued two
virtually identical regulations designed to ensure compliance with the
BSA. The OCC's BSA compliance regulation, 12 CFR Sec. 21.21, requires
every national bank to have a written program, approved by the board of
directors, and reflected in the minutes of the bank. The program must
be reasonably designed to assure and monitor compliance with the BSA
and must, at a minimum: (1) provide for a system of internal controls
to assure ongoing compliance; (2) provide for independent testing for
compliance; (3) designate an individual responsible for coordinating
and monitoring day-to-day compliance; and (4) provide training for
appropriate personnel. In addition, the implementing regulation for
Section 326 of the USA PATRIOT Act requires every bank adopt a customer
identification program as part of its BSA compliance program.
The OCC's SAR regulation, 12 CFR Sec. 21.11, requires every
national bank to file a SAR when they detect certain known or suspected
violations of Federal law or suspicious transactions related to a money
laundering activity or a violation of the BSA. This regulation mandates
a SAR filing for any potential crimes: (1) involving insider abuse
regardless of the dollar amount; (2) where there is an identifiable
suspect and the transaction involves $5,000 or more; and (3) where
there is no identifiable suspect and the transaction involves $25,000
or more. Additionally, the regulation requires a SAR filing in the case
of suspicious activity that is indicative of potential money laundering
or BSA violations and the transaction involves $5,000 or more.
OCC'S BSA/AML Supervision
The OCC and the other Federal banking agencies are charged with
ensuring that banks maintain effective AML programs. The OCC's AML
responsibilities are coextensive with our regulatory mandate of
ensuring the safety and soundness of the national banking system. Our
supervisory processes seek to ensure that institutions have compliance
programs in place that include systems and controls to satisfy
applicable CTR and SAR filing requirements, as well as other reporting
and recordkeeping requirements to which banks are subject under the
BSA.
The OCC devotes significant resources to BSA/AML supervision. The
OCC has nearly 1,700 examiners in the field, many of whom are involved
in both safety and soundness and compliance with applicable laws
including the BSA. We have over 300 examiners onsite at our largest
national banks, engaged in continuous supervision of all aspects of
their operations. In 2003, the equivalent of approximately 40 full time
employees were dedicated to BSA/AML supervision. The OCC also has three
full-time BSA/AML compliance specialists in our Washington DC
headquarters office dedicated to developing policy, training, and
assisting on complex examinations. In addition, the OCC has a full-time
fraud expert in Washington DC, who is responsible for tracking the
activities of offshore shell banks and other vehicles for defrauding
banks and the public. These resources are supplemented by dozens of
attorneys in our district offices and Washington DC headquarters office
who work on compliance matters. In 2003 alone, not including our
continuous large bank supervision, the OCC conducted approximately
1,340 BSA examinations of 1,100 institutions and, since 1998, we have
completed nearly 5,700 BSA examinations of 5,300 institutions.
The OCC monitors compliance with the BSA and money laundering laws
through its BSA compliance and money laundering prevention examination
procedures. The OCC's examination procedures were developed by the OCC,
in conjunction with the other Federal banking agencies, based on our
extensive experience in supervising and examining national banks in the
area of BSA/AML compliance. The procedures are risk-based, focusing our
examination resources on high-risk banks and high-risk areas within
banks. During an examination, examiners use the procedures to review
the bank's policies, systems, and controls. Examiners test the bank's
systems by reviewing certain individual transactions when they note
control weaknesses, have concerns about high-risk products or services
in a bank, or receive information from a law enforcement or other
external source.
In 1997, the OCC formed the National Anti-Money Laundering Group
(NAMLG), an internal task force that serves as the focal point for all
BSA/AML matters. Through the NAMLG, the OCC has undertaken a number of
projects designed to improve the agency's supervision of the BSA/AML
activities of national banks. These projects include the development of
a program to identify high-risk banks for expanded scope BSA
examinations and the examination of those banks using agency experts
and expanded procedures; examiner training; the development of revised
examination procedures; and issuance of policy guidance on various BSA/
AML topics.
Over the years, the NAMLG has had many significant accomplishments
including:
publishing and updating numerous guidance documents, including
the Comptroller's BSA Handbook, extensive examination procedures,
numerous OCC advi-sories, bulletins and alerts, and a comprehensive
reference guide for bankers and examiners;
providing expertise to the Treasury Department and the
Department of Justice in drafting the annual U.S. National Money
Laundering Strategy;
providing expertise to the Treasury Department, FinCEN and the
other Federal banking agencies in drafting the regulations to
implement the USA PATRIOT Act; and
developing state-of-the-art training programs for OCC and
other Federal and foreign regulatory authorities in training their
examiners in BSA/AML supervision.
To deploy its resources most effectively, the OCC uses criteria
developed by NAMLG that targets banks for expanded scope AML
examinations. Experienced examiners and other OCC experts who
specialize in BSA compliance, AML, and fraud are assigned to the
targeted examinations. The examinations focus on areas of identified
risk and include comprehensive transactional testing procedures. The
following factors are considered in selecting banks for targeted
examinations:
locations in high-intensity drug trafficking areas (HIDTA) or
high-intensity money laundering and related financial crime areas
(HIFCA);
excessive currency flows;
significant international, private banking, fiduciary or other
high-risk activities;
unusual suspicious activity reporting patterns;
unusual large currency transaction reporting patterns; and
fund transfers or account relationships with drug source
countries or countries with stringent financial secrecy laws.
The program may focus on a particular area of risk in a given year.
For example, our 2005 targeting program will focus on banks that have
significant business activity involving foreign money services
businesses. In prior years, our targeting focus has been on banks that
have significant business activity in private banking, offshore
banking, and lines of business subject to a high risk of terrorist
financing.
Other responsibilities of the NAMLG include sharing information
about money laundering issues with the OCC's District offices;
analyzing money laundering trends and emerging issues; and promoting
cooperation and information sharing with national and local AML groups,
the law enforcement community, bank regulatory agencies, and the
banking industry.
NAMLG has also worked with law enforcement agencies and other
regulatory agencies to develop an interagency examiner training
curriculum that includes instruction on common money laundering
schemes. In addition, the OCC has conducted AML training for foreign
bank supervisors and examiners two to three times per year for the past
4 years. Over 250 foreign bank supervisors have participated in this
training program. Recently, the World Bank contracted with the OCC to
tape our international BSA school for worldwide broadcast. The OCC has
also partnered with the State Department to provide AML training to
high-risk jurisdictions, including selected Middle Eastern countries.
And we consistently provide instructors for the Federal Financial
Institutions Examination Council schools, which are now patterned after
the OCC's school. In total, the OCC's AML schools have trained
approximately 550 OCC examiners over the past 5 years.
OCC's Enforcement Authority
Effective bank supervision requires clear communications between
the OCC and the bank's senior management and board of directors. In
most cases, problems in the BSA/AML area, as well as in other areas,
are corrected by bringing the problem to the attention of bank
management and obtaining management's commitment to take corrective
action. An OCC Report of Examination documents the OCC's findings and
conclusions with respect to its supervisory review of a bank. Once
problems or weaknesses are identified and communicated to the bank, the
bank's senior management and board of directors are expected to
promptly correct them. The actions that a bank takes, or agrees to
take, to correct deficiencies documented in its Report are important
factors in determining whether more forceful action is needed.
OCC enforcement actions fall into two broad categories: Informal
and formal. In general, informal actions are used when the identified
problems are of limited scope and magnitude and bank management is
regarded as committed and capable of correcting them. Informal actions
include commitment letters, memoranda of understanding, and matters
requiring board attention in examination reports. These
generally are not public actions.
The OCC also may use a variety of formal enforcement actions to
support its supervisory objectives. Unlike most informal actions,
formal enforcement actions are authorized by statute, are generally
more severe, and are disclosed to the public. Formal actions against a
bank include C&D orders, formal written agreements and CMPs. C&D orders
and formal agreements are generally entered into consensually by the
OCC and the bank and require the bank to take certain actions to
correct identified deficiencies. The OCC may also take formal action
against officers, directors and other individuals associated with an
institution (institution-affiliated parties). Possible actions against
institution-affiliated parties include removal and prohibition from
participation in the banking industry, CMP's, and C&D orders.
In the BSA area, the OCC's CMP authority is concurrent with that of
FinCEN. In cases involving systemic noncompliance with the BSA, in
addition to taking our own actions, the OCC refers the matter to
FinCEN. In the case of Riggs Bank, the OCC and FinCEN worked together
on the CMP against the bank.
In recent years, the OCC has taken numerous formal actions against
national banks to bring them into compliance with the BSA. These
actions are typically C&D orders and formal agreements. The OCC has
also taken formal actions against institution-affiliated parties who
participated in BSA violations. From 1998 to 2003, the OCC has issued a
total of 78 formal enforcement actions based in whole, or in part, on
BSA/AML violations. During this same time period, the OCC has also
taken countless informal enforcement actions to correct compliance
program deficiencies that did not rise to the level of a violation of
law.
Significant BSA/AML Enforcement Actions
The OCC has been involved in a number of cases involving serious
BSA violations and, in some cases, actual money laundering. Some of the
more significant cases involved the Bank of China (New York Federal
Branch), Broadway National Bank, Banco do Estado de Parana (New York
Federal Branch), and Jefferson National Bank. There are also dozens of
other examples where the OCC identified significant money laundering or
BSA non-compliance, took effective action to stop the activity, and
ensured that accurate and timely referrals were made to law
enforcement.
Bank of China, New York Federal Branch
In May 2000, OCC examiners conducting a safety and soundness
examination discovered serious misconduct on the part of the branch and
its former officials, including the facilitation of a fraudulent letter
of credit scheme and other suspicious activity and potential fraud and
money laundering. The misconduct, which resulted in significant losses
to the branch, was subsequently referred to law enforcement. In January
2002, the OCC and the Peoples' Bank of China entered into companion
actions against the Bank of China and its United States-based Federal
branches. The bank's New York branch agreed to pay a $10 million
penalty assessed by the OCC and the parent bank, which is based in
Beijing, agreed to pay an equivalent amount in local currency to the
People's Bank of China, for a total of $20 million. The OCC also
required that the branch execute a C&D order which, among other things,
required it to establish account opening and monitoring procedures, a
system for identifying high risk customers, and procedures for regular,
ongoing review of account activity of high risk customers to monitor
and report suspicious activity. The OCC also took actions against six
institution-affiliated parties.
Broadway National Bank, New York, New York
In March 1998, the OCC received a tip from two separate law
enforcement agencies that this bank may be involved in money
laundering. The OCC immediately opened an examination which identified
a number of accounts at the bank that were either being used to
structure transactions, or were receiving large amounts of cash with
wire transfers to countries known as money laundering and drug havens.
Shortly thereafter, the OCC issued a C&D order which shut down the
money laundering and required the bank to adopt more stringent
controls. The OCC also initiated prohibition and CMP cases against bank
insiders. In referring the matter to law enforcement, we provided
relevant information including the timing of deposits that enabled law
enforcement to seize approximately $4 million and arrest a dozen
individuals involved in this scheme. The subsequent OCC investigation
resulted in the filing of additional SAR's, the seizure of
approximately $2.6 million in additional funds, more arrests by law
enforcement, and a referral by the OCC to FinCEN. In November 2002, the
bank pled guilty to a three count felony information that charged it
with failing to maintain an AML program, failing to report
approximately $123 million in suspicious bulk cash and structured cash
deposits, and aiding and assisting customers to structure approximately
$76 million in transactions to avoid the CTR requirements. The bank was
required to pay a $4 million criminal fine.
Banco do Estado de Parana, Federal Branch, New York, N.Y (Banestado)
In the summer of 1997, the OCC received information from Brazilian
Government officials concerning unusual deposits leaving Brazil via
overnight courier. The OCC immediately dispatched examiners to the
branch that was receiving the majority of the funds. OCC examiners
discovered significant and unusually large numbers of monetary
instruments being shipped via courier into the Federal branch from
Brazil and other countries in South America, as well as suspicious wire
transfer activity that suggested the layering of the shipped deposits
through various accounts with no business justification for the
transfers. The OCC entered into a C&D order with the Federal branch and
its head office in Brazil in January 1998 that required controls over
the courier and wire transfer activities and the filing of SAR's with
law enforcement. The OCC also hosted several meetings with various law
enforcement agencies discussing these activities and filed a referral
with FinCEN. Shortly thereafter, the Brazilian bank liquidated the
branch. In May 2000, the OCC assessed a CMP against the branch for
$75,000.
Jefferson National Bank, Watertown, New York
During the 1993 examination of this bank, the OCC learned from the
Federal Reserve Bank of New York that the bank was engaging in cash
transactions that were not commensurate with its size. OCC examiners
subsequently discovered that several bank customers were depositing
large amounts of cash that did not appear to be supported by the
purported underlying business, with the funds being wired offshore. The
OCC filed four criminal referral forms (predecessor to the SAR) with
law enforcement pertaining to this cash activity and several additional
criminal referral forms pertaining to insider abuse and fraud at the
bank. The OCC also briefed several domestic and Canadian law
enforcement agencies alerting them to the significant sums of money
flowing through these accounts at the bank. Based upon this
information, law enforcement commenced an investigation of these large
deposits. The investigation resulted in one of the most successful
money laundering prosecutions in U.S. Government history. The
significant sums of money flowing through the bank were derived from
cigarette and liquor smuggling through the Akwesasne Indian Reservation
in northern New York. The ring smuggled $687 million worth of tobacco
and alcohol into Canada between 1991 and 1997. The case resulted in 21
indictments that also sought the recovery of assets totaling $557
million. It also resulted in the December 1999 guilty plea by a
subsidiary of R.J. Reynolds tobacco company and the payment of a $15
million criminal fine. The four criminal referral forms filed by the
OCC in the early stages of this investigation were directly on point
and pertained to the ultimate ringleaders in the overall scheme. These
money laundering cases were in addition to the C&D order entered into
with the bank, the prohibition and CMP cases that were brought by the
OCC, and the insider abuse bank fraud cases that were brought by law
enforcement against some of the bank's officers and directors. Seven
bank officers and directors were ultimately convicted of crimes.
OCC Cooperation with Law Enforcement and Other Agencies
As the above cases illustrate, combating money laundering depends
on the cooperation of law enforcement, the bank regulatory agencies,
and the banks themselves. The OCC participates in a number of
interagency working groups aimed at money laundering prevention and
enforcement, and meets on a regular basis with law enforcement agencies
to discuss money laundering issues and share information that is
relevant to money laundering schemes. For example, the OCC is an
original member of both the National Interagency Bank Fraud Working
Group and the Bank Secrecy Act Advisory Group. Both of these groups
include representatives of the Department of Justice, the FBI, the
Treasury Department, and other law enforcement agencies, as well as the
Federal banking agencies. Through our interagency contacts, we
sometimes receive leads as to possible money laundering in banks that
we supervise. Using these leads, we can target compliance efforts in
areas where we are most likely to uncover problems. For example, if the
OCC receives information that a particular account is being used to
launder money, our examiners would then review transactions in that
account for suspicious funds movements, and direct the bank to file a
SAR if suspicious transactions are detected. The OCC also provides
information, documents, and expertise to law enforcement for use in
criminal investigations on a case-specific basis.
The OCC has also played an important role in improving the AML and
terrorist financing controls in banking throughout the world. For the
past several years, the OCC has provided examiners to assist with
numerous U.S. Government-sponsored international AML and terrorist
financing assessments. We have a cadre of specially trained examiners
that has provided assistance to the Treasury Department and the State
Department on these assessments in various parts of the world,
including South and Central America, the Caribbean, the Pacific-rim
nations, the Middle East, Russia, and the former Eastern Bloc nations.
In this regard, the cadre has participated in terrorist financing
investigations, assessed local money laundering laws and regulatory
infrastructure, and provided training to bank supervisors.
The OCC is also providing direct assistance to the Coalition
Provisional Authority (CPA) of Iraq. Four OCC examiners are currently
working in Iraq as technical assistance advisers to the CPA's Ministry
of Finance and helping their counterparts at the Central Bank of Iraq
develop a risk-based supervisory system tailored to the Iraqi banking
system. The OCC examiners are assisting in the development of a law
addressing money laundering and terrorist financing that is close to
enactment by the CPA, the drafting of new policy and examination
manuals to implement this law, and they are providing extensive AML
training to Iraqi bank regulators.
Post-September 11 Activities and the Implementation of the
USA PATRIOT Act
In the immediate aftermath of the September 11 terror attacks, the
OCC participated in a series of interagency meetings with bankers
sponsored by the New York Clearinghouse to discuss the attacks and
their impact on the U.S. economy and banking system, and provided
guidance to the industry concerning the various requests from law
enforcement for account and other information. The OCC was also
instrumental in working with the other banking agencies to establish an
electronic e-mail system for law enforcement to request information
about suspected terrorists and money launderers from every financial
institution in the country. This FBI Control List system was in place
five weeks after September 11 and was the precursor to the current
system established under Section 314(a) of the USA PATRIOT Act, which
is now administered by FinCEN. At the same time, the OCC established a
secure emergency communications e-mail system for all national banks
through the OCC's BankNet technology.
In October 2001, Congress passed the USA PATRIOT Act. The OCC has
been heavily involved in the many interagency work groups tasked with
writing regulations to implement the USA PATRIOT Act over the past few
years. To date, these work groups have issued final rules implementing
Sections 313 (foreign shell bank prohibition); 319(b) (foreign
correspondent bank account records), 314 (information sharing), and 326
(customer identification). The OCC was also involved in drafting the
interim final rule implementing Section 312 (foreign private banking
and correspondent banking).
The OCC took the lead in developing the current 314(a) process for
disseminating information between law enforcement and the banks. The
OCC worked with the interested regulatory and law enforcement agencies,
and drafted detailed instructions to banks concerning the 314(a)
process and the extent to which banks are required to conduct record
and transactions searches on behalf of law enforcement. The OCC also
took the lead in drafting a frequently asked questions (FAQ's) document
to provide further guidance as to the types of accounts and
transactions required to be searched, when manual searches for this
information would be required, and the timeframes for providing
responses back to law enforcement. Under the new procedures, 314(a)
requests from FinCEN are batched and issued every two weeks, unless
otherwise indicated, and financial institutions have two weeks to
complete their searches and respond with any matches.
Throughout this process, the OCC continually assisted FinCEN in
maintaining an accurate electronic database of 314(a) contacts for
every national bank and Federal branch, provided effective
communications to the industry through agency alerts concerning the
314(a) system, and participated in quarterly interagency meetings with
fellow regulators and law enforcement agencies to ensure that the
process was working effectively and efficiently.
The OCC also took the lead in drafting the interagency Customer
Identification Program (CIP) regulation mandated by Section 326 of the
USA PATRIOT Act, which mandates the promulgation of regulations that,
at a minimum, require financial institutions to implement reasonable
procedures for: (1) verifying the identity of any person seeking to
open an account, to the extent reasonable and practicable; (2)
maintaining records of the information used to verify the person's
identity, including name, address, and other identifying information;
and (3) determining whether the person appears on any lists of known or
suspected terrorists or terrorist organizations provided to the
financial institution by any government agency. The OCC is also the
primary drafter of interagency FAQ's concerning the implementation of
the CIP rules. A second set of interagency FAQ's will be issued
shortly.
In order to assess USA PATRIOT Act implementation by the industry,
in the summer of 2002, the OCC conducted reviews of all of its large
banks to assess their compliance with the regulations issued under the
USA PATRIOT Act up to that time, and to evaluate the industry response
to terrorist financing risk. Although, at that time, many of the USA
PATRIOT Act regulations had not yet been finalized, we felt it was
important to ascertain the level of bank compliance with and
understanding of the new requirements. The purpose of these reviews was
to discern the types of systems and controls banks had in place to
deter terrorist financing, and follow up with full-scope AML exams in
institutions that had weaknesses. As a result of these reviews, the OCC
was able to obtain practical first hand knowledge concerning how banks
were interpreting the new law, whether banks were having problems
implementing the regulations or controlling terrorist financing risk,
and which banks needed further supervision in this area.
On October 20, 2003, the OCC issued interagency examination
procedures to evaluate national bank compliance with the requirements
of Section 313 and 319(b), and Section 314 of the USA PATRIOT Act. The
procedures were designed to assess how well banks are complying with
the new regulations and to facilitate a consistent supervisory approach
among the banking agencies. OCC examiners are now using the procedures
during BSA/AML examinations of the institutions under our supervision.
