[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
EVALUATING THE SECURITY OF
THE U.S. FINANCIAL SECTOR
=======================================================================
HEARING
BEFORE THE
TASK FORCE TO INVESTIGATE
TERRORISM FINANCING
OF THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
JUNE 24, 2015
__________
Printed for the use of the Committee on Financial Services
Serial No. 114-36
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
U.S. GOVERNMENT PUBLISHING OFFICE
96-997 PDF WASHINGTON : 2016
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
HOUSE COMMITTEE ON FINANCIAL SERVICES
JEB HENSARLING, Texas, Chairman
PATRICK T. McHENRY, North Carolina, MAXINE WATERS, California, Ranking
Vice Chairman Member
PETER T. KING, New York CAROLYN B. MALONEY, New York
EDWARD R. ROYCE, California NYDIA M. VELAZQUEZ, New York
FRANK D. LUCAS, Oklahoma BRAD SHERMAN, California
SCOTT GARRETT, New Jersey GREGORY W. MEEKS, New York
RANDY NEUGEBAUER, Texas MICHAEL E. CAPUANO, Massachusetts
STEVAN PEARCE, New Mexico RUBEN HINOJOSA, Texas
BILL POSEY, Florida WM. LACY CLAY, Missouri
MICHAEL G. FITZPATRICK, STEPHEN F. LYNCH, Massachusetts
Pennsylvania DAVID SCOTT, Georgia
LYNN A. WESTMORELAND, Georgia AL GREEN, Texas
BLAINE LUETKEMEYER, Missouri EMANUEL CLEAVER, Missouri
BILL HUIZENGA, Michigan GWEN MOORE, Wisconsin
SEAN P. DUFFY, Wisconsin KEITH ELLISON, Minnesota
ROBERT HURT, Virginia ED PERLMUTTER, Colorado
STEVE STIVERS, Ohio JAMES A. HIMES, Connecticut
STEPHEN LEE FINCHER, Tennessee JOHN C. CARNEY, Jr., Delaware
MARLIN A. STUTZMAN, Indiana TERRI A. SEWELL, Alabama
MICK MULVANEY, South Carolina BILL FOSTER, Illinois
RANDY HULTGREN, Illinois DANIEL T. KILDEE, Michigan
DENNIS A. ROSS, Florida PATRICK MURPHY, Florida
ROBERT PITTENGER, North Carolina JOHN K. DELANEY, Maryland
ANN WAGNER, Missouri KYRSTEN SINEMA, Arizona
ANDY BARR, Kentucky JOYCE BEATTY, Ohio
KEITH J. ROTHFUS, Pennsylvania DENNY HECK, Washington
LUKE MESSER, Indiana JUAN VARGAS, California
DAVID SCHWEIKERT, Arizona
FRANK GUINTA, New Hampshire
SCOTT TIPTON, Colorado
ROGER WILLIAMS, Texas
BRUCE POLIQUIN, Maine
MIA LOVE, Utah
FRENCH HILL, Arkansas
TOM EMMER, Minnesota
Shannon McGahn, Staff Director
James H. Clinger, Chief Counsel
Task Force to Investigate Terrorism Financing
MICHAEL G. FITZPATRICK, Pennsylvania, Chairman
ROBERT PITTENGER, North Carolina, STEPHEN F. LYNCH, Massachusetts,
Vice Chairman Ranking Member
PETER T. KING, New York BRAD SHERMAN, California
STEVE STIVERS, Ohio GREGORY W. MEEKS, New York
DENNIS A. ROSS, Florida AL GREEN, Texas
ANN WAGNER, Missouri KEITH ELLISON, Minnesota
ANDY BARR, Kentucky JAMES A. HIMES, Connecticut
KEITH J. ROTHFUS, Pennsylvania BILL FOSTER, Illinois
DAVID SCHWEIKERT, Arizona DANIEL T. KILDEE, Michigan
ROGER WILLIAMS, Texas KYRSTEN SINEMA, Arizona
BRUCE POLIQUIN, Maine
FRENCH HILL, Arkansas
C O N T E N T S
----------
Page
Hearing held on:
June 24, 2015................................................ 1
Appendix:
June 24, 2015................................................ 39
WITNESSES
Wednesday, June 24, 2015
Carlson, John W., Chief of Staff, Financial Services Information
Sharing and Analysis Center (FS-ISAC).......................... 10
Poncy, Chip, Senior Advisor, Center on Sanctions and Illicit
Finance at the Foundation for Defense of Democracies, and
Founding Partner, Financial Integrity Network.................. 8
Vance, Hon. Cyrus R., Jr., District Attorney, New York County.... 6
APPENDIX
Prepared statements:
Carlson, John W.............................................. 40
Poncy, Chip.................................................. 60
Vance, Hon. Cyrus R., Jr..................................... 81
Additional Material Submitted for the Record
Ellison, Hon. Keith:
Article from the New York Times entitled, ``Homegrown
Extremists Tied to Deadlier Toll Than Jihadists in U.S.
Since 9/11,'' dated June 24, 2015.......................... 86
Southern Poverty Law Center Hate Map (Active U.S. Hate Groups
by State).................................................. 89
Written responses to questions for the record submitted to
John W. Carlson............................................ 90
EVALUATING THE SECURITY OF
THE U.S. FINANCIAL SECTOR
----------
Wednesday, June 24, 2015
U.S. House of Representatives,
Task Force to Investigate
Terrorism Financing,
Committee on Financial Services,
Washington, D.C.
The task force met, pursuant to notice, at 2:30 p.m., in
room 2128, Rayburn House Office Building, Hon. Michael
Fitzpatrick [chairman of the task force] presiding.
Members present: Representatives Fitzpatrick, Pittenger,
King, Stivers, Ross, Barr, Rothfus, Schweikert, Williams,
Poliquin, Hill; Lynch, Sherman, Green, Ellison, Himes, and
Sinema.
Ex officio present: Representative Waters,
Chairman Fitzpatrick. Thank you everyone for joining us
today for the third hearing of the House Financial Services
Committee's Task Force to Investigate Terrorism Financing.
Today's hearing is entitled, ``Evaluating the Security of the
U.S. Financial Sector.''
Through the first hearings of this task force, we have
heard about the extensive reach--both in terms of impact and
funding--of the terror groups that the United States and allied
nations face today. From the Middle East to South America, we
have examined the new methods of financing that these
organizations are utilizing to spread and carry out their
warped ideological aims.
Terrorist groups no longer rely solely on ``big-pocket
donors,'' or even state sponsors, but have diversified their
streams of revenue to include a wide array of activities. Non-
traditional funding methods--from antiques dealing and the sale
of illicit oil in Iraq and Syria, to the drug trade and
extortion in the Tri-Border Area of Argentina, Brazil, and
Paraguay--have transformed these groups from regional entities
to trans-national criminal syndicates.
With this global scope, it is vital that the United States
works with the international community to address these
challenges. However, it is equally important that we look
inward to assess the security of our own financial sector.
That is the focus of today's hearing.
Many groups are constantly seeking to access and exploit
the U.S. financial system. The complexity and sheer size of our
financial system has created avenues within which criminals may
move, hide, and launder their funds. Many of these groups
understand our system's weaknesses and gray areas with respect
to beneficial ownership and customer due-diligence standards
and they exploit it to our detriment.
Aside from the threat of actors operating within it, the
United States financial system itself should also be considered
a target for terrorists.
Over the past several years, there has been a noticeable
rise in the number of cyber-related attacks on United States
businesses and government agencies, launched by state and non-
state actors alike. This is attributed to the fact that such
attacks cost very little to carry out, but have potential to
cause severe problems and inflict great costs on the victim
attempting to carry out the defense.
The United States financial sector is too important for
this task force to overlook when seeking to address the nexus
of terrorism and finance. The continued innovation and
evolution by our enemies highlights the importance of this
body's role in the fight against terror.
The United States must do better when defending our
financial system and addressing the threats operating within
it. The risk is too great to ignore.
I am confident that today's dialogue between this
bipartisan group of Members and the panel of expert witnesses
that we have before us will help us to understand where our
system is vulnerable and how these vulnerabilities should be
corrected.
At this time, I would like to recognize for 3 minutes the
task force's ranking member, my colleague from Massachusetts,
Mr. Lynch, who has been a valuable asset to the task force.
Mr. Lynch. Thank you, Mr. Chairman. I want to thank the
members of the panel as well, the witnesses, for helping the
task force with its work.
This is our third hearing. The first two were focused on
the global reach of anti-terrorist financing. And I look
forward to this third hearing which is going to actually look
at the opportunity to evaluate the domestic security of the
U.S. financial sector in order to better protect it from
terrorist threats.
It is an inward-focused perspective which I think is
eminently necessary. It is crucial that our task force, as part
of the Financial Services Committee, devotes resources to
assessing the security of the U.S. financial sector. As our
witnesses highlighted in their prepared remarks, the size and
complexity of the financial sector makes it vulnerable for
abuse by terrorist organizations.
