[House Hearing, 114 Congress] [From the U.S. Government Publishing Office] EVALUATING THE SECURITY OF THE U.S. FINANCIAL SECTOR ======================================================================= HEARING BEFORE THE TASK FORCE TO INVESTIGATE TERRORISM FINANCING OF THE COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED FOURTEENTH CONGRESS FIRST SESSION __________ JUNE 24, 2015 __________ Printed for the use of the Committee on Financial Services Serial No. 114-36 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] U.S. GOVERNMENT PUBLISHING OFFICE 96-997 PDF WASHINGTON : 2016 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 HOUSE COMMITTEE ON FINANCIAL SERVICES JEB HENSARLING, Texas, Chairman PATRICK T. McHENRY, North Carolina, MAXINE WATERS, California, Ranking Vice Chairman Member PETER T. KING, New York CAROLYN B. MALONEY, New York EDWARD R. ROYCE, California NYDIA M. VELAZQUEZ, New York FRANK D. LUCAS, Oklahoma BRAD SHERMAN, California SCOTT GARRETT, New Jersey GREGORY W. MEEKS, New York RANDY NEUGEBAUER, Texas MICHAEL E. CAPUANO, Massachusetts STEVAN PEARCE, New Mexico RUBEN HINOJOSA, Texas BILL POSEY, Florida WM. LACY CLAY, Missouri MICHAEL G. FITZPATRICK, STEPHEN F. LYNCH, Massachusetts Pennsylvania DAVID SCOTT, Georgia LYNN A. WESTMORELAND, Georgia AL GREEN, Texas BLAINE LUETKEMEYER, Missouri EMANUEL CLEAVER, Missouri BILL HUIZENGA, Michigan GWEN MOORE, Wisconsin SEAN P. DUFFY, Wisconsin KEITH ELLISON, Minnesota ROBERT HURT, Virginia ED PERLMUTTER, Colorado STEVE STIVERS, Ohio JAMES A. HIMES, Connecticut STEPHEN LEE FINCHER, Tennessee JOHN C. CARNEY, Jr., Delaware MARLIN A. STUTZMAN, Indiana TERRI A. SEWELL, Alabama MICK MULVANEY, South Carolina BILL FOSTER, Illinois RANDY HULTGREN, Illinois DANIEL T. KILDEE, Michigan DENNIS A. ROSS, Florida PATRICK MURPHY, Florida ROBERT PITTENGER, North Carolina JOHN K. DELANEY, Maryland ANN WAGNER, Missouri KYRSTEN SINEMA, Arizona ANDY BARR, Kentucky JOYCE BEATTY, Ohio KEITH J. ROTHFUS, Pennsylvania DENNY HECK, Washington LUKE MESSER, Indiana JUAN VARGAS, California DAVID SCHWEIKERT, Arizona FRANK GUINTA, New Hampshire SCOTT TIPTON, Colorado ROGER WILLIAMS, Texas BRUCE POLIQUIN, Maine MIA LOVE, Utah FRENCH HILL, Arkansas TOM EMMER, Minnesota Shannon McGahn, Staff Director James H. Clinger, Chief Counsel Task Force to Investigate Terrorism Financing MICHAEL G. FITZPATRICK, Pennsylvania, Chairman ROBERT PITTENGER, North Carolina, STEPHEN F. LYNCH, Massachusetts, Vice Chairman Ranking Member PETER T. KING, New York BRAD SHERMAN, California STEVE STIVERS, Ohio GREGORY W. MEEKS, New York DENNIS A. ROSS, Florida AL GREEN, Texas ANN WAGNER, Missouri KEITH ELLISON, Minnesota ANDY BARR, Kentucky JAMES A. HIMES, Connecticut KEITH J. ROTHFUS, Pennsylvania BILL FOSTER, Illinois DAVID SCHWEIKERT, Arizona DANIEL T. KILDEE, Michigan ROGER WILLIAMS, Texas KYRSTEN SINEMA, Arizona BRUCE POLIQUIN, Maine FRENCH HILL, Arkansas C O N T E N T S ---------- Page Hearing held on: June 24, 2015................................................ 1 Appendix: June 24, 2015................................................ 39 WITNESSES Wednesday, June 24, 2015 Carlson, John W., Chief of Staff, Financial Services Information Sharing and Analysis Center (FS-ISAC).......................... 10 Poncy, Chip, Senior Advisor, Center on Sanctions and Illicit Finance at the Foundation for Defense of Democracies, and Founding Partner, Financial Integrity Network.................. 8 Vance, Hon. Cyrus R., Jr., District Attorney, New York County.... 6 APPENDIX Prepared statements: Carlson, John W.............................................. 40 Poncy, Chip.................................................. 60 Vance, Hon. Cyrus R., Jr..................................... 81 Additional Material Submitted for the Record Ellison, Hon. Keith: Article from the New York Times entitled, ``Homegrown Extremists Tied to Deadlier Toll Than Jihadists in U.S. Since 9/11,'' dated June 24, 2015.......................... 86 Southern Poverty Law Center Hate Map (Active U.S. Hate Groups by State).................................................. 89 Written responses to questions for the record submitted to John W. Carlson............................................ 90 EVALUATING THE SECURITY OF THE U.S. FINANCIAL SECTOR ---------- Wednesday, June 24, 2015 U.S. House of Representatives, Task Force to Investigate Terrorism Financing, Committee on Financial Services, Washington, D.C. The task force met, pursuant to notice, at 2:30 p.m., in room 2128, Rayburn House Office Building, Hon. Michael Fitzpatrick [chairman of the task force] presiding. Members present: Representatives Fitzpatrick, Pittenger, King, Stivers, Ross, Barr, Rothfus, Schweikert, Williams, Poliquin, Hill; Lynch, Sherman, Green, Ellison, Himes, and Sinema. Ex officio present: Representative Waters, Chairman Fitzpatrick. Thank you everyone for joining us today for the third hearing of the House Financial Services Committee's Task Force to Investigate Terrorism Financing. Today's hearing is entitled, ``Evaluating the Security of the U.S. Financial Sector.'' Through the first hearings of this task force, we have heard about the extensive reach--both in terms of impact and funding--of the terror groups that the United States and allied nations face today. From the Middle East to South America, we have examined the new methods of financing that these organizations are utilizing to spread and carry out their warped ideological aims. Terrorist groups no longer rely solely on ``big-pocket donors,'' or even state sponsors, but have diversified their streams of revenue to include a wide array of activities. Non- traditional funding methods--from antiques dealing and the sale of illicit oil in Iraq and Syria, to the drug trade and extortion in the Tri-Border Area of Argentina, Brazil, and Paraguay--have transformed these groups from regional entities to trans-national criminal syndicates. With this global scope, it is vital that the United States works with the international community to address these challenges. However, it is equally important that we look inward to assess the security of our own financial sector. That is the focus of today's hearing. Many groups are constantly seeking to access and exploit the U.S. financial system. The complexity and sheer size of our financial system has created avenues within which criminals may move, hide, and launder their funds. Many of these groups understand our system's weaknesses and gray areas with respect to beneficial ownership and customer due-diligence standards and they exploit it to our detriment. Aside from the threat of actors operating within it, the United States financial system itself should also be considered a target for terrorists. Over the past several years, there has been a noticeable rise in the number of cyber-related attacks on United States businesses and government agencies, launched by state and non- state actors alike. This is attributed to the fact that such attacks cost very little to carry out, but have potential to cause severe problems and inflict great costs on the victim attempting to carry out the defense. The United States financial sector is too important for this task force to overlook when seeking to address the nexus of terrorism and finance. The continued innovation and evolution by our enemies highlights the importance of this body's role in the fight against terror. The United States must do better when defending our financial system and addressing the threats operating within it. The risk is too great to ignore. I am confident that today's dialogue between this bipartisan group of Members and the panel of expert witnesses that we have before us will help us to understand where our system is vulnerable and how these vulnerabilities should be corrected. At this time, I would like to recognize for 3 minutes the task force's ranking member, my colleague from Massachusetts, Mr. Lynch, who has been a valuable asset to the task force. Mr. Lynch. Thank you, Mr. Chairman. I want to thank the members of the panel as well, the witnesses, for helping the task force with its work. This is our third hearing. The first two were focused on the global reach of anti-terrorist financing. And I look forward to this third hearing which is going to actually look at the opportunity to evaluate the domestic security of the U.S. financial sector in order to better protect it from terrorist threats. It is an inward-focused perspective which I think is eminently necessary. It is crucial that our task force, as part of the Financial Services Committee, devotes resources to assessing the security of the U.S. financial sector. As our witnesses highlighted in their prepared remarks, the size and complexity of the financial sector makes it vulnerable for abuse by terrorist organizations. Shell companies and vulnerabilities in our financial system's cyber infrastructure are two areas that are particularly susceptible to exploitation by terrorists. Shell companies particularly are being used to mask the identities of people who actually control or profit from these companies, the beneficial owners. And unfortunately, the United States does not currently collect information on beneficial owners. As Mr. Vance, a seasoned New York County district attorney, described in his prepared remarks, criminals and terrorists exploit our inadequate incorporation procedures and the anonymity in those procedures in order to conceal the illicit conduct. This makes it hard for law enforcement to follow the money to the ultimate owner. At this point, I want to yield to Mr. Brad Sherman of California for a brief opening statement. Mr. Sherman. I have a very quick statement that relates to the chairman's comments about cyberattacks from state actors. It is a step away from the exact focus of the hearing. The best defense against state actors attacking our cyber system is a good offense. We are too politically correct to have a good offense. We only go after government targets, we only take the information for government files. China is uniquely vulnerable to us if we choose to be politically incorrect. What we need to do is gather information about the assets and expenditures of their top 1,000 governmental officials, none of whom, I might add, are reported on personal financial disclosure statements filed with the ethics committee of any parliament. And if we were to expose even a few of the tasty tidbits, China would no longer be hacking into our system. But that is not politically correct. We will have bureaucrats asking us for money. They will only want to spend money on defense; they are a little wary of offense. And so, we will continue to be a punching bag, trying only to defend ourselves. I yield back. Mr. Lynch. I would like to also yield 1 minute for a brief statement to Ms. Sinema of Arizona. Ms. Sinema. Thank you, Chairman Fitzpatrick, and Ranking Member Lynch. The Administration has identified the financial services sector as critical infrastructure integral to our national security. Cyberattacks on U.S. critical infrastructure, including the financial sector, come from states, terrorists, criminals, and hacktivists. Sharing information about cyber breaches and threats is critical to ensuring the financial institutions and affected parties effectively prepare for and respond to cyberattacks. However, this doesn't always occur. Firms and industry groups have cited concerns over violating privacy and antitrust laws as a reason that they are reluctant to share information. So we must make it easier for the private sector to successfully access threat information and remove barriers to sharing within the private sector and with the Federal Government. Information sharing is an important tool for protecting information systems and their contents from unauthorized access from cyber criminals. But it is only one of the many assets of cybersecurity that organizations must address to secure their systems and information. I am looking forward to continuing to work with my colleagues on both sides of the aisle to reduce vulnerabilities in the cybersecurity ecosystem and strengthen measures to protect our critical infrastructure. And I am looking forward to hearing more from our witnesses today about the essential elements of effective cyber-threat information-sharing legislation. Thank you. I yield back. Chairman Fitzpatrick. I now recognize the vice chairman of the task force, Mr. Pittenger of North Carolina, for 1 minute for the purpose of making an opening statement. Mr. Pittenger. Thank you, Mr. Chairman. And thank you to Ranking Member Lynch for your continued efforts with this task force. Recent reports from the State Department and the Treasury Department have further highlighted the priority that we must place in our counter-terrorist financing efforts. The 2014 State Department Country Reports on Terrorism make it clear that terrorism is becoming more prevalent. The number of attacks increased by 35 percent with 3,000 more attacks in 2014 than 2013, and fatalities increased 81 percent to 32,727 deaths in 2014. And the National Terrorist Financing Risk Assessment shows that while we have made progress in undermining terrorist financing, there are still vulnerabilities in our system and more could be done. While the United States is in compliance with the majority of the Financial Action Task Force (FATF) recommendations, we have our own noncompliance issues. I look forward to continuing to work with this task force to achieve this, including efforts to increase the cooperation between the public and the private sector. I look forward to the testimony today and the views of our distinguished witnesses on what else can be done to stop the flow of money to terrorists. Thank you, Mr. Chairman. And I yield back. Chairman Fitzpatrick. We now welcome our witnesses. And I recognize the gentleman from New York, Mr. King, for the purpose of introducing the district attorney of New York County. Mr. King. Thank you, Mr. Chairman. Thank you for giving me this privilege because it really is a privilege to introduce Cy Vance to this committee. Cy Vance comes from a tradition of district attorneys in New York where his two predecessors, Frank Hogan and Robert Morgenthau, between the 2 of them served for more than 65 years. So this is a very distinguished office and Cy Vance more than fits the bill; he more than lives up to the standards of that office. He was elected in 2009. He was re-elected with 91 percent of the vote in 2013. All