The procedures allow examiners to tailor the examination scope
according to the reliability of the bank's compliance management system
and the level of risk assumed by the institution. An interagency
working group is currently drafting examination procedures concerning
Section 326 of the USA PATRIOT Act. The OCC is also the primary drafter
of these procedures and we expect that they will be issued shortly.
OCC Outreach and Industry Education
As previously stated, the primary responsibility for ensuring that
banks are in compliance with the BSA lies with the bank's management
and its directors. To aid them in meeting this responsibility, the OCC
devotes extensive time and resources to educating the banking industry
about its obligations under the BSA. This has typically included active
participation in conferences and training sessions across the country.
For example, in 2002 the OCC sponsored a nationwide teleconference to
inform the banking industry about the USA PATRIOT Act. This
teleconference was broadcast to 774 sites with approximately 5,400
listeners.
The OCC also provides guidance to national banks through: (1)
industry outreach efforts that include roundtable discussions with
bankers and industry wide conference calls sponsored by the OCC; (2)
periodic bulletins that inform and remind banks of their
responsibilities under the law, applicable regulations, and
administrative rulings dealing with BSA reporting requirements and
money laundering; (3) publications, including the distribution of
comprehensive guide in this area entitled Money Laundering: A Banker's
Guide to Avoiding Problems; (4) publication and
distribution of the Comptroller's BSA Handbook which contains the OCC's
BSA examination procedures, and the Comptroller's Handbook for
Community Bank Supervision which provides guidance on BSA/AML risk
assessment; and (5) periodic alerts and advisories of potential frauds
or questionable activities, such as alerts on unauthorized banks and
FinCEN reporting processes. In addition, senior OCC officials are
regular participants in industry seminars and forums on the BSA, the
USA PATRIOT Act, and related topics.
Current Supervisory Initiatives
The OCC uses somewhat different examination approaches depending
largely on the size of the institution and its risk profile. In large
banks (generally total assets of $25 billion) and mid-size banks
(generally total assets of $5 billion), OCC examiners focus first on
the bank's BSA compliance program. These banks are subject to our
general BSA/AML examination procedures that include, at a minimum, a
review of the bank's internal controls, policies, procedures, customer
due diligence, SAR/CTR information, training programs, and compliance
audits. We also evaluate BSA officer competence, the BSA program
structure, and the bank's audit program, including the independence and
competence of the audit staff. While examining for overall BSA
compliance, examiners typically focus on suspicious activity monitoring
and reporting systems and the effectiveness of the bank's customer due
diligence program.
Additional and more detailed procedures are conducted if control
weaknesses or concerns are encountered during the general procedures
phase of the examination. These supplemental procedures include:
transaction testing to ascertain the level of risk in the
particular business area (for example, private banking, payable
upon proper identification programs (PUPID), nonresident alien
accounts, international brokered deposits, foreign correspondent
banking, and pouch activity) and to determine whether the bank is
complying with its policies and procedures, including SAR and CTR
filing requirements;
evaluation of the risks in a particular business line or in
specific accounts and a determination as to whether the bank is
adequately managing the risks;
a selection of bank records to determine that its
recordkeeping processes are in compliance with the BSA.
For community banks (generally total assets under $5 billion),
examiners determine the examination scope based on the risks facing the
institution. For low-risk banks, examiners evaluate changes to the
bank's operations and review the bank's BSA/AML compliance program. For
banks with higher risk characteristics and weak controls, additional
procedures are performed, including review of a sample of high-risk
accounts and additional procedures set forth above. Examiners also
perform periodic monitoring procedures between examinations and conduct
follow-up activities when significant issues are identified.
Use of CTR and SAR Data in the Examination Process
All banks are required by regulation to report suspected crimes and
suspicious transactions that involve potential money laundering or
violate the BSA. In April 1996, the OCC, together with the other
Federal banking agencies, and FinCEN, unveiled the SAR system, SAR
form, and database. This system provides law enforcement and regulatory
agencies online access to the entire SAR database. Based upon the
information in the SAR's, law enforcement agencies may then, in turn,
initiate investigations and, if appropriate, take action against
violators. By using a universal SAR form, consolidating filings in a
single location, and permitting electronic filing, the system greatly
improves the reporting process and makes it more useful to law
enforcement and to the regulatory agencies. As of December 2003, banks
and regulatory agencies had filed over 1.3 million SAR's, with national
banks by far the biggest filers. Nearly 50 percent of these SAR's were
for suspected BSA/money laundering violations.
The OCC also uses the SAR database as a means of identifying high-
risk banks and high-risk areas within banks. Year-to-year trend
information on the number of SAR's and CTR's filed is used to identify
banks with unusually low or high filing activity. This is one factor
used by the OCC to identify high-risk banks. Examiners also review
SAR's and CTR's to identify accounts to include in the examination
sample. Accounts where there have been repetitive SAR filings or
accounts with significant cash activity in a high-risk business or
inconsistent with the type of business might be accounts selected for
the sample.
Riggs Bank Enforcement Actions
As previously mentioned, the OCC and FinCEN recently assessed a $25
million CMP against Riggs Bank N.A. for violations of the BSA and its
implementing regulations, and for failing to comply with the
requirements of an OCC C&D order that was signed by the bank in July
2003. Also, in a separate C&D action dated May 13, 2004 to supplement
the C&D we had issued in July 2003, the OCC directed the bank to take a
number of steps to correct deficiencies in its internal controls,
particularly in the BSA/AML area. Among other requirements in this
separate action, the OCC directed the bank to:
Ensure competent management. Within 30 days, the board of
directors must determine whether management or staff changes are
needed and whether management skills require improvement.
Develop a plan to evaluate the accuracy and completeness of
the bank's books and records, and develop a methodology for
determining that information required by the BSA is appropriately
documented, filed, and maintained.
Adopt and implement comprehensive written policies for
internal controls applicable to the bank's account relationships
and related staffing, including the Embassy and International
Private Banking Group. Among other requirements, the policies must
mandate background checks of all relationship managers at least
every 3 years and must prohibit any employee from having signature
authority, ownership, or custodial powers for any customer account.
Develop and implement a policy that permits dividend payments
only when the bank is in compliance with applicable law and upon
written notice to the OCC.
Adopt and implement an internal audit program sufficient to
detect irregularities in the bank's operation, determine its level
of compliance with applicable laws and regulations and provide for
testing to support audit findings, among other requirements.
These actions were based on a finding that the bank had failed to
implement an effective AML program. As a result, the bank did not
detect or investigate suspicious transactions and had not filed SAR's
as required under the law. The bank also did not collect or maintain
sufficient information about its foreign bank customers. In particular,
the OCC found a number of problems with the bank's account relationship
with foreign governments, including Saudi Arabia and Equatorial Guinea.
Riggs failed to properly monitor, and report as suspicious,
transactions involving tens of million of dollars in cash withdrawals,
international drafts that were returned to the bank, and numerous
sequentially numbered cashier's checks. The OCC will continue to
closely monitor the corrective action that the bank takes in response
to the order and we are prepared to take additional actions if
necessary.
These actions are the most recent of a series of escalating
supervisory and enforcement reactions to ongoing deficiencies in Riggs
BSA/AML compliance program. Since this matter involves an open bank and
open investigations, there are limitations on what can be said without
disclosing confidential supervisory information and potentially
compromising future criminal, civil and administrative actions. With
that caveat, we have tried to set out below a summary of our
supervision of this institution in the BSA/AML area, dating back to
1997.
The OCC first identified deficiencies in Riggs' procedures several
years ago. Beginning in the late 1990's, we recognized the need for
improved processes at Riggs and for improvements in the training in,
and awareness of, the BSA's requirements and in the controls over their
BSA processes. Prior to September 11, the OCC visited the bank at least
once a year and sometimes more often to either examine or review the
Bank's BSA/AML compliance program.
Over this timeframe OCC examiners consistently found that Riggs'
BSA compliance program was either ``satisfactory'' or ``generally
adequate,'' meaning that it met the minimum requirements of the BSA,
but we nonetheless continued to identify weaknesses and areas of its
program that needed improvement in light of the business conducted by
the bank. We addressed these weaknesses using various informal,
supervisory actions. Generally, this involved bringing the problems to
the attention of bank management and the board and securing their
commitment to take corrective action.
During this period, it was clear that the bank's compliance program
needed improvement but we determined that the program weaknesses did
not rise to the level of a violation of our regulation or pervasive
supervisory concern. The OCC identified problems with the bank's
internal audit coverage in this area, its internal monitoring
processes, and its staff training on the BSA and customer due diligence
requirements. Repeatedly, management took actions to address specific
OCC concerns but, as is now clear, the corrective actions being taken
often were not sufficient to achieve the intended results. The bank was
continually taking steps to respond to OCC criticisms, but failed to
take action on its own to improve its overall compliance program,
especially with regard to high-risk areas. Due to the lack of an
effective and proactive management team, additional weaknesses and
deficiencies were continually identified by the OCC over this time
period, but bank follow-up on these weaknesses ultimately proved to be
ineffective and the problems continued longer than they should have.
As various changes occurred in the regulatory expectations for
banks relative to BSA compliance and related issues over this period of
time, our scrutiny of the bank was adjusted accordingly. For example,
when the Financial Action Task Force and FinCEN identified
``uncooperative'' countries, we conducted an examination at Riggs that
specifically focused on account relationships with those countries and
determined that the bank did not have extensive transaction activity
with any of the countries on the list. In addition, Treasury issued its
guidance on ``politically exposed persons'' in January 2001, and, as a
result, the OCC's focus on the risks associated with the Riggs' embassy banking business began to increase and our supervisory activities were heightened accordingly. However, at that time, the Kingdom of Saudi Arabia
was not viewed as a country that posed heightened risk of money laundering
or terrorist financing, and Equatorial Guinea had just begun to reap the financial benefits of the discovery of large oil reserves in the mid-1990's.
After September 11, the OCC escalated its supervisory efforts to
bring Riggs' compliance program to a level commensurate with the risks
that were undertaken by the bank and we believed that we were beginning
to see some progress in this regard. In fact, the bank was beginning
the process of a major computer system conversion that would address
many of the shortcomings in the existing information systems that the
bank was relying on. Unfortunately, bank management had to adjust the
timeline repeatedly. This caused significant delays in the
implementation date, pushing it from the original target of year-end
2002 to September 2003. Thus, the bank was not able to fulfill many of
the commitments that it made to the OCC to correct our concerns
pertaining to their BSA compliance program. Also, as previously
mentioned, the OCC conducted a series of anti-terrorist financing
reviews at our large or high-risk banks, including Riggs, in 2002. As a
result of these reviews and other internal assessments, plus published
accounts of suspicious money transfers involving Saudi Embassy
accounts, our concerns regarding Riggs BSA/AML compliance were
heightened. Thus, we commenced another examination of Riggs in January
2003.
The focus of the January 2003 examination was on Riggs' Embassy
banking business, and, in particular, the accounts related to the
Embassy of Saudi Arabia. Due to its Washington DC location, its
extensive retail branch network, and its expertise in private banking,
Riggs found embassy banking to be particularly attractive and had
developed a market niche. In fact, at one time, 95 percent of all
foreign embassies in the United States, and 50 percent of the embassies
in London conducted their banking business with Riggs. The OCC's
examination lasted for approximately 5 months and involved experts in
the BSA/AML area. The findings from the January 2003 examination formed
the basis for the July 2003 C&D order entered into with the bank. The
OCC also identified violations of the BSA that were referred to FinCEN.
During the course of the 2003 examination, the OCC cooperated
extensively with investigations by law enforcement into certain
suspicious transactions involving the Saudi Embassy relationship. These
transactions involved tens of millions of dollars in cash withdrawals
from accounts related to the Embassy of Saudi Arabia; dozens of
sequentially numbered international drafts that totaled millions of
dollars that were drawn from accounts related to officials of Saudi
Arabia, and that were returned to the bank; and dozens of sequentially
numbered cashier's checks that were drawn from accounts related to
officials of Saudi Arabia made payable to the accountholder. There was
regular contact with the FBI investigators throughout this examination.
We provided the FBI with voluminous amounts of documents and
information on the suspicious transactions, including information
concerning transactions at the bank that the FBI previously was not
aware of. The OCC also hosted a meeting with the FBI to discuss these
documents and findings. Throughout this process we provided the FBI
with important expertise on both general banking matters, and on some
of the complex financial transactions and products that were
identified.
The July 2003 C&D order directed the bank to take a number of steps
to correct deficiencies in its internal controls in the BSA/AML area
and to strongly consider staffing changes. Among other requirements in
this action, the OCC directed the bank to:
Hire an independent, external management consultant to conduct
a study of the Bank's compliance with the BSA, including, training,
SAR monitoring, and correcting deficiencies and conduct a risk
assessment for compliance with the BSA throughout the bank.
Evaluate the responsibilities and competence of management. In
particular, the consultant's report to the board of directors must
address, among other things, the responsibilities and competence of
the bank's BSA officer, and the capabilities and competence of the
supporting staff in this area. Within 90 days, the board of
directors must determine whether any changes are needed regarding
the bank's BSA officer and staff;
Adopt and implement detailed policies and procedures
(including account opening and monitoring procedures) to provide
for BSA compliance and for the appropriate identification and
monitoring of high risk transactions;
Ensure effective BSA audit procedures and expansion of these
procedures. Within 90 days the board of directors must review and
evaluate the level of service and ability of the audit function for
BSA matters provided by any auditor; and
Ensure bank adherence to a comprehensive training program for
all appropriate operational and supervisory personnel to ensure
their awareness and their responsibility for compliance with the
BSA.
The OCC began its next examination of the bank's BSA compliance in
October 2003. The purpose of this examination was to assess compliance
with the C&D order and the USA PATRIOT Act, and to review accounts
related to the Embassy of Equatorial Guinea. It was clear from this
examination that the bank had made progress in complying with the order
and in improving its AML program. Another notable accomplishment was
the successful implementation of the long planned system upgrade that
significantly improved the information available to bank staff and
management to monitor account activity and identify suspicious
activity. Notwithstanding, there were significant areas of
noncompliance noted by our examination. The examiners found that, as
with the Saudi Embassy accounts, the bank lacked sufficient policies,
procedures, and controls to identify suspicious transactions concerning
the bank's relationship with Equatorial Guinea. These transactions
involved millions of dollars deposited in a private investment company
owned by an official of the country of Equatorial Guinea; hundreds of
thousands of dollars transferred from an account of the country of
Equatorial Guinea to the personal account of a government official of
the country; and over a million dollars transferred from an account of
the country of Equatorial Guinea to a private investment company owned
by the bank's relationship manager. The findings from this examination,
as well as previous examination findings, formed the basis for the
OCC's recent CMP and C&D actions.
In retrospect, as we review our BSA/AML compliance supervision of
Riggs during this period, we should have been more aggressive in our
insistence on remedial steps at an earlier time. We also should have
done more extensive probing and transaction testing of accounts. Our
own BSA examination procedures called for transactional reviews in the
case of high-risk accounts, such as those at issue here, yet until
recently, that was not done at Riggs in the Saudi Embassy and the
Equatorial Guinea accounts. Clearly, the types of strong formal
enforcement action that we ultimately took should have been taken
sooner. This is not a case where the deficiencies in the bank's systems
and controls were not recognized, nor was there an absence of OCC
supervisory attention to those deficiencies. But we failed to
sufficiently probe the transactions occurring in the bank's high-risk
accounts and we gave the bank too much time, based on its apparent
efforts to fix its own problems, before we demanded specific solutions,
by specific dates, pursuant to formal enforcement actions. As described
below, we have reevaluated our BSA/AML supervision processes in light
of this experience and we will be implementing changes to improve how
we conduct supervision in this area. I have also directed that our
Quality Management Division undertake an internal review of our
supervision of Riggs. These steps are outlined more fully below.
Improvements Undertaken to Improve BSA/AML Supervision
While we believe our overall supervisory approach to BSA/AML
compliance has been rigorous and is working well, we are committed to
ongoing evaluation of our approaches to BSA/AML compliance and to
appropriate revisions to our approach in light of technological
developments, and the increasing sophistication of money launderers and
terrorist financers, as well as to address aspects of the process where
shortcomings were evidenced in the Riggs situation. Recent and current
initiatives include the following:
As previously mentioned, together with the other Federal
banking agencies, we recently developed revised examination
procedures for several key sections of the USA PATRIOT Act and we
expect to be issuing a revised version of our BSA Handbook by the
end of the year.
We plan to develop our own database of national bank-filed
SAR's with enhanced search and reporting capabilities for use in
spotting operational risk including in the BSA/AML area. This
database will be compatible with the OCC's supervisory databases
and enable us to: (1) generate specialized reports merging SAR data
with our existing supervisory data, (2) sort SAR information by
bank asset size and line of business, and (3) provide enhanced word
and other search capabilities.
We are developing and will implement nationwide, a new risk
assessment process to better identify high-risk banks. This system
uses standardized data on products, services, customers, and
geographies to generate reports that we will use to identify
potential outliers, assist in the allocation of examiner resources,
and target our examination scopes (for example, particular products
or business lines).
We are exploring with FinCEN and the other agencies better
ways to use BSA information in our examination process, so that we
can better pinpoint risks and secure corrective action. Upon
completion of FinCEN's BSA Direct initiative (currently under
development), the OCC will have direct access, as opposed to dial-
in access, to the SAR database. We expect that this direct access
system will allow us to make better and more effective use of
FinCEN's SAR database.
We are also exploring how we can systematically capture BSA/
AML criticisms in examination reports so that we can track
situations where no follow-up formal action has been taken.
Our Committee on Bank Supervision also has sent an alert to
remind and reinforce for OCC examination staff the need to
recognize accounts and transactions that appear to be anomalous or
suspicious or that have other characteristics that should cause
them to be considered high-risk in nature, and to conduct
additional transaction testing and investigation in such
situations.
In addition, specifically with regard to Riggs, I have directed our
Quality Management Division to immediately commence a review and
evaluation of our BSA/AML supervision of Riggs. This review will
include an assessment of whether we took appropriate and timely actions
to address any shortcomings found in the bank's processes and in its
responses to matters noted by the examiners, and the extent and
effectiveness of our coordination and interaction with other regulators
and with law enforcement. I have also asked for recommendations for
improvements to our BSA/AML supervision and our enforcement policy with
regard to BSA/AML violations.
Conclusion
The OCC is committed to preventing national banks from being used,
wittingly or unwittingly, to engage in money laundering, terrorist
financing, or other illicit activities. We stand ready to work with
Congress, other financial institution regulatory agencies, law
enforcement agencies, and the banking industry to continue to develop
and implement a coordinated and comprehensive response to the threat
posed to the Nation's financial system by money laundering and
terrorist financing.
PREPARED STATEMENT OF DONALD E. POWELL
Chairman, Federal Deposit Insurance Corporation
June 3, 2004
Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank
you for this opportunity to discuss how the Federal Deposit Insurance
Corporation, along with the other bank regulatory agencies, addresses
our responsibilities under the Bank Secrecy Act (BSA) and related anti-
money laundering and antiterrorism laws.
My testimony begins with a brief history of the BSA and an overview
of the work the FDIC is doing under the law. I also will outline the
current initiatives that the FDIC is undertaking to foster a culture
more focused on the effective supervision of banks for compliance with
BSA and related laws, and to provide assistance to law enforcement
agencies. Finally, I will discuss some broader ideas related to the way
bank regulators, law enforcement, and the banking industry can work
together to address money laundering and terrorist financing.
Background and Evolution of BSA
The Bank Secrecy Act, which was enacted in 1970, authorizes the
Secretary of the Treasury (Treasury) to issue regulations requiring
that financial institutions keep records and file reports on certain
financial transactions. Treasury's authority includes specifying filing
and recordkeeping procedures and designating the businesses and types
of transactions subject to these procedures. As part of its overall
responsibility and authority to examine banks for safety and soundness,
the FDIC is responsible for examining State-chartered, nonmember
financial institutions for compliance with the BSA. This is consistent
with Treasury's delegation of its authority under the BSA to the
financial regulatory agencies for determining compliance with the
Treasury's Financial Reporting and Recordkeeping regulations.