Shell companies and vulnerabilities in our financial
system's cyber infrastructure are two areas that are
particularly susceptible to exploitation by terrorists.
Shell companies particularly are being used to mask the
identities of people who actually control or profit from these
companies, the beneficial owners. And unfortunately, the United
States does not currently collect information on beneficial
owners.
As Mr. Vance, a seasoned New York County district attorney,
described in his prepared remarks, criminals and terrorists
exploit our inadequate incorporation procedures and the
anonymity in those procedures in order to conceal the illicit
conduct. This makes it hard for law enforcement to follow the
money to the ultimate owner.
At this point, I want to yield to Mr. Brad Sherman of
California for a brief opening statement.
Mr. Sherman. I have a very quick statement that relates to
the chairman's comments about cyberattacks from state actors.
It is a step away from the exact focus of the hearing.
The best defense against state actors attacking our cyber
system is a good offense. We are too politically correct to
have a good offense. We only go after government targets, we
only take the information for government files.
China is uniquely vulnerable to us if we choose to be
politically incorrect. What we need to do is gather information
about the assets and expenditures of their top 1,000
governmental officials, none of whom, I might add, are reported
on personal financial disclosure statements filed with the
ethics committee of any parliament. And if we were to expose
even a few of the tasty tidbits, China would no longer be
hacking into our system.
But that is not politically correct. We will have
bureaucrats asking us for money. They will only want to spend
money on defense; they are a little wary of offense. And so, we
will continue to be a punching bag, trying only to defend
ourselves.
I yield back.
Mr. Lynch. I would like to also yield 1 minute for a brief
statement to Ms. Sinema of Arizona.
Ms. Sinema. Thank you, Chairman Fitzpatrick, and Ranking
Member Lynch.
The Administration has identified the financial services
sector as critical infrastructure integral to our national
security. Cyberattacks on U.S. critical infrastructure,
including the financial sector, come from states, terrorists,
criminals, and hacktivists.
Sharing information about cyber breaches and threats is
critical to ensuring the financial institutions and affected
parties effectively prepare for and respond to cyberattacks.
However, this doesn't always occur.
Firms and industry groups have cited concerns over
violating privacy and antitrust laws as a reason that they are
reluctant to share information. So we must make it easier for
the private sector to successfully access threat information
and remove barriers to sharing within the private sector and
with the Federal Government.
Information sharing is an important tool for protecting
information systems and their contents from unauthorized access
from cyber criminals. But it is only one of the many assets of
cybersecurity that organizations must address to secure their
systems and information.
I am looking forward to continuing to work with my
colleagues on both sides of the aisle to reduce vulnerabilities
in the cybersecurity ecosystem and strengthen measures to
protect our critical infrastructure. And I am looking forward
to hearing more from our witnesses today about the essential
elements of effective cyber-threat information-sharing
legislation.
Thank you. I yield back.
Chairman Fitzpatrick. I now recognize the vice chairman of
the task force, Mr. Pittenger of North Carolina, for 1 minute
for the purpose of making an opening statement.
Mr. Pittenger. Thank you, Mr. Chairman.
And thank you to Ranking Member Lynch for your continued
efforts with this task force.
Recent reports from the State Department and the Treasury
Department have further highlighted the priority that we must
place in our counter-terrorist financing efforts.
The 2014 State Department Country Reports on Terrorism make
it clear that terrorism is becoming more prevalent. The number
of attacks increased by 35 percent with 3,000 more attacks in
2014 than 2013, and fatalities increased 81 percent to 32,727
deaths in 2014.
And the National Terrorist Financing Risk Assessment shows
that while we have made progress in undermining terrorist
financing, there are still vulnerabilities in our system and
more could be done.
While the United States is in compliance with the majority
of the Financial Action Task Force (FATF) recommendations, we
have our own noncompliance issues. I look forward to continuing
to work with this task force to achieve this, including efforts
to increase the cooperation between the public and the private
sector.
I look forward to the testimony today and the views of our
distinguished witnesses on what else can be done to stop the
flow of money to terrorists.
Thank you, Mr. Chairman. And I yield back.
Chairman Fitzpatrick. We now welcome our witnesses. And I
recognize the gentleman from New York, Mr. King, for the
purpose of introducing the district attorney of New York
County.
Mr. King. Thank you, Mr. Chairman. Thank you for giving me
this privilege because it really is a privilege to introduce Cy
Vance to this committee.
Cy Vance comes from a tradition of district attorneys in
New York where his two predecessors, Frank Hogan and Robert
Morgenthau, between the 2 of them served for more than 65
years. So this is a very distinguished office and Cy Vance more
than fits the bill; he more than lives up to the standards of
that office.
He was elected in 2009. He was re-elected with 91 percent
of the vote in 2013. All of us can only envy that vote margin.
But before that, he was a leading prosecutor and also had a
very successful career in the private sector.
The main reason he is uniquely qualified today is that his
office, the district attorney's office located in the world
financial capital, has been extremely active in international
financial issues, recovering billions of dollars from
institutions that have violated sanctions, and on the issue of
terrorism itself; he was the first district attorney to obtain
a terrorist conviction in New York State courts.
It was the Pimentel case which other prosecutors, including
the Federal Government, did not want to go near because they
thought it could not be won. The fact is a conviction was
obtained and it was a very, very significant conviction for the
district attorney. So I look forward to District Attorney
Vance's testimony here today. I can tell you--I am saying this
as a Republican--that he is universally respected in New York
by all political parties, by members of the bar, by police, by
law enforcement, and by defense counsel. And his testimony
today will be extremely illuminating and helpful.
And Cy, it is a real privilege to have you here today.
Mr. Chairman, I yield back.
Chairman Fitzpatrick. Thank you.
Welcome to the panel, Mr. Vance.
Next, we have Chip Poncy, a founding partner of the
Financial Integrity Network, and a senior adviser of the Center
on Sanctions and Illicit Finance at the Foundation for Defense
of Democracies.
Mr. Poncy previously served as the interim head of
financial crimes compliance from Mexico and the Latin American
region for one of the world's largest banks. Mr. Poncy also
served as the inaugural director of the Office of Strategic
Policy for Terrorist Financing and Financial Crimes and as a
senior adviser at the U.S. Department of the Treasury.
From 2010 to 2013, Mr. Poncy led the United States
delegation to the Financial Action Task Force where he co-
chaired a policy working group and managed United States
participation on illicit finance expert groups.
Mr. Poncy graduated with honors from Harvard University,
received a masters degree in international relations from the
Johns Hopkins School of Advanced International Studies, and
holds a law degree from the Georgetown University Law Center.
He also graduated from high school with Representative
Rooney of Florida, further distinguishing himself.
So, we welcome you.
And finally, we have John Carlson, the chief of staff at
the Financial Services Information Sharing and Analysis Center,
or the FS-ISAC.
Prior to joining the FS-ISAC, Mr. Carlson served as the
executive vice president of BITS, the Technology and Policy
Division of the Financial Services Roundtable. There, Mr.
Carlson led cybersecurity, technology, and collaboration
programs for 12 years and participated in the Financial
Services Sector Coordinating Council.
Mr. Carlson also served as managing director of Morgan
Stanley's Operational Risk Department and in a variety of
leadership roles at the Office of the Comptroller of the
Currency, the Office of Management and Budget, the Federal
Reserve Bank of Boston, and the United Nations Center for Human
Settlements.
Mr. Carlson graduated from the University of Maryland, and
received a masters degree in public policy from the Kennedy
School of Government at Harvard University.
The witnesses will now be recognized for 5 minutes each to
give an oral presentation of their testimony. And without
objection, the witnesses' written statements will be made a
part of the record. Once the witnesses have finished presenting
their testimony, each member of the task force will have 5
minutes within which to ask questions.
On your table there are three lights: green; yellow; and
red. Yellow means you have 1 minute remaining, and red means
your time is up.
The microphone is sensitive, so please make sure that you
are speaking directly into it.
With that, Mr. Vance, you are now recognized for 5 minutes.
Just make sure the microphone is turned on as well.
STATEMENT OF THE HONORABLE CYRUS R. VANCE, JR., DISTRICT
ATTORNEY, NEW YORK COUNTY
Mr. Vance. Good morning, Chairman Fitzpatrick, Ranking
Member Lynch, Representative King, and members of the Task
Force to Investigate Terrorism Financing.
As the head elected law enforcement official for New York
County, which is a target for terrorism from around the world,
I want to thank you for taking on this crucial issue, and for
the opportunity to talk to you and with you today.
I came to share with you the perspective of State and local
law enforcement on nontransparent beneficial ownership and the
ease with which criminals and terrorists can operate
anonymously in our jurisdictions.