of us can only envy that vote margin. But before that, he was a leading prosecutor and also had a very successful career in the private sector. The main reason he is uniquely qualified today is that his office, the district attorney's office located in the world financial capital, has been extremely active in international financial issues, recovering billions of dollars from institutions that have violated sanctions, and on the issue of terrorism itself; he was the first district attorney to obtain a terrorist conviction in New York State courts. It was the Pimentel case which other prosecutors, including the Federal Government, did not want to go near because they thought it could not be won. The fact is a conviction was obtained and it was a very, very significant conviction for the district attorney. So I look forward to District Attorney Vance's testimony here today. I can tell you--I am saying this as a Republican--that he is universally respected in New York by all political parties, by members of the bar, by police, by law enforcement, and by defense counsel. And his testimony today will be extremely illuminating and helpful. And Cy, it is a real privilege to have you here today. Mr. Chairman, I yield back. Chairman Fitzpatrick. Thank you. Welcome to the panel, Mr. Vance. Next, we have Chip Poncy, a founding partner of the Financial Integrity Network, and a senior adviser of the Center on Sanctions and Illicit Finance at the Foundation for Defense of Democracies. Mr. Poncy previously served as the interim head of financial crimes compliance from Mexico and the Latin American region for one of the world's largest banks. Mr. Poncy also served as the inaugural director of the Office of Strategic Policy for Terrorist Financing and Financial Crimes and as a senior adviser at the U.S. Department of the Treasury. From 2010 to 2013, Mr. Poncy led the United States delegation to the Financial Action Task Force where he co- chaired a policy working group and managed United States participation on illicit finance expert groups. Mr. Poncy graduated with honors from Harvard University, received a masters degree in international relations from the Johns Hopkins School of Advanced International Studies, and holds a law degree from the Georgetown University Law Center. He also graduated from high school with Representative Rooney of Florida, further distinguishing himself. So, we welcome you. And finally, we have John Carlson, the chief of staff at the Financial Services Information Sharing and Analysis Center, or the FS-ISAC. Prior to joining the FS-ISAC, Mr. Carlson served as the executive vice president of BITS, the Technology and Policy Division of the Financial Services Roundtable. There, Mr. Carlson led cybersecurity, technology, and collaboration programs for 12 years and participated in the Financial Services Sector Coordinating Council. Mr. Carlson also served as managing director of Morgan Stanley's Operational Risk Department and in a variety of leadership roles at the Office of the Comptroller of the Currency, the Office of Management and Budget, the Federal Reserve Bank of Boston, and the United Nations Center for Human Settlements. Mr. Carlson graduated from the University of Maryland, and received a masters degree in public policy from the Kennedy School of Government at Harvard University. The witnesses will now be recognized for 5 minutes each to give an oral presentation of their testimony. And without objection, the witnesses' written statements will be made a part of the record. Once the witnesses have finished presenting their testimony, each member of the task force will have 5 minutes within which to ask questions. On your table there are three lights: green; yellow; and red. Yellow means you have 1 minute remaining, and red means your time is up. The microphone is sensitive, so please make sure that you are speaking directly into it. With that, Mr. Vance, you are now recognized for 5 minutes. Just make sure the microphone is turned on as well. STATEMENT OF THE HONORABLE CYRUS R. VANCE, JR., DISTRICT ATTORNEY, NEW YORK COUNTY Mr. Vance. Good morning, Chairman Fitzpatrick, Ranking Member Lynch, Representative King, and members of the Task Force to Investigate Terrorism Financing. As the head elected law enforcement official for New York County, which is a target for terrorism from around the world, I want to thank you for taking on this crucial issue, and for the opportunity to talk to you and with you today. I came to share with you the perspective of State and local law enforcement on nontransparent beneficial ownership and the ease with which criminals and terrorists can operate anonymously in our jurisdictions. As Representative King indicated, because of my office's location in Manhattan as a global financial capital, our office has the responsibility to interrupt terrorism financing and other financial crime. And for decades, our office has conducted investigations that rely on financial tracing and analysis to root out these crimes along with money laundering, sanctions violations, human trafficking, cyber crime, and other frauds. Like many in white-collar law enforcement, our way of doing business is to identify the money and to follow the money, which in most cases means issuing subpoenas for records from financial institutions and pursuing the leads that those records provide. But sometimes those records lead nowhere. I want to share an anecdote which should be disturbing. It is not, unfortunately, uncommon. While I was preparing for my testimony here, an investigator in my office entered the phrase ``incorporate Delaware company'' into a Google search. And she called an incorporation services vendor that appeared in her search results. Putting on her best accent, she stated that she lives in France, that she wanted to incorporate a company in Delaware, but that she wished to remain anonymous because of ``estate issues'' in her country. And she was told that wouldn't be a problem. A corporation could be set up in 5 minutes; she needed to provide only a name and an email address. And that interchange, I believe, highlights starkly what I and my colleagues know very well: That criminals currently can and do make use of our lax incorporation procedures and the anonymity those procedures permit in order to carry out and conceal illegal conduct. On a nearly daily basis, we encounter a company or a network of companies involved in suspicious activity, but we are unable to glean who is actually controlling and benefiting from those entities and from their illegal activity. In other words, we cannot identify the criminal. And that is not because entities are incorporated in an offshore tax haven like the Cayman Islands. That country actually collects beneficial ownership information. Often, that entity is instead incorporated in the United States, and it is incorporated in the United States precisely because we don't collect beneficial owner information. And in this important way, a prosecutor sitting in the Cayman Islands is better positioned to root out terrorism finance in her own markets than I am in ours. Too frequently, an anonymous incorporation record spells the end to our investigative road. And when we are able with much time and effort to overcome that obstacle, we often find that the criminals have purposely relied on our lax incorporation requirements. Recently, for example, a New York County grand jury indicted eight individuals in a sprawling pump-and-dump securities fraud scheme in which stock promoters and company insiders reverse-merged private companies with no publicly traded securities into existing public shell companies. They concealed their control of the shell companies by using nominees to purchase them and to hold the publicly traded shares in their names. But the scheme's mastermind appears nowhere in the incorporation documents and held none of the company's shares in his name. As in so many of our cases, disguised beneficial ownership is precisely what enabled this scheme. The perils of anonymous incorporation go well beyond securities fraud. Shell companies doing business in New York can be used to disguise the activities of entire foreign governments. In 2006, my office was investigating the Alavi Foundation, a not-for-profit organization which owned a 60 percent stake in a 36-story office building in midtown Manhattan. The remaining 40 percent was owned by the Assa Corporation, a New York incorporated entity, and by Assa Company Limited, which was incorporated in the Channel Islands. We ultimately determined that the Assa entities were merely shells being used to disguise the building's actual owner, a bank called Melli. Bank Melli, as you may be aware, is wholly owned by the government of Iran. It was designated by the Office of Foreign Assets Control (OFAC) as a key financier to Iran's nuclear and ballistic missiles program and as a banker to the country, the Revolutionary Guard, and the Quds Force. The building generated substantial rental income which was diverted to the shell companies and from there to Bank Melli. My office routinely collaborates with foreign law enforcement to incapacitate cross-border threats. But time and time again, we find that our international partners are better situated to assist us in thwarting terrorism and financial crime than vice versa. It is detrimental to those partnerships when we have to tell our international law enforcement friends that we can't assist them in taking down U.S.-incorporated terrorist enterprises because information about the owners of the entities formed in our own States is beyond our reach. A simple requirement to identify beneficial owners on State incorporation forms would vastly improve the capacity of American law enforcement to attack terrorism finance and disrupt terror plots. Thank you for the opportunity to testify today. [The prepared statement of District Attorney Vance can be found on page 81 of the appendix.] Chairman Fitzpatrick. Mr. Poncy, you are now recognized for 5 minutes. STATEMENT OF CHIP PONCY, SENIOR ADVISOR, CENTER ON SANCTIONS AND ILLICIT FINANCE AT THE FOUNDATION FOR DEFENSE OF DEMOCRACIES, AND FOUNDING PARTNER, FINANCIAL INTEGRITY NETWORK Mr. Poncy. Chairman Fitzpatrick, Vice Chairman Pittenger, Ranking Member Lynch, and other distinguished members of the task force, I am honored by your invitation to testify today, particularly with such a distinguished panel. There are important steps that this task force can take to strengthen the security of our financial system, the integrity of our economic markets, and our national and collective security. Such steps will help combat terrorism, transnational organized crime, WMD proliferation, and corrupt elites by denying these and other national security threats access to the financial services they require. These steps will also strengthen our ability to identify, pursue, and disrupt illicit financing networks that fuel and enable these threats. These steps must focus on addressing systemic challenges to our financial integrity. Such challenges stem largely from weaknesses in implementing global anti-money- laundering and counter-terrorist financing standards, standards that U.S. leadership has helped create through the Financial Action Task Force, or FATF. These global standards direct countries to implement comprehensive anti-money-laundering, counter-terrorist financing regimes that deliver financial transparency and financial accountability. Financial transparency allows us to track and trace illicit financing across an increasingly globalized financial system. Financial accountability ensures that our financial institutions implement the systems and controls required to deliver financial transparency. Financial accountability also ensures the aggressive pursuit, disruption, and deterrence of illicit financing activity, actors, and assets that infiltrate our system. In an increasingly globalized financial system, economy and threat environment, we must pursue a global approach to achieving these objectives. Such an approach must build upon our success in leading the global implementation of the international framework for anti-money laundering and combating the financing of terrorism (AML/CFT) regimes that deliver financial transparency and accountability. This requires legislation and rulemaking to close key gaps in implementing a number of FATF global standards essential to achieving financial transparency here at home. It also requires continued aggressive enforcement and a strengthened partnership with the financial sector to facilitate compliance with financial transparency requirements. And it requires additional resources to expand targeting of illicit financing networks. This committee can strengthen U.S. leadership in overcoming these challenges by taking the following 10 steps that will significantly enhance financial transparency and accountability. One, adopt legislation expanding the purposes of the Bank Secrecy Act (BSA) to explicitly include protecting the integrity of the financial system. Such legislation is required to underscore the importance of partnership with the financial institutions that comprise our financial system. Two, adopt legislation to require the disclosure and maintenance of meaningful beneficial ownership information in our company formation processes. Such legislation is required to address the chronic abuse of legal entities that mask the identities and illicit financing activities of the full scope of criminal and illicit financing activities in actors. Three, collaborate with the Treasury Department to consider legislation that strengthens the information-sharing provisions of Section 314 of the USA Patriot Act. Such action may assist in addressing systemic challenges to financial integrity posed by information-sharing constraints. Four, support the issuance of Treasury's proposed rule on customer due diligence, consistent with that of standards. Such action is required to address the systemic challenges posed by CDD practices that fall below global standards here in the United States and particularly with respect to beneficial ownership. Five, support Treasury's consideration to extend AML/CFT preventive measures to investment advisers and financial intermediaries and real estate transactions, consistent again with global standards. This action is required to help address the systemic challenges created by gaps in our financial system that are not covered by AML/CFT regulation. This