The original purpose of the BSA was to prevent banks from being
used to conceal money derived from criminal activity and tax evasion. A
process of filing various reports, including currency transaction
reports (CTR's), was established and proved highly useful in criminal,
tax, and regulatory investigations and proceedings. Banks are required
to report cash transactions over $10,000 using the CTR. The information
collected in the CTR can provide a paper trail for investigations of
financial crimes, including tax evasion and money laundering, and has
led to convictions and asset forfeiture actions.
Although the BSA has been in effect for over 30 years, numerous
revisions and amendments have been made to enhance the notification and
investigation of financial crimes. The Money Laundering Control Act,
which was enacted in 1986 to respond to the increase in money
laundering activity related to narcotics trafficking, was the first
major expansion of the BSA. The Money Laundering Control Act
criminalized money laundering and prohibited the structuring of
transactions to avoid the filing of CTR's. Additionally, at that time,
banks reported suspicious transactions by marking the ``Suspicious''
box on the CTR and also filing a Report of an Apparent Crime form
(criminal referral) with the bank's primary regulator and law
enforcement agencies.
Over the years, additional laws and amendments were passed to
define how financial institutions share information relating to
apparent money laundering activities with law enforcement. These laws
included: the Annunzio-Wylie Money Laundering Suppression Act of 1992,
which replaced the criminal referral form with the suspicious activity
report (SAR) to be used for apparent money laundering activities; the
Money Laundering Suppression Act of 1994, which liberalized the rules
for using CTR exemptions; and the Money Laundering and Financial Crimes
Strategy Act of 1998, which focused on improving cooperation and
coordination among regulators, law enforcement, and the financial
services industry.
The focus of the BSA was escalated further in the wake of the
September 11, 2001, terrorist attacks against the United States with
passage of the Uniting and Strengthening America by Providing
Appropriate Tools to Restrict, Intercept, and Obstruct Terrorism Act of
2001, otherwise known as the USA PATRIOT Act. Title III of the USA
PATRIOT Act expands the BSA beyond its original purpose of deterring
and detecting money laundering to include terrorist financing in the
United States. One of the new provisions requires financial
institutions to conduct due diligence on customer accounts through a
Customer Identification Program (CIP). The CIP requires institutions to
maintain records, including customer information and methods used to
verify customers' identities.
In 1990, the Financial Crimes Enforcement Network (FinCEN) was
established in Treasury to administer the BSA and provide a government-
wide, multisource intelligence and analytical network. In October 2001,
the USA PATRIOT Act elevated the status of FinCEN within Treasury and
emphasized its role in fighting terrorist financing. In addition to
administering the BSA, FinCEN is responsible for expanding the
regulatory framework to other industries (such as insurance, gaming,
securities brokers/dealers) vulnerable to money laundering, terrorist
financing, and other crimes.
Evolution of 314(a) Requests
Shortly after the attacks on September 11, the Federal Bureau of
Investigation provided a confidential listing (Control List) of
suspected terrorists to the Federal banking agencies. The Federal
banking agencies provided the list to financial institutions to check
their records for any relationships or transactions with named
suspects. Financial institutions reported positive matches to the
Federal Reserve Bank of New York which, in turn, passed the information
to the appropriate law enforcement agency. Based upon this information,
law enforcement authorities would
subpoena the reporting bank for relevant information needed to assist
in their investigation. The initial Control List primarily consisted of
suspects, supporters, and material witnesses of the ongoing
investigation of the September 11 attacks.
Section 314 of the USA PATRIOT Act requires FinCEN to establish a
formal mechanism for law enforcement to communicate names of suspected
terrorists and money launderers that are under investigation to
financial institutions on a regular basis. The implementing regulations
mandate that financial institutions receiving names of suspects search
their account and transaction records for potential matches and report
positive results to FinCEN in the manner and time frame specified in
the request. This new information sharing system, referred to as
``314(a) Requests,'' replaced the Control List.
Every FinCEN 314(a) request is certified and vetted as a valid and
significant terrorist/money laundering investigation through the
appropriate law enforcement agency prior to being sent to a financial
institution. Law enforcement agencies maintain that this new system is
an effective, successful tool in their investigations.
Information provided to the FDIC from FinCEN, showing the initial
results of the program, indicate some successes. From February 18,
2003, through November 25, 2003, agencies have processed 188 law
enforcement requests. Of these cases, 124 were related to money
laundering and 64 cases were related to terrorism or terrorist
financing. There were 1,256 subjects of interest in these
investigations. Of these, financial institutions responded with 8,880
matches, resulting in the discovery or issuance of the following:
795 new accounts identified;
35 new transactions;
407 grand jury subpoenas;
11 search warrants;
29 administrative subpoenas/summons; and
3 indictments.
The FDIC plays a particularly active role in ensuring that the
314(a) program runs effectively by maintaining point of contact
information for FDIC-supervised and national banks. By properly
maintaining this information, the FDIC ensures that banks are able to
act on 314(a) requests in the timeliest fashion.
The 314(a) requests should not be confused with the list published
by the Department of the Treasury's Office of Foreign Assets Control
(OFAC). The Section 314(a) request pertains to suspects and material
witnesses to significant terrorist/money laundering investigations, and
is confidential. Further, the names are subject to a one-time search of
bank records, and banks are not required by law to terminate account
relationships. The OFAC list is a public list which contains names of
individuals, organizations and countries against whom the United States
has instituted sanctions. Financial institutions must have a formal
process for regular searches of records and transactions against
updated OFAC lists.
Although the Section 314(a) requests have improved our ability to
identify possible money laundering or terrorist financing activity,
other provisions of Section 314 may be underutilized or could be
improved. For example, under Section 314(b), there is a safe harbor for
bankers to discuss suspect transactions with other banks that are
counterparties in a transaction. It appears that only 10 percent of
insured financial institutions use this safe harbor even though it
creates an opportunity to gain a better understanding of, and develop
additional information about, questionable transactions before they are
reported. In addition, under Section 314(a), financial institutions
generally have a 14-day window to report a positive ``hit.'' This
timeframe should be evaluated to determine whether this permissible
reporting delay is realistic since the information may not be received
until well after criminal activity occurs. As law enforcement, bank
regulators and the industry gain experience with the USA PATRIOT Act,
we must continually evaluate its implementation to ensure that it is as
effective as possible.
Responsibilities of the FDIC to Facilitate BSA Compliance
All FDIC-supervised institutions are required to establish and
maintain procedures designed to assure and monitor compliance with the
requirements of the BSA. Section 326.8 of the FDIC's rules and
regulations requires that all FDIC-supervised institutions maintain BSA
compliance programs that include controls, training, and independent
testing necessary to assure that effective programs are in place.
In addition to examining State-chartered, nonmember banks for
compliance with the BSA and underlying regulations, the FDIC is
required to make periodic reports regarding violations of Treasury's
financial recordkeeping rules to the Treasury. The purpose of the BSA
examination is to determine the effectiveness of a financial
institution's anti-money laundering program. Specifically, every BSA
examination focuses on the oversight provided by a bank's senior
management and its respective Board of Directors, as well as the system
of controls put in place to identify reportable transactions, prepare
CTR's, monitor the purchase and sales of monetary instruments and
electronic funds transfer activities, comply with the OFAC laws and
regulations, administer information sharing requirements under Section
314(a) of the USA PATRIOT Act, administer the Customer Identification
Program, and report suspicious activities. Although the BSA regulations
do not prescribe the frequency with which BSA compliance should be
reviewed, examination procedures for BSA compliance are included within
the scope of FDIC safety and soundness examinations. Since 2000, the
FDIC has conducted almost 11,000 BSA examinations.
The FDIC is the primary Federal regulator of approximately 5,300
insured financial institutions holding total assets of almost $1.7
trillion. The majority of FDIC-supervised institutions are small and
located outside a Metropolitan Statistical Area (MSA),\1\ in less-
densely populated areas. To effectively supervise BSA compliance at
State nonmember banks, the FDIC has adopted a risk-focused approach. An
institution's level of risk for potential money laundering determines
the necessary scope of the BSA examination. For example, an examiner
might consider an institution with the following characteristics to
have a low money-laundering risk: located in a rural area; not located
in a high-risk money laundering and related financial crimes area
(HIFCA); \2\ small asset size; small deposit base; known and stable
customer base; stable management and employee base; and relatively few
CTR's.
---------------------------------------------------------------------------
\1\ The Office of Management and Budget defines an MSA as an area
with either a minimum population of 50,000 or a Census Bureau-defined
urbanized area with a total population of at least 100,000. MSA's
comprise one or more counties and may include one or more outlying
counties that have close economic and social relationships with the
central county. An outlying county must have a specified level of
commuting to the central counties and also must meet certain standards
regarding metropolitan character. For example, the Washington, DC MSA
extends from Frederick, Maryland, to Fredericksburg, Virginia, and
includes two counties in West Virginia.
\2\ HIFCA is a term used in the Money Laundering and Financial
Crimes Strategy Act of 1998 as a means of concentrating law enforcement
efforts at the Federal, State, and local levels in high intensity money
laundering zones.
---------------------------------------------------------------------------
On the other hand, an institution located in a HIFCA or engaged in
particularly risky business lines will receive significantly more
scrutiny under the FDIC's risk-focused compliance examinations due to
their elevated risk profiles. Current HIFCA designations for money
laundering are assigned to the MSA's of New York City, Los Angeles,
Chicago, San Francisco, and Miami. HIFCA's also include the Mexican
borders with Texas and Arizona as well as San Juan, Puerto Rico.
Financial institutions located in a HIFCA, or that have certain
characteristics that may indicate a greater risk of money laundering or
related vulnerabilities, undergo an expanded-scope BSA examination.
These examinations include extensive transaction testing designed to
validate management's compliance with BSA and anti-money laundering
regulations.
Regardless of the risk profile of a particular institution, the
FDIC understands that all institutions are at risk of being utilized to
facilitate money laundering and terrorist financing. In today's global
banking environment where funds are transferred instantly and
communication systems make services available nationally, even a lapse
at a small financial institution outside of a major metropolitan area
can have significant implications in another location across the
Nation. The more difficult it is for criminals and terrorists to gain
entry into the American financial system, the more likely it is that
they will need to rely on less secure and less efficient means of
financing their activities.
While it has been our experience that the vast majority of FDIC-
supervised institutions are diligent in their efforts to establish,
execute, and administer effective BSA compliance programs, there have
been instances where controls and efforts were lacking. In those cases,
the FDIC implements a range of corrective measures to ensure that banks
comply with the law. Generally, weaknesses noted in BSA compliance have
been technical in nature and have not resulted in the facilitation of
money laundering or terrorist financing activities. Usually, bank
management is responsive to correcting the deficiencies within the
normal course of business. In cases where significant deficiencies are
cited during a BSA examination, bank management is required to address
such deficiencies in a written response to the FDIC that outlines the
corrective action proposed and establishes a timeframe for
implementation.
In cases where an institution has been lax in administering its BSA
compliance program and failed to correct previously identified
deficiencies, including significant violations of law, the FDIC has
procedures to obtain commitments from bank management to correct the
deficiencies. The procedures generally require some type of formal or
informal enforcement action. The FDIC can also utilize its authority to
assess civil money penalties against an institution for noncompliance
with BSA. In addition, significant violations are referred to FinCEN,
in accordance with the BSA, which also has the authority to assess
civil money penalties for noncompliance with the BSA.
The FDIC believes in a flexible supervisory approach using
technical guidance, moral suasion, and a gradual escalation of
enforcement action as appropriate. However, a more aggressive
supervisory approach may be necessary to effect correction when a
greater risk for money laundering exists within an institution due to
willful noncompliance with the BSA and/or the absence of an effective
BSA program. The type of enforcement action pursued by the FDIC against
an institution is directly related to the severity of the offense,
management's willingness and ability to effectively implement
corrective action, as well as the extent to which the program has
failed to identify and/or deter potential money laundering.
Additionally, the nature of the criticism, the response to prior
weaknesses or violation notifications, and the overall risk profile of
the institution are factored into the type of supervisory action. When
weaknesses are identified at institutions that have a high BSA risk
profile, such as those located within a HIFCA, the FDIC has been
aggressive in taking formal supervisory action. In addition, the FDIC
has the authority to remove and/or prohibit an individual from the
banking industry for deliberate or negligent actions related to money
laundering.
FDIC Efforts to Thwart Money Laundering and Terrorist Financing
Activities
In order to identify money laundering and terrorist financing
activity, it is important to know the differences between the two
activities. Money laundering generally involves the following factors:
Profit is the motivation;
``Dirty money'' is laundered;
Funds are derived from the crime;
Large sums of money are involved (generally);
Shell companies and offshore centers are frequently used;
Complicated structures are created often requiring attorney or
trustee involvement;
Assets are purchased with illicit funds, then sold, thereby
converting to ``clean'' cash; and
Use of official or counterfeit bank checks or wire transfers.
Terrorist financing differs as it generally involves the following
factors:
Ideology is the motivation;
Both ``clean money'' and ``dirty money'' are laundered;
Funds are often derived from donations and crime;
Both large and small sums of money are involved;
Banks and money exchanges (including alternate value transfer
systems) are used;
Charities and front operations are used; and
Funding sometimes derives from government ``state
sponsorship.'' \3\
---------------------------------------------------------------------------
\3\ State sponsorship can be described as implicit or explicit
action or funding by a government to endorse terrorist activity.
These distinctions between money laundering and terrorist financing
are important when evaluating suspicious bank transactions.
The FDIC examines CTR's and SAR's to determine, in part, a bank's
compliance with the BSA. Examiners analyze an institution's volume and
trend in CTR and SAR filings to assist in risk scoping the examination.
For example, increases in the volume of CTR's filed may be the result
of deposit growth, the elimination of exempted businesses, or increases
in retail or other high-risk customers. Decreases may be caused by the
failure of the bank to file CTR's, an increase in the number of
exempted businesses, the elimination of retail and/or other high-risk
customers, or structuring transactions to avoid reporting requirements.
Increases in the number of SAR's filed may be due to an increase in
high-risk customers, entry into a high-risk market or product, or an
improvement in the bank's method for identifying suspicious activity.
Decreases may be the result of deficiencies in the bank's process for
identifying suspicious activity, the closure of high-risk or suspicious
accounts, personnel changes, or the failure of the bank to file SAR's.
When appropriate, examiners conduct transaction testing during a
BSA examination to determine if reportable transactions have been
captured on the bank's system and if a CTR was filed. In the case of a
structured transaction, an examiner will determine if a SAR was filed.
As part of the CTR and SAR validation process, an examiner may also
note if the SAR reports fraud and/or insider abuse which is closely
linked to money laundering and other illicit acts. Also, examination
staff may use SAR's as a basis for further evaluation of the conduct of
insiders who may eventually be removed and/or banned from the banking
industry under Section 8(e) of the Federal Deposit Insurance Act.
Since 2001, the FDIC has issued 30 formal enforcement actions
against 25 financial institutions and three individuals to address
severely deficient BSA compliance efforts and/or ineffective anti-money
laundering controls. These actions include 25 Orders to Cease and
Desist, three Orders of Prohibition which ban individuals from
participating in the banking industry and two Civil Money Penalty
Assessments against related entities in the amount of $7,500,000.
Fourteen of the 25 Cease and Desist Orders were issued in response to
severe and/or chronic BSA-related deficiencies that exposed those
institutions to a high vulnerability of possible money laundering
activity.
The FDIC also has effectively utilized informal actions such as
bank board resolutions and memoranda of understanding to strengthen the
BSA compliance efforts of its supervised institutions under appropriate
circumstances. The informal actions also put the bank's board of
directors on notice of their responsibility to ensure BSA compliance.
Since 2001, FDIC-supervised institutions have entered into 53 informal
actions with BSA-related provisions.
FDIC Participation in Interagency Working Groups
The FDIC participates in numerous interagency working groups formed
for the purpose of drafting risk-based revisions to the BSA, required
by the USA PATRIOT Act, and developing interpretive guidance for the
financial services community. The FDIC has worked actively with
Treasury and the financial regulators in developing regulations and
guidance to implement the USA PATRIOT Act. For many years, the FDIC has
worked with the Treasury, FinCEN and the other banking agencies in
setting international standards, developing policies, and implementing
best practices to combat money laundering and, more recently, terrorist
funding as part of the nation's anti-money laundering regime.
The FDIC also participates in the Bank Secrecy Act Advisory Group,
which is a public-private partnership devoted to the discussion of
money laundering schemes, enforcement of anti-money laundering laws,
and remedies for making all reporting processes more efficient. The BSA
Advisory Group has 43 members with representatives from all bank
regulatory agencies; law enforcement; the securities, insurance, and
gaming industries; and the banking industry. The BSA Advisory Group and
its subcommittees are currently evaluating all aspects of the BSA
(implementing rules and reporting requirements) and developing
recommendations to make these areas more efficient.
International Outreach Programs
The FDIC believes that strong governance of foreign banking
programs reduces opportunities for money laundering and increases the
ability to identify sources of terrorist financing. The FDIC actively
participates in working groups and technical assistance missions
sponsored by the Departments of State and Treasury to assess
vulnerabilities to terrorist financing activity worldwide and to
develop and implement plans to assist foreign governments in
enforcement efforts directed toward
financial crimes. To facilitate its commitment to these assignments,
the FDIC identified a group of 22 examiners and attorneys who have
received specialized training in identifying money laundering and
terrorist financing. Over the past 2 years, several of these
individuals and others have worked with over 62 countries to provide
technical assistance and training, meeting with supervisory and law
enforcement representatives, senior prosecutors, and financial
intelligence unit directors, and assisting in the development of
foreign-directed BSA training programs. In all cases, the foreign
officials from these countries ranging from Caribbean to European to
Middle Eastern war-torn countries expressed interest in the FDIC's
anti-money laundering examination programs and our progress in
implementing PATRIOT Act provisions. Some of these countries have a
myriad of issues and concerns with regulatory compliance and secrecy
laws. Further, through participation on the Basel Committee, the FDIC
has assisted in the evaluation and issuance of international guidelines
on money laundering.
In addition, the FDIC provided substantial assistance to the
Department of the Treasury in drafting the anti-money laundering/
antiterrorist financing rules for the Iraqi Coalition Provisional
Authority in Baghdad. The comprehensive framework was drafted for the
new Iraqi government to implement and conform to international
standards.
Current Initiatives
Since the passage of the USA PATRIOT Act in 2001 (which augments
the BSA to address the risk of terrorist financing activities), the
FDIC has been involved in a number of activities, including:
implementing rules and interpretive guidance, incorporating changes
into examination procedures, training examiners, and participating in
industry outreach sessions. The agency participated in the rulemaking
process of relevant parts of the USA PATRIOT Act and has participated
in a number of working groups focused on counter-financing of terrorism
and the USA PATRIOT Act. In conjunction with these activities, and, in
part, to address some recommendations identified in a recent FDIC
Office of Inspector General report, we have undertaken a number of
initiatives to enhance the FDIC's enforcement of the BSA.
Upgrading Staff
Consistent with the increased importance of the BSA, the additional
workload associated with the USA PATRIOT Act, and greater emphasis on
international efforts to combat terrorism, the FDIC has taken
additional steps to ensure that these areas receive increased
attention. The FDIC is dedicating more staff to its Special Activities
Section, which oversees the nationwide implementation and coordination
of the FDIC's BSA, anti-money laundering, and PATRIOT Act efforts.
Additionally, the FDIC is designating and training additional BSA
subject matter experts. The FDIC expects to double its number of BSA
experts over the next 18 months. Currently, the FDIC has more than 150
BSA experts nationwide. Multiple experts are assigned to offices that
examine several institutions having characteristics that may indicate
greater money laundering or related vulnerabilities.
Additional Training
In an effort to increase the level of BSA expertise in the field,
the FDIC is requiring all examiners to complete additional formal
training on BSA anti-money laundering and PATRIOT Act issues by year-
end 2004. This computer-based training also will be offered to all
State banking authorities and other regulators who wish to provide
additional training for their staff. As a supplement to the required
additional training, the FDIC is participating in the planning and
development of anti-money laundering training for examiners that is
sponsored by the Federal Financial Institutions Examination Council.