As Representative King indicated, because of my office's
location in Manhattan as a global financial capital, our office
has the responsibility to interrupt terrorism financing and
other financial crime. And for decades, our office has
conducted investigations that rely on financial tracing and
analysis to root out these crimes along with money laundering,
sanctions violations, human trafficking, cyber crime, and other
frauds.
Like many in white-collar law enforcement, our way of doing
business is to identify the money and to follow the money,
which in most cases means issuing subpoenas for records from
financial institutions and pursuing the leads that those
records provide. But sometimes those records lead nowhere.
I want to share an anecdote which should be disturbing. It
is not, unfortunately, uncommon.
While I was preparing for my testimony here, an
investigator in my office entered the phrase ``incorporate
Delaware company'' into a Google search. And she called an
incorporation services vendor that appeared in her search
results.
Putting on her best accent, she stated that she lives in
France, that she wanted to incorporate a company in Delaware,
but that she wished to remain anonymous because of ``estate
issues'' in her country. And she was told that wouldn't be a
problem. A corporation could be set up in 5 minutes; she needed
to provide only a name and an email address.
And that interchange, I believe, highlights starkly what I
and my colleagues know very well: That criminals currently can
and do make use of our lax incorporation procedures and the
anonymity those procedures permit in order to carry out and
conceal illegal conduct.
On a nearly daily basis, we encounter a company or a
network of companies involved in suspicious activity, but we
are unable to glean who is actually controlling and benefiting
from those entities and from their illegal activity. In other
words, we cannot identify the criminal.
And that is not because entities are incorporated in an
offshore tax haven like the Cayman Islands. That country
actually collects beneficial ownership information. Often, that
entity is instead incorporated in the United States, and it is
incorporated in the United States precisely because we don't
collect beneficial owner information.
And in this important way, a prosecutor sitting in the
Cayman Islands is better positioned to root out terrorism
finance in her own markets than I am in ours.
Too frequently, an anonymous incorporation record spells
the end to our investigative road. And when we are able with
much time and effort to overcome that obstacle, we often find
that the criminals have purposely relied on our lax
incorporation requirements.
Recently, for example, a New York County grand jury
indicted eight individuals in a sprawling pump-and-dump
securities fraud scheme in which stock promoters and company
insiders reverse-merged private companies with no publicly
traded securities into existing public shell companies.
They concealed their control of the shell companies by
using nominees to purchase them and to hold the publicly traded
shares in their names. But the scheme's mastermind appears
nowhere in the incorporation documents and held none of the
company's shares in his name.
As in so many of our cases, disguised beneficial ownership
is precisely what enabled this scheme.
The perils of anonymous incorporation go well beyond
securities fraud. Shell companies doing business in New York
can be used to disguise the activities of entire foreign
governments.
In 2006, my office was investigating the Alavi Foundation,
a not-for-profit organization which owned a 60 percent stake in
a 36-story office building in midtown Manhattan. The remaining
40 percent was owned by the Assa Corporation, a New York
incorporated entity, and by Assa Company Limited, which was
incorporated in the Channel Islands.
We ultimately determined that the Assa entities were merely
shells being used to disguise the building's actual owner, a
bank called Melli. Bank Melli, as you may be aware, is wholly
owned by the government of Iran. It was designated by the
Office of Foreign Assets Control (OFAC) as a key financier to
Iran's nuclear and ballistic missiles program and as a banker
to the country, the Revolutionary Guard, and the Quds Force.
The building generated substantial rental income which was
diverted to the shell companies and from there to Bank Melli.
My office routinely collaborates with foreign law
enforcement to incapacitate cross-border threats. But time and
time again, we find that our international partners are better
situated to assist us in thwarting terrorism and financial
crime than vice versa.
It is detrimental to those partnerships when we have to
tell our international law enforcement friends that we can't
assist them in taking down U.S.-incorporated terrorist
enterprises because information about the owners of the
entities formed in our own States is beyond our reach.
A simple requirement to identify beneficial owners on State
incorporation forms would vastly improve the capacity of
American law enforcement to attack terrorism finance and
disrupt terror plots.
Thank you for the opportunity to testify today.
[The prepared statement of District Attorney Vance can be
found on page 81 of the appendix.]
Chairman Fitzpatrick. Mr. Poncy, you are now recognized for
5 minutes.
STATEMENT OF CHIP PONCY, SENIOR ADVISOR, CENTER ON SANCTIONS
AND ILLICIT FINANCE AT THE FOUNDATION FOR DEFENSE OF
DEMOCRACIES, AND FOUNDING PARTNER, FINANCIAL INTEGRITY NETWORK
Mr. Poncy. Chairman Fitzpatrick, Vice Chairman Pittenger,
Ranking Member Lynch, and other distinguished members of the
task force, I am honored by your invitation to testify today,
particularly with such a distinguished panel.
There are important steps that this task force can take to
strengthen the security of our financial system, the integrity
of our economic markets, and our national and collective
security.
Such steps will help combat terrorism, transnational
organized crime, WMD proliferation, and corrupt elites by
denying these and other national security threats access to the
financial services they require.
These steps will also strengthen our ability to identify,
pursue, and disrupt illicit financing networks that fuel and
enable these threats. These steps must focus on addressing
systemic challenges to our financial integrity. Such challenges
stem largely from weaknesses in implementing global anti-money-
laundering and counter-terrorist financing standards, standards
that U.S. leadership has helped create through the Financial
Action Task Force, or FATF.
These global standards direct countries to implement
comprehensive anti-money-laundering, counter-terrorist
financing regimes that deliver financial transparency and
financial accountability.
Financial transparency allows us to track and trace illicit
financing across an increasingly globalized financial system.
Financial accountability ensures that our financial
institutions implement the systems and controls required to
deliver financial transparency.
Financial accountability also ensures the aggressive
pursuit, disruption, and deterrence of illicit financing
activity, actors, and assets that infiltrate our system.
In an increasingly globalized financial system, economy and
threat environment, we must pursue a global approach to
achieving these objectives. Such an approach must build upon
our success in leading the global implementation of the
international framework for anti-money laundering and combating
the financing of terrorism (AML/CFT) regimes that deliver
financial transparency and accountability.
This requires legislation and rulemaking to close key gaps
in implementing a number of FATF global standards essential to
achieving financial transparency here at home.
It also requires continued aggressive enforcement and a
strengthened partnership with the financial sector to
facilitate compliance with financial transparency requirements.
And it requires additional resources to expand targeting of
illicit financing networks.
This committee can strengthen U.S. leadership in overcoming
these challenges by taking the following 10 steps that will
significantly enhance financial transparency and
accountability.
One, adopt legislation expanding the purposes of the Bank
Secrecy Act (BSA) to explicitly include protecting the
integrity of the financial system. Such legislation is required
to underscore the importance of partnership with the financial
institutions that comprise our financial system.
Two, adopt legislation to require the disclosure and
maintenance of meaningful beneficial ownership information in
our company formation processes. Such legislation is required
to address the chronic abuse of legal entities that mask the
identities and illicit financing activities of the full scope
of criminal and illicit financing activities in actors.
Three, collaborate with the Treasury Department to consider
legislation that strengthens the information-sharing provisions
of Section 314 of the USA Patriot Act. Such action may assist
in addressing systemic challenges to financial integrity posed
by information-sharing constraints.
Four, support the issuance of Treasury's proposed rule on
customer due diligence, consistent with that of standards. Such
action is required to address the systemic challenges posed by
CDD practices that fall below global standards here in the
United States and particularly with respect to beneficial
ownership.
Five, support Treasury's consideration to extend AML/CFT
preventive measures to investment advisers and financial
intermediaries and real estate transactions, consistent again
with global standards.
This action is required to help address the systemic
challenges created by gaps in our financial system that are not
covered by AML/CFT regulation. This includes a blind spot with
respect to more than $66 trillion of assets under management,
held by investment advisers that currently sit outside the
scope of AML/CFT regulation in our markets.
Six, support Treasury's consideration of lowering the
record-keeping and travel-rule thresholds, consistent with that
of standards.
Seven, provide protective resources for Treasury to enhance
examination and supervision of BSA-covered industries that lack
a Federal functional regulator.
Eight, provide protective resources for the IRS and
Department of Justice to enhance financial investigations of
illicit financing networks. Such action is needed to strengthen
the systemic pursuit of illicit financing networks of the
criminal investigative and prosecutorial authorities that are
the best suited and the best trained to support this mission.
Nine, provide protective resources for Treasury to enhance
targeting of primary money-laundering concerns under Section
311 of the Patriot Act and targeting of illicit financing
networks under national security authorities. Such action is
needed to give the Treasury the resources it requires to
continue applying targeted financial measures that effectively
disrupt a growing range of criminal and national security
threats.
And ten, provide protective resources for Treasury to
develop foreign capacity in critical financial centers to
support the effective implementation of targeted financial
measures.