includes a blind spot with respect to more than $66 trillion of assets under management, held by investment advisers that currently sit outside the scope of AML/CFT regulation in our markets. Six, support Treasury's consideration of lowering the record-keeping and travel-rule thresholds, consistent with that of standards. Seven, provide protective resources for Treasury to enhance examination and supervision of BSA-covered industries that lack a Federal functional regulator. Eight, provide protective resources for the IRS and Department of Justice to enhance financial investigations of illicit financing networks. Such action is needed to strengthen the systemic pursuit of illicit financing networks of the criminal investigative and prosecutorial authorities that are the best suited and the best trained to support this mission. Nine, provide protective resources for Treasury to enhance targeting of primary money-laundering concerns under Section 311 of the Patriot Act and targeting of illicit financing networks under national security authorities. Such action is needed to give the Treasury the resources it requires to continue applying targeted financial measures that effectively disrupt a growing range of criminal and national security threats. And ten, provide protective resources for Treasury to develop foreign capacity in critical financial centers to support the effective implementation of targeted financial measures. These 10 steps outline the foundation for an action plan that this committee can move forward with to strengthen our financial integrity and the effectiveness of our counter- illicit-financing mission. Once again, I am honored to testify here today in support of those who, across our government and financial services industries, fight every day to protect our financial integrity. They are literally the best in the world in advancing this mission and their continued success will require your ongoing support. Thank you. [The prepared statement of Mr. Poncy can be found on page 60 of the appendix.] Chairman Fitzpatrick. Thank you. Mr. Carlson, you are now recognized for 5 minutes. STATEMENT OF JOHN W. CARLSON, CHIEF OF STAFF, FINANCIAL SERVICES INFORMATION SHARING AND ANALYSIS CENTER (FS-ISAC) Mr. Carlson. Great. Thank you very much, Mr. Chairman. My name is John Carlson, and I am the chief of staff of the Financial Services Information Sharing and Analysis Center (FS- ISAC). FS-ISAC is a not-for-profit formed in 1999 in response to Presidential Decision Directive 63 of 1998. My written statement includes some details on our 16-year history, our 6,000 member organizations, what we do, and how we engage with the United States and others around the globe. Briefly, we play a critical role in sharing cyber and physical threat information, conducting coordinated contingency planning exercises, managing rapid response communications for both cyber and physical events, such as Hurricane Sandy of 2012, and fostering collaborations with other key sectors and government agencies. Thank you for inviting me to testify today at this hearing on evaluating the security of the U.S. financial sector. The current security threat environment continues to evolve and intensify. It affects all institutions regardless of size and type. Increasingly other sectors such as retailers and health care providers and, yes, even our own Federal Government, face these same threats. We see malicious cyber actors with increasing sophistication and growing persistence. These actors vary considerably in terms of motivation and capability. They range from nation states conducting espionage and sponsoring what we call distributed denial of service (DDOS) attacks, advanced cyber criminals who seek to steal money, terrorists looking to finance their activities, and hacktivists intent on making political statements. There are numerous tactics that malicious cyber actors use to target financial institutions. Among these, the following are concerning: targeted spear phishing campaigns; ransom-ware attacks; distributed denial of service attacks; a new one, business email compromise leading to fraudulent wire transfers; supply chain risks; a blending of physical and cyberattacks like we have seen in some of the attacks going after ATM networks; and of course, insider threats which oftentimes yield the most damaging results. The quote often attributed to Willy Sutton that he robbed banks because that is where the money is, reminds us why financial institutions are often the subject of cyberattacks. However, that quaint quote does not capture the entirety of the situation we face today. We are also observing that financial institutions are being targeted in response to international conflicts. Perhaps the best visible example of this was the DDOS attack several years ago when an organization backed by a foreign country targeted dozens of financial institutions over many months. The persistent, organized attacks were very disruptive. The only silver lining is that they resulted in unprecedented levels of information sharing among financial institutions and with the U.S. Government. For example, the information shared by firms that were attacked during the first wave benefited firms targeted during the second, third, and fourth waves. They also resulted in elevating cyber to a CEO-level issue, where it remains today. The financial sector is increasingly concerned with the potential for attacks that could undermine the integrity of the financial system through data manipulation and destruction. In response, my organization, working with others, has launched a task force with over 80 representatives from firms and government agencies to develop best practices on how to mitigate and respond to potential destructive malware attacks. These are serious concerns and we are addressing them in a serious manner. We are investing in the future and fostering collaborations to better match the threat environment. For example, last year we launched with the Depository Trust and Clearing Corporation, Soltra Edge, a game-changing new service that automates cyber threat information sharing. Soltra Edge leverages two open standards: the Structure Threat Information eXpression, or STIX; and the Trusted Automated eXchange and Indicator Information, also called TAXII, that the Department of Homeland Security funded and the MITRE Corporation developed. I certainly don't want to leave you with the impression that the financial sector needs more regulation to address the cyber challenge. In my written statement, I explain the extent to which the financial sector is regulated based in part on the Gramm-Leach-Bliley Act of 1999, as well as extensive supervisory guidance that regulators have issued over the past 15 years. I also explain how our sector's strong risk management culture and our leadership in collaborating with other sectors and government agencies is critical to our success in repelling these attacks. Let me conclude by saying that the information-sharing practices that our sector uses today are working well to the point that other sectors are looking to us for guidance and best practices. However, much more needs to be done given the increasing risks our sector and country faces. I outline in my written statement some recommendations for actions for the Congress and the Administration that could supplement these efforts. In short, the Congress can play a constructive role by enacting cyber-threat information-sharing legislation, which I know the House has passed, and it is awaiting action in the Senate; encouraging financial regulators to harmonize regulatory requirements; and supporting other efforts by the Administration to enhance information sharing and cyber protections. Thank you for the opportunity to testify. [The prepared statement of Mr. Carlson can be found on page 40 of the appendix.] Chairman Fitzpatrick. We thank the panel of expert witnesses for your opening statements here to the task force. At this point, each of the Members will be recognized for 5 minutes for the purpose of asking questions. I now recognize myself for questions. Mr. Poncy, in your testimony you mentioned actions, and you have mentioned this in the past as well, actions that could be taken by the United States to meet the FATF global standards, customer due diligence rule, you have mentioned lowering the travel record-keeping threshold from $3,000 to $1,000. What are the obstacles the United States Treasury Department is encountering which are prohibiting adoption of some of these rules at this point? Is it lack of resources? Is it political will? What do you believe it is? Mr. Poncy. Thank you, Congressman. Two great questions, and I think the answer is a combination of a lack of understanding of the importance of those rulemakings to protecting our financial integrity, and a stretch of resources that are required to advance our counter-illicit-financing mission. The Treasury Department, the investment of the Treasury Department to manage the security of the financial system is a fraction of the investment that is made across our national security infrastructure. That is no secret. Main Treasury is very small. It operates like a professional firm. It also has responsibility to manage the integrity of not just the U.S. financial system, but in today's globalized economy, pretty much the global financial system. The people at the Treasury Department work harder than any of the folks that I have worked with throughout my career. To ask them to continue the expansion of this mission, due to its success, what started as a counterterrorism financing campaign built on the back of AML systems and has now expanded to include threats against transnational organized crime, WMD proliferation, grand-scale corruption, cyber crime, is being done with the same group of people who were working 24-hour shifts to combat terrorism financing after 9/11. They need more resources. It is just that simple. But in addition to that, they need support, not only of the Congress, but of the general public. The American Bankers Association and the American Bar Association have been visibly absent from supporting Treasury's role in customer due diligence. This is evident in the comments with respect to the rulemakings that Treasury has proposed. Some of the concerns they have raised are important concerns. Treasury has engaged in historic outreach on these rulemakings. In the 40-year history of the BSA, the Treasury Department had never conducted a cross-country campaign in New York, Washington, Miami, Chicago, or L.A. with banks, with broker dealers, with insurance companies, with futures commissions merchants, with money service businesses, to understand the challenges of implementing customer due diligence and to get it right. I would submit that the proposed rule that Treasury issued last July gets it right. Getting that rule from a proposed rule to a final rule requires more visibility and more support from the Congress and from the general public. Thank you. Chairman Fitzpatrick. Mr. Vance, you have been one of the Nation's leaders ringing the bell on the whole issue of beneficial ownership. You are doing it as a law enforcement professional working with mainly State, city, county, and other law, and there is some intersection with Federal agencies. Recently, the Treasury issued a notice of rulemaking on this subject of beneficial ownership. I was wondering if you were familiar with that notice and if you have any comments on that? Mr. Vance. In all honesty, Congressman, I am not familiar with it in detail, so I don't want to mislead you before I answer the question. Chairman Fitzpatrick. What it would do, is ease compliance burdens compared with the advanced notice of proposed rulemaking which would have forced institutions to verify that beneficial owners listed by an account holder were actually the entity's beneficial owner. Mr. Vance. Congressman, our issue is our ability to access that information for State prosecutors. So if we have to go to the IRS, for example, to get that information, current law does not permit us to just go to the IRS and obtain information that we can then use to investigate. So I think that is a step, but my preference, as I indicate in my testimony, is that there be a 50-State solution to this whereby beneficial ownership is required upon incorporation and that will give prosecutors like myself equal and direct access through grand jury subpoenas to information that is vital for us to protect our communities. Chairman Fitzpatrick. I am going to ask each of you, if you can make one suggestion on the issue of information sharing, we will start with Mr. Carlson, a suggested amendment or change to Section 314 of the USA Patriot Act, what would it be? Mr. Carlson. I don't know the specifics on Section 314, but I think in general we are looking for protections to share information so you are not held liable for sharing that information, as well as protections from disclosure, such as the Freedom of Information Act, if you are sharing information with the government. I think within the financial sector, we actually have developed a mechanism to share that kind of information, but we need further protections in order to encourage others to start sharing and to give them some legal cover in case they do share and that information gets released. Chairman Fitzpatrick. Mr. Poncy, could you quickly suggest a recommendation? Mr. Poncy. Thank you, Congressman. There are two elements of Section 314 that bear re-examination. One is that 316B allows financial institutions to share information related to combating financial crime and achieving safe harbor from different types of liability associated with information sharing. But the type of information sharing that is anticipated under 314 is not necessarily the most expansive imaginable. What we want, what we need is to have our best compliance teams sitting in our global banks working with one another to map illicit financing networks. We know a lot of people who do this. They used to do this at the Treasury Department. They used to do this at the FBI. They used to do this in the Manhattan DA's office. And they are some of the best investigators in this we have. They cannot sit down with one another with their customer data and link this up to figure out where illicit networks are penetrating our institutions. So one is the kind of information sharing that we are talking about. And two is what is a permissive allowance