Updating Examiner Guidance
The FDIC continues to reevaluate and modify as necessary all BSA
anti-money laundering and antiterrorism examination and industry
guidance to ensure the incorporation of changes resulting from passage
of the USA PATRIOT Act. This effort involves reviewing all written
guidance for examiner and industry use, working with other bank
regulators and Federal law enforcement in assessing the guidance and
using conferences and other public forums to communicate any changes
required by banks for compliance with the law.
Improving State Examinations
The FDIC has an alternating examination program with most State
banking departments. In this program, the FDIC and State authorities
alternate, or conduct every other examination, accepting or using the
other agency's examination findings to meet mandatory examination cycle
requirements. While the FDIC reviews BSA compliance each time it
examines a State-chartered, nonmember bank, not all States conduct
similar examinations.
Beginning this month, in those instances where a State banking
authority does not conduct Bank Secrecy Act exams, the FDIC will send
an examiner to conduct an examination for BSA and anti-money laundering
compliance concurrent with the State authority's safety and soundness
examination. This initiative will ensure that all FDIC-supervised banks
are reviewed for money laundering and terrorist financing activity
during every examination cycle. Conducting a BSA examination concurrent
with the State's safety and soundness examination is expected to reduce
the regulatory burden upon the financial institution by scheduling both
events simultaneously rather than multiple examinations conducted
during a given year.
In addition, 10 sTates have committed to beginning BSA-examinations
in 2004. The FDIC will assist those States as necessary with training
to facilitate thorough state evaluations of BSA compliance.
Improving Reporting
The FDIC has centralized the monitoring process for FDIC-supervised
banks with serious BSA, anti-money laundering and antiterrorist
financing program deficiencies. This allows senior Washington Office
personnel to confer with regional staff to ensure that a consistent
supervisory approach is applied on a national basis. In addition, the
FDIC recently centralized the process for referring BSA violations to
FinCEN which provides consistency in reporting. These centralization
efforts also will enable the FDIC to analyze historical data internally
to identify emerging trends and issues among FDIC-supervised banks.
In order to provide more information to financial institutions and
the general public, a section of the FDIC's external website is devoted
to the Bank Secrecy Act, anti-money laundering and counter-financing of
terrorism issues.
Improving Government and Industry Coordination
While there has been marked improvement in information sharing
among Government agencies in recent years, communication between
Government entities and the banking industry could be improved. Current
communication tends to be limited to requests for information and
responses to those requests. We should also create a better dialogue
between the industry, the regulators, and law enforcement about how our
banking system can be used for nefarious purposes. We should continue
to work to eliminate any barriers that exist between Government and the
industry to foster more seamless communication about both the broader
context and potential threats. In my view, these efforts would help us
detect and deter the use of the financial system by criminals and
terrorists.
Conclusion
The FDIC believes that a vigilant BSA, anti-money laundering and
antiterrorist financing supervisory program requires that appropriate
supervisory actions be taken to support compliance with Treasury and
FDIC regulations and guidance. Proper supervision of banks to ensure
that they maintain effective programs creates an environment where
terrorists know that any attempt to use the American financial system
to fund their operations pose an unacceptable risk of discovery.
The FDIC diligently enforces the BSA by establishing a
comprehensive supervisory approach that includes conducting thorough
BSA compliance examinations and ensuring an appropriate supervisory
approach when BSA concerns exist in FDIC-supervised institutions. In
addition, the FDIC is proactive in addressing recent changes to the BSA
by incorporating those rules into examiner and industry guidance,
providing various forms of examiner and industry training and outreach
sessions, and assisting in global anti-money laundering and
antiterrorist financing efforts.
The FDIC is fully committed to preventing the use of the financial
system to support criminal or terrorist activities. Highly trained bank
examiners are a major resource in this fight that cannot be easily
duplicated. They are in every bank in the country, they are able to
identify suspicious relationships and transactions and they have the
power to dig deeply into the facts when warning flags are raised. While
the current system is not perfect, we should approach reforms carefully
to ensure that they do not duplicate resources and expertise that
already exist and do not inadvertently interfere with the achievement
of the goals that we all share.
This concludes my testimony. I would be happy to answer any
questions and would like to thank the Committee for providing this
opportunity to discuss the FDIC's role in enforcing the Bank Secrecy
Act and assisting the overall effort to fight money laundering and
terrorist financing activity.
PREPARED STATEMENT OF JAMES E. GILLERAN
Director, Office of Thrift Supervision
U.S. Department of the Treasury
June 3, 2004
Introduction
Good morning, Chairman Shelby, Senator Sarbanes, and Members of the
Committee. Thank you for the opportunity to testify at today's hearing
on the Bank Secrecy Act (BSA), as amended by the USA PATRIOT Act. My
testimony provides an overview of the BSA and OTS's compliance
responsibilities under the BSA and Home Owners' Loan Act (HOLA),
describes our work to implement the USA PATRIOT Act and strengthen
oversight of the BSA, and reports on the state of thrift compliance
with the BSA and on how OTS responds to failures and deficiencies to
comply with the Act. My statement also explains requirements for
thrifts to file suspicious activity reports (SAR's), and summarizes an
ongoing GAO audit of the agency on BSA implementation by OTS.
OTS fully supports the goals and objectives of the BSA and the USA
PATRIOT Act through policies, programs, and regulatory, supervisory,
and enforcement initiatives. We have examiners who are well trained and
experienced in reviewing thrifts for compliance with the BSA and the
USA PATRIOT Act. Our examiners know the institutions we regulate well
and are well-positioned to identify and correct BSA problems. The
average OTS examiner has over 16 years of experience.
Our examiners have been using updated BSA examination procedures
since October of last year. We have strengthened our oversight by
issuing internal guidance to our examiners and external guidance to the
depository institutions. We have also developed and provided
substantial new training programs for our staff over the last 2 years,
and increased the number of examiners who have been trained in BSA
requirements and have developed proficiency in this area.
The number of OTS examiners capable of conducting BSA reviews has
increased by over 80 examiners, or by approximately 75 percent from
2001 to the present. We now have more than 190 examiners trained in BSA
compliance issues, and we will continue to train staff and add
expertise to our examination corps in this area in the coming year. We
also shortened the examination cycle for BSA reviews since 2001, from a
2 to 3 year cycle to a 12 to 18 month examination cycle, or more
frequently if circumstances require.
In addition, our field personnel communicate on a regular, on-going
basis with OTS senior managers. Through frequent industry contact and
ongoing supervision, OTS continually monitors industry BSA compliance
efforts. We frequently consult with individual thrifts on their BSA
compliance programs, such as reviewing changes in key personnel,
unusual activity, or anomalous transactions that might warrant a field
visit.
In our experience, the most effective way to uncover BSA and USA
PATRIOT Act deficiencies is through the ongoing examination process.
Violations are usually discovered in fissures within an institution's
programs, controls or operations. Uncovering weaknesses in an
institution's BSA compliance program requires experienced examiners who
are familiar with the ongoing operations of the particular institutions
they oversee as well as how various banking transactions are typically
structured, industry best practices, and depository institution
operations, generally.
BSA compliance review is necessarily risk-focused--the review is
tailored to consider the potential risk of money laundering or
terrorist financing in different business lines. Our examiners have
broad exposure to an institution's entire business operation: Its
organizational structure, business activities, normal range of
transactions, risk management practices, the quality of its management,
and its internal control environment. Our examinations and follow-up
reviews enable us to monitor corrections and improvements in, and
ongoing compliance with BSA/AML requirements. Knowledge of, and
familiarity with each institution's risk profile puts OTS in the best
position to effectively monitor the BSA compliance programs and
activities of the institutions we regulate.
Background of the Bank Secrecy Act and Compliance Overview
The Bank Secrecy Act (BSA), enacted in 1970, requires financial
institutions to file certain currency and monetary instrument reports
and maintain certain records for possible use in criminal, tax, and
regulatory proceedings. The BSA's purpose is to prevent financial
institutions from being used as intermediaries for the transfer or
deposit of money derived from criminal activity. Accordingly, the BSA
requirements result in a paper trail of the activities of money
launderers serving the interests of terrorists, drug traffickers, and
other elements of white collar and organized crime.
Congress has amended the BSA several times over the years to
strengthen its anti-money laundering (AML) and counter-terrorism
financing purposes. The most recent, and perhaps most significant, set
of amendments is found in Title III of the USA PATRIOT Act. The USA
PATRIOT Act adopted strong and far-reaching requirements intended to
prevent, detect, and prosecute terrorism, terrorist financing, and
international money laundering. It has resulted in several new
regulations that have a direct impact on a thrift's BSA/AML compliance
program.
Since its enactment, OTS has worked vigorously and diligently to
implement the USA PATRIOT Act. As detailed below, OTS has been actively
involved in crafting regulations implementing various provisions of the
USA PATRIOT Act,\1\ and in issuing related guidance and examination
procedures. OTS has been examining and working with the institutions we
regulate to ensure compliance not only with the letter of the law, but
also the spirit of its intended purpose.
---------------------------------------------------------------------------
\1\ This statement references three sets of regulations. These are
OTS's BSA rule at 12 CFR Sec. 563.177; Treasury's BSA regulation at 31
CFR Part 103, which applies to savings associations; and the
interagency USA PATRIOT Act regulations, which are a part of Treasury's
BSA rule in Part 103, which apply to a wide range of financial
institutions, including thrifts.
---------------------------------------------------------------------------
OTS's BSA Oversight Responsibilities
The Home Owners' Loan Act (HOLA) authorizes OTS to require thrifts
to comply with the BSA and provides very broad enforcement authority to
compel this objective.\2\ The HOLA mandates that OTS issue regulations
requiring thrifts to adopt BSA compliance procedures. At each
examination we conduct, OTS reviews the required procedures, documents
its findings and describes any significant problems in the examination
report. When a thrift fails to establish and maintain the required
procedures, or fails to correct previously identified problems, our
examiners and field supervisors are instructed to take enforcement
action against the institution. In addition to the HOLA, we have
enforcement authority under the Federal Deposit Insurance Act (FDIA),
which also imposes AML recordkeeping requirements on thrifts and other
insured depository institutions.\3\
---------------------------------------------------------------------------
\2\ HOLA Sec. 5(d)(6).
\3\ FDIA Sec. 21.
---------------------------------------------------------------------------
To discharge our responsibilities under the HOLA and FDIA, OTS
issued a BSA regulation that requires compliance with specific
components of the BSA.\4\ Our regulation also requires thrifts to
comply with the Department of the Treasury's BSA regulations,\5\
including requirements for Customer Identification Programs (CIP's),
internal controls, testing for BSA compliance, and employee training on
BSA/AML and related issues.
---------------------------------------------------------------------------
\4\ 12 CFR Sec. 563.177.
\5\ 12 CFR Part 103.
---------------------------------------------------------------------------
OTS has also adopted a suspicious activity report (SAR) regulation
that requires thrifts to file a SAR with FinCEN and the appropriate
Federal law enforcement agencies when it detects a ``known or suspected
violation of Federal law or a suspicious transaction related to a money
laundering activity or a violation of the [BSA].'' \6\ These
requirements are described in more detail later in this testimony.
---------------------------------------------------------------------------
\6\ 12 CFR Sec. 563.180.
---------------------------------------------------------------------------
While OTS has broad enforcement authority to correct a deficiency
or BSA violation, choosing the appropriate supervisory response
involves the careful balancing of a wide range of factors and the
informed exercise of professional judgment and discretion.
In our experience, the most effective way to resolve most BSA/AML
compliance program deficiencies is as part of the overall examination
process. We routinely require thrifts to undertake corrective action in
the course of an examination. Addressing issues within the examination
framework often results in a thrift promptly implementing necessary
corrective action, and makes for fast and effective changes that we can
immediately review. We believe that our examiners are in the best
position to uncover problems with a thrift's BSA/AML compliance program
and to resolve them quickly with management. The relationship between
the institutions we regulate and our examiners is extremely
constructive.
It is our experience that most institutions appreciate the
importance of BSA and the USA PATRIOT Act, and are committed to the
concepts, goals, and objectives of these laws. We continue to work with
thrift institutions to ensure that they have a strong, independent
testing and verification process in place. Numbers bear out this
contention. Since July of last year, we addressed BSA/AML compliance
program deficiencies at 167 thrifts. Some of these deficiencies were
self-reported by the institutions, but the vast majority were
identified during OTS examinations. The combination of self-reporting
and issues identified in examinations uncovered 342 BSA violations at
these institutions, mostly of Treasury's BSA regulations at 31 CFR Part
103. In all cases, management either agreed with the examiner's
recommendation and moved promptly to implement changes to fix the
problem, or completed the recommended corrective action before the
examination was completed.
When the examination approach fails to resolve a BSA problem or
issue, OTS can take enforcement action under FDIA Section 8 against a
thrift and its related entities for engaging in an unsafe or unsound
practice or violating a law, regulation, condition imposed in writing,
or written agreement. Under this authority, OTS may (i) issue cease-
and-desist orders, (ii) issue removal, suspension, and prohibition
orders, and/or (iii) impose civil money penalties.
OTS Implementation of the USA PATRIOT Act
Key Provisions of the USA PATRIOT Act
OTS often, in coordination with FinCEN and the other Federal
banking agencies (FBA's), has participated in numerous initiatives to
issue regulations, policy guidance, and examination procedures to
implement the USA PATRIOT Act. For example, OTS issued an extensive
staff summary of the USA PATRIOT Act in March 2002.\7\ This document
informs institutions of the requirements of the Act and provides
information on its implementation. In particular, it discusses the USA
PATRIOT Act in three sections, as follows:
---------------------------------------------------------------------------
\7\ OTS Notice: OTS Staff Summary of USA PATRIOT Act (March 20,
2002) (copy attached).
The first section describes USA PATRIOT Act requirements that
are applicable to all thrift institutions and that were effective
immediately or in the near term, such as the information sharing
requirements and the requirement that a financial institution
produce records relating to its BSA/AML compliance program or its
customers within 120 hours of a request from the appropriate FBA.
The second section describes the new enhanced due diligence
procedures for thrifts that engage in private banking or maintain
foreign correspondent accounts.
The third section discusses USA PATRIOT Act provisions of
general interest, such as the authorization for Treasury to impose
special measures with respect to particular institutions,
jurisdictions, accounts, or transactions and the requirement that
each thrift have a Customer Identification Program (CIP).
OTS also issued a USA PATRIOT Act Update in August 2002.\8\ The
update included important guidance on the new CIP requirements,
information sharing with law enforcement, and new due diligence
requirements for foreign correspondent accounts and private banking
accounts. The update noted that OTS would begin
reviewing for compliance with the provisions when the new regulations
became effective, and urged institutions to carefully review the new
regulations and their preambles, and implement the new procedures as
required.
---------------------------------------------------------------------------
\8\ Chief Executive Officer (CEO) Letter 166 (August 5, 2002) (copy
attached).
---------------------------------------------------------------------------
Customer Identification Programs
The new CIP requirements, issued on May 9, 2003, by the Treasury
Department, the FBA's, the SEC, and the CFTC, set forth procedures for
verifying the identity of anyone who opens an account, and requires
institutions to maintain records to verify a customer's identity, and
to determine whether the customer appears on any list of known or
suspected terrorists or terrorist organizations. An institution's CIP
must include risk-based procedures designed to enable the institution
to form a reasonable belief that it knows the identity of its
customers. OTS has been examining institutions for CIP compliance since
the requirements went into effect on October 1, 2003.
Simultaneous with the issuance of the new CIP rules, OTS issued two
additional pieces of guidance.\9\ Customer Identification Programs: A
Staff Summary and Answers to Questions (the CIP Summary) (copy
attached); and USA PATRIOT Act Preparedness Checkup: A Framework for
Achieving Compliance with the New USA PATRIOT Act Regulations (the
Checkup) (copy attached).
---------------------------------------------------------------------------
\9\ CEO Letter 175 (May 9, 2003) (copy attached).
---------------------------------------------------------------------------
The CIP Summary, the first guidance issued by a regulatory agency
about the new CIP rules, alerted thrifts to the specific requirements
of the new rules. The CIP Summary also specifies exactly what OTS is
looking for when reviewing a thrift's CIP, and addresses important
questions about the CIP rules.
The CIP Summary describes the types of accounts covered by the
rule, who is a ``customer'' for purposes of the rules, and the specific
requirements that a thrift's CIP must meet. The CIP Summary also:
Notes the four pieces of identifying information that a thrift
must obtain from a customer who opens a new account;
Indicates the methods (both documentary and nondocumentary) by
which a thrift can verify the identifying information;
Discusses the recordkeeping requirements of the new rules;
Highlights the requirements about checking Government lists of
suspected terrorists or money launderers;
Notes that thrifts must be in compliance with the new rules
beginning October 1, 2003; and
Emphasizes that OTS would begin examining for compliance
during all examinations beginning on or after October 1, 2003.
The Checkup was issued the same day as the new rules and the CIP
Summary. It remains the only checklist form of guidance about preparing
for USA PATRIOT Act implementation issued by a regulatory agency. In
the Checkup, OTS encouraged institutions to ``ADApT'' their current
BSA/AML program to the new USA PATRIOT Act requirements:
Analyze their current program;
Develop a comprehensive BSA/AML program, which includes a CIP
that address all of the thrift's business lines;
Apply the revised program throughout the thrift's day-to-day
operations; and
Test the new program through internal audits and testing to
ensure that the program is functioning as intended.
The Checkup lists several questions a thrift should ask as it
ADApTs to the new USA PATRIOT Act requirements. For instance, when
Analyzing its current program, a thrift should consider, among other
things, how its business operations expose it to money laundering or
terrorism financing risks. When Developing its new, enhanced BSA/AML
program, a thrift should take a number of steps, including ensuring
that the program addresses each of the new regulatory requirements and
identify business operations that might require enhanced scrutiny.
When Applying its new program, a thrift should ask itself whether
staff is informed of the new requirements, whether appropriate customer
identification information collection and verification practices are
taking place, and whether private banking accounts and foreign
correspondent accounts are being handled correctly. Finally, when a
thrift Tests the new program, the Checkup provides a number of factors
for the thrift to review, including ensuring that internal audits or
compliance reviews identify shortcomings in the BSA/AML compliance
program and seek prompt corrective action, and determining whether
staff and service provider implementation of the new regulatory
requirements is keeping pace with the thrift's operational needs. Our
examiners are instructed to explore all of these issues when
examining an institution's USA PATRIOT Act compliance.
In January 2004, OTS, along with the other FBA's, the SEC, and the
CFTC, issued another importance piece of guidance, ``frequently asked
questions'' (FAQ's) to help explain the final CIP rule.\10\ That
document begins with a general description of the CIP requirements and
emphasizes that a bank's CIP must include risk-based procedures for
verifying the identity of each customer to the extent reasonable and
practicable. The FAQ's note that it is critical that each bank develop
procedures to account for all relevant risks, including those presented
by the types of accounts maintained by the bank, the various methods
provided to open accounts, the type of identifying information
available, and the bank's size, location, and type of business or
customer base.
---------------------------------------------------------------------------
\10\ CEO Letter 188 (January 8, 2004) (copy attached).
---------------------------------------------------------------------------
The FAQ's also make clear that specific minimum requirements in the
rule, such as the four basic types of information to be obtained from
each customer, should be supplemented by risk-based verification
procedures, where appropriate, to ensure that the bank has a reasonable
belief that it knows each customer's identity.
The document also answers a number of common questions about the
CIP rules, such as whether loans purchased from a car dealer are
``accounts'' (No) and whether a person who becomes a co-owner of an
existing deposit account is a ``customer'' (Yes). The FAQ's also
consider whether a bank's foreign subsidiaries are subject to the rule
(No) and whether a bank may keep copies of documents provided to verify
a customer's identity even though not required to do so (Yes). The
agencies are currently working on a second set of FAQ's on the CIP
requirements, which are now circulating for approval at the agencies
and will be issued soon.
Information Sharing
Section 314 of the USA PATRIOT Act encourages cooperation and
information sharing among financial institutions, regulators, and law
enforcement. OTS has actively participated in developing and
implementing these requirements.