These 10 steps outline the foundation for an action plan
that this committee can move forward with to strengthen our
financial integrity and the effectiveness of our counter-
illicit-financing mission.
Once again, I am honored to testify here today in support
of those who, across our government and financial services
industries, fight every day to protect our financial integrity.
They are literally the best in the world in advancing this
mission and their continued success will require your ongoing
support. Thank you.
[The prepared statement of Mr. Poncy can be found on page
60 of the appendix.]
Chairman Fitzpatrick. Thank you.
Mr. Carlson, you are now recognized for 5 minutes.
STATEMENT OF JOHN W. CARLSON, CHIEF OF STAFF, FINANCIAL
SERVICES INFORMATION SHARING AND ANALYSIS CENTER (FS-ISAC)
Mr. Carlson. Great. Thank you very much, Mr. Chairman.
My name is John Carlson, and I am the chief of staff of the
Financial Services Information Sharing and Analysis Center (FS-
ISAC). FS-ISAC is a not-for-profit formed in 1999 in response
to Presidential Decision Directive 63 of 1998.
My written statement includes some details on our 16-year
history, our 6,000 member organizations, what we do, and how we
engage with the United States and others around the globe.
Briefly, we play a critical role in sharing cyber and
physical threat information, conducting coordinated contingency
planning exercises, managing rapid response communications for
both cyber and physical events, such as Hurricane Sandy of
2012, and fostering collaborations with other key sectors and
government agencies.
Thank you for inviting me to testify today at this hearing
on evaluating the security of the U.S. financial sector.
The current security threat environment continues to evolve
and intensify. It affects all institutions regardless of size
and type. Increasingly other sectors such as retailers and
health care providers and, yes, even our own Federal
Government, face these same threats.
We see malicious cyber actors with increasing
sophistication and growing persistence. These actors vary
considerably in terms of motivation and capability. They range
from nation states conducting espionage and sponsoring what we
call distributed denial of service (DDOS) attacks, advanced
cyber criminals who seek to steal money, terrorists looking to
finance their activities, and hacktivists intent on making
political statements.
There are numerous tactics that malicious cyber actors use
to target financial institutions. Among these, the following
are concerning: targeted spear phishing campaigns; ransom-ware
attacks; distributed denial of service attacks; a new one,
business email compromise leading to fraudulent wire transfers;
supply chain risks; a blending of physical and cyberattacks
like we have seen in some of the attacks going after ATM
networks; and of course, insider threats which oftentimes yield
the most damaging results.
The quote often attributed to Willy Sutton that he robbed
banks because that is where the money is, reminds us why
financial institutions are often the subject of cyberattacks.
However, that quaint quote does not capture the entirety of the
situation we face today.
We are also observing that financial institutions are being
targeted in response to international conflicts. Perhaps the
best visible example of this was the DDOS attack several years
ago when an organization backed by a foreign country targeted
dozens of financial institutions over many months.
The persistent, organized attacks were very disruptive. The
only silver lining is that they resulted in unprecedented
levels of information sharing among financial institutions and
with the U.S. Government.
For example, the information shared by firms that were
attacked during the first wave benefited firms targeted during
the second, third, and fourth waves. They also resulted in
elevating cyber to a CEO-level issue, where it remains today.
The financial sector is increasingly concerned with the
potential for attacks that could undermine the integrity of the
financial system through data manipulation and destruction.
In response, my organization, working with others, has
launched a task force with over 80 representatives from firms
and government agencies to develop best practices on how to
mitigate and respond to potential destructive malware attacks.
These are serious concerns and we are addressing them in a
serious manner. We are investing in the future and fostering
collaborations to better match the threat environment.
For example, last year we launched with the Depository
Trust and Clearing Corporation, Soltra Edge, a game-changing
new service that automates cyber threat information sharing.
Soltra Edge leverages two open standards: the Structure Threat
Information eXpression, or STIX; and the Trusted Automated
eXchange and Indicator Information, also called TAXII, that the
Department of Homeland Security funded and the MITRE
Corporation developed.
I certainly don't want to leave you with the impression
that the financial sector needs more regulation to address the
cyber challenge. In my written statement, I explain the extent
to which the financial sector is regulated based in part on the
Gramm-Leach-Bliley Act of 1999, as well as extensive
supervisory guidance that regulators have issued over the past
15 years.
I also explain how our sector's strong risk management
culture and our leadership in collaborating with other sectors
and government agencies is critical to our success in repelling
these attacks.
Let me conclude by saying that the information-sharing
practices that our sector uses today are working well to the
point that other sectors are looking to us for guidance and
best practices. However, much more needs to be done given the
increasing risks our sector and country faces.
I outline in my written statement some recommendations for
actions for the Congress and the Administration that could
supplement these efforts. In short, the Congress can play a
constructive role by enacting cyber-threat information-sharing
legislation, which I know the House has passed, and it is
awaiting action in the Senate; encouraging financial regulators
to harmonize regulatory requirements; and supporting other
efforts by the Administration to enhance information sharing
and cyber protections.
Thank you for the opportunity to testify.
[The prepared statement of Mr. Carlson can be found on page
40 of the appendix.]
Chairman Fitzpatrick. We thank the panel of expert
witnesses for your opening statements here to the task force.
At this point, each of the Members will be recognized for 5
minutes for the purpose of asking questions.
I now recognize myself for questions.
Mr. Poncy, in your testimony you mentioned actions, and you
have mentioned this in the past as well, actions that could be
taken by the United States to meet the FATF global standards,
customer due diligence rule, you have mentioned lowering the
travel record-keeping threshold from $3,000 to $1,000. What are
the obstacles the United States Treasury Department is
encountering which are prohibiting adoption of some of these
rules at this point? Is it lack of resources? Is it political
will? What do you believe it is?
Mr. Poncy. Thank you, Congressman. Two great questions, and
I think the answer is a combination of a lack of understanding
of the importance of those rulemakings to protecting our
financial integrity, and a stretch of resources that are
required to advance our counter-illicit-financing mission.
The Treasury Department, the investment of the Treasury
Department to manage the security of the financial system is a
fraction of the investment that is made across our national
security infrastructure. That is no secret. Main Treasury is
very small. It operates like a professional firm.
It also has responsibility to manage the integrity of not
just the U.S. financial system, but in today's globalized
economy, pretty much the global financial system. The people at
the Treasury Department work harder than any of the folks that
I have worked with throughout my career.
To ask them to continue the expansion of this mission, due
to its success, what started as a counterterrorism financing
campaign built on the back of AML systems and has now expanded
to include threats against transnational organized crime, WMD
proliferation, grand-scale corruption, cyber crime, is being
done with the same group of people who were working 24-hour
shifts to combat terrorism financing after 9/11. They need more
resources. It is just that simple.
But in addition to that, they need support, not only of the
Congress, but of the general public. The American Bankers
Association and the American Bar Association have been visibly
absent from supporting Treasury's role in customer due
diligence. This is evident in the comments with respect to the
rulemakings that Treasury has proposed.
Some of the concerns they have raised are important
concerns. Treasury has engaged in historic outreach on these
rulemakings. In the 40-year history of the BSA, the Treasury
Department had never conducted a cross-country campaign in New
York, Washington, Miami, Chicago, or L.A. with banks, with
broker dealers, with insurance companies, with futures
commissions merchants, with money service businesses, to
understand the challenges of implementing customer due
diligence and to get it right.
I would submit that the proposed rule that Treasury issued
last July gets it right. Getting that rule from a proposed rule
to a final rule requires more visibility and more support from
the Congress and from the general public. Thank you.
Chairman Fitzpatrick. Mr. Vance, you have been one of the
Nation's leaders ringing the bell on the whole issue of
beneficial ownership. You are doing it as a law enforcement
professional working with mainly State, city, county, and other
law, and there is some intersection with Federal agencies.
Recently, the Treasury issued a notice of rulemaking on
this subject of beneficial ownership. I was wondering if you
were familiar with that notice and if you have any comments on
that?
Mr. Vance. In all honesty, Congressman, I am not familiar
with it in detail, so I don't want to mislead you before I
answer the question.
Chairman Fitzpatrick. What it would do, is ease compliance
burdens compared with the advanced notice of proposed
rulemaking which would have forced institutions to verify that
beneficial owners listed by an account holder were actually the
entity's beneficial owner.
Mr. Vance. Congressman, our issue is our ability to access
that information for State prosecutors. So if we have to go to
the IRS, for example, to get that information, current law does
not permit us to just go to the IRS and obtain information that
we can then use to investigate.
So I think that is a step, but my preference, as I indicate
in my testimony, is that there be a 50-State solution to this
whereby beneficial ownership is required upon incorporation and
that will give prosecutors like myself equal and direct access
through grand jury subpoenas to information that is vital for
us to protect our communities.