perhaps should be a requirement. So those would be two suggestions to start. Chairman Fitzpatrick. Thank you. My time has expired. I would like to recognize the ranking member of the full Financial Services Committee, Ms. Waters of California. Ms. Waters. Thank you very much. I would like to address this question to Mr. Cyrus Vance. The Patriot Act allowed FinCEN to temporarily exempt certain categories of entities and institutions from having to establish a basic anti-money-laundering program that entails developing internal policies, procedures, and controls, designating a compliance officer, providing for ongoing employee training, and an independent audit function to test programs. Today, nearly 14 years after the Patriot Act was passed, there are a number of categories of institutions that remain exempt from these basic requirements. The list of exempted entities includes pawn brokers, travel agencies, sellers of vehicles, including automobiles, airplanes and boats, persons involved in real estate closings and settlements, private bankers, commodity pool operators, commodity trading and advisers, and investment companies. Do you believe it is time for Treasury to revisit whether the exemptions for the entities I just listed continue to be appropriate? Mr. Vance. I do, Congresswoman. I think you answered your question by asking it. We have 5 years--much more experience now as a result of the Patriot Act and I think some of the categories of industry that you talk about are now ones that should be looked at in order to consider whether they should be included. Ms. Waters. Thank you very much. Let me go to Mr. Poncy. I understand that you were at Treasury, is that right? Mr. Poncy. That is right, ma'am. Ms. Waters. And so the question that I just asked, could you please give us your take on that? Mr. Poncy. Thank you very much. And I am always happy to have the Manhattan district attorney take the words out of my mouth. I couldn't agree more. I certainly think it is time to re-examine it, but it is important how we do it. The limited resources we have over our regulatory system are such that even for sectors that we have nominally regulated, we cannot ensure their integrity. So we have at the moment BSA regulation requirements over high-priced commodity merchants and dealers. There is no Federal regulator over that. It is the same for money service businesses and insurance companies. One of the recommendations that I have in my testimony is that we invest targeted resources to strengthen oversight of sectors that are already covered so that they actually understand and implement the obligations that are already on the books. The second recommendation that I have in my testimony is to do exactly what you suggested, to examine the coverage of the financial system with existing requirements. In particular, the investment adviser sector is one that controls $66 trillion of assets under management, that is ``trillion,'' with a ``t.'' That is 5 times our GDP. That sector does not have any AML/CFT obligations right now, so I would start there. And then I have also recommended taking a look at financial intermediaries involved in real estate closings. All of us have seen the exposes in New York and Miami and elsewhere about high-luxury properties going to offshore interests often on the back of corrupt proceeds. If we want to stop those activities, then I suggest that we start with those two sectors in particular. And I know the Treasury Department is strongly considering that. Again, it is a question of resources and a question of public visibility. So, support to the Treasury Department for what is already an effort to try to get ahead of this might help the Administration get over the fence. Ms. Waters. In your testimony, you also stated that the long string of U.S. enforcement actions against global banks and other financial institutions in recent years underscores the U.S. commitment to global anti-money-laundering and counterterrorism financing regime and financial integrity. And then you say it also raises questions about the state of industry compliance and the cultural commitment to compliance on critical national security matters across the banking sector. I want to tell you that I was very surprised. We spent quite a bit of time on HSBC Bank. And of course, there was a big fine against them. But when we began to delve deeply into how they manage their controls, and we had staff go up to HSBC and get the regular tour and all that, we had a whistleblower, we were surprised at what we consider was a lack of really tough controls that were absolutely managed and overseen by those at the very highest levels. So what about that? And why do you think we have such a commitment if we have these banks that are still involved with money laundering and they get a slap on the wrist with some fines? Mr. Poncy. That is such a fantastic question. I would spend the whole hearing on that if I could. It is an incredibly important one. I will try to be brief, starting with what we know. One, the United States enforcement community is stronger than any community in the world by a long shot. Many of the banks, including HSBC, are foreign banks that operate within the United States. Our law enforcement combined with our supervisors is frankly the only enforcement game in town, and this is in a global financial system that we are connected to. So let's start with the recognition that despite the challenges that we face, we are operating in a global environment in which we are already putting tremendous pressure on institutions that operate here versus offshore. And we are competing with those same institutions. Second, our law enforcement efforts have substantially changed the efforts of financial institutions that are operating in the United States. So when you look at these monitor shifts and you look at these injunctive actions and enforcement actions that the Manhattan district attorneys office, that the Southern District of New York, Eastern District of New York and others have taken, there is no doubt in my mind, I have been in these banks, that they are a different place than they were 5 years ago. And that is entirely owing to our enforcement commitment. The question you raised, though, is important, and this is in my testimony. It is not clear whether the current enforcement environment that is so essential is going to be enough to change a global challenge of compliance, a culture of compliance that is questionable across not just the global banking industry, the global banking industry, these are our best, right? These are the ones who can block and tackle. What about the non-banks? What about capital markets? What about money service businesses? So it is just the beginning of the answer to your question, but it deserves more time. Chairman Fitzpatrick. Thank you, Mr. Poncy. The gentlelady's time has expired. Mr. Pittenger, you are recognized for 5 minutes. Mr. Pittenger. Thank you, Mr. Chairman. Mr. Poncy, in my discussions with the officials at FATF, I have raised the concerns about the compliance of the other 34 member countries with the 40 recommendations. And they come back to me and say the question asked by so many of these countries is the U.S. compliance, particularly as it relates to the beneficial ownership. Would you speak to the importance of our compliance and how this affects our other member countries in causing them to be in greater compliance? Mr. Poncy. Thank you, Congressman. That is a great question. The strength of our financial system, the integrity of it, rests upon our leadership globally. And the work that we have done in FATF and the credibility that we have achieved through our work at FATF and the work that we do back here at home is second to none. But people are always looking at the United States naturally as a position of leadership and of vulnerability in an economy that we dominate as to how is the United States doing and is the United States practicing what it is preaching. And when it comes to beneficial ownership, we have work to do. I want to go back to, and this answers your question, Congressman Pittenger, some of what Congressman Fitzpatrick was asking about, customer due diligence versus what the Manhattan district attorney Cyrus Vance has mentioned about company formation reform. These are two ends that are both essential to achieve transparency on beneficial ownership. They do it in different ways and they are not mutually exclusive; in fact, they are both absolutely necessary to comply with FATF and to achieve financial transparency. On the one hand, anybody who wants access to financial services should be somebody that we know who they are. That is what customer due diligence is supposed to do. We need the Treasury rule out to meet FATF standards and have confidence that our banks and our financial institutions understand the people they do business with. That is one element. The other element that the FATF is concerned with, with the United States, concerns company formation, which Mr. Vance has discussed. And to achieve compliance with that requirement requires us to reform company formation processes. I know Mr. Vance's testimony and mine both recommend legislation to fix this. It will require legislation, and there are a number of ways to do it. But the point is that there are now solutions on the table that require action. If we achieve compliance with beneficial ownership requirements, both with respect to customer due diligence and company formation, we will have addressed the overwhelming concern from FATF with U.S. compliance. And at that point, that strengthens our hand to continue to demand that other countries step forward on other matters. Mr. Pittenger. That is really the point I wanted to make. You emphasized the impact it has on our ability to lead and cause accountability from our other member countries. Mr. Poncy. Exactly. Mr. Pittenger. Mr. Carlson, you referenced business email compromise. Have you seen evidence of the hacking of CFOs to exploit their system with wire transfers? Do you see this as a concern and possibility that terrorist organizations would deploy this type of method for financing their own operations? Mr. Carlson. I don't know to what extent it involves terrorist organizations, but we did issue last Friday a joint advisery with the FBI and the Secret Service on this new type of wire fraud, to try to alert the community that this is going on and to also provide some tips on how they can prevent it. So we are seeing this where oftentimes a CEO or CFO is going on vacation, someone will get access to their email accounts, divert the email account, and then instruct the staff to transact a wire transfer. And it does require going through and developing some stronger controls around validating the request and confirming the request, particularly when you are talking about large dollar transactions and transfers that oftentimes are difficult to pull back or impossible to pull back, particularly if they are going overseas. So we are seeing some evidence of that, but we are trying to be proactive and working in partnership with law enforcement to raise awareness and to provide guidance. Mr. Pittenger. Thank you. Mr. Vance, regarding cyber, do we have the proper and necessary authorities in place to be able to bring justice to those who are involved in the cyber war? And are those mechanisms in place to close out this behavior? And if so, would Section 311 be a proper a method to use in that regard? Mr. Vance. Congressman, I first would say that it is the Federal Government that to date has been responding to foreign attacks on American institutions and companies. And so, I cannot speak for the Federal Government. And quite honestly, Section 311 is not something that I am familiar with, and I don't want to answer a question that-- Mr. Pittenger. I'm sorry. Maybe I should direct it to Mr. Poncy. Chairman Fitzpatrick. The gentleman's time has expired. Mr. Pittenger. Thank you. Chairman Fitzpatrick. So we will move to the ranking member of the task force, Mr. Lynch, for 5 minutes. Mr. Lynch. Thank you, Mr. Chairman. Thank you all for your testimony. You have been very helpful. Mr. Vance, the centrality of New York and Manhattan as a global financial center gives us some leverage and some ability to impact money flows to some of these terrorist organizations. So it gives us a little bit of leverage as well as the fact that the major reserve currency is the American dollar, the U.S. dollar. So we are having negotiations right now with Iran, ongoing, about reducing the sanctions, and the negotiations have really centered around the nuclear development within Iran. And the sanctions seem to be being weighed as a consequence of eliminating the possibility of developing a nuclear weapon in Iran. However, in practice, through Section 311 with the special measures there and 314, we have been able to use the legitimate banking system as a way to sanction Iran for funding terrorist activity. It is a totally different direction that they go in. Actually, back in the day, I don't know if they still do it, Iran used to carry a line item in their budget for Hezbollah and Hamas, a direct line item for funding those terrorist organizations. I am not sure they still do that. I wouldn't be surprised. So we have this difficult, this Gordian knot that we are trying to untie here, the idea that the Administration has said we will lower sanctions against Iran if they agree to cease and desist from developing a nuclear weapon. However, the institutions that will benefit from the reduction in sanctions are the very same banks, Bank Melli and others and their central bank, that have been guilty of financing not only Hezbollah and Hamas, but also Al-Shabaab and Boko Haram and other groups throughout the Middle East, the Taliban more recently. Is there a way--this is a tough question and you can all have a crack at it--to make that framework operate the way we wish? In other words, even though the Administration might say, okay, they have done away with their nuclear program and we feel we have verified that, I think there are a lot of banks out there that are going to keep those sanctions in place because they don't want to be tainted with the fact that they are now financing some of these terrorist organizations. It is a dilemma that we are facing here. And while I would like to eliminate the nuclear threat, certainly there are a whole lot of other things in play