On September 26, 2002, Treasury issued a final rule implementing
the new information sharing requirements. In response to industry
concerns about the regulatory burden of the requests for information,
and after consulting with OTS and the other FBA's, on November 26,
2002, Treasury placed a moratorium on information requests from law
enforcement. Treasury subsequently streamlined the process and lifted
the moratorium in February 2003. Since then, institutions have been
responding to requests for information from law enforcement.
Last October, OTS alerted thrifts to new examination procedures to
review thrift compliance with the new requirements,\11\ and we
incorporated the new procedures into our overall BSA examination
procedures. Those procedures include a review of the institution's
procedures for promptly responding to law enforcement requests for
information, documentation of any positive match with the requests, and
copies of any vendor confidentiality agreements regarding services
rendered pursuant to the requests. Examiners are also instructed to
review copies of any SAR's filed related to the information sharing
process, as well as to review an institution's analysis or
documentation where a SAR was considered, but not filed.
---------------------------------------------------------------------------
\11\ CEO Letter 183 (October 20, 2003) (copy attached).
---------------------------------------------------------------------------
OTS also participates in quarterly meetings with FinCEN, the
regulators, and representatives of law enforcement to discuss and
further refine the information sharing process. Those meetings allow
law enforcement to provide feedback to the regulators about how the
information sharing process is working and for regulators to convey to
law enforcement the views of financial institutions on how to improve
the process. Items of discussion have included a breakdown of positive
responses by type of financial institution and regulator, proposed
enhancements to the various forms used in the process, and development
of a secure, encrypted network to facilitate the exchange of
information between law enforcement and financial institutions.
Foreign Shell Banks, Requests for Bank Records, and Summons Authority
OTS has also issued specific guidance on the USA PATRIOT Act
provisions banning correspondent accounts for foreign shell banks,
requiring financial institutions to produce records related to anti-
money laundering compliance within 120 hours of an examiner's request,
and providing that Treasury or the Attorney General may issue a
subpoena or summons to any foreign bank that maintains a correspondent
account in the United States and may request the bank to produce
records related to that account, including records maintained abroad.
Treasury, through FinCEN and after consultation with OTS and the
other FBA's, issued a final rule implementing these new requirements on
September 26, 2002. Last October, OTS alerted thrifts to the new
examination procedures to review thrift compliance with the new
requirements.\12\ Under those procedures, examiners are to evaluate an
institution's policies and procedures for foreign correspondent
accounts to determine whether they address the minimum requirements
specified in the regulation, such as the responsible party for
gathering the necessary information and the process for identifying
foreign correspondent accounts. The procedures also require an examiner
to, based on a risk assessment, sample foreign correspondent accounts,
review the collection of requisite information and obtain any customer
due diligence or other relevant information related to those accounts.
We have incorporated those new procedures into our overall BSA
examination procedures.
---------------------------------------------------------------------------
\12\ CEO Letter 183 (October 20, 2003) (copy attached).
---------------------------------------------------------------------------
Other Significant USA PATRIOT Act Provisions
OTS also participates in a number of other ongoing working groups
and projects related to specific provisions of the USA PATRIOT Act. For
instance, Treasury consults with OTS, among others, when considering
whether to impose special measures on a jurisdiction, institution,
class of transactions, or type of account that the Department finds is
of ``primary money laundering concern.'' To date, Treasury has imposed
special measures on Nahru, Burma, and two Burmese banks, and has just
issued a proposal to do so with regard to a bank in Syria.
OTS has been involved in developing new regulations implementing
the USA PATRIOT Act requirements that financial institutions have
specific due diligence procedures, including enhanced due diligence
procedures, for correspondent accounts for foreign financial
institutions or private banking accounts for non-U.S. persons. On July
23, 2002, Treasury, after consulting with OTS and the other FBA's,
issued an interim rule imposing the Section 312 requirements on banks
and thrifts. Treasury is drafting a final regulation implementing
Section 312, and routinely consults OTS.
Examination Procedures and Guidance
In preparation for the October 1, 2003, compliance deadline for the
new CIP requirements, OTS updated its entire BSA examination program.
This revision included updating existing procedures and adding new
sections to address specific USA PATRIOT Act requirements. We trained
our examiners on the new procedures in mid-September 2003, and our
examiners have been using the new procedures for all BSA examinations
that commenced since October 1, 2003. Examiner reaction has been
positive, with the examiners' general perception that most institutions
are taking the necessary steps to comply with the new USA PATRIOT Act
requirements. After extensive field testing, we are in the final stages
of formally incorporating the new procedures in our OTS Examination
Handbook.
Under our comprehensive examination approach, many more examiners
are now trained on conducting BSA examinations, which has expanded our
capabilities immensely. We continually discuss and cover BSA and USA
PATRIOT Act examination issues at staff conferences, examiner team
meetings, and examiner education initiatives. In addition to our
September 2003 training on the new procedures, we have included BSA/USA
PATRIOT Act discussions in our Compliance I, Compliance II, and
Advanced Compliance examiner schools. We provided internal training on
the new BSA/USA PATRIOT Act requirements at our National Applications
Staff Conference in May 2003 and our National Compliance Training for
Senior Management program in June 2003. We also provide online and CD-
ROM study guides and training modules for our examiners.
We actively participate in training programs and industry
conferences throughout the country. Besides the guidance we have issued
directly to institutions, we have participated in numerous interagency
BSA/USA PATRIOT Act seminars and town meetings with industry
representatives in all of our Regions. We also participated in BSA/USA
PATRIOT Act discussions at various officer and director conferences,
such as the FDIC's Regional Directors conference, and numerous trade
association conferences. These include conferences sponsored by
America's Community Bankers, the California Bankers Association, the
Chicagoland Bankers Association, the Florida Bankers Association, the
Georgia Community Bankers Association, the Heartland Community Bankers,
the Iowa Bankers Association, Iowa Community Bankers and Iowa
Independent Bankers Association, the Maryland Bankers Association, the
Missouri Bankers, the North Carolina Bankers Association, the Suncoast
Bankers Compliance Association, and the Wisconsin Community Bankers,
among others.
In implementing the new USA PATRIOT Act requirements and in
examining thrifts for compliance under the new BSA procedures issued
last October, OTS also has had the benefit of several recommendations
made by the Treasury Department's Inspector General, who conducted an
audit of OTS's enforcement actions taken for BSA violations. That audit
report, issued September 23, 2003, and which covered the period January
2000 through October 2002, made certain recommendations to further
enhance OTS's supervisory process and data collection efforts.
In response to these recommendations, OTS has issued both external
and internal supplemental guidance on BSA/AML compliance programs and
the enforcement of BSA obligations. This past March, OTS issued a
regulatory bulletin that discusses OTS's authority under the BSA,
details the specific regulatory and statutory requirements applicable
to thrift operations in this area, and sets out general enforcement
guidelines that OTS will follow for violations of the regulatory and
statutory requirements.\13\
---------------------------------------------------------------------------
\13\ Regulatory Bulletin 18-6 (March 31, 2004) (copy attached).
---------------------------------------------------------------------------
The bulletin also lists the special factors that OTS will consider
when determining the appropriate enforcement action for BSA/AML
violations, including the following:
Whether the thrift has adequately corrected BSA/AML violations
noted in a prior Report of Examination (ROE);
Whether the thrift's BSA/AML compliance has deteriorated since
violations were noted in the prior ROE, or there has been
inordinate delay in making meaningful progress in addressing the
violations;
Whether the violations in fact constitute, or reflect a
material risk of, money laundering, terrorist financing, or
structuring to avoid reporting requirements; and
Whether the thrift identified the weaknesses itself through
its BSA testing, audit, or self-evaluation efforts and the thrift
has independently instituted timely and adequate corrective action.
On April 5, 2004, we issued to our examiners new internal guidance
elaborating on certain features of the regulatory bulletin. That
guidance identifies specific BSA/AML violations that must be noted in
examination reports, unless the thrift adequately corrects the
violations during the examination period. The internal guidance
provides further instruction on when a thrift will be considered to
have ``adequately corrected'' a violation. The internal guidance also
specifies that all institutions, regardless of asset size, must have
BSA compliance programs that address all the regulatory requirements
and are appropriate to the BSA/AML risks attributable to the thrift's
risk factors, operational complexity, and market circumstances.
Finally, the internal guidance provides more detailed instructions to
examiners on documenting BSA/AML violations in the appropriate OTS
database.
The guidance on entering BSA violations data into OTS's new
database is part of an ongoing, multiyear project to enhance and update
our examination reporting database that was begun in January 2000. The
update, now completed, encompasses all examination areas, including
examination of a thrift's BSA compliance program. Not only does our
enhanced database enable OTS to more closely monitor a thrift's
compliance as well as industry trends and areas of interest, but also
the data it is producing verifies our conviction that the most
effective way to resolve deficiencies in a thrift's BSA/AML compliance
program is during the examination process.
Finally, also as suggested by the Inspector General, we have
enhanced our supervisory review of the BSA examination process.
Specifically, to assure BSA violation data accuracy, each examiner-in-
charge is now responsible for ensuring that BSA violations are entered
into the data system correctly. This is often supplemented with a
second level review and each region will conduct periodic quality
assurance reviews to further ensure accurate data entry. We have
drafted procedures for including BSA examinations and the integrity of
system data entry in our ongoing
Examination Quality Assurance reviews. Those reviews are designed to
test compliance with OTS's national standards for BSA examinations,
including those discussed in the new guidance. The initial review of
examinations completed in the first quarter of calendar year 2004 will
commence in the third quarter.
Assessment of Thrift Compliance with the BSA; OTS Enforcement
The effective date for the updated procedures to conduct BSA
examinations, October 1 of last year, coincides with the effective date
for the most recent USA PATRIOT Act regulation, the CIP rules. Although
we have been using these new procedures only a short time, we have
received preliminary feedback from examiners and supervisors in the
field.
That feedback is generally positive. We believe that the thrift
industry, in general, is complying with the BSA and USA PATRIOT Act
requirements. As in most areas of bank supervision, however, we
continue to identify areas of weakness in some thrift institutions. We
also periodically uncover significant problems at a small number of
institutions. In these situations, we move quickly and forcefully to
correct violations. We believe that our record of risk-based
supervisory response to identified institutional weaknesses places OTS
in an excellent position for ensuring that the thrift industry
continues to meets its BSA/AML obligations.
We have identified some recurring problems related to basic BSA/AML
requirements at some smaller institutions that have fewer resources to
devote to compliance issues. The problems we see in these smaller
thrifts are normally the same types we saw even prior to the USA
PATRIOT Act. They generally involve the more administratively intensive
requirements of the BSA program elements. For example, some smaller
thrifts have inadequate training programs or fail to conduct an annual
audit of the BSA compliance program that is fully independent.
Generally speaking, smaller thrifts engaged in typical mortgage
lending and FDIC-insured deposit taking in a local community tend to be
exposed to a lower risk of money laundering as a result of the
traditional nature of their operations. They tend to know their
customers, have geographically limited operations, offer few or no
international banking or private banking products and services, and
conduct more streamlined, traditional banking operations focused on
narrow, longstanding markets (normally mortgage lending). Even small
institutions, however, are not free from the risk of money laundering
activities and our reviews take that fact into consideration.
The BSA compliance program at a small thrift--which still should be
risk-based--need not be as elaborate as a program at a large,
international financial institution. While a BSA compliance program
must include all regulatory components, how each component is satisfied
can vary depending on the operational risk presented by a particular
institution's business. We have made clear to the industry and our
examiners that all thrifts, regardless of size, must have BSA
compliance programs that address all regulatory requirements and are
appropriate to the BSA risks attributable to their operational
complexity and market circumstances.
OTS has backed up that message by issuing a number of formal
enforcement orders to ensure that savings associations comply fully
with the requirements of the BSA. For example, in October 2003, OTS
issued a comprehensive cease-and-desist order to a savings association
requiring that it develop and implement effective BSA and AML programs,
including procedures to ensure that SAR's and CTR's are filed as
required by law. OTS also fined the institution $175,000 for its past
violations. OTS is closely monitoring the institution's compliance with
the order.
In another example, OTS recently issued a cease-and-desist order
against an institution that had several problems with its BSA/AML
compliance program. Those problems included failing to monitor large
cash transaction activity in several commercial accounts, failing to
file SAR's, and failing to file CTR's. Examinations also revealed
weaknesses in the required BSA training programs. The cease-and-desist
order required the thrift to strengthen its BSA compliance program,
with particular attention to its CTR filing obligation and ensuring
that its designated BSA officer had sufficient resources to perform BSA
responsibilities on a day-to-day basis.
In all, since we started using our new examination procedures last
October, we have issued seven formal enforcement orders for BSA
violations, including cease-and-desist orders, civil money penalties,
and supervisory agreements. We also use the examination process to
informally resolve a host of BSA/AML compliance issues. As I noted,
since last July, we identified 167 thrifts with deficiencies in their
BSA/AML compliance programs--all of the institutions either agreed to
implement changes and moved promptly to do so, or completed the
recommended corrective action before the completion of their
examination. Finally, we are actively investigating several other
possible violations of the BSA by thrifts, which may result in the
issuance of other enforcement orders.
Interagency Working Groups and Committees
Cooperation with our fellow agencies is always important, and it is
particularly crucial in the anti-money laundering context. Money
laundering and the financing of terrorism are truly global issues,
cutting across a wide range of business activities, financial
institutions, and international boundaries. The continuing fight
against money laundering and terrorism demands coordinated, consistent
efforts on both the national and international level.
OTS and our Federal banking agency counterparts largely work hand-
in-hand in this effort. I have already mentioned the number of USA
PATRIOT Act-related working groups and regulatory projects to which
OTS, as well the other Federal banking agencies, have contributed. Many
of those projects continue, as the agencies, always in a concerted way,
provide guidance and examination standards to the industry. A good
example of such a continuing effort is the ongoing work to issue a
second set of frequently asked questions about the Customer
Identification Program rules.
OTS also participates in the Bank Secrecy Act Advisory Group
(BSAAG). The BSAAG is a unique collection of representatives from law
enforcement, regulators, and the private sector charged with
responsibility for advising the Secretary of the Treasury on matters
relating to the administration of the BSA. With the USA PATRIOT Act's
expansion of the types of entities subject to anti-money laundering
program requirements, the BSAAG's membership has also recently expanded
to include representatives from a wide variety of new industries, such
as automobile dealers, life insurance companies, and money service
businesses.
Along with the other Federal banking agencies and representatives
from a number of law enforcement agencies, OTS is a member of the Bank
Fraud Working Group. This forum enables participants to share
information, and cooperate in identifying individuals engaged in fraud
and trends involving fraudulent activities.
Even outside the formal working group context, cooperation between
the Federal banking agencies on BSA/AML matters is consistent and long-
standing. For instance, OTS cooperates with FinCEN and law enforcement
agencies when matters of mutual interest are uncovered in OTS
examinations or reviews. OTS and FinCEN have worked together to
investigate and remedy BSA violations through the issuance of parallel
enforcement actions. OTS also has frequently assisted law enforcement
agencies investigating possible criminal misconduct and has, on
occasion, made its examiners available as testifying experts before
grand juries.
OTS's BSA Resources Webpage and Hotline
To make information about the Bank Secrecy Act and USA PATRIOT Act
easily accessible by thrifts and other interested parties, OTS
maintains a page on its internet site with links to all the documents
referred to in this testimony, including those related to CIP and other
USA PATRIOT Act requirements, SAR's, and recent announcements. The
webpage also includes links to FinCEN and to the Office of Foreign
Asset Control (OFAC). The OTS's BSA webpage can be accessed through
OTS's Internet site at www.ots.treas.gov. OTS also maintains a USA
PATRIOT Act hotline for thrifts to call with questions about their BSA
responsibilities.
Suspicious Activity Reports (SAR's)
For many years, the BSA has authorized the Department of the
Treasury to require any financial institution to report suspicious
transactions relevant to possible statutory or regulatory violations.
Even before the FBA's issued SAR regulations in 1996, thrifts and other
depository institutions were required to file criminal referral and
suspicious transactions reports. The USA PATRIOT Act did not change the
basic SAR requirement.
OTS's SAR regulations require a thrift to file a SAR when it
detects a ``known or suspected violation of Federal law or a suspicious
transaction related to a money laundering activity or a violation of
the Bank Secrecy Act.'' \14\ To reduce regulatory burden on filers,
depository institutions, and other filers submit SAR's only to an IRS
data center that maintains a unified SAR database on behalf of FinCEN
and the FBA's. FinCEN presently is testing a system to permit direct,
secure on-line filing of SAR's. Currently, some filers still submit
paper reports. Others deliver information electronically on tape or
disk, which delays its inclusion in the database by approximately 1
month. When fully implemented, electronic filing will greatly improve
the usefulness of the SAR database for regulators and law enforcement
agencies.
---------------------------------------------------------------------------
\14\ 12 CFR Sec. 563.180.
---------------------------------------------------------------------------
Because the SAR database contains highly confidential information
of known or suspected criminal activities, on-line access is restricted
to the FBA's, certain other state and Federal agencies, and to law
enforcement agencies, such as the FBI and the Secret Service. Banks and
thrifts may not disclose a SAR or its contents, and the banking
agencies do not share SAR information with non-SAR users.
From 1996 through 2003, financial institutions filed nearly 1.3
million SAR's. SAR's related to thrifts account for less than 10
percent of all SAR's. The total number of SAR's filed each year has
grown significantly. For the 9 months of 1996 after the SAR
requirements took effect, there were 52,069 SAR's filed. For 2003, this
had grown to 288,343. Nearly half of all SAR's filed since 1996 have
related to BSA and money laundering violations. Check fraud is a
distant second, with nearly 12 percent.
OTS staff members review SAR's each month for possible enforcement
action and to coordinate with law enforcement investigations. In
addition, in preparing to conduct a periodic examination of a thrift,
examiners review the SAR's that relate to the thrift, and during the
examination determine whether there is an ongoing problem that must be
addressed.
SAR's are valuable tools. For instance, information in SAR's allows
FinCEN to identify emerging trends and patterns associated with
financial crimes, which is vital to law enforcement agencies and
provides valuable feedback to regulators and financial institutions.
Here at OTS, information in thrift-filed SAR's has resulted in a number
of enforcement orders, including cease and order orders and prohibition
orders.
General Accounting Office Review
The General Accounting Office (GAO) has recently initiated two new
reviews in this area. One involves a review of the implementation of
the anti-money laundering provisions of the USA PATRIOT Act by the
banking agencies and others. GAO specifically plans to review (i) the
status of implementing the customer identification program and
information sharing provisions, (ii) agency procedures for assessing
compliance and enforcement, (iii) efforts to educate the industry about
the new regulations, and (iv) the extent to which the agencies have
revised and applied examination guidance.
The other review relates to BSA examinations and enforcement for
depository institutions. GAO intends to study (i) how the banking
agencies audit for BSA compliance, (ii) the number and nature of BSA
violations since the late 1990's, (iii) how BSA violations are
identified and addressed, (iv) consistency of BSA examinations,
interpretation, and enforcement across the agencies, (v) the adequacy
of the agencies' resources for BSA examinations and the new USA PATRIOT
Act requirements, and (vi) the role of the Treasury Department in the
agencies' examination programs and enforcement efforts.
Much of this testimony addresses what OTS has accomplished in the
areas to be covered by the GAO reviews. We are working to provide GAO
with the preliminary information they have requested and look forward
to assisting them in their efforts in any way we can.
OTS Recommendations to Enhance Existing BSA/USA PATRIOT Act Efforts
We have identified several areas for consideration that we believe
would enhance the existing BSA and USA PATRIOT Act efforts and
initiatives. These are:
Establishing better communications among the FBA's, FinCEN,
the banking industry and law enforcement, particularly with respect
to systemic BSA violations and developing trends. We encourage such
exchanges of information through several means, including
advisories, guidance, meetings and personal communications.
Enhancing the flow of information between law enforcement and
depository institutions. The information sharing process should be
a two-way street. In order to review account records that might
relate to terrorist financing, financial institutions need as much
identifying information as law enforcement can provide.
Additonally, law enforcement needs responses to its inquiries as
quickly as possible from depository institutions. The FBA's can
substantially assist in facilitating the collection and exchange of
this vital information.