Chairman Fitzpatrick. I am going to ask each of you, if you
can make one suggestion on the issue of information sharing, we
will start with Mr. Carlson, a suggested amendment or change to
Section 314 of the USA Patriot Act, what would it be?
Mr. Carlson. I don't know the specifics on Section 314, but
I think in general we are looking for protections to share
information so you are not held liable for sharing that
information, as well as protections from disclosure, such as
the Freedom of Information Act, if you are sharing information
with the government.
I think within the financial sector, we actually have
developed a mechanism to share that kind of information, but we
need further protections in order to encourage others to start
sharing and to give them some legal cover in case they do share
and that information gets released.
Chairman Fitzpatrick. Mr. Poncy, could you quickly suggest
a recommendation?
Mr. Poncy. Thank you, Congressman. There are two elements
of Section 314 that bear re-examination. One is that 316B
allows financial institutions to share information related to
combating financial crime and achieving safe harbor from
different types of liability associated with information
sharing.
But the type of information sharing that is anticipated
under 314 is not necessarily the most expansive imaginable.
What we want, what we need is to have our best compliance teams
sitting in our global banks working with one another to map
illicit financing networks.
We know a lot of people who do this. They used to do this
at the Treasury Department. They used to do this at the FBI.
They used to do this in the Manhattan DA's office. And they are
some of the best investigators in this we have. They cannot sit
down with one another with their customer data and link this up
to figure out where illicit networks are penetrating our
institutions.
So one is the kind of information sharing that we are
talking about.
And two is what is a permissive allowance perhaps should be
a requirement.
So those would be two suggestions to start.
Chairman Fitzpatrick. Thank you.
My time has expired.
I would like to recognize the ranking member of the full
Financial Services Committee, Ms. Waters of California.
Ms. Waters. Thank you very much.
I would like to address this question to Mr. Cyrus Vance.
The Patriot Act allowed FinCEN to temporarily exempt
certain categories of entities and institutions from having to
establish a basic anti-money-laundering program that entails
developing internal policies, procedures, and controls,
designating a compliance officer, providing for ongoing
employee training, and an independent audit function to test
programs.
Today, nearly 14 years after the Patriot Act was passed,
there are a number of categories of institutions that remain
exempt from these basic requirements. The list of exempted
entities includes pawn brokers, travel agencies, sellers of
vehicles, including automobiles, airplanes and boats, persons
involved in real estate closings and settlements, private
bankers, commodity pool operators, commodity trading and
advisers, and investment companies.
Do you believe it is time for Treasury to revisit whether
the exemptions for the entities I just listed continue to be
appropriate?
Mr. Vance. I do, Congresswoman. I think you answered your
question by asking it. We have 5 years--much more experience
now as a result of the Patriot Act and I think some of the
categories of industry that you talk about are now ones that
should be looked at in order to consider whether they should be
included.
Ms. Waters. Thank you very much.
Let me go to Mr. Poncy.
I understand that you were at Treasury, is that right?
Mr. Poncy. That is right, ma'am.
Ms. Waters. And so the question that I just asked, could
you please give us your take on that?
Mr. Poncy. Thank you very much. And I am always happy to
have the Manhattan district attorney take the words out of my
mouth. I couldn't agree more.
I certainly think it is time to re-examine it, but it is
important how we do it.
The limited resources we have over our regulatory system
are such that even for sectors that we have nominally
regulated, we cannot ensure their integrity.
So we have at the moment BSA regulation requirements over
high-priced commodity merchants and dealers. There is no
Federal regulator over that. It is the same for money service
businesses and insurance companies.
One of the recommendations that I have in my testimony is
that we invest targeted resources to strengthen oversight of
sectors that are already covered so that they actually
understand and implement the obligations that are already on
the books.
The second recommendation that I have in my testimony is to
do exactly what you suggested, to examine the coverage of the
financial system with existing requirements.
In particular, the investment adviser sector is one that
controls $66 trillion of assets under management, that is
``trillion,'' with a ``t.'' That is 5 times our GDP. That
sector does not have any AML/CFT obligations right now, so I
would start there.
And then I have also recommended taking a look at financial
intermediaries involved in real estate closings. All of us have
seen the exposes in New York and Miami and elsewhere about
high-luxury properties going to offshore interests often on the
back of corrupt proceeds. If we want to stop those activities,
then I suggest that we start with those two sectors in
particular.
And I know the Treasury Department is strongly considering
that. Again, it is a question of resources and a question of
public visibility. So, support to the Treasury Department for
what is already an effort to try to get ahead of this might
help the Administration get over the fence.
Ms. Waters. In your testimony, you also stated that the
long string of U.S. enforcement actions against global banks
and other financial institutions in recent years underscores
the U.S. commitment to global anti-money-laundering and
counterterrorism financing regime and financial integrity.
And then you say it also raises questions about the state
of industry compliance and the cultural commitment to
compliance on critical national security matters across the
banking sector.
I want to tell you that I was very surprised. We spent
quite a bit of time on HSBC Bank. And of course, there was a
big fine against them. But when we began to delve deeply into
how they manage their controls, and we had staff go up to HSBC
and get the regular tour and all that, we had a whistleblower,
we were surprised at what we consider was a lack of really
tough controls that were absolutely managed and overseen by
those at the very highest levels.
So what about that? And why do you think we have such a
commitment if we have these banks that are still involved with
money laundering and they get a slap on the wrist with some
fines?
Mr. Poncy. That is such a fantastic question. I would spend
the whole hearing on that if I could. It is an incredibly
important one. I will try to be brief, starting with what we
know.
One, the United States enforcement community is stronger
than any community in the world by a long shot. Many of the
banks, including HSBC, are foreign banks that operate within
the United States.
Our law enforcement combined with our supervisors is
frankly the only enforcement game in town, and this is in a
global financial system that we are connected to. So let's
start with the recognition that despite the challenges that we
face, we are operating in a global environment in which we are
already putting tremendous pressure on institutions that
operate here versus offshore. And we are competing with those
same institutions.
Second, our law enforcement efforts have substantially
changed the efforts of financial institutions that are
operating in the United States. So when you look at these
monitor shifts and you look at these injunctive actions and
enforcement actions that the Manhattan district attorneys
office, that the Southern District of New York, Eastern
District of New York and others have taken, there is no doubt
in my mind, I have been in these banks, that they are a
different place than they were 5 years ago. And that is
entirely owing to our enforcement commitment.
The question you raised, though, is important, and this is
in my testimony. It is not clear whether the current
enforcement environment that is so essential is going to be
enough to change a global challenge of compliance, a culture of
compliance that is questionable across not just the global
banking industry, the global banking industry, these are our
best, right? These are the ones who can block and tackle.
What about the non-banks? What about capital markets? What
about money service businesses?
So it is just the beginning of the answer to your question,
but it deserves more time.
Chairman Fitzpatrick. Thank you, Mr. Poncy.
The gentlelady's time has expired.
Mr. Pittenger, you are recognized for 5 minutes.
Mr. Pittenger. Thank you, Mr. Chairman.
Mr. Poncy, in my discussions with the officials at FATF, I
have raised the concerns about the compliance of the other 34
member countries with the 40 recommendations. And they come
back to me and say the question asked by so many of these
countries is the U.S. compliance, particularly as it relates to
the beneficial ownership.
Would you speak to the importance of our compliance and how
this affects our other member countries in causing them to be
in greater compliance?
Mr. Poncy. Thank you, Congressman. That is a great
question. The strength of our financial system, the integrity
of it, rests upon our leadership globally. And the work that we
have done in FATF and the credibility that we have achieved
through our work at FATF and the work that we do back here at
home is second to none.
But people are always looking at the United States
naturally as a position of leadership and of vulnerability in
an economy that we dominate as to how is the United States
doing and is the United States practicing what it is preaching.
And when it comes to beneficial ownership, we have work to
do.
I want to go back to, and this answers your question,
Congressman Pittenger, some of what Congressman Fitzpatrick was
asking about, customer due diligence versus what the Manhattan
district attorney Cyrus Vance has mentioned about company
formation reform. These are two ends that are both essential to
achieve transparency on beneficial ownership.
They do it in different ways and they are not mutually
exclusive; in fact, they are both absolutely necessary to
comply with FATF and to achieve financial transparency.
On the one hand, anybody who wants access to financial
services should be somebody that we know who they are. That is
what customer due diligence is supposed to do. We need the
Treasury rule out to meet FATF standards and have confidence
that our banks and our financial institutions understand the
people they do business with. That is one element.
The other element that the FATF is concerned with, with the
United States, concerns company formation, which Mr. Vance has
discussed. And to achieve compliance with that requirement
requires us to reform company formation processes.
I know Mr. Vance's testimony and mine both recommend
legislation to fix this. It will require legislation, and there
are a number of ways to do it. But the point is that there are
now solutions on the table that require action.