here that I am not so comfortable with. Please. Mr. Vance. Congressman, I would just say from my perch in Manhattan having done now eight of these cases involving foreign banks and terror funding and interruption of that financing, that much more than simply the dollar fines that have been taken as a result of the misconduct, but it has changed, I believe, significantly the attitude in foreign banking toward dealing with the American banking system, State and Federal. So I think it has been, from my perspective, it has achieved what we wanted to achieve, which is honest banking as well as not having rogue regimes and countries being able to move money around the world, let alone through New York. I have seen--even though I am a State and not a Federal person, and even though I am not an expert on foreign policy, I can draw a direct connection between the positions that we have taken in enforcement and the impact on a country like Iran which is a present and real danger, not just for the region, but for our country. Mr. Lynch. Mr. Poncy? Mr. Poncy. Congressman, thank you. This is a hugely important question that is being debated now on the front pages for good reason. There are three points I would make. First, obviously if the Administration can secure a deal in which we eliminate the threat of nuclear proliferation from our greatest proliferation threat, Iran, that is something we should all support. The way that is done has to be very carefully crafted in a way that ensures that we have verification of the commitments that Iran can make, that Iran makes in that deal. And that is within the province of the Administration. And obviously, I wish them success in that. But second, assuming that deal goes through and that it is verifiable, there is the question of how you unwind sanctions that have been imposed for a variety of derogatory behaviors, to your point. And it will require very careful consideration not just by the Administration, but by banks to think about, what was the basis for the sanctions on Iran in the first place? Long before proliferation, there was terrorism, to your point. They are still a state sponsor of terror. They are subjected to more terrorism financing and counter-terrorist financing controls than any other country around the world. They are also subjected to intensive and preventive measures associated with money laundering and corruption. These activities and human rights abuses and other bases for sanctions continue, regardless of whether or not there is an agreement on nuclear proliferation. That has to be a consideration in how sanctions are unwound. And lastly, the AML obligations will continue to exist, even in the absence of sanctions, through which financial institutions should take very good care in how they deal with any Iranian financial institutions. Chairman Fitzpatrick. Mr. Carlson, can you respond quickly? Mr. Carlson. I am not an expert on the AML rules. I do know that when we have these conflicts with countries like Iran, they do show up in my domain in terms of cyberattacks and responding to those issues. So we are interconnected. Obviously, the financial services industry implements the rules that you put in place and that the Treasury Department puts in place. I will say there is a growing concern within the industry around the compliance burden of a lot of these AML anti- terrorism laws. We at the same time are encouraging the Administration to do more, to create more of a deterrence against cyberattacks. And we know there is an Executive Order that was issued in April that basically leverages the AML and sanctions rule in order to do that. We generally support it, but we have some concerns about the implementation and the additional burden it puts on the industry. Mr. Lynch. Thank you. Chairman Fitzpatrick. I now recognize the gentleman from New York, Mr. King, for 5 minutes. Mr. King. Thank you, Mr. Chairman. District Attorney Vance, actually all the members of the panel, but District Attorney, you supported in the last Congress the Incorporation Transparency and Law Enforcement Assistance Act which was introduced by Congresswoman Maloney. And I was a cosponsor. I believe Chairman Fitzpatrick was a cosponsor, and the ranking member of the full committee, Ms. Waters, was a cosponsor. Basically, that would just require companies with fewer than 20 employees and/or less than $5 million in revenue to file information with Treasury disclosing beneficial ownership. And this is intended for the purpose of cracking down on shell companies. Now, that and also the FinCEN rule have been opposed by the American Bankers Association. And I know Congresswoman Maloney's legislation, which I supported then and support now, has been looked upon as too much of a regulatory burden. Can you address that and how much of a burden this is and how this would compare with other requirements that are imposed on the banking community? Mr. Vance. Let's just start, Congressman, with the issue of currency transaction reports. As in most cases, when there is a regulation that is going to be applied to an industry, industry usually, many industries, cry that the world is going to end and that it is going to be too expensive and it is going to drive businesses out of business or away from America. We have learned how to live with currency transaction reports and it has been a powerful investigative tool in ordinary crime as well as terrorism. Now, I understand that at least under one bill as drafted there would be an interim period where these rules would be applied to the States. There would be funding for the States in order to cover the costs of making this transition. And so from my perspective, that all seems reasonable and appropriate and that the additional burden placed on a corporation by checking off one box and filling out a couple of names seems a small price to pay when the benefit is law enforcement, where necessary, being able to investigate and prosecute crimes that are impacting not just our government, but our citizens, and many of those investigations relate to terrorism. There are also--I understand people oppose it, but I also know that at least with regard to the Senate bill, there were many who supported it, including the Main Street Alliance, the American Sustainable Business Council, the National Money Transmitters Association, and on and on. There were many folks, including all of law enforcement, who supported that bill. So there is support and opposition, but I think the support is powerful. Mr. King. I know that the Federal Law Enforcement Officers Association, FLEOA, Fraternal Order of Police strongly supported it. Mr. Poncy, can you comment on that? Mr. Poncy. Thank you, Congressman. I would just say that this happens often, but the proposed legislation that you are referring to was, in my view, terrific and would have gone a long way toward addressing the abuse of legal entities that we have seen and that Mr. Vance has outlined so eloquently. The challenge in part is that you have two ways to get this beneficial ownership information, right? One is through company formation reform. And there are a lot of ways to do that, including the proposed legislation that you have cosponsored in the past. Another is through requiring banks to obtain beneficial ownership information when customers seek access to the financial system. Both of these requirements are necessary. These are not either/or. So for example with the banks, the banks frankly on company formation, company formation reform is the bank's friend because there is no burden to the banks on that. That is a burden on States, on incorporation processes that will deliver the information that Mr. Vance is describing and should help banks because at that point there is more information for banks to then obtain from their customers. Curiously, the banking industry has been somewhat absent from supporting the bill, but they don't directly oppose it because it is not their burden. It will ultimately accrue to their benefit. And part of the reason why they may not be supportive is because if that goes through it will be easier for Treasury to get its rule out that requires banks to get that information when it is available, right? So the two of these are related, but they are distinct and they are both essential. So I would simply recommend, and I have this in my testimony, that both ends of this become a priority to this committee. One, let's table and adopt meaningful legislation to obtain beneficial ownership information that can be available to law enforcement in the company formation process. There are a couple of different ways to do that. You are familiar with them. That needs to move forward. There is some burden associated with it, but it is nowhere near the benefit that reform would achieve not just for law enforcement, but frankly for our financial institutions that we are now hitting with enforcement action after enforcement action to manage risk. And the second piece is to get Treasury to move on the customer due diligence rule with the support that it needs so that we require banks to obtain that information. With those two elements in place, we comply with FATF standards, we increase our credibility globally, we manage risk to the financial system and we give law enforcement what it needs to pursue illicit financing networks. Chairman Fitzpatrick. The gentleman's time has expired. Mr. King. Thank you, Mr. Chairman. Chairman Fitzpatrick. We now recognize the gentleman from California, Mr. Sherman, for 5 minutes. Mr. Sherman. This task force is focusing on terrorist financing that includes not only the non-state actors, but Syria, Iran, and certain other governments. I would hope, Mr. Chairman, that we would get Administration witnesses here that can focus particularly on Iran, whether the 24 Iranian banks that have been sanctioned will continue to be sanctioned under this nuclear deal, whether the Iranian banks will continue to be denied access to the SWIFT system, and whether those banks found to be of money- laundering concern not because of the Iranian nuclear program, but for other reasons, will continue to be listed. I would love to ask these witnesses, but asking them what the Administration will do may not be a good use of time. But Mr. Vance, you identified that an Iranian bank, a sanctioned Iranian bank, ended up being the beneficial owner of certain property in New York. Have you seized that property? Mr. Vance. Actually, the Federal Government did. The Southern District of New York, which came along later and proceeded on the Federal asset forfeiture, and that occurred-- Mr. Sherman. If the Federal Government would stop objecting to the victims of Iranian terror suing the Iranian government, that could be used as a source to finance those victims. Enforcement in this area requires prosecution. One thing that is related is a number of Swiss and other foreign banks have been hit with multi-hundred-million-dollar, in some cases billion-dollar, fines for conspiring with very wealthy Americans to allow those Americans to have secret bank accounts. Those secret bank accounts were for tax evasion, not avoidance. So we get a chunk of money from the banks, we will get a chunk of money from the--I will call them taxpayers, but I guess I would call them non-taxpayers, these folks have also-- and of course, we aren't prosecuting any of them, so we are not going to really effectively deter this in the future. Those who cheat on their Federal taxes always do so on their State and City income tax returns as well. Are you getting the information about those who have deliberately defrauded your State and City? And are you prosecuting them? Mr. Vance. Congressman, the answer is, to date, no. But in terms of what our current investigative posture is going forward, I think I can just indicate that is something we are looking at. Mr. Sherman. The IRS has a policy of providing State tax collection agencies with information. And the too-big-to-jail should not apply to those who, on their Federal and usually State tax returns, check a box saying, I have no foreign bank accounts, and in fact have foreign bank accounts so significant that we get a billion-dollar fine from the bank just for hosting that account. Another area is we need the retailers to do a better job of holding onto the private information about credit cards. Does it make sense for us to impose liability on the retailer or to stick with the current system in which all the costs of these data breaches of credit card numbers are borne by the financial institutions? Does any witness have a comment on that? Mr. Carlson? Mr. Poncy. Thank you, Congressman. Again, a hugely important question. But in looking at the information sharing and liability issues, there is a tension, right? Because on the one hand, we want to make sure that institutions, whether retail or financial, that have sensitive personal information protect that information. That policy interest is well-established and obviously justifiable. At the same time, liability for sharing that information is exactly what prevents us from putting together the information that we need to connect the dots. Mr. Sherman. Yes, I am not saying that they should be liable for sharing the information with you. They should be liable for unintentionally sharing the information with criminal gangs based in Russia who are now selling my credit card information. I want to sneak in one more question with Mr. Vance. But he may want to answer this for the record. Perhaps you could give us a proposed statute requiring States to register beneficial ownership of closely held corporations keeping in mind that we may have to, for federalism reasons, exclude those corporations that have only beneficial owners within the borders of those States, but also letting us know whether this would really be useful or whether people would just form a Cayman Islands entity which would then be the sole and disclosed owner of the Delaware corporation. Chairman Fitzpatrick. If the gentleman could answer quickly, or make a proposal to the committee in writing, whichever you prefer. Mr. Vance. Very good, thank you. Chairman Fitzpatrick. Thank you. The Chair now recognizes the gentleman from Florida, Mr. Ross, for 5 minutes. Mr. Ross. Thank you, Mr. Chairman. Gentlemen, we know that Iran is a major exporter of terrorism and that their Islamic Revolutionary Guard has helped Hezbollah in training, not in cyber, but has helped in many ways. Is