Improving FBA coordination and BSA/AML awareness and training
via a more formalized procedure within the Federal Financial
Institutions Examination Council (FFIEC). This includes improving
communications among the FBA's and FinCEN regarding known schemes
to evade BSA/AML laws, as well as having FinCEN supplement BSA
training programs within the FFIEC so that all the FBA's and FinCEN
are consistent in the application of BSA/AML standards.
Conclusion
We have always taken our responsibility to oversee compliance with
the BSA seriously. The original focus of the BSA was to prevent
criminal money laundering activities. Since the events of September 11,
2001, and the enactment of the USA PATRIOT Act, the focus of the BSA
has expanded to include the war against terrorism.
OTS has redoubled its efforts under the BSA and the new USA PATRIOT
Act requirements. We have:
Helped educate the thrift industry through a variety of
mechanisms;
Provided additional training for staff;
Greatly expanded the number of examiners who are reviewing BSA
and USA PATRIOT Act compliance on an on-going basis;
Halved the interval between BSA examinations;
Developed and implemented enhanced scoping and examination
procedures;
Implemented a new BSA tracking and monitoring information
system;
Improved internal controls governing data collection,
examination, and enforcement activities;
Bolstered off-site BSA monitoring programs;
Adopted more robust and stringent enforcement policies;
Implemented a new BSA Quality Assurance audit program; and
Improved internal communications and external communications
and coordination with other regulatory agencies, Treasury, and law
enforcement.
These actions collectively demonstrate our vigorous and diligent
efforts to ensure maximum compliance with the intent and purpose of
both the BSA and the USA PATRIOT Act. There is still more to be done.
We pledge our continued efforts, look forward to your observations on
these issues and await your questions.
----------
PREPARED STATEMENT OF JOANN M. JOHNSON
Chairman, National Credit Union Administration
June 3, 2004
Chairman Shelby, Ranking Member Sarbanes, and Members of the
Committee, thank you for the invitation to testify before you on behalf
of the National Credit Union Administration (NCUA) on the enforcement
of the Bank Secrecy Act (BSA).
Congress enacted the BSA to prevent credit unions and other
financial institutions from being used as intermediaries for the
transfer or deposit of money derived from criminal activity. NCUA is
the regulatory authority that monitors federally insured credit unions
for compliance with the BSA.
Supervision of BSA Compliance in the Credit Union Industry
I am pleased to report to the Committee that historically federally
insured credit unions have a good record of compliance with the
requirements of the BSA. Credit unions are also substantially in
compliance with Sections 314 (Information Sharing) and 326 (Customer
Identification Program) of the USA PATRIOT Act.
At the end of 2003, NCUA insured 9,399 credit unions. Almost 50
percent of federally insured credit unions are small with assets less
than 10 million dollars. The smaller credit unions are less likely to
have transactions that trigger the recordkeeping and recording
requirements of the BSA. Additionally, approximately one-third of
Federal credit unions have a single common bond sponsor. Officials in
smaller credit unions and single common bond credit unions often have a
more intimate understanding of their members' transactions, which
facilitates their compliance with the requirements of the BSA.
Consequently, money laundering has not been a major problem for credit
unions.
Nevertheless, much has changed since the terrorist attacks of
September 11. There is increased recognition that denying terrorists
the ability to launder funds through the Nation's financial system is
an essential part of winning the war on terrorism. NCUA recognizes that
as some federally insured credit unions increase in asset size, offer
more complex financial services, and expand their fields of membership,
the possibility increases that they may be targeted by individuals or
groups seeking to launder money. NCUA is mindful of our responsibility
in this area.
The Federal Credit Union Act requires NCUA to assure BSA compliance
in federally insured credit unions. Our responsibility is to ensure
that all federally insured credit unions comply with applicable
regulatory requirements and have effective programs in place to
minimize the risk that they will be used to launder money. Federally
insured credit unions are required to have BSA compliance programs that
effectively monitor their daily operations to assure compliance with
all applicable rules and regulations.
To assure compliance, during each examination of a federally
insured credit union, examiners review BSA compliance programs. In
fact, the risk-focused examination program used by NCUA examiners and
State credit union examiners directs that a review of compliance with
the BSA be completed at every examination. (In the one State that does
not use NCUA's risk-focused examination program, their examination
program directs a comparable review of BSA compliance.) While this
review is mandated by the Federal Credit Union Act, the design of the
review and our extensive examiner education in this area result from
NCUA's recognition of the important role of credit unions in preventing
both money laundering and the financing of terrorism.
In addition to NCUA's risk-focused examination program, NCUA has
jointly participated with our fellow regulators and the Financial
Crimes Enforcement Network (FinCEN) on a number of regulations designed
to implement provisions of the USA PATRIOT Act. Also, NCUA is
represented on the Bank Secrecy Act Advisory Group and the National
Bank Fraud Working Group. And, as a member of the Federal Financial
Institutions Examination Council (FFIEC), we work with other regulators
to develop effective examiner education in this area and provide
guidance on best practices to financial institutions.
Among the 9,369 natural person credit unions, 3,593 are State-
chartered, federally insured institutions and have a State supervisory
authority as their primary regulator. In accordance with its
responsibility under the Federal Credit Union Act, NCUA reviews BSA
compliance each time it conducts a credit union examination. In State-
chartered, federally insured credit unions where the State regulator
conducts the examination, the State examiner reviews for BSA
compliance. All examinations of federally insured credit unions
completed by a state regulator are reviewed by NCUA staff. It should be
noted, however, that NCUA does not review examinations of privately
insured credit unions and does not have enforcement authority for BSA
compliance in those credit unions.
During examinations, NCUA reviews the federally insured credit
union's operations to assure that policies and procedures are in place
for credit union staff to file Suspicious Activity Reports (SAR's)
relating to money laundering. Consolidated reports received from FinCEN
concerning SAR filings are provided to NCUA regional staff and
examiners to assist in the examination process of the BSA.
In 2003, NCUA examined over 4,400 Federal credit unions and jointly
participated with the State regulators in over 600 examinations of
state-chartered federally insured credit unions. In addition, State
regulators examined approximately 2,500 federally insured credit
unions. During those examinations, NCUA determined that there were 334
violations of the BSA. The violations were in 261 credit unions,
representing 3.5 percent of credit unions examined. The most common
violations fell into three categories--inadequate written policy (63
percent), inadequate customer identification program (8 percent), or
inadequate currency transaction reporting procedures (7 percent).
When an examiner identifies a violation of the BSA, immediate
resolution of the violation is sought. Of the 334 violations, credit
union officials, working with an examiner, corrected or agreed to
correct 99 percent of the violations during the on-site examination.
Based on the severity of the violation, the examiner will establish
supervision plans to ensure corrective action.
In instances when violations at a federally insured credit union
persist and/or are severe, NCUA has several options to initiate
corrective action. They range from a letter from the NCUA Regional
Director to formal administrative action including conservatorship.
During 2003, NCUA Regional Directors issued one letter to a credit
union that failed to have a BSA compliance program and entered into one
Letter of Understanding and Agreement with credit union officials to
ensure resolution of a multitude of problems from a failure to
understand requirements of the BSA.
NCUA will use a formal administrative action when necessary to
correct BSA violations. This has occurred twice in the recent past.
NCUA placed one institution into conservatorship and issued a cease-
and-desist order against another. The first instance involved a credit
union with multiple violations; NCUA placed the institution into
conservatorship, removing the board of directors and senior operational
management. NCUA then installed new management to correct deficiencies
in internal controls and compliance programs. When systemic problems
had been corrected, NCUA entered into a written agreement with the
credit union committing the institution to a rigorous compliance
program. Approximately 10 months after imposing the conservatorship,
NCUA returned operations of the credit union to its members.
In the other instance, NCUA issued a cease-and-desist order to
correct deficiencies in a credit union's BSA program. NCUA required a
review of past transactions using an acceptable independent auditor and
a commitment to file appropriate documentation regarding discovered
violations. The credit union also agreed to retain a BSA compliance
expert to evaluate its BSA program and to provide weekly education to
all its employees in this area.
NCUA Initiatives
The enforcement of the BSA and its related rules has been and
remains a priority for NCUA. NCUA has taken numerous initiatives to
address BSA compliance in credit unions. These initiatives fall into
the following general categories:
Examination Program
Examiner Education
Compliance Examiners
Credit Union Education
NCUA adopted a risk-focused examination program in 2002. Under this
program, each credit union's examination is based on the examiner's
analysis of risk for that particular institution. There are three
mandatory procedures in the risk-focused
examination program, one of which is the completion of the
questionnaire on compliance with the BSA. The mandatory questionnaire
was updated last year to incorporate recent provisions of the USA
PATRIOT Act.
NCUA educated all Federal examiners (approximately 600) for the
implementation of the risk-focused examination and provided a specific
session on BSA compliance. Additionally, BSA compliance is addressed in
core training for all NCUA
examiners. State examiners also attend NCUA compliance training
sessions.
NCUA participates with the other FFIEC agencies in developing and
delivering training in this area. We have worked with our fellow
regulators to develop guidance for the industry in implementing new USA
PATRIOT Act regulations.
The NCUA Examiner's Guide provides examiners with guidance in their
review of a federally insured credit union's compliance with the BSA.
To ensure a field focus on compliance with the USA PATRIOT Act, an
updated version of the Examiner's Guide and the BSA questionnaire
incorporating recent regulatory changes was issued to staff.
In conjunction with the implementation of the risk-focused
examination, NCUA has designated almost 30 compliance subject matter
examiners. These examiners are called upon to assist in the examination
of federally insured credit unions that exhibit a more complex
operation or higher risk in compliance areas. Intensive training on the
BSA (including the USA PATRIOT Act) was conducted at NCUA's November
2003 Consumer Compliance Conference. Both Federal and state examiners
attended the class. In 2002, we also provided a day-long session on the
BSA for the compliance examiners.
In addition to on-site reviews of BSA compliance during
examinations, NCUA has issued several publications to educate federally
insured credit unions on BSA and USA PATRIOT Act compliance:
October 2001--Issued Letter to Credit Unions, 01-CU-18, NCUA
Request Relating to Information Pertaining to the Terrorist Attacks
April 2002--Issued Regulatory Alert 02-RA-02, USA PATRIOT Act
Regulation to Improve Information Sharing
September 2002--Issued Letter to Credit Unions 02-CU-14,
Detection of Terrorist Financing
March 2003--Issued Regulatory Alert 03-RA-03, USA PATRIOT Act
Section 314(a) Information Requests
May 2003--Issued Regulatory Alert 03-RA-07, Final USA PATRIOT
Act Regulations on Customer (Member) Identification
October 2003--Issued Letter to Credit Unions 03-CU-16, Bank
Secrecy Act Compliance
February 2004--Issued Regulatory Alert 04-RA-04, USA PATRIOT
Act Section 326: FAQ's for Customer Identification Program (CIP)
and Enclosure
Currently, NCUA is finalizing an update to its Compliance Self-
Assessment Guide designed to assist federally insured credit unions in
complying with regulations. With our focus on the BSA and USA PATRIOT
Act, in October 2003 we issued this draft section to credit unions
(attached). The guide highlights key requirements of the BSA and can be
used as a quick reference tool for federally insured credit unions.
Working with federally insured credit unions to ensure accurate
point of contact information for Section 314 requests of the USA
PATRIOT Act, NCUA revised its quarterly Call Report to capture point of
contact information in March 2003. All credit unions must provide point
of contact information each quarter.
NCUA's website (www.ncua.gov) is designed to provide easy access
for federally insured credit unions to obtain a SAR form along with
information on the proper filing of the form. This facilitates the
ability of a credit union to file prompt reports.
Looking forward, NCUA is committed to maintaining a dynamic
examination program that will assure federally insured credit unions
have effective programs in place to minimize the risk of money
laundering. NCUA will continue to provide guidance to federally insured
credit unions regarding compliance with the BSA.
Conclusion
Again, thank you, Mr. Chairman, for the opportunity to appear
before you today on behalf of NCUA to discuss BSA compliance in the
credit union industry. I am pleased to respond to any questions the
Committee may have or to be a source of any additional information you
may require.
----------
PREPARED STATEMENT OF WILLIAM J. FOX
Director, Financial Crimes Enforcement Network
U.S. Department of the Treasury
June 3, 2004
Chairman Shelby, Senator Sarbanes, and members of the Committee, I
appreciate the opportunity to appear before you to discuss the role
that the Financial Crimes Enforcement Network (FinCEN) can and should
play in Bank Secrecy Act compliance and enforcement matters. As I noted
the last time I appeared before this Committee, we are indebted to the
Committee for its leadership and commitment to
furthering the efforts of our Government generally, and FinCEN in
particular, to understand, detect and prevent money laundering and
terrorist financing through the administration of the Bank Secrecy Act
regulatory regime.
As the delegated administrator of the Bank Secrecy Act, FinCEN
bears responsibility for ensuring that it is implemented to achieve the
ultimate goals of the Act--the institution of measures across the
financial industry to prevent money laundering, terrorist financing and
other financial crime, and the creation of records and reports highly
useful to criminal, tax, regulatory, and counter-terrorism intelligence
activities. While we eagerly accept this responsibility, we discharge
it in large measure through the Federal functional regulators and the
Internal Revenue Service, who have been delegated responsibility to
examine for Bank Secrecy Act compliance.
The Bank Secrecy Act regulatory system is unique in that its
implementation involves 8 different Federal agencies. This unusual
structure is both the Bank Secrecy Act's strength and its weakness. It
is a strength because it builds on the existing expertise and
examination functions of the regulators who know their industries best.
It is a weakness because of the risk inherent in such fragmentation and
potential for lack of accountability.
Within this structure, FinCEN's task is to build on these strengths
while simultaneously addressing the weaknesses. FinCEN, as the fulcrum
must ensure that all those responsible are guided by the same
interpretive principles and apply them in a consistent manner through a
continuing dialogue among the regulators, the regulated industry, and
law enforcement.
My statement today outlines our role in this process and highlights
the ways in which I think we can improve this process.
Background
By virtue of a delegation order from the Secretary of the Treasury
and a statute passed as part of the USA PATRIOT Act, FinCEN is charged
with the responsibility of administering the regulatory regime of the
Bank Secrecy Act. Among other things, we issue regulations and
accompanying interpretive guidance; collect, analyze and maintain the
reports and information filed by financial institutions under the Bank
Secrecy Act; make those reports and information available to law
enforcement and regulators; and ensure financial institution compliance
with the regulations through enforcement actions aimed at applying the
regulations in consistent manner across the financial services
industry. FinCEN also plays an important role in analyzing the Bank
Secrecy Act information collected to support law enforcement,
identifying strategic money laundering and terrorist financing trends
and patterns, and identifying Bank Secrecy Act compliance issues.
FinCEN was created as an office within Treasury in 1990. Its
original mission was focused on analysis--both tactical and strategic--
of data collected under the Bank Secrecy Act along with other financial
data. Treasury's Office of Financial Enforcement (OFE) was originally
responsible for the administration of the Bank
Secrecy Act regulatory regime. In 1994, Treasury merged OFE into FinCEN
and delegated the responsibility to administer the regulatory regime to
FinCEN. Treasury sought to link the analytical functions with the
administration of the regulatory regime that dictated the information
that financial institutions were required to record and report. Adding
responsibilities for administering the regulatory regime strengthened
and expanded FinCEN's analytical and intelligence abilities.
Compliance Examination
While FinCEN is responsible for ensuring compliance with the Bank
Secrecy Act regulatory regime, FinCEN does not itself examine financial
institutions for compliance. Instead, FinCEN taps the resources and
expertise of other Federal agencies and self-regulatory organizations
by relying on these agencies to conduct compliance exams, through
delegations of authority that largely predated FinCEN. Examination
responsibility has been delegated to other Federal regulators as
follows:
Depository Institutions--The Board of Governors of the Federal
Reserve, the
Office of the Comptroller of the Currency, the Federal Deposit
Insurance Corporation, the Office of Thrift Supervision, and the
National Credit Union Administration have been delegated authority
to examine the depository institutions they regulate for Bank
Secrecy Act compliance.
Securities Broker-Dealers, Mutual Funds, and Futures
Commission Merchants/Introducing Brokers--FinCEN has delegated
examination authority to the Securities and Exchange Commission and
the Commodity Futures Trading Commission, and relies on their self-
regulatory agencies (such as the NASD, the NYSE, and the NFA) to
examine these entities for compliance.
Other Financial Institutions--The Internal Revenue Service
(Small Business/Self-Employed Division) has been delegated
responsibility for examining all other
financial institutions subject to Bank Secrecy Act regulation for
compliance, including, for example, depository institutions with no
Federal regulator, casinos, and Money Services Businesses (MSBs).
Even in the absence of examiners, FinCEN has an important role in
supporting the examination regime created through our delegations.
FinCEN's role involves providing prompt Bank Secrecy Act interpretive
guidance to regulators, policy makers and the financial services
industry, and ensuring the consistent application of the Bank Secrecy
Act regulations across industry lines, most notably through the
rulemaking process and subsequent guidance. We promote Bank Secrecy Act
compliance by all financial institutions through training, education
and outreach. We support the examination functions performed by the
other agencies by providing them access to information filed by
financial institutions in suspicious activity reports, currency
transaction reports, and other Bank Secrecy Act reports. We also
facilitate cooperation and the sharing of information among the various
financial institution regulators to enhance the effectiveness of Bank
Secrecy Act examination and, ultimately, industry compliance.
FinCEN has played a more robust role with the Internal Revenue
Service to develop an examination regime for the many categories of
businesses that are newly subject to anti-money laundering regulation.
For example, we have worked extensively with the Internal Revenue
Service to improve their examination procedures and capabilities for
money services businesses,\1\ including providing training, reviewing
exam procedures and the setting of priorities and goals. Finally,
although done only to a limited extent now, we do provide some
assistance with examination targeting and prioritization.
---------------------------------------------------------------------------
\1\ Under the Bank Secrecy Act and FinCEN's implementing
regulations, any person or group of persons doing business in the
United States in one of the following capacities is defined as a money
services business (MSB): currency dealers or exchangers; check cashers;
issuers, sellers, or redeemers of travelers' checks, money orders, or
stored value; and money transmitters.
---------------------------------------------------------------------------
Enforcement
FinCEN has retained the authority to pursue civil enforcement
actions against financial institutions for noncompliance with the Bank
Secrecy Act and the implementing regulations. Under the Bank Secrecy
Act, FinCEN is empowered to assess civil monetary penalties against, or
require corrective action by, a financial institution committing
negligent or willful violations.
Generally, FinCEN identifies potential enforcement cases through
(1) referrals from the agencies examining for Bank Secrecy Act
compliance; (2) self-disclosures by financial institutions; and, (3)
FinCEN's own inquiry to the extent it becomes aware of possible
violations. Referrals from the examining agencies are regularly made to
FinCEN. It should be noted that under Title 12, the banking regulators
have authority to enforce certain regulations that fall under that
statute as well as under the Bank Secrecy Act, such as the requirement
that depository institutions have anti-money laundering programs. In
addition, the Internal Revenue Service has authority to enforce certain
Bank Secrecy Act requirements including the IRS/FinCEN Form 8300
reporting for nonfinancial trades and businesses, and the Report of
Foreign Bank and Financial Accounts by individual and entities.
Efforts to Enhance Bank Secrecy Act Compliance
Much of our work within FinCEN is devoted to the goal of maximizing
industry compliance with the Bank Secrecy Act regulatory regime. But as
the complexity of the regulatory regime, and the obligations imposed,
continue to grow, our efforts must grow as well. Below, my statement
outlines my priorities within FinCEN, in the short-term, to better
enable us to assist the regulators in the examination process and
further enhance our own capabilities to enforce the regulatory regime.
I also have included a few ideas to consider as we look for ways to
further enhance Bank Secrecy Act compliance and examination
consistency.
Short-Term Goals
As I have explained previously, we are in the process of realigning
FinCEN to position ourselves to better fulfill our mission. As part of
this, we will be restructuring our regulatory section to focus
resources and create efficiencies around the functions of Bank Secrecy
Act examination and enforcement:
Creation of an Examination Program Office
Within FinCEN's regulatory office, we will create a new program
office devoted solely to the Bank Secrecy Act examination function.