If we achieve compliance with beneficial ownership
requirements, both with respect to customer due diligence and
company formation, we will have addressed the overwhelming
concern from FATF with U.S. compliance. And at that point, that
strengthens our hand to continue to demand that other countries
step forward on other matters.
Mr. Pittenger. That is really the point I wanted to make.
You emphasized the impact it has on our ability to lead and
cause accountability from our other member countries.
Mr. Poncy. Exactly.
Mr. Pittenger. Mr. Carlson, you referenced business email
compromise. Have you seen evidence of the hacking of CFOs to
exploit their system with wire transfers? Do you see this as a
concern and possibility that terrorist organizations would
deploy this type of method for financing their own operations?
Mr. Carlson. I don't know to what extent it involves
terrorist organizations, but we did issue last Friday a joint
advisery with the FBI and the Secret Service on this new type
of wire fraud, to try to alert the community that this is going
on and to also provide some tips on how they can prevent it.
So we are seeing this where oftentimes a CEO or CFO is
going on vacation, someone will get access to their email
accounts, divert the email account, and then instruct the staff
to transact a wire transfer. And it does require going through
and developing some stronger controls around validating the
request and confirming the request, particularly when you are
talking about large dollar transactions and transfers that
oftentimes are difficult to pull back or impossible to pull
back, particularly if they are going overseas.
So we are seeing some evidence of that, but we are trying
to be proactive and working in partnership with law enforcement
to raise awareness and to provide guidance.
Mr. Pittenger. Thank you.
Mr. Vance, regarding cyber, do we have the proper and
necessary authorities in place to be able to bring justice to
those who are involved in the cyber war? And are those
mechanisms in place to close out this behavior?
And if so, would Section 311 be a proper a method to use in
that regard?
Mr. Vance. Congressman, I first would say that it is the
Federal Government that to date has been responding to foreign
attacks on American institutions and companies. And so, I
cannot speak for the Federal Government.
And quite honestly, Section 311 is not something that I am
familiar with, and I don't want to answer a question that--
Mr. Pittenger. I'm sorry. Maybe I should direct it to Mr.
Poncy.
Chairman Fitzpatrick. The gentleman's time has expired.
Mr. Pittenger. Thank you.
Chairman Fitzpatrick. So we will move to the ranking member
of the task force, Mr. Lynch, for 5 minutes.
Mr. Lynch. Thank you, Mr. Chairman.
Thank you all for your testimony. You have been very
helpful.
Mr. Vance, the centrality of New York and Manhattan as a
global financial center gives us some leverage and some ability
to impact money flows to some of these terrorist organizations.
So it gives us a little bit of leverage as well as the fact
that the major reserve currency is the American dollar, the
U.S. dollar.
So we are having negotiations right now with Iran, ongoing,
about reducing the sanctions, and the negotiations have really
centered around the nuclear development within Iran. And the
sanctions seem to be being weighed as a consequence of
eliminating the possibility of developing a nuclear weapon in
Iran.
However, in practice, through Section 311 with the special
measures there and 314, we have been able to use the legitimate
banking system as a way to sanction Iran for funding terrorist
activity. It is a totally different direction that they go in.
Actually, back in the day, I don't know if they still do
it, Iran used to carry a line item in their budget for
Hezbollah and Hamas, a direct line item for funding those
terrorist organizations. I am not sure they still do that. I
wouldn't be surprised.
So we have this difficult, this Gordian knot that we are
trying to untie here, the idea that the Administration has said
we will lower sanctions against Iran if they agree to cease and
desist from developing a nuclear weapon.
However, the institutions that will benefit from the
reduction in sanctions are the very same banks, Bank Melli and
others and their central bank, that have been guilty of
financing not only Hezbollah and Hamas, but also Al-Shabaab and
Boko Haram and other groups throughout the Middle East, the
Taliban more recently.
Is there a way--this is a tough question and you can all
have a crack at it--to make that framework operate the way we
wish? In other words, even though the Administration might say,
okay, they have done away with their nuclear program and we
feel we have verified that, I think there are a lot of banks
out there that are going to keep those sanctions in place
because they don't want to be tainted with the fact that they
are now financing some of these terrorist organizations.
It is a dilemma that we are facing here. And while I would
like to eliminate the nuclear threat, certainly there are a
whole lot of other things in play here that I am not so
comfortable with.
Please.
Mr. Vance. Congressman, I would just say from my perch in
Manhattan having done now eight of these cases involving
foreign banks and terror funding and interruption of that
financing, that much more than simply the dollar fines that
have been taken as a result of the misconduct, but it has
changed, I believe, significantly the attitude in foreign
banking toward dealing with the American banking system, State
and Federal.
So I think it has been, from my perspective, it has
achieved what we wanted to achieve, which is honest banking as
well as not having rogue regimes and countries being able to
move money around the world, let alone through New York.
I have seen--even though I am a State and not a Federal
person, and even though I am not an expert on foreign policy, I
can draw a direct connection between the positions that we have
taken in enforcement and the impact on a country like Iran
which is a present and real danger, not just for the region,
but for our country.
Mr. Lynch. Mr. Poncy?
Mr. Poncy. Congressman, thank you. This is a hugely
important question that is being debated now on the front pages
for good reason.
There are three points I would make.
First, obviously if the Administration can secure a deal in
which we eliminate the threat of nuclear proliferation from our
greatest proliferation threat, Iran, that is something we
should all support. The way that is done has to be very
carefully crafted in a way that ensures that we have
verification of the commitments that Iran can make, that Iran
makes in that deal. And that is within the province of the
Administration. And obviously, I wish them success in that.
But second, assuming that deal goes through and that it is
verifiable, there is the question of how you unwind sanctions
that have been imposed for a variety of derogatory behaviors,
to your point.
And it will require very careful consideration not just by
the Administration, but by banks to think about, what was the
basis for the sanctions on Iran in the first place?
Long before proliferation, there was terrorism, to your
point. They are still a state sponsor of terror. They are
subjected to more terrorism financing and counter-terrorist
financing controls than any other country around the world.
They are also subjected to intensive and preventive
measures associated with money laundering and corruption.
These activities and human rights abuses and other bases
for sanctions continue, regardless of whether or not there is
an agreement on nuclear proliferation. That has to be a
consideration in how sanctions are unwound.
And lastly, the AML obligations will continue to exist,
even in the absence of sanctions, through which financial
institutions should take very good care in how they deal with
any Iranian financial institutions.
Chairman Fitzpatrick. Mr. Carlson, can you respond quickly?
Mr. Carlson. I am not an expert on the AML rules. I do know
that when we have these conflicts with countries like Iran,
they do show up in my domain in terms of cyberattacks and
responding to those issues.
So we are interconnected. Obviously, the financial services
industry implements the rules that you put in place and that
the Treasury Department puts in place.
I will say there is a growing concern within the industry
around the compliance burden of a lot of these AML anti-
terrorism laws. We at the same time are encouraging the
Administration to do more, to create more of a deterrence
against cyberattacks. And we know there is an Executive Order
that was issued in April that basically leverages the AML and
sanctions rule in order to do that.
We generally support it, but we have some concerns about
the implementation and the additional burden it puts on the
industry.
Mr. Lynch. Thank you.
Chairman Fitzpatrick. I now recognize the gentleman from
New York, Mr. King, for 5 minutes.
Mr. King. Thank you, Mr. Chairman.
District Attorney Vance, actually all the members of the
panel, but District Attorney, you supported in the last
Congress the Incorporation Transparency and Law Enforcement
Assistance Act which was introduced by Congresswoman Maloney.
And I was a cosponsor. I believe Chairman Fitzpatrick was a
cosponsor, and the ranking member of the full committee, Ms.
Waters, was a cosponsor.
Basically, that would just require companies with fewer
than 20 employees and/or less than $5 million in revenue to
file information with Treasury disclosing beneficial ownership.
And this is intended for the purpose of cracking down on shell
companies.
Now, that and also the FinCEN rule have been opposed by the
American Bankers Association. And I know Congresswoman
Maloney's legislation, which I supported then and support now,
has been looked upon as too much of a regulatory burden.
Can you address that and how much of a burden this is and
how this would compare with other requirements that are imposed
on the banking community?
Mr. Vance. Let's just start, Congressman, with the issue of
currency transaction reports. As in most cases, when there is a
regulation that is going to be applied to an industry, industry
usually, many industries, cry that the world is going to end
and that it is going to be too expensive and it is going to
drive businesses out of business or away from America.
We have learned how to live with currency transaction
reports and it has been a powerful investigative tool in
ordinary crime as well as terrorism.
Now, I understand that at least under one bill as drafted
there would be an interim period where these rules would be
applied to the States. There would be funding for the States in
order to cover the costs of making this transition.