there any known threat or at least perceived threat that Iran is in the process of training for cyber terrorism purposes? Mr. Poncy. Congressman, I am not aware of any known, but it is clear as a state sponsor of terror, we, as you know, have grave concerns about the terrorism financing activity of Iran well beyond the nuclear proliferation concerns that are the subject of the deal. Mr. Ross. Correct. In fact, they have been described, Tehran has been described as being the central bank of terrorism. So is it more likely than not that we would expect that not only the United States, but even our allies may be subject to cyber terrorism that has been brought about through Iran? Mr. Vance. I would say that it is greatly within the realm of possibility. Mr. Ross. Speaking with regard to what Mr. Sherman was talking about in terms of beneficial ownership information, there is a Federal issue, there is a reason that people incorporate in Delaware and it has to do with the State jurisdiction that they have. The cumbersome way that we legislate here and the length that it takes, absent a crisis, we tend to just react at the time. And so, being able to promulgate legislation that would address the concerns in order to make sure that we have beneficial ownership information available for our law enforcement and others is monumental. Is there any effort being made through the States so that we preserve at least their ability to control the incorporation process, but then to require that they also have information pertaining to beneficial ownership interests? Mr. Vance. Congressman, I am not aware, with the exception of two or three States, that there has been any interest in this beneficial ownership question at all. And I think the trend is very much in the opposite direction. The reason we were so grateful that the Federal legislators were looking at this was because we believed that-- Mr. Ross. I think it is absolutely important. And I think, Mr. Poncy, you raised some good points in your testimony that this at least gives us the ability, while all of the other countries require this, but we don't. And I think we have to look at our States for that. Also as an aside to that, the regulatory process, as much as I hate to see it used the way it has been used here for the last 6 years, might be the only avenue pursued in which we can require that this information be made available at least at the banking level. Wouldn't you agree? Mr. Poncy. Absent regulation, it won't happen. Mr. Ross. Right. Mr. Poncy, you have talked about our programs and AML and CTF and trying to get stronger, more enforcement because there is so much out there that we don't know. What can be done specifically with some of our allies and making sure that these programs are done globally? And specifically, if I could ask you to speak on our relationship with Turkey in regard to that. Mr. Poncy. There is no question that we have a global challenge outside the United States in understanding and implementing what we call broadly targeted financial measures. That includes conduct-based sanctions on terrorism, proliferation, state-based sanctions against Iran, the Russian regime, and others, and regime-based programs. Mr. Ross. But we are being somewhat undermined, are we not, by some of our allies with these programs? Mr. Poncy. The first point is that there is a global lack of capacity on this in general because of a lack of understanding that is owing to a lack of political will. Mr. Ross. Right. Mr. Poncy. The second point is that within that lack of capability, there are different levels of challenges. One level is associated with our best partners, the EU, and legal restrictions that any time that you see a significant designation the EU is challenged for violation of human rights. And those challenges are winning, they are winning more often than not. The viability of our sanctions programs and partners across the EU is in serious jeopardy. It has been for quite some time. You take away the dollar clearing leverage in the United States and our sanctions programs wouldn't exist outside the United States. So that is challenge number one. Challenge number two is in allies of ours that do not see politically sanctions the way that we see them. So the EU may see that politically, but is legally incapable of supporting it. A country like Turkey doesn't politically agree with a lot of our sanction programs. Mr. Ross. Correct. Mr. Poncy. And for those, those represent different vulnerabilities. Mr. Ross. And any suspension of sanctions for any reason is not going to lead to an opportunity to snap them back instantaneously because there is going to be a sense of dependency, a sense of investment of capital and resources that would prevent any snap back. I see my time has expired. Thank you. Chairman Fitzpatrick. The Chair now recognizes the gentleman from Minnesota, Mr. Ellison, for 5 minutes. Mr. Ellison. Yes, I want to thank the chairman and ranking member and also our panel and my colleagues who have asked a lot of great questions today, and so good that they took some of the questions I was going to ask. But I do have some. We have talked a lot about terrorism abroad, incredibly appropriate, but as the last few days have shown us, we have terrorism domestically, too. And I guess my question is, can you share with us what sort of focus has been done to address these organizations? We are about to bury nine people in these coming few days, and while it is not clear whether or not this particular incident was the result of an orchestrated group, there is indication that he relied on services from a group. And of course, we do know that in the case of several other attacks that they were affiliated. And these organizations do have money and resources and used them to do what they do. Not only do we think about the horrible events at Mother Emanuel, but there were three people killed at a Jewish community center and assisted living facility in Kansas City not too long ago, and six people were murdered in a Sikh temple in Wisconsin. The Southern Poverty Law Center publishes a hate map of internal hate groups that I think I have asked to be posted up there. And some of these groups may be inciting violent action as we saw in South Carolina. So my question to the panel is, how are financial institutions responding when some of these neo-Nazi groups, White nationalist groups, Klan groups, anti-government groups try to access the financial system? And do these financial institutions report such groups to regulatory agencies? Mr. Vance. Congressman, in New York City, in Manhattan, I have not experienced the problem you are talking about. But if I can answer the bigger, broader question briefly, the terrorism threat has evolved to what is currently today a real risk of homegrown violent extremists operating in our communities. What I think we can do is to make sure that there is the highest level of partnership between Federal investigators and, increasingly, local investigators. We are blessed to have a New York City Police Department that created competency in counterterrorism under Ray Kelly, that has continued under Commissioner Bratton. But the reality is that the Federal Government cannot do it all. It needs more hands and eyes and ears on street corners in every city in America. And our office has taken the challenge that we are going to find a way to support this counterterrorism mission by essentially developing leads, building cases independent of the Federal Government having to come up with those leads. And then the Federal Government can screen them and we can decide whether the case is a Federal case or a State case. But in the evolving threat, I believe that we need to see increased leadership from the Federal Government to bring into their anti-terrorism efforts the work not just of local police departments, but of prosecutors. Prosecutors around the country at the State level would be very happy to help in this regard. But many do not know where to begin. Mr. Ellison. Mr. Poncy, is this on our radar screen? We are very appropriately focused on some of these foreign terrorists and groups that even come here and commit acts of terror for various motivations. But some of these historic groups are still a problem. Are we tracking them financially? Mr. Poncy. Thank you, Congressman. First, let me just say that I, in the strongest possible terms, support everything Mr. Vance has said. I do think, when you look at historically what we have done since 9/11, the focus is clearly on foreign terrorist organizations. Our immediate focus after 9/11 was on what infiltration those organizations may have in our local communities. And so, we took immediate action, as you may recall, against a number of-- Mr. Ellison. Mr. Poncy, Mr. Poncy, I definitely think what you are saying is incredibly important. But one part, in these last 9 seconds, is that we do think about the 9/11 and the aftermath and we are right to do so. But are we having a broad approach to all the terrorist threats and not just the Islamic ones? Although I want you to go after them, too, I also want you to go after these other groups. And are we doing that financially? Mr. Poncy. I think we are trying. The challenge is that our effort is aimed at organizational capacity, right? So rogue terrorists, the only way to stop that is through what Mr. Vance has said. And it doesn't mean that we shouldn't act and it doesn't mean financial institutions don't have a role. It is just to say that our ability to stop rogue terrorist acts, even inspired acts, as Mr. Vance has said, homegrown violent extremism of any stripe, really requires partnership at a local level. There is no substitute for that. Chairman Fitzpatrick. The gentleman's time has expired. The gentleman from Kentucky, Mr. Barr, is recognized for 5 minutes. Mr. Barr. Thank you, Mr. Chairman. And Mr. Poncy, a question to you about the Society for Worldwide Interbank Financial Telecommunications or the SWIFT system, which as you know enables the transfer of trillions of dollars globally on an annual basis. It helps international transfers flow smoothly. As part of the U.S.-led sanctions against Iran, and pursuant to a law approved by the European Union in March of 2012, the SWIFT system disconnected all Iranian banks targeted by the United States and our European allies. These banks were targeted for their role in enabling Tehran to avoid sanctions and engage in illicit activities such as transferring funds and materiel to their proxies, Hezbollah and the like. My understanding is, in the course of these negotiations with Iran, one of the very first concessions in terms of the sanctions relief that Iran is seeking is reconnecting Iranian banks to the SWIFT system. So my question is, do you think that SWIFT access is useful leverage in terms of imposing sanctions? And how significantly has the disconnection to the SWIFT system impacted the Iranian banking sector? Mr. Poncy. Great questions. And there can be no doubt that was a monumental movement in what was a series of movements in a campaign to intensify financial pressure on the Iranian regime. That was a signature moment and it required the full support of our European colleagues to take that action. What led to that support was ongoing concern over the proliferation of nuclear technology and the building of a missile development program and nuclear technology in Tehran. The challenge that we are now facing, in many respects, is aside from the negotiations that are happening, about which I have an opinion, but it is not an expert one by any view, but obviously we should all hope that we can achieve an outcome where proliferation is no longer a threat. If that happens, two things are going to happen. One is the ongoing concerns that Iran presents to us, the threats that have led to over 40 years of sanctions, including, for the most part, for activities above and beyond proliferation financing, there has been no discussion of that activity because that is not what is in the confines of the deal. It is within the confines of the risks that our financial institutions need to worry about. It is also within the confines of sanctions programs that we have on the books. It is not within the confines of the pressure that led to the de-SWIFT'ing, so to speak, of Iranian banks. So if I were to prognosticate, if a deal moves forward in which commitments from Iran are credible on nuclear proliferation, the SWIFT program will go back into place. That does not mean that our sanctions necessarily are pulled back on nonproliferation activity and it certainly doesn't mean that our financial institutions shouldn't be watching, managing, monitoring, and preventing illicit financing transactions associated with any engagement with Iranian financial institutions. Mr. Barr. Let me ask you this question. Would reconnecting Iranian banks to the SWIFT system, in your judgment, lead to significantly increased risk that financing would flow to Hezbollah, Hamas, some of these proxies that Iran has allied itself with? Mr. Poncy. Unless there are controls associated with how they are plugged back in, unless there are controls associated with how they engage with our financial institutions, I would continue to worry about those risks. Mr. Barr. Let me shift gears a little bit to the Obama Administration's announcement on a change to hostage policy. And while not directly related to the financial system, it could have an impact on the financial system in terms of family members now being allowed to negotiate with loved ones' captors and accessing the financial system in order to transmit ransom. At first glance, the policy would appear to raise incentives for terrorist organizations to take Americans hostage. And also, what impact would this potentially have on the financial system? Any opinions about the policy and the risks that it may pose? Mr. Poncy. Thank you, Congressman. I had a few moments with Congressman Pittenger on this. And this is the worst dilemma imaginable, right, where you have to decide whether or not you allow families whose loved ones are kidnapped, and frankly with the beheadings we have seen I think any of us would do whatever we could in our power to save our loved ones. Asking the government to step in and aggressively enforce a policy against that is difficult. On the other hand, we all know that kidnapping for ransom is an increasing part of how these terrorist organizations finance their