Currently, the affected substantive program area handles examination
related issues on an ad-hoc basis. For example, individuals responsible
for the Money Services Business program have taken a primary role in
working with the Internal Revenue Service to develop and enhance their
examination regime. The new structure will consolidate all examination
support functions and better enable FinCEN to provide the necessary
support to regulatory agencies conducting Bank Secrecy Act compliance
exams. As an initial priority, FinCEN plans to focus on assisting the
Internal Revenue Service in its examination function, particularly in
light of the new regulations that FinCEN has and will issue to bring
thousands of additional businesses under the Bank Secrecy Act anti-
money laundering program provision.
Dedication of Analytical Resources to Compliance Support and
Examination
Targeting
We will also be providing specific analytical support to our
Examination Office. Our analysts will exploit the Bank Secrecy Act and
other data to identify, review and, through the Examination Office,
refer anomalies involving specific financial institutions to the
appropriate regulator for review and examination. They will use the
information to assist the regulators in examination targeting by
identifying high-risk financial institutions or problem compliance
areas to help the regulators prioritize and direct examination
resources. The analysts will also work toward identifying new and
emerging vulnerabilities that should be addressed through the
examination process. We intend to work closely with the regulators in
this process.
Renewed Focus and Resources to Provide Interpretive Guidance
As the complexity of the Bank Secrecy Act regulatory regime grows,
so does the need for interpretive guidance. As part of our
reorganization, we are placing a renewed focus and resource commitment
on the provision of guidance, both in the form of more comprehensive
guidance documents as well as more immediate responses to specific
inquiries. With respect to the former, we intend to begin the process
of issuing staff commentaries to the various provisions of the Bank
Secrecy Act. This will involve close consultation with the regulators.
Separately, we look to leverage existing and develop additional
industry experts to provide prompt guidance to specific questions as
they arise, especially during the course of an examination. This will
also require our working with the regulators to ensure that they know
what mechanisms are available through which such guidance can be
obtained.
Review Enforcement Referral Guidelines and Reporting Requirements
To improve the Bank Secrecy Act civil enforcement process, FinCEN
intends to review the utility of developing updated guidelines to
assist the Federal banking agencies, Internal Revenue Service and other
agencies, as appropriate, in determining how and when to refer matters
involving significant, alleged violations of the Bank Secrecy Act to
FinCEN for consideration of civil money penalties. Currently, upon
discovery of significant Bank Secrecy Act deficiencies during
examination cycles, the Federal banking agencies, Internal Revenue
Service and the Securities and Exchange Commission rely on a memo
predating the creation of FinCEN on such matters. If appropriate, we
will work closely with the regulators to revise these guidelines.
In addition, the regulations delegating Bank Secrecy Act
examination authority to the banking regulators provide that periodic
reports shall be made, in a form and timeframe prescribed by Treasury.
By memorandum, dated June 6, 1979, Treasury prescribed the form and
timing of the periodic reports to be received from the banking
regulators, including the number of apparent Bank Secrecy Act
violations discovered during the examination process. However, since
its inception such reporting has been sporadic and it has not proved
helpful. As a result, FinCEN plans on reviewing the utility of
receiving periodic reports, in a mutually agreed to format, to better
enable FinCEN to review Bank Secrecy Act compliance and examination
findings on a national basis across agency lines; such as, for example,
reporting of remedial actions undertaken by financial institutions as a
result of consent orders, memorandum of understanding, board
resolution, supervisory letter, or other enforcement mechanisms.
MSB Compliance
A top priority for FinCEN is the prevention of the financing of
terrorism. One aspect of achieving this goal is finding better ways to
provide information to the regulated community to better identify
potential terrorist activity. One area of particular focus in this
regard will be money services businesses. Money services businesses
continue to require more attention and resources, and FinCEN will
undertake an initiative to educate segments of this industry most
vulnerable to terrorist abuse of their financial services. These
segments include small businesses that typically offer money remittance
services, check cashing, money orders sales, and informal value
transfer systems. Working with our colleagues in law enforcement, we
hope to enhance our outreach programs to include training on how
terrorists have and may continue to use money services businesses; the
reason for and importance of the registration requirement; and the
importance of complying with the anti-money laundering compliance
program, reporting and recordkeeping requirements of the Bank Secrecy
Act, especially suspicious activity reporting. In fact, suspicious
activity reporting for money services businesses should be streamlined
by permitting the use of a simplified form to file, which we are
currently developing.
Ideas for Enhanced Coordination
Coordination among the regulators, industry, and law enforcement is
the lynchpin of effective Bank Secrecy Act compliance. Since the
passage of the USA PATRIOT Act, cooperation has only improved. On our
side, we have developed a much closer working and collaborative
relationship with the regulators on all aspects of Bank Secrecy Act
administration. This has been reflected in the process of developing
the new regulations, conducting outreach and training for the industry,
and focusing on specific compliance issues. Indeed, provisions of the
Act such as the customer identification section required that FinCEN
and the regulators issue regulations jointly.
With respect to examinations, last month the Bank Secrecy Act
Advisory Group formed a subcommittee devoted to identifying ways to
better ensure examination consistency among the various regulatory
agencies and industries. Representatives from industry, the regulatory
agencies, and law enforcement will participate. This subcommittee is
yet another vehicle through which FinCEN and the regulators can address
the range of examination issues with the common goal of enhancing
compliance on a national basis.
In this context and elsewhere, we will all have to identify
creative ways to facilitate continued cooperation. Some ideas that I
hope to explore with my colleagues include:
Identification of Common Compliance Deficiencies
Better identification of compliance issues revealed through the
examination process on an interagency scale is an essential aspect of
enhancing the overall effectiveness of the Bank Secrecy Act regulatory
regime. FinCEN could serve a key role in facilitating that process by
encouraging the regular sharing of common compliance deficiencies
uncovered by the regulators. Summaries of deficiencies identified in
financial institutions will expose areas to be addressed, interpretive
questions to be answered, or even inconsistencies with the regulations
themselves. Based on this
information, FinCEN and the regulators would be able to focus its
outreach and guidance efforts on emerging, possibly systemic problem
areas affecting one or more financial industries. Similarly, regulators
would be able to better focus their examination resources on such
areas. This data would also enhance the ability of FinCEN and the
regulators to target their examinations and develop strategic
examination goals across industry lines.
Continued Collaboration on Examination Procedures
To varying degrees, FinCEN has provided input into the development
of examination procedures for the banking regulators and the Internal
Revenue Service. In fact, FinCEN is working with Internal Revenue
Service now to revise its Bank Secrecy Act Examination Manual, which
guides the conduct of Bank Secrecy Act examinations and is used as a
training template for Bank Secrecy Act examiners. This is an important
way in which FinCEN can communicate our examination priorities to the
regulators and better ensure a consistent examination process by the
various agencies. We have also begun to participate on a limited scale,
resources permitting, as observers in exams performed by our regulatory
partners.
Joint Examiner Training
As a complement to the established mechanisms through which the
regulators train their examiners, we will explore joint training
opportunities that will afford FinCEN the opportunity to supplement the
training provided with programs specifically targeted toward our Bank
Secrecy Act compliance goals, including the possibility of our
participating in multiagency anti-money laundering training at the
Federal Financial Institution Examination Counsel.
We have done such training already. For example, FinCEN has
conducted joint training of Internal Revenue Service examiners on
various Title 31 and USA PATRIOT Act requirements in recent IRS
Examiner training classes. FinCEN also will be conducting training at
an upcoming meeting of Internal Revenue Service supervisory level
personnel who have Bank Secrecy Act examination responsibility. By
training at the supervisory level (training-the-trainer), FinCEN can
leverage its limited resources to help ensure that IRS Bank Secrecy Act
supervisory personnel deliver the appropriate message concerning the
content of Bank Secrecy Act exams to the Internal Revenue Service field
exam staff.
Conclusion
Mr. Chairman, we appreciate your Committee's continued support in
our efforts to ensure the effectiveness of Bank Secrecy Act examination
and enforcement programs. This concludes my remarks. I will be happy to
answer your questions.
PREPARED STATEMENT OF GASTON L. GIANNI, JR.
Inspector General, Federal Deposit Insurance Corporation
June 3, 2004
Mr. Chairman, Ranking Member Sarbanes, and Members of the
Committee, I am pleased to testify before you today as you conduct this
hearing on the Federal financial regulatory agencies' enforcement of
the Bank Secrecy Act (BSA). We appreciate and thank the Committee for
its interest in gaining a greater understanding of how the Government
is combating terrorist financing and money laundering. The Committee,
the regulators, and our office clearly have a mutual interest in
assuring the public that the best possible efforts are made to deter
such dangerous and illegal activities.
Today, I will present a historical perspective on the Bank Secrecy
Act and discuss the BSA-related work my office has done over the past
several years. I will also offer our views on the challenges that the
Congress and the financial regulators face going forward in this
critical area.
The Bank Secrecy Act of 1970
The Bank Secrecy Act of 1970 requires all financial institutions to
maintain appropriate records and to file certain reports that are used
in criminal, tax, or regulatory investigations and proceedings. The
BSA's implementing regulation, 31 CFR Part 103, is also used to aid law
enforcement agencies in the investigation of suspected criminal
activity such as illegal drug activities, income tax evasion, and money
laundering by organized crime. The BSA consists of two parts--Title I,
Financial Recordkeeping, and Title II, Reports of Currency in Foreign
Transactions.
Title I authorizes the Secretary of the Treasury (Treasury
Department) to issue regulations requiring institutions to maintain
certain records related to financial transactions.
Title II directs the Treasury Department to prescribe
regulations governing the reporting of certain transactions by and
through financial institutions in excess of $10,000. A financial
institution must file a Currency Transaction Report (CTR) with the
Treasury Department for each cash transaction over $10,000 or
multiple cash transactions by an individual in 1 business day or
over a period of days aggregating over $10,000. The BSA also
requires financial institutions to file Suspicious Activity Reports
(SAR) with the Treasury Department when suspected money laundering
activity, terrorist financing, or other BSA violations occur, such
as the use of shell entities, check kiting, or embezzlement.
BSA Requirements for FDIC-Supervised Institutions
The FDIC is currently the primary Federal regulator for
approximately 5,300 financial institutions. In that role, the
Corporation has implemented rules and regulations in addition to those
issued by the Treasury Department that require each FDIC-supervised
institution to develop and administer a BSA program to ensure
compliance with the BSA and 31 CFR Part 103. Institutions' BSA programs
should include:
a written BSA program approved by the institution's board of
directors,
a system of internal controls to assure ongoing compliance,
independent testing for compliance with the BSA and 31 CFR
Part 103 to be conducted by bank personnel or an outside party,
designation of individual(s) responsible for coordinating and
monitoring compliance with the BSA, and
training in BSA requirements for appropriate personnel.
Examination Authority and Procedures
Although the Treasury Department has overall authority for BSA
enforcement and compliance, its regulations delegate authority to
financial institution regulatory agencies, including the FDIC, to
examine financial institutions for compliance. In this capacity, the
FDIC has authority to (1) examine the institutions it supervises for
compliance with the BSA, (2) refer BSA violations to the Treasury
Department, and (3) impose regulatory actions for BSA violations. The
FDIC is also required by the Federal Deposit Insurance Act (FDI Act)
to:
prescribe regulations requiring insured depository
institutions to establish and maintain procedures reasonably
designed to ensure and monitor compliance with the BSA,
review such procedures during their examinations of these
institutions, and
enforce compliance with the BSA monetary transaction
recordkeeping and report requirements.
The Division of Supervision and Consumer Protection (DSC) at the
FDIC is responsible for promoting the safety and soundness of FDIC-
supervised institutions, and examining financial institutions'
compliance with applicable laws and regulations such as the BSA.
According to the Chairman's testimony for today's hearing, the FDIC
has conducted almost 11,000 BSA examinations since 2000.
Communication and Training
The FDIC has taken steps to ensure that its supervised financial
institutions and examiners are aware of BSA requirements and that its
examinations of financial institutions include a review of BSA
requirements. The FDIC also issues regulations, Financial Institution
Letters, and other guidance to the financial institutions that it
supervises; updates Corporation examination and training materials; and
ensures that DSC examiners are adequately trained to monitor BSA
compliance.
Risk-focused Examination Procedures
DSC requires examiners to use risk-focused examination procedures
to assess BSA compliance. To accomplish this, examiners may use (1)
core procedures that are considered during the basic review, (2)
expanded procedures that are used to target concerns identified during
the basic review, and (3) impact analyses to assess the seriousness of
identified deficiencies. To assess the impact of deficiencies
identified during the basic and expanded reviews, examiners determine
whether BSA violations and weaknesses:
are serious and indicate the need for civil money penalties,
necessitate referrals to law enforcement agencies,
necessitate a cease-and-desist order for cases in which a
mandatory BSA compliance program was not established or maintained,
or other supervisory action to correct prior noncompliance, and
affect the safety and soundness of the institution.
When Violations Should Be Referred to the Treasury Department
According to referral guidelines issued by the Treasury
Department's Office of Financial Enforcement in October 1990, the
Treasury Department has a zero tolerance level for violations of the
BSA but recognizes that BSA violations are of a varying nature. The
guidelines state, ``Because the determination process often is
subjective, sound examiner judgment and experience also are required.''
To assist with the determination process for referrals to the Treasury
Department, the guidelines
instruct examiners to ``assess all of the facts and circumstances
surrounding the violations,'' including whether:
the violations represent an isolated incident caused by human
error;
the deficiencies are indicative of significant noncompliance
with the BSA and/or systemic weaknesses in the institution's BSA
compliance program;
the types and nature of the violations are serious;
the violations are the result of blatant, willful, or flagrant
disregard for BSA requirements;
there is a pattern of noncompliance with one or more sections
of the regulations;
the violations result from inadequate policies, procedures, or
training programs; and
the violations result from a nonexistent or seriously
deficient compliance program.
DSC procedures require examiners to use the Treasury Department's
guidelines to determine when a referral is appropriate.
The Treasury Department or the FDIC can take Regulatory Actions when
BSA Violations are Identified
Failure by a financial institution to comply with the BSA can
result in regulatory sanctions by either the Treasury Department or the
FDIC. The BSA and its underlying regulations give the Treasury
Department the authority to assess civil money penalties for violations
and to authorize criminal prosecution. The FDIC is required to report
all identified BSA violations and to refer violations that warrant
penalties to the Treasury Department's Financial Crimes Enforcement
Network (FinCEN). The FinCEN was established to administer BSA and
provide a government-wide, multisource intelligence and analytical
network. Such referrals, however, do not preclude the FDIC from taking
regulatory action when BSA violations are identified. For example, as
cited in 12 U.S.C. 1818(s), the FDIC shall issue a cease-and-desist
order to any FDIC-supervised institution that fails to establish and
maintain appropriate BSA procedures or to correct any previously
reported problem with the procedures.
The Corporation has reported that, since 2001, it has issued 30
formal enforcement actions against 25 financial institutions and 3
individuals to address BSA
violations--25 of these actions were cease-and-desist orders.
Regulatory action, however, also includes informal actions such as bank
board resolutions or memorandums of understanding to facilitate
corrective action(s) from bank management. Since 2001, the Corporation
reports that FDIC-supervised institutions have entered into 53 informal
actions with BSA-related provisions. Finally, the FDIC often uses other
supervisory actions such as correspondence and follow-up visitations or
examinations to promote compliance with BSA and implementing guidance.
BSA became a Higher Priority after the Events of September 11
Prior to the tragic events of September 11, 2001, BSA had played a
significant role in preventing banks and other financial service
providers from being used as intermediaries for, or to hide the
transfer or deposit of, money derived from criminal activity associated
with organized crime and international drug traffickers. BSA became
more of a national priority following September 11.
The USA PATRIOT Act
In October 2001, the Congress enacted the United and Strengthening
America by Providing Appropriate Tools Required to Intercept and
Obstruct Terrorism Act of 2001--the USA PATRIOT Act. This Act expanded
the Treasury Department's authority initially established under the BSA
to regulate the activities of U.S. financial institutions, particularly
their relations with individuals and entities with foreign ties.
Provisions of the USA PATRIOT Act augmented the BSA money laundering
provisions, making it a useful tool in tracing terrorist financing
activities. The Act also elevated the status of FinCEN within the
Treasury Department and emphasized its role in fighting terrorist
financing. In addition to administering the BSA, FinCEN is responsible
for expanding the regulatory framework to other industries (such as
insurance and securities brokers and dealers) vulnerable to money
laundering, terrorist financing, and other crimes.
FDIC's Post-September 11 Initiatives
DSC has been proactive in the development and issuance of
interagency examination guidance and has participated in working groups
led by the Federal Financial Institutions Examination Council to
develop and implement examiner training related to the enforcement of
BSA and USA PATRIOT Act provisions. Additionally, DSC has organized and
participated in numerous outreach programs intended to inform and
educate the banking industry of USA PATRIOT Act compliance
requirements. Further, DSC has indicated that it has been involved in
various interagency and joint law enforcement initiatives, including:
participation in the Financial Action Task Force's (FATF)
Working Group on International Financial Institutions Issues, which
establishes international anti-money laundering standards;
participation in the Basel Committee decisionmaking process in
reviewing the ``Know Your Customer'' risk management report;
participation in working groups and technical assistance
missions sponsored by the Departments of State and Treasury, which
are designed to assess vulner-
abilities to terrorist financing activity worldwide and to develop
and implement plans to assist foreign governments concerning these
issues; and
serving as point-of-contact liaison between FinCEN and FDIC-
supervised institutions in the USA PATRIOT Act Section 314(a)
terrorist-subject biweekly searches.
FDIC OIG Work that Addresses BSA-Related Issues
My office has conducted three audits that address the FDIC's
efforts to design and implement a supervisory program to examine
institutions' compliance with provisions of the BSA and the more
recently enacted USA PATRIOT Act. The first two audits addressed FDIC
examiners' planning and conduct of BSA examinations and the
Corporation's implementation of policies and procedures stemming from
USA PATRIOT Act requirements. They were both conducted as part of our
responsibility to provide coverage of the FDIC's supervision
activities. The third and most recent audit primarily focused on
supervisory actions taken by the FDIC to ensure institutions implement
effective corrective action to address BSA violations. This audit was
initiated in response to interest expressed by staff of the
Subcommittee on Oversight and Investigations, House Committee on
Financial Services.
Overall, these audits identified that the Corporation had taken
steps to implement a risk-focused examination program for BSA. However,
improvements were needed to ensure that institutions were fully
complying with, and the FDIC was effectively enforcing provisions of,
the Act.
I will now discuss more details of each audit, with the focus being
on our findings and recommendations and the FDIC's corrective actions
to address them.
Examination Assessment of Bank Secrecy Act Compliance
By way of background, in the wake of a much-publicized Bank of New
York money laundering scandal in 1999, the question of whether the BSA
and its implementation were effective gained renewed interest from the
legislative and executive branches of the Federal Government. Of
particular note, the Departments of Treasury and Justice jointly issued
a revised National Money Laundering Strategy in March 2000 assigning
responsibility for implementing parts of the strategy to bank
regulatory agencies, including the FDIC, to enhance efforts to prevent
money laundering. The regulatory agencies were specifically tasked with
reviewing existing examination procedures, and where necessary,
revising, developing, and implementing new examination procedures that
would ensure anti-money laundering supervision is risk focused. In
light of the interest and new requirements, we conducted an audit in
2000 to determine the extent to which the FDIC's examiners reviewed
FDIC-regulated institutions' compliance with the BSA during the course
of safety and soundness examinations.
In March 2001, we issued Audit Report No. 01-013, Examination
Assessment of BSA Compliance. In the report, we concluded that
examiners did not adequately document their BSA examination planning or
procedures. In general, there was little justification for the
examiners' decisions to omit or include procedures based on their
evaluation of risk at the institutions being reviewed. Similarly, after
completing the risk-scoping process, examiners did not consistently
document the work they performed as required by the Corporation's
Manual of Examination Policies. As a result, we could not always
determine the extent to which examiners reviewed institutions'
compliance with BSA provisions. We also found that examiners could have
improved examination planning by taking full advantage of the FinCEN
databases that contain information on CTR's and SAR's. At the time of
our report, one region was compiling this information in a report and
disseminating it to examiners. The report showed whether institutions
had significant changes in the volume of SAR and CTR filings since the
previous examination and could be used to determine whether the scope
of the BSA examination should be expanded.