And so from my perspective, that all seems reasonable and
appropriate and that the additional burden placed on a
corporation by checking off one box and filling out a couple of
names seems a small price to pay when the benefit is law
enforcement, where necessary, being able to investigate and
prosecute crimes that are impacting not just our government,
but our citizens, and many of those investigations relate to
terrorism.
There are also--I understand people oppose it, but I also
know that at least with regard to the Senate bill, there were
many who supported it, including the Main Street Alliance, the
American Sustainable Business Council, the National Money
Transmitters Association, and on and on. There were many folks,
including all of law enforcement, who supported that bill. So
there is support and opposition, but I think the support is
powerful.
Mr. King. I know that the Federal Law Enforcement Officers
Association, FLEOA, Fraternal Order of Police strongly
supported it.
Mr. Poncy, can you comment on that?
Mr. Poncy. Thank you, Congressman.
I would just say that this happens often, but the proposed
legislation that you are referring to was, in my view, terrific
and would have gone a long way toward addressing the abuse of
legal entities that we have seen and that Mr. Vance has
outlined so eloquently.
The challenge in part is that you have two ways to get this
beneficial ownership information, right? One is through company
formation reform. And there are a lot of ways to do that,
including the proposed legislation that you have cosponsored in
the past.
Another is through requiring banks to obtain beneficial
ownership information when customers seek access to the
financial system.
Both of these requirements are necessary. These are not
either/or.
So for example with the banks, the banks frankly on company
formation, company formation reform is the bank's friend
because there is no burden to the banks on that. That is a
burden on States, on incorporation processes that will deliver
the information that Mr. Vance is describing and should help
banks because at that point there is more information for banks
to then obtain from their customers.
Curiously, the banking industry has been somewhat absent
from supporting the bill, but they don't directly oppose it
because it is not their burden. It will ultimately accrue to
their benefit.
And part of the reason why they may not be supportive is
because if that goes through it will be easier for Treasury to
get its rule out that requires banks to get that information
when it is available, right?
So the two of these are related, but they are distinct and
they are both essential. So I would simply recommend, and I
have this in my testimony, that both ends of this become a
priority to this committee.
One, let's table and adopt meaningful legislation to obtain
beneficial ownership information that can be available to law
enforcement in the company formation process.
There are a couple of different ways to do that. You are
familiar with them. That needs to move forward. There is some
burden associated with it, but it is nowhere near the benefit
that reform would achieve not just for law enforcement, but
frankly for our financial institutions that we are now hitting
with enforcement action after enforcement action to manage
risk.
And the second piece is to get Treasury to move on the
customer due diligence rule with the support that it needs so
that we require banks to obtain that information.
With those two elements in place, we comply with FATF
standards, we increase our credibility globally, we manage risk
to the financial system and we give law enforcement what it
needs to pursue illicit financing networks.
Chairman Fitzpatrick. The gentleman's time has expired.
Mr. King. Thank you, Mr. Chairman.
Chairman Fitzpatrick. We now recognize the gentleman from
California, Mr. Sherman, for 5 minutes.
Mr. Sherman. This task force is focusing on terrorist
financing that includes not only the non-state actors, but
Syria, Iran, and certain other governments.
I would hope, Mr. Chairman, that we would get
Administration witnesses here that can focus particularly on
Iran, whether the 24 Iranian banks that have been sanctioned
will continue to be sanctioned under this nuclear deal, whether
the Iranian banks will continue to be denied access to the
SWIFT system, and whether those banks found to be of money-
laundering concern not because of the Iranian nuclear program,
but for other reasons, will continue to be listed.
I would love to ask these witnesses, but asking them what
the Administration will do may not be a good use of time.
But Mr. Vance, you identified that an Iranian bank, a
sanctioned Iranian bank, ended up being the beneficial owner of
certain property in New York. Have you seized that property?
Mr. Vance. Actually, the Federal Government did. The
Southern District of New York, which came along later and
proceeded on the Federal asset forfeiture, and that occurred--
Mr. Sherman. If the Federal Government would stop objecting
to the victims of Iranian terror suing the Iranian government,
that could be used as a source to finance those victims.
Enforcement in this area requires prosecution. One thing
that is related is a number of Swiss and other foreign banks
have been hit with multi-hundred-million-dollar, in some cases
billion-dollar, fines for conspiring with very wealthy
Americans to allow those Americans to have secret bank
accounts. Those secret bank accounts were for tax evasion, not
avoidance.
So we get a chunk of money from the banks, we will get a
chunk of money from the--I will call them taxpayers, but I
guess I would call them non-taxpayers, these folks have also--
and of course, we aren't prosecuting any of them, so we are not
going to really effectively deter this in the future.
Those who cheat on their Federal taxes always do so on
their State and City income tax returns as well.
Are you getting the information about those who have
deliberately defrauded your State and City? And are you
prosecuting them?
Mr. Vance. Congressman, the answer is, to date, no. But in
terms of what our current investigative posture is going
forward, I think I can just indicate that is something we are
looking at.
Mr. Sherman. The IRS has a policy of providing State tax
collection agencies with information. And the too-big-to-jail
should not apply to those who, on their Federal and usually
State tax returns, check a box saying, I have no foreign bank
accounts, and in fact have foreign bank accounts so significant
that we get a billion-dollar fine from the bank just for
hosting that account.
Another area is we need the retailers to do a better job of
holding onto the private information about credit cards. Does
it make sense for us to impose liability on the retailer or to
stick with the current system in which all the costs of these
data breaches of credit card numbers are borne by the financial
institutions?
Does any witness have a comment on that?
Mr. Carlson?
Mr. Poncy. Thank you, Congressman. Again, a hugely
important question.
But in looking at the information sharing and liability
issues, there is a tension, right? Because on the one hand, we
want to make sure that institutions, whether retail or
financial, that have sensitive personal information protect
that information. That policy interest is well-established and
obviously justifiable.
At the same time, liability for sharing that information is
exactly what prevents us from putting together the information
that we need to connect the dots.
Mr. Sherman. Yes, I am not saying that they should be
liable for sharing the information with you. They should be
liable for unintentionally sharing the information with
criminal gangs based in Russia who are now selling my credit
card information.
I want to sneak in one more question with Mr. Vance. But he
may want to answer this for the record.
Perhaps you could give us a proposed statute requiring
States to register beneficial ownership of closely held
corporations keeping in mind that we may have to, for
federalism reasons, exclude those corporations that have only
beneficial owners within the borders of those States, but also
letting us know whether this would really be useful or whether
people would just form a Cayman Islands entity which would then
be the sole and disclosed owner of the Delaware corporation.
Chairman Fitzpatrick. If the gentleman could answer
quickly, or make a proposal to the committee in writing,
whichever you prefer.
Mr. Vance. Very good, thank you.
Chairman Fitzpatrick. Thank you.
The Chair now recognizes the gentleman from Florida, Mr.
Ross, for 5 minutes.
Mr. Ross. Thank you, Mr. Chairman.
Gentlemen, we know that Iran is a major exporter of
terrorism and that their Islamic Revolutionary Guard has helped
Hezbollah in training, not in cyber, but has helped in many
ways.
Is there any known threat or at least perceived threat that
Iran is in the process of training for cyber terrorism
purposes?
Mr. Poncy. Congressman, I am not aware of any known, but it
is clear as a state sponsor of terror, we, as you know, have
grave concerns about the terrorism financing activity of Iran
well beyond the nuclear proliferation concerns that are the
subject of the deal.
Mr. Ross. Correct. In fact, they have been described,
Tehran has been described as being the central bank of
terrorism. So is it more likely than not that we would expect
that not only the United States, but even our allies may be
subject to cyber terrorism that has been brought about through
Iran?
Mr. Vance. I would say that it is greatly within the realm
of possibility.
Mr. Ross. Speaking with regard to what Mr. Sherman was
talking about in terms of beneficial ownership information,
there is a Federal issue, there is a reason that people
incorporate in Delaware and it has to do with the State
jurisdiction that they have.
The cumbersome way that we legislate here and the length
that it takes, absent a crisis, we tend to just react at the
time. And so, being able to promulgate legislation that would
address the concerns in order to make sure that we have
beneficial ownership information available for our law
enforcement and others is monumental.
Is there any effort being made through the States so that
we preserve at least their ability to control the incorporation
process, but then to require that they also have information
pertaining to beneficial ownership interests?
Mr. Vance. Congressman, I am not aware, with the exception
of two or three States, that there has been any interest in
this beneficial ownership question at all. And I think the
trend is very much in the opposite direction.
The reason we were so grateful that the Federal legislators
were looking at this was because we believed that--
Mr. Ross. I think it is absolutely important.
And I think, Mr. Poncy, you raised some good points in your
testimony that this at least gives us the ability, while all of
the other countries require this, but we don't. And I think we
have to look at our States for that.
Also as an aside to that, the regulatory process, as much
as I hate to see it used the way it has been used here for the
last 6 years, might be the only avenue pursued in which we can
require that this information be made available at least at the
banking level. Wouldn't you agree?