operations. It is a hellish dilemma. What I would argue, because I am not in a position to judge frankly what our policy is on this, is that understanding that kidnapping for ransom (KRF) is on the rise, understanding that puts us in an incredibly difficult position, that we need to go to our allies and say we understand why this is a difficult dilemma, we also know that state-sponsored, effectively allowance and support of ransom payments that facilitate KFR contribute to the problem, why don't we develop a strategy for how to deal with territories that are under the control of terrorist organizations or where terrorist organizations operate that we know create risks of KFR. It is no secret that if you go into ISIS-controlled territory, KFR risks go up. It is no secret that if you are operating in areas controlled by Boko Haram, KFR goes up. These are well-known, established facts. The real question is, what are we doing to deliver necessary relief and assistance to these areas in ways that allow our NGOs in to service needs that we recognize, in ways that protect them and others from this sort of activity? I don't know that we have done enough thinking about that as a global community. And I do know that is something that the Financial Action Task Force members are looking at. How do we deal with terrorism financing associated with territory that is under the control of terrorist organizations? It is the biggest dilemma we face. Chairman Fitzpatrick. The gentleman's time has expired. Mr. Rothfus of Pennsylvania is recognized for 5 minutes. Mr. Rothfus. Thank you, Mr. Chairman. Mr. Poncy, what can the U.S. Government do to improve the implementation of effective AML/CFT programs among financial institutions with foreign correspondent banking relationships? Mr. Poncy. That is hugely important. I am sure Mr. Vance could tell you that every enforcement case that I can think of that has grabbed the headlines in recent years has been one in which foreign correspondent relationships are key. And that happens for a couple of reasons that I tried to allude to earlier in my remarks. One is that our enforcement environment is so far above any other enforcement environment in the financial system that when financial institutions seek to clear dollars, and they must move through New York or through the U.S. financial system to do that, as a general matter, they encounter a different level of compliance concerns associated with the enforcement actions we have taken. What that means is that the correspondent relationships that are essential to clearing dollars become the pathway that exposes our financial system to all forms of illicit finance. And the enforcement actions that we have seen repeatedly bear that out, whether it is for violation of sanctions programs and stripping activity, whether it is for violation of AML controls and the taking of drug money through cash without appropriate customer due diligence, it is through our correspondent relationships that this dirty money enters our system. So it is critical to protecting our financial integrity. This Congress did an incredible job post 9/11, the Congress in general, in giving us authority as a government, giving the government authority under Section 312 of the Patriot Act to strengthen corresponding controls. And I would say that as a general matter, we have done a pretty good job at that. At the same time, I would say that the complexity of flows that are moving through those correspondent relationships bears stronger compliance programs. And that is exactly what many of the enforcement actions that have been taken to date have insisted on, is looking at stronger programs to monitor and manage risks associated with clearing dollars and any other form of correspondent activity that is flowing through our banks. Where this game is headed and where I think concerns need to be focused is in the non-banking space. What happens with respect to correspondent relationships between non-bank financial institutions? How are those being managed? And what kind of risks are we seeing? Mr. Rothfus. Yes. I want to raise this. On June 12, 2015, The New York Times published an article that described how tough it is to impose and administer economic sanctions in an effective and meaningful way. It identified individuals and organizations that are crowdfunding the separatist conflict in eastern Ukraine. Individuals who are designated by both the United States and European Union for economic restrictions are freely raising donations, channeling funds to Sberbank, a prohibited state bank in Russia, to buy equipment and stand up modern combat- ready military units fighting the Ukrainian central government. Because correspondent transactions are permitted with otherwise restricted banks, Visa, PayPal and Western Union, the article claims, have all facilitated the crowdfunding. How can government agencies here and in Europe effectively impose economic sanctions when targeted entities can evade the effort? Mr. Poncy. The activity you are referring to, Congressman, I am not familiar with the specifics, but I can tell you that Sberbank, because it is subjected to a different kind of sanctions program, it is an SSI-designated entity. What that means is that there are sanctions against Sberbank with respect to debt and equity instruments that are used to benefit Sberbank. But those sanctions are calibrated to put financial pressure on the Russian regime in a way that changes their behavior in the Ukraine. But they are not designed to cut Sberbank off from the financial system. And there are a lot of reasons for that. But it does complicate efforts to then address what might be activity that offends or sanctions against Russia and parts of Ukraine for the activity that is going on there if that activity is not part of a specific targeted financial sanction program. And the Sberbank designation is really not a designation against Sberbank as much as it is against a Russian regime that we are trying to, through financial pressure, change its behavior. So it continues to represent a gateway that is permissible under the current sanctions programs and frankly is necessary to maintain what are complicated capital market flows between Eastern Europe and Russia on the one hand and the U.S. market. If those flows are squeezed through additional sanctions, that may have collateral consequences beyond that of what you are describing. I know the Administration has historically looked at this very closely. It is a very complicated set of measures. But I will say that the advent of this program, the SSI program, is exactly where sanctions needs to go, to target specific types of activity in addition to general actors that enter our financial system. Mr. Rothfus. If I could jump in really quick, going back to this issue of beneficial ownership and disclosure, are there any legitimate business reasons for an entity not to want to have its beneficial owner's identity made public? If Mr. Vance, and maybe Mr. Poncy could comment on that? Mr. Vance. Yes. I think there are understandable and legitimate reasons. It may be, for example, that someone, an individual is a well-known individual and does not want his or her identity made public and, therefore, a target of harassment or cyber bullying there. And the same would apply for businesses. But the fact that there is a legitimate reason to want to remain anonymous does not mean, in my opinion, that there should not be an availability of the Federal Government, or State government to get this information by subpoena and have the other information remain in confidence at the State and not disclosed publicly. Chairman Fitzpatrick. The gentleman's time has expired. Mr. Schweikert of Arizona is recognized for 5 minutes. Mr. Schweikert. Thank you, Mr. Chairman. Can I ask us all to sort of take a step backwards and say, what if I had this amazing ability to see money that is moving to all types of bad actors, whether it be money flowing from drug cartels, terrorist financing, bad actors out of Russia or wherever we may deem it, what would that money look like? My fear is that much of the conversation we have had in here is money moving through fairly formal channels. How much of that bad-actor money, let's just call it that to make up a title, is moving in commodities? It was a decade or two ago we used to hear the stories of diamond exchanges that were just a way of moving value. Informal networks of deposit here and somehow it pops up in the rural areas in Pakistan. And I would like to start with Mr. Vance. Are we making a mistake in believing that a sanctions regime, a regulatory regime, an ID'ing, an intelligence regime that focuses on formal networks doesn't just move the money to informal? Mr. Vance. I think we are not fully attacking the problem if we are only looking at financial institutions as the group whose behavior we are trying to change. In our jurisdiction in Manhattan, we have a number of investigations moving money in the manner you describe, informal bases, not through official, organized entities that we believe are going to fund terrorist activities elsewhere in the country. We have a number of them in ongoing investigations, and so I can't quantify that, Congressman, in terms of how big that number is in either New York City or the country. But I think it is something, again, that every, that large metropolitan prosecutors should be looking at to support the efforts that are being done by Federal prosecutors. Mr. Schweikert. I want to do a hop and then back one. Mr. Carlson, one of my fears here is we come up with both legislation in support for the Administration, we squeeze down and we make a more robust system of bad actors moving cash that is right under our nose that we cannot smell. Mixed metaphors. You have done compliance with, what, large institutions in the past. When you started to clamp down, did that money just stop or did you see it moving to other types of activities? Mr. Carlson. I don't have any personal experience to comment on that. I do know at least from where I sit that what we certainly need is better mechanisms to share information around these bad actors and how they are affecting institutions' critical infrastructure, other parties. Because right now we are in the world of playing constant defense in a constant flow of attacks, and so we feel like we are fighting this a little bit with our hands tied behind our backs in terms of not having all the tools that we could have to at least share the information so that we can take appropriate steps to respond. I think in response to some other questions that were raised, we certainly need a greater role for deterrence, and that includes obviously enforcement in terms of what you require reputable businesses to do to enforce it. But that is where I think the Congress needs to provide resources to law enforcement to go after these parties and to prosecute and not always go after the institutions that are implementing policy. Mr. Schweikert. But my fear is, do we end up enforcing and create a more robust mechanism that just goes right around our back door? Mr. Poncy? Mr. Poncy. It is a great question. I will make four quick points. The first is the game of illicit finance is a cops-and- robbers game that will never end, right? So in many respects, what we are chasing will always be there, it is a question of where it is and how disruptive we can be. Our objectives, in this campaign, as long as there are bad guys in the world, there will be bad-guy financing. Our objectives are to make it costlier, riskier, and more difficult for these guys to operate, get the money they need, move it from place one to place two. That is our objective. In that respect, moving people out of the formal banking system to make it harder for them to deal with value transfer is a sign of success, but it is not the end of the road. Mr. Schweikert. But in a world of technology where this is now my bank, it is cracking down on the institutions. I constantly wonder, and I know I am almost out of time, whether much of this resource we should be really doubling down on the financiers, the people who use their wealth and treasure for bad acts, and the receivers of that. So possible success on the barbells and not necessarily those who are in the middle of the transfer. Thank you. I yield back, Mr. Chairman. Chairman Fitzpatrick. The gentleman's time has expired. The gentleman from Texas, Mr. Williams, is recognized for 5 minutes. Mr. Williams. Thank you, Mr. Chairman. Mr. Vance, you mentioned specifically that your office has supported the Incorporation Transparency and Law Enforcement Assistance Act previously. As a former secretary of state myself, of Texas, our association has previously opposed this legislation due to concerns over implementation costs. In fact, State secretaries have advocated for the collection of ownership entity information by the best paper trail that already exists for Federal tax filings and customer due diligence requirements for the U.S. financial institutions at no additional cost to taxpayers or businesses. So in addition, this proposal expands regulatory authority into an area that has traditionally been the jurisdiction of the States. I would like to hear your comments on the concerns we hear from the association. Mr. Vance. I understand, Congressman, that there are questions of cost and that there will be some additional costs in various States for implementation of the beneficial ownership rule. What I would respond to is I think we have to measure the benefits versus the detriments. I personally, having listened to the arguments of those who oppose this legislation, I am more persuaded that the benefit of enabling our law enforcement officials to identify illegal money movement is outweighed by the incremental additional costs. I respect the fact that will occur, but that occurs, I think, in any regulatory scheme that is imposed upon the States. Mr. Williams. Return on investment. Mr. Vance. Yes. I think you will get good return on investment criminally, in terms of criminal prosecution. Mr. Williams. Next question also to you, Mr. Vance. Based on your experience as a prosecutor, what are the challenges associated with prosecuting terrorist financing-related cases? Mr. Vance. I am speaking from a State perspective. We are not like a typical State prosecutor's office because we do a lot of this work and most don't. But I still am not the Federal Government. So one problem