We recommended that management (1) reinforce risk focusing guidance
for BSA examinations and ensure that documentation requirements for
examination planning and procedures were followed and (2) require that
all FDIC regions provide
examiners with CTR and SAR information for the purpose of planning BSA
examinations. Management implemented these recommendations.
FDIC's Implementation of the USA PATRIOT Act
As discussed earlier, the USA PATRIOT Act broadened authority and
required regulations to combat money laundering that were already
established under the BSA to facilitate the prevention, detection, and
prosecution of international money laundering and the financing of
terrorism. Our review of the FDIC's implementation of the USA PATRIOT
Act focused on Title III of the Act, which is entitled the
International Money Laundering Abatement and Anti-terrorist Financing
Act of 2001. Title III includes provisions related to (1) international
counter-money laundering and related measures, (2) BSA amendments and
related improvements that supplement the United States' authority to
detect money laundering provided under the BSA, and (3) currency crimes
and protection.
The objective of our audit was to determine whether the FDIC had
developed and implemented adequate procedures to examine financial
institutions' compliance with the USA PATRIOT Act. We issued our final
report on the audit entitled The FDIC's Implementation of the USA
PATRIOT Act, Audit Report No. 03-037, on September 5, 2003. We
concluded that DSC's existing BSA examination procedures covered
certain USA PATRIOT Act, Title III requirements. In addition, DSC had
advised FDIC-regulated institutions of the new requirements in cases in
which the Treasury Department had issued final rules implementing the
Title III provisions. However, DSC had not issued guidance to its
examiners for those provisions requiring new or revised examination
procedures because DSC was either coordinating the issuance of uniform
procedures with an interagency steering committee or waiting for the
Treasury Department to issue final rules. This delay in issuing
examination guidance was of particular concern when the Treasury
Department had issued final rules for Title III provisions addressing
money laundering deterrents and verification of customer identification.
We noted that timely issuance of examiner guidance would have helped
ensure institutions' full compliance with USA PATRIOT Act provisions
sooner.
We recommended that the FDIC: (1) issue interim examination
procedures for those sections for which the Treasury Department has
already issued final rules and (2) work with its interagency
counterparts to issue examination guidelines concurrently with the
Treasury Department's issuance of final rules for institutions'
implementation of Title III provisions. The FDIC concurred with both
recommendations and took responsive corrective action. More
specifically, the FDIC issued interim BSA examination procedures in
August 2003, which included steps for reviewing institution compliance
with applicable provisions of the USA PATRIOT Act and in October 2003,
issued the final examination guidelines developed in consultation with
the other financial institution regulators.
While not the result of our audit, FDIC has also trained its bank
examination staff on the USA PATRIOT Act and incorporated BSA and Anti-
Money Laundering topics into one of its core examination schools. Also,
the FDIC is working with the other Federal banking regulators and the
Conference of State Bank Supervisors to revise examiner training
programs to incorporate provisions of the USA PATRIOT Act. Furthermore,
the FDIC has reported changing its application review program to
consider prohibitions against certain types of relationships with
financial institutions, particularly foreign shell banks. The
Corporation has also amended its policies to consider the effectiveness
of an insured depository institution's anti-money laundering
activities--including those of overseas branches--when evaluating a
proposed merger transaction.
Supervisory Actions Taken for Bank Secrecy Act Violations
Our most recent audit related to the BSA was done in response to
interest expressed by the staff of the Subcommittee on Oversight and
Investigations, House Committee on Financial Services. The audit
focused on actions taken by the FDIC in its supervisory capacity to
ensure that FDIC-supervised institutions implement effective corrective
action to address BSA violations. Our audit results in this case raised
concerns related to four general areas:
Extent of Regulatory Action on Significant and Repeat
Violations
Consistency of Reporting of Deficiencies and Violations
Timing of FDIC Follow-Up and Corrective Actions on BSA
Violations
Handling of Filings and Referrals to the IRS and Treasury
Department
Audit Took Approach Consistent with Prior Treasury OIG Report on BSA
Our audit approach was modeled after a report issued by the
Department of the Treasury OIG entitled OTS: Enforcement Actions Taken
for Bank Secrecy Act Violations, Report No. OIG-03-095, dated September
23, 2003. The objectives of the Treasury OIG audit were to determine:
whether the Office of Thrift Supervision took timely and
sufficient supervisory enforcement actions against thrifts with
substantive BSA violations;
enforcement actions, when taken, adequately addressed all
substantive BSA violations identified by examiners;
OTS's systems to track and monitor BSA examinations results
were accurate and reliable.
The Treasury OIG determined that greater use of forceful and timely
enforcement sanctions were warranted for BSA violations; enforcement
actions were not always taken timely or were not always thorough for
substantive BSA violations; \1\ and BSA examination data errors existed
in OTS' automated system used to monitor the results of all
examinations, including BSA.
---------------------------------------------------------------------------
\1\ The Treasury OIG defined substantive BSA violations as those
that resulted from the failure to develop and implement a BSA program
with the basic BSA minimum requirements and the nonfiling of CTR's and
SAR's.
---------------------------------------------------------------------------
The objective of our audit was to determine whether the FDIC
adequately follows up on BSA violations reported in examinations of
FDIC-supervised financial institutions to ensure that they take
appropriate corrective action. The scope of our audit included
examinations conducted by the FDIC or State regulatory agencies, and
examinations in which the FDIC participated in a joint capacity with
State regulatory agencies from January 1, 1997 through September 30,
2003.
The FDIC Had Cited a Significant Number of Institutions for BSA
Violations
Of the 5,662 financial institutions that the FDIC supervised (on
average) during the time period covered by our audit, 2,672
institutions (approximately 47 percent) had been cited for at least one
BSA violation. Those violations included citations for not complying
with the Treasury Department's Financial Recordkeeping and Reporting
Requirements, that is, filing CTR's, and not adequately implementing
BSA compliance programs as required by the FDIC's Rules and
Regulations. Of those 2,672 institutions, 458 (approximately 17
percent) had been cited for repeat BSA violations.
Audit Shows High Rate of Significant and Repeat Violations, Many of
Which
Were Not Subject to Regulatory Action
We selected a random sample of institutions with violations for
detailed review. The random sample consisted of 22 institutions
selected from the 8 DSC regional or area offices, and another 19
institutions consisted of a judgmental sample of institutions with
repeat violations for a total of 41 institutions reviewed. We
determined that
35 of the 41 institutions (86 percent) were cited for
violations related to the Treasury Department's financial
recordkeeping and reporting requirements as prescribed in 31 CFR
Part 103, and
29 of the 41 institutions (71 percent) were cited for
deficient BSA compliance programs that did not meet the minimum
requirements of the FDIC Rules and Regulations.
Regarding violations of the Treasury Department's Regulations at 31
CFR Part 103, these financial institutions were most frequently cited
for failing to: File CTR's for nonexempted transactions over $10,000;
maintain records on sales of monetary instruments of $3,000 through
$10,000; furnish information required in CTR's, file CTR's timely, or
retain CTR's for 5 years; and treat multiple transactions totaling over
$10,000 as a single transaction.
With respect to the FDIC's Rules and Regulations Section 326.8, the
41 financial institutions in our sample were most frequently cited for
lack of independent testing of BSA compliance; failure to develop or
implement an adequate BSA compliance program; inadequate system of
internal controls for BSA compliance; and failure to provide adequate
BSA training.
We also determined that 27 of the 41 institutions had repeat BSA
violations. Of those 27 repeat institutions, 17 institutions (63
percent) were not subject to regulatory action for their repeat
violations, although other supervisory efforts such as follow-up
correspondence to bank management and visitations may have been in
progress. Of the 10 institutions that were subject to regulatory
action, only 1 was subject to a cease-and-desist order.\2\ DSC policy
states that repeat violations cannot be tolerated and that cease-and-
desist orders should be initiated in such cases.
---------------------------------------------------------------------------
\2\ The FDIC imposed a regulatory action for one institution that
did not have repeat violations bringing the total number of regulatory
actions taken for the sample we reviewed to 11.
---------------------------------------------------------------------------
In addition, Section 8(s) of the FDI Act states that, ``If the
appropriate Federal banking agency determines that an insured
depository institution . . . has failed to correct any problem with the
[BSA] procedures . . . which was previously reported . . . by such
agency, the agency shall issue an order . . . requiring such depository
institution to cease-and-desist from its violation . . ..'' In response
to our audit, the FDIC concluded that it was not required to issue
cease-and-desist orders in the case of every repeat BSA violation. The
Corporation believes that enforcement authority always involves some
element of discretion, including consideration of the nature of the
violation and supervisory judgment as to how best to address the
violation. As part of its response to our report, the Corporation
provided a legal opinion by its General Counsel that addresses
Congress's intent in Section 8(s). The opinion stated that:
The absence of a mandate to bring a cease-and-desist action to
address every violation of Section 8(s) or the regulations does
not imply that the alternative is to take no action. To the
contrary, the statutory intent must be to take an appropriate
corrective action based upon the severity of the problem, the
risk it poses, and the bank's willingness to comply
expeditiously.
We concur with the Counsel's guidance. However, as noted
previously, our audit identified cases where DSC had not taken
regulatory action to address repeat violations of BSA requirements.
FDIC's Reporting and Follow-Up On BSA Violations
For the 41 banks in our sample, we reviewed 82 reports of
examination that cited apparent and often multiple BSA violations. We
noted that not all BSA deficiencies described in DSC's examination
reports were cited in the violations section of the reports and tracked
in the FDIC's information system. For 25 (30 percent) of the 82
reports, DSC waited until the next examination to follow up on some or
all of the BSA violations, and corrective actions to address cited
violations often took more than 1 year. Also, DSC's regional offices
took various approaches to handling violations related to the filing of
CTR's and to referring bank violations to the Treasury Department.
Finally, we found that while many institutions had been cited for BSA
violations, there were few referrals to the Treasury Department during
the audit period, and most were made by one FDIC region.
Inconsistencies in Describing Deficiencies and Citing Violations
In reviewing DSC's reports of examination, we observed several
instances of BSA deficiencies described in the reports but not cited in
the Violations of Laws and Regulations section of the reports. On the
other hand, we also noted instances of BSA deficiencies similar to
those described that were cited as violations. Deficiencies that are
described in the reports of examination but not cited as violations may
receive less attention from bank management or in follow-up by DSC.
According to DSC officials, the examiners exercise judgment in
determining the significance of BSA concerns. That judgment includes
determining whether the weaknesses constitute:
apparent violation of laws or regulations, meriting inclusion
in the violations section of the examination report, or
noncompliance with DSC guidelines, meriting only mention in
the report as matters for bank management's attention, which may be
sufficient to eliminate concern.
Follow-up and Correction of Violations Was Not Always Timely
DSC's process for following up on violations cited in reports of
examination includes:
a request for the report to be considered in the bank's next
board meeting, with a record of actions taken entered into the
minutes;
a request for bank management to provide a response indicating
the actions taken to eliminate each cited violation or deficiency;
and
follow-up of the corrective actions at the next examination.
For the institutions included in our sample, we checked how often
and by what method DSC followed up on whether corrective actions had
been taken. We considered evidence related to DSC's follow-up actions
or the banks' corrective actions, as well as information from the
Treasury Department. As a result of our analysis of the process and our
review of the 82 reports that cited apparent BSA violations, we found
that:
For 20 reports, DSC followed up or pursued regulatory action
for certain violations before the next examination, including
additional correspondence, visitations, and regulatory actions such
as bank board resolutions, memorandums of understanding, or cease-
and-desist orders.
For 42 reports, DSC received evidence from bank management,
Treasury's FinCEN, or the Internal Revenue Service (IRS) that
certain violations had been corrected before the next examination,
and in many of these instances, corrective action took place before
the examination was completed.
For 25 reports, DSC waited until the next examination to
assess the adequacy of bank corrective actions for certain
violations.\3\
---------------------------------------------------------------------------
\3\ Note that the numbers do not total 82 because DSC used
different follow-up actions for some examination reports that cited
multiple violations.
We also observed that DSC regional and field offices exercised wide
discretion in deciding whether and when to follow up on the violations
or take regulatory action. In some cases, more than 1 to 5 years passed
before (1) bank management took corrective action that was effective to
prevent repeat violations or (2) DSC applied regulatory actions to
address continuing violations. As shown below, about two-thirds of the
violations took longer than 1 year to correct.
Time Taken to Address BSA Violations
------------------------------------------------------------------------
LENGTH OF TIME FOR ACTION NUMBER OF INSTITUTIONS *
------------------------------------------------------------------------
12 months or less....................... 27
------------------------------------------------------------------------
13 months-24 months..................... 13
------------------------------------------------------------------------
25 months-36 months..................... 16
------------------------------------------------------------------------
37 months-48 months..................... 10
------------------------------------------------------------------------
49 months-60 months..................... 1
------------------------------------------------------------------------
More than 60 months..................... 8
------------------------------------------------------------------------
* The number of institutions will exceed the 41 sampled institutions
because the length of time varied for institutions with multiple BSA
violations.
Source: OIG analysis of ViSION data and review of evaluation reports and
supplemental information provided by DSC for the 41 sampled
institutions.
DSC officials stated that follow-up on BSA violations often occurs
at the next FDIC examination rather than between examinations. Although
the FDIC can conduct visitations between regularly scheduled
examinations, we identified only a few visitations based on information
provided by DSC that addressed BSA violations.
Generally, the FDIC alternated examinations of the sampled
institutions with State regulatory agency examinations for those
institutions. However, 45 of the 72 examination reports we reviewed
from state regulatory agencies did not specifically address BSA
compliance. Therefore, the FDIC could not rely on those examinations to
determine whether bank management took corrective actions to address
previously cited violations or to identify any new BSA violations.
Consequently, follow-up by the FDIC on some previously cited BSA
violations did not occur until the next FDIC examination--generally 24
to 36 months after the violations were initially identified. This delay
in ensuring that BSA violations are corrected could result in
additional or continued BSA violations and could hinder the detection
of criminal activity.
Handling of Violations Related to CTR's
We also noted variations in the handling of violations related to
CTR's. While conducting examinations, examiners identified instances in
which financial institutions had improperly exempted customers from
currency transaction reporting requirements or otherwise failed to file
CTR's. According to DSC guidance, CTR's must be filed with the IRS
within 15 days following the date of the transaction (25 days if the
financial institution files electronically). For those institutions
that did not file CTR's within the specified timeframe, FinCEN requests
that examiners have bank officials request permission to backfile
CTR's. DSC regional offices did not handle violations related to the
backfiling of CTR's in a consistent manner. Some offices required the
institutions to request permission to backfile, while other offices
allowed the institutions, in cases that involved one or two CTR's, to
file without requesting permission to backfile.
Handling of Referrals to the Treasury Department
DSC referrals of bank violations to the Treasury Department were
infrequent. According to information provided by DSC, while 2,672
institutions were cited for violations, there were only 34 referrals
made from January 1, 1997 through December 31, 2003, and most of these
referrals were made by one DSC regional office. DSC officials added
that, since the Treasury Department has access to FDIC information on
BSA violations through a shared information system, further reporting
is not required. The Treasury Department sometimes requests copies of
applicable examination reports based on its analysis of the violations.
The following actions have
resulted from the referrals made by the FDIC from January 1, 1997
through December 31, 2003
27 institutions received cautionary letters or letters of
warning from the Treasury Department,
1 institution received a civil money penalty,
3 referrals were resolved by other means, and
3 referrals were still open.
In summary, the Treasury Department took action when referrals were
made but, in our assessment, FDIC only did so infrequently.
Report Recommends Strengthening Guidance Related to BSA Monitoring and
Follow-Up Processes
We concluded in our report that the FDIC had adequately followed up
on some BSA violations to ensure bank management has taken appropriate
corrective action. However, more could be done to better ensure that
prompt and effective actions are taken by bank management to ensure
compliance with BSA regulations.
In light of the increased Congressional interest in BSA compliance
and emphasis on national security concerns, we recommended that the
Corporation:
reevaluate and update its examination guidance to help ensure
adequate examiner follow-up and timely corrective action by bank
management;
discuss and update the referral policy with the Treasury
Department; and
encourage State coverage of BSA compliance, and develop
alternative processes to compensate for the lack of State coverage
of BSA compliance.
FDIC Management Agreed with Recommendations and Is Taking Steps to
Improve
Its BSA Program
DSC management agreed with our recommendations. DSC had taken steps
to initiate a reevaluation and update of its guidance, with interagency
cooperation, to address formal supervisory actions, follow-up actions,
citation of apparent violations, and recordkeeping and backfiling of
CTR's. DSC also agreed to work with the FDIC Legal Division to clarify
and update, as necessary, enforcement action guidance on BSA.
Further, DSC management agreed to pursue clarification of referral
procedures with the Treasury Department. Finally, DSC agreed to focus
on strengthening processes to address variations in the State
examination coverage of BSA and believed doing so would increase the
consistency and reliability of the follow-up to its BSA examinations.
Looking Ahead
Mr. Chairman, the goal of identifying and cutting off terrorist
funding is an essential one. The Government's success in accomplishing
that goal is dependent upon
collecting and analyzing necessary information, and disseminating and
sharing that information among appropriate law enforcement and
regulatory agencies. To that end, the Congress passed the BSA, and
later, the USA PATRIOT Act, to establish requirements and coordination
mechanisms for creating this free flow of information. While the FDIC
has been a leader in many initiatives aimed at complying with these two
Acts, we found and the Corporation has acknowledged it can do more. In
light of the knowledge we have gained since September 11 and more
recent terrorist threats, there are key questions that the FDIC should
consider, in conjunction with the Treasury Department and the other
financial regulators, as it looks to improve its BSA program.
Is risk-scoping BSA examinations and follow-up still the most
effective approach to deterring money laundering and terrorist
financing?
Are the policies and procedures for reporting certain cash
transactions and BSA violations to the Treasury Department, some of
which date to the early 1990's, currently effective?
Is the information reported to FinCEN by financial
institutions and regulators effectively evaluated and does it
ultimately result in timely preventive actions?
Mr. Chairman, we appreciate the opportunity to participate in this
hearing. We are prepared to assist in addressing these issues and have
additional audits planned in this area to help ensure that financial
institutions, through efficient and effective supervision by the FDIC,
will remain vigilant in implementing BSA programs that assist in
preventing money laundering and terrorism. I would be pleased to answer
any questions the Committee may have at this time.
RESPONSE TO A QUESTION OF SENATOR SHELBY
FROM JOHN D. HAWKE, JR.
A.1. Mr. Hawke, in addition to the Saudi and Equatorial Guinea
accounts, Riggs held numerous other foreign accounts, including
what many characterize as what we would call high-risk by
FinCEN and OFAC. They include, among others, Burma, Cuba, the
Sudan, Iraq, Iran, Syria, and Nigeria. If Riggs' BSA/AML
internal controls were so deficient, which is a given, should
we be concerned, in other words, should you be concerned that
many of these other embassy and special interest accounts could
suffer similar inadequacies and violations?
A.1. OCC examiners reviewed Riggs Bank's OFAC controls during
the January 2003 BSA examination and did not find any problems
with the bank's handling of OFAC country accounts. The
examiners reviewed the details of the Iraqi blocked accounts
and did not identify any deficiencies or noncompliance with
OFAC regulations. Subsequently, OCC examiners obtained and
confirmed that appropriate licenses were acquired for Riggs or
their banking customers to open accounts or transact business
within OFAC sanctioned countries of Burma, Cuba, Iran, Iraq,
the Sudan, Syria, and Yugoslavia (Balkans). The bank's OFAC
compliance procedures used in the opening account process have
also been assessed in subsequent exams and found to be
satisfactory.
Most of the above-mentioned OFAC sanctioned countries
having either Embassy or Mission accounts within Riggs's
Embassy Banking Division were closed in June 2004 as part of
the bank's decision to exit high-risk Embassy accounts. There
is one exception of an Iranian account that remains open and
blocked as required by OFAC. Under the terms of the cease-and-
desist orders, the bank is required to review the activity in
all high-risk Embassy accounts going back to January 1, 2001,
to ensure that Suspicious Activity Reports are filed where
appropriate. The OCC will evaluate Riggs Bank's compliance with
this and other requirements of the cease-and-desist orders in
October of this year.