from where I sit is the ability to trace money once it gets to Lebanon or some other jurisdiction where we no longer have eyes and ears on the ground. We have been involved in a number of cases where we believe we know what is going on, we can trace the money from wherever it is in the United States or even in South America to a Middle Eastern country typically, but then we lose the trail. So how do we develop information and allies in those jurisdictions, which is a tough thing, to enable us to make those cases? I think that is the biggest problem. And this is particularly, this is money going out to those jurisdictions, we are not talking about large financial institutions clearing dollars to us. Mr. Williams. Let me give you a follow-up question. To what extent do U.S. law enforcement investigations and subsequent prosecutions strategically prioritize cases involving the most pressing terrorist financing threats? Mr. Vance. I cannot speak to the Federal Government's prioritization, which I think raises the question of, should there not be more coordination between Federal prosecutors and regulators on discussion of these priorities with State law enforcement who could in fact initiate or help in achieving those priorities? So I am not privy to what the U.S. Government, what their list of priorities are. But if I knew them and if I was told how we could help in achieving them, that is what I would do. Mr. Williams. Okay, thank you. And I appreciate all of your testimony. Mr. Chairman, I yield back. Chairman Fitzpatrick. The gentleman yields back. The gentleman from Arkansas, Mr. Hill, is recognized for 5 minutes. Mr. Hill. Thank you, Mr. Chairman. And I thank the ranking member. I also want to thank Mr. Lynch and Mr. Sherman for their pointed and excellent questions on Iran and Iran financing and I think the fallacy of the deal as we come up on the June 30th negotiation deadline. Mr. Vance, I thought Mr. Williams did a good job of talking a little bit about the Secretaries of State and the burdens there. I understand those, some States are better than others. I am going to ask this question as a former Deputy Assistant Secretary of Treasury and a banker of 35 years. So on the credit side of all banks, people get beneficial information. And if we were asked by a law enforcement officer, we would certainly provide that. So I think the real challenge then becomes on the deposit side under Gramm-Leach-Bliley. We do know our customers, we do identify them, we do have two forms of ID. But in a business we also verify the business exists through the Secretary of State function, but we don't always know beneficial owner on the depository side. One of the primary ways of finding depository ownership is through the tax system. Just about 6 years ago, we had a complete, wholesale redo of the Form 990 for private charity entities, which was very painful to implement. But we have LLCs and pass-through ownership and, by definition, beneficial ownership is contained in that tax return and public companies are, of course, public. So we are really talking about C corps, I guess, for IRS purposes. Could you reflect, as you did for Mr. Williams, on Secretaries of State, and talk about the use of existing IRS forms for determining and obtaining that information? Mr. Vance. Congressman, as I indicated earlier in a response, our State government access to those records is limited. And therefore, I really can't-- Mr. Hill. From one State to the other as a district attorney? Mr. Vance. --from the Federal Government to the State. And so therefore, we would appreciate it if there were changes in Federal legislation that permitted the IRS to provide information directly to a local prosecutor's office upon a certain showing. That doesn't really exist now, and so therefore I can't comment further intelligently other than to say that access to Federal tax information, individual and otherwise, is not generally something that we at the state level get access to. Mr. Hill. But when you get access to it, you acknowledge that is where beneficial ownership lies. Mr. Vance. I think there will be information relevant to beneficial ownership. But I am still, respecting that others disagree, I am having a hard time just personally understanding that the net negative of understanding when a corporation is formulated who is the owner of it and identification for that individual. I don't necessarily think that is an inhibition to commerce, to business development. And so from my perspective, I don't look at that as an impediment that outweighs the benefits to public safety on the other side. Mr. Hill. But you would support some sort of beneficial ownership form for a C corp filing, for a private company's C corp filing? Mr. Vance. I will say I think I am going to have to understand more closely what the issues would be for a C corp. I don't pretend to understand the specifics. But where one would want to be is, with any filing of any corporation in a State, is to understand who the owner is and to prove that person is in fact the owner. Mr. Hill. Mr. Poncy, on this FinCEN Treasury proposal, it suggests that beneficial owners, anyone who owns more than 25 percent of the equity interest in a company, and as somebody who has been doing this for 35 years, if I were hiding my interest, I wouldn't own 25 percent, I would own 1 percent and 99 percent would be divided by as many people as possible. So I find I am not even sure as drafted it is particularly helpful to your mission. Do you want to comment on that? Mr. Poncy. Absolutely. Thank you, Congressman. There have been experts from both the financial system and from the counter-illicit-finance community for decades who have looked at this question of beneficial ownership in the context of the Financial Action Task Force, from financial centers around the world. It is a difficult problem. You can't draw a line and say this fixes it; I fully agree with you. At the same time, it is clear that if we were to obtain beneficial ownership information as defined in the proposal, which is not just 25 percent ownership, because you are right, that just invites structuring, I will say that means you have to find five guys now who are willing to front for an organization rather than one. And that is not the only element of the definition. There is also an element of control. And if you think about what that means, it means that if there are meaningful consequences to not presenting information, law enforcement no longer has to prove money laundering, they have to prove that you committed fraud in representing who you represent. That is an easier case, it is a bigger lift. And those guys talk about whose interests they represent when they have to go to jail for not disclosing that truth. Mr. Hill. Thank you, Mr. Chairman. Chairman Fitzpatrick. The gentleman's time has expired. The gentleman from Maine, Mr. Poliquin, is recognized for 5 minutes. Mr. Poliquin. Thank you, Mr. Chairman. I appreciate the time. And thank you, gentlemen, for being here. I appreciate it. You folks have an awful lot of experience on the ground dealing with these issues. And it is so important that you help educate us here in Congress in making sure that our country stays on offense against these threats to our homeland and our freedoms. I hear on an ongoing basis the issue with regulation throughout our economy, in the financial services sector and elsewhere. Some of the numbers I looked at, gentlemen, and I am sure you have seen them, too, is that the annual cost of regulations, to comply with regulations, to our business community is something like $1.7 trillion per year. That is about 1/10 of our GDP output every year. And that is a huge cost, waste of time and so forth and so on. Now, at the same time, I know there has to be a balance between making sure there is proper regulation that the businesses can handle and pay for and in keeping us safe. Our economy has been, notwithstanding the problems we have now, the envy of the world for a very long period of time. It has given us the opportunity to have better lives, fatter paychecks, through more freedom. And the reason we have this strong economy that has lasted for so long, notwithstanding its problems, is because we have such a deep, diverse, and creative financial sector. Without this financial sector being healthy and growing, we do not have the economy we need to have; and therefore, we will not generate the tax revenues we need to protect ourselves. So this is absolutely critical. And I know we are all onboard here. We had a fellow who came into our office not long ago who is a senior manager at a financial services company. And he was going on about how many different regulators that he has to deal with when it comes to an examination dealing with cybersecurity. He deals with the Federal Reserve, the SEC, the Comptroller of the Currency, maybe FSOC, and also the FDIC. And I know this has been discussed earlier, gentlemen, and I am thrilled to death to hear that with all these problems that we have, it seems like we are all in agreement, is that why in the world can't we coordinate this examination process to keep our financial services sector safe, as best we can keep money out of the hands of terrorist organizations, but not put these poor folks out of business? Now, you folks have the experience with this, I don't. So Mr. Carlson, we will start with you, if you don't mind, sir. Do these various regulators of the financial sector have the personnel and the talent to make sure they can do their work when it comes to investigating cyber activity? And what is the best way to coordinate this activity among these institutions? Mr. Carlson. I think it is a qualified ``yes'' in that the agencies do have expertise to conduct cyber exams. I think an area we have been advocating that they do more on is to try to harmonize the requirements both at the policy level and at the examination level across all these different U.S.-based regulatory agencies. We have also advocated that they work with their counterparts overseas to also harmonize, given that many of the larger firms are global firms and have to deal with requirements in the EU and Asia as well. It is a huge issue in terms of cost and compliance. But they do have the capability. They are also struggling with some of the same issues we are struggling with in our sector, as is the government, and that is talent in the information technology field. There is a limited supply of talent and everyone is vying for those people. Mr. Poliquin. Mr. Carlson, is the information that is required from these regulators uniform enough? Is there enough overlap such that there might be uniformity when it comes to the type of information that is asked, the reporting requirements, how it is reported and so forth and so on? Because some of these folks come to our office and they say it is different for everybody, even though they are generally asking for the same information. Is that too simplistic or can that be streamlined? Mr. Carlson. It can be streamlined further. There are efforts already in place through what is called the Federal Financial Institutions Examination Council (FFIEC), which includes the Federal Reserve, the FDIC, the OCC, and the CFPB; they all coordinate together in terms of developing unified procedures. Mr. Poliquin. And do I hear you saying that there is one entity, separate from all these other institutions we have talked about, that coordinates this activity? Mr. Carlson. It is a body that then coordinates with all of the other bodies. Mr. Poliquin. And in your opinion, are they effective? And do they have the support they need from Congress to make sure they are effective? Mr. Carlson. They are effective. Could they do a better job? Yes. Mr. Poliquin. And how could they do a better job, Mr. Carlson? Mr. Carlson. More intensive collaboration, more engagement with the sector in terms of new requirements, as well as constantly revisiting existing requirements to make sure they are relevant. Mr. Poliquin. Okay. So this is not a resource issue, this is not a money issue, it is just providing some leadership-- Mr. Carlson. Both. Mr. Poliquin. --making sure someone steps up and gets this done. Mr. Carlson. It is both. It is a resource issue, but it is also a leadership coordination effort. Mr. Poliquin. Do you think there is enough intense focus and priority from the administrative branch to make sure this happens, the Executive Branch? Mr. Carlson. There is an unprecedented level of engagement in the broader Administration on cybersecurity issues, from the White House to a multitude of agencies, from the Treasury Department, regulators, Homeland Security, law enforcement, intelligence communities. We are in a completely different world over the past 3 years in terms of the level of engagement with multiple government agencies. Mr. Poliquin. And do you think, is there anything that we can do in this committee or Congress can do to help with that process? Mr. Carlson. I think, number one, it would be immensely helpful to pass cyber-threat information-sharing legislation. Number two, it would be important to make sure that agencies are properly funded so they can fulfill their missions, whether it is law enforcement or even the regulatory agencies. And three, I think there is an importance in investing in R&D. It is an area where the government has really stepped back on kind of core R&D, particularly around technology and infrastructure and things of that nature. Mr. Poliquin. Gentlemen, thank you very much for being here. I appreciate it. Let's make sure we solve this problem. Thank you. I yield back my time. Thank you, Mr. Chairman. Chairman Fitzpatrick. The gentleman's time has expired. The Members' questions are concluded. Again, I would like to thank our witnesses for their testimony to the task force today. The Chair notes that some Members may have additional questions for this panel, which they may wish to submit in writing. Without objection, the hearing record will remain open for 5 legislative days for Members to submit written questions to these witnesses and to place their responses in the record. Also, without objection, Members will have 5 legislative days to submit extraneous materials to the Chair for inclusion in the record. And without objection, this hearing is adjourned. [Whereupon, at 4:24 p.m., the hearing was adjourned.] A P P E N D I X June 24, 2015 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]