Mr. Poncy. Absent regulation, it won't happen.
Mr. Ross. Right.
Mr. Poncy, you have talked about our programs and AML and
CTF and trying to get stronger, more enforcement because there
is so much out there that we don't know.
What can be done specifically with some of our allies and
making sure that these programs are done globally?
And specifically, if I could ask you to speak on our
relationship with Turkey in regard to that.
Mr. Poncy. There is no question that we have a global
challenge outside the United States in understanding and
implementing what we call broadly targeted financial measures.
That includes conduct-based sanctions on terrorism,
proliferation, state-based sanctions against Iran, the Russian
regime, and others, and regime-based programs.
Mr. Ross. But we are being somewhat undermined, are we not,
by some of our allies with these programs?
Mr. Poncy. The first point is that there is a global lack
of capacity on this in general because of a lack of
understanding that is owing to a lack of political will.
Mr. Ross. Right.
Mr. Poncy. The second point is that within that lack of
capability, there are different levels of challenges. One level
is associated with our best partners, the EU, and legal
restrictions that any time that you see a significant
designation the EU is challenged for violation of human rights.
And those challenges are winning, they are winning more often
than not.
The viability of our sanctions programs and partners across
the EU is in serious jeopardy. It has been for quite some time.
You take away the dollar clearing leverage in the United
States and our sanctions programs wouldn't exist outside the
United States. So that is challenge number one.
Challenge number two is in allies of ours that do not see
politically sanctions the way that we see them. So the EU may
see that politically, but is legally incapable of supporting
it.
A country like Turkey doesn't politically agree with a lot
of our sanction programs.
Mr. Ross. Correct.
Mr. Poncy. And for those, those represent different
vulnerabilities.
Mr. Ross. And any suspension of sanctions for any reason is
not going to lead to an opportunity to snap them back
instantaneously because there is going to be a sense of
dependency, a sense of investment of capital and resources that
would prevent any snap back.
I see my time has expired.
Thank you.
Chairman Fitzpatrick. The Chair now recognizes the
gentleman from Minnesota, Mr. Ellison, for 5 minutes.
Mr. Ellison. Yes, I want to thank the chairman and ranking
member and also our panel and my colleagues who have asked a
lot of great questions today, and so good that they took some
of the questions I was going to ask. But I do have some.
We have talked a lot about terrorism abroad, incredibly
appropriate, but as the last few days have shown us, we have
terrorism domestically, too.
And I guess my question is, can you share with us what sort
of focus has been done to address these organizations? We are
about to bury nine people in these coming few days, and while
it is not clear whether or not this particular incident was the
result of an orchestrated group, there is indication that he
relied on services from a group.
And of course, we do know that in the case of several other
attacks that they were affiliated. And these organizations do
have money and resources and used them to do what they do.
Not only do we think about the horrible events at Mother
Emanuel, but there were three people killed at a Jewish
community center and assisted living facility in Kansas City
not too long ago, and six people were murdered in a Sikh temple
in Wisconsin.
The Southern Poverty Law Center publishes a hate map of
internal hate groups that I think I have asked to be posted up
there. And some of these groups may be inciting violent action
as we saw in South Carolina.
So my question to the panel is, how are financial
institutions responding when some of these neo-Nazi groups,
White nationalist groups, Klan groups, anti-government groups
try to access the financial system? And do these financial
institutions report such groups to regulatory agencies?
Mr. Vance. Congressman, in New York City, in Manhattan, I
have not experienced the problem you are talking about.
But if I can answer the bigger, broader question briefly,
the terrorism threat has evolved to what is currently today a
real risk of homegrown violent extremists operating in our
communities.
What I think we can do is to make sure that there is the
highest level of partnership between Federal investigators and,
increasingly, local investigators.
We are blessed to have a New York City Police Department
that created competency in counterterrorism under Ray Kelly,
that has continued under Commissioner Bratton. But the reality
is that the Federal Government cannot do it all. It needs more
hands and eyes and ears on street corners in every city in
America.
And our office has taken the challenge that we are going to
find a way to support this counterterrorism mission by
essentially developing leads, building cases independent of the
Federal Government having to come up with those leads. And then
the Federal Government can screen them and we can decide
whether the case is a Federal case or a State case.
But in the evolving threat, I believe that we need to see
increased leadership from the Federal Government to bring into
their anti-terrorism efforts the work not just of local police
departments, but of prosecutors. Prosecutors around the country
at the State level would be very happy to help in this regard.
But many do not know where to begin.
Mr. Ellison. Mr. Poncy, is this on our radar screen? We are
very appropriately focused on some of these foreign terrorists
and groups that even come here and commit acts of terror for
various motivations. But some of these historic groups are
still a problem. Are we tracking them financially?
Mr. Poncy. Thank you, Congressman. First, let me just say
that I, in the strongest possible terms, support everything Mr.
Vance has said.
I do think, when you look at historically what we have done
since 9/11, the focus is clearly on foreign terrorist
organizations. Our immediate focus after 9/11 was on what
infiltration those organizations may have in our local
communities. And so, we took immediate action, as you may
recall, against a number of--
Mr. Ellison. Mr. Poncy, Mr. Poncy, I definitely think what
you are saying is incredibly important. But one part, in these
last 9 seconds, is that we do think about the 9/11 and the
aftermath and we are right to do so. But are we having a broad
approach to all the terrorist threats and not just the Islamic
ones? Although I want you to go after them, too, I also want
you to go after these other groups. And are we doing that
financially?
Mr. Poncy. I think we are trying. The challenge is that our
effort is aimed at organizational capacity, right? So rogue
terrorists, the only way to stop that is through what Mr. Vance
has said. And it doesn't mean that we shouldn't act and it
doesn't mean financial institutions don't have a role.
It is just to say that our ability to stop rogue terrorist
acts, even inspired acts, as Mr. Vance has said, homegrown
violent extremism of any stripe, really requires partnership at
a local level. There is no substitute for that.
Chairman Fitzpatrick. The gentleman's time has expired.
The gentleman from Kentucky, Mr. Barr, is recognized for 5
minutes.
Mr. Barr. Thank you, Mr. Chairman.
And Mr. Poncy, a question to you about the Society for
Worldwide Interbank Financial Telecommunications or the SWIFT
system, which as you know enables the transfer of trillions of
dollars globally on an annual basis. It helps international
transfers flow smoothly.
As part of the U.S.-led sanctions against Iran, and
pursuant to a law approved by the European Union in March of
2012, the SWIFT system disconnected all Iranian banks targeted
by the United States and our European allies. These banks were
targeted for their role in enabling Tehran to avoid sanctions
and engage in illicit activities such as transferring funds and
materiel to their proxies, Hezbollah and the like.
My understanding is, in the course of these negotiations
with Iran, one of the very first concessions in terms of the
sanctions relief that Iran is seeking is reconnecting Iranian
banks to the SWIFT system.
So my question is, do you think that SWIFT access is useful
leverage in terms of imposing sanctions? And how significantly
has the disconnection to the SWIFT system impacted the Iranian
banking sector?
Mr. Poncy. Great questions. And there can be no doubt that
was a monumental movement in what was a series of movements in
a campaign to intensify financial pressure on the Iranian
regime. That was a signature moment and it required the full
support of our European colleagues to take that action.
What led to that support was ongoing concern over the
proliferation of nuclear technology and the building of a
missile development program and nuclear technology in Tehran.
The challenge that we are now facing, in many respects, is
aside from the negotiations that are happening, about which I
have an opinion, but it is not an expert one by any view, but
obviously we should all hope that we can achieve an outcome
where proliferation is no longer a threat.
If that happens, two things are going to happen. One is the
ongoing concerns that Iran presents to us, the threats that
have led to over 40 years of sanctions, including, for the most
part, for activities above and beyond proliferation financing,
there has been no discussion of that activity because that is
not what is in the confines of the deal.
It is within the confines of the risks that our financial
institutions need to worry about. It is also within the
confines of sanctions programs that we have on the books.
It is not within the confines of the pressure that led to
the de-SWIFT'ing, so to speak, of Iranian banks.
So if I were to prognosticate, if a deal moves forward in
which commitments from Iran are credible on nuclear
proliferation, the SWIFT program will go back into place. That
does not mean that our sanctions necessarily are pulled back on
nonproliferation activity and it certainly doesn't mean that
our financial institutions shouldn't be watching, managing,
monitoring, and preventing illicit financing transactions
associated with any engagement with Iranian financial
institutions.
Mr. Barr. Let me ask you this question. Would reconnecting
Iranian banks to the SWIFT system, in your judgment, lead to
significantly increased risk that financing would flow to
Hezbollah, Hamas, some of these proxies that Iran has allied
itself with?
Mr. Poncy. Unless there are controls associated with how
they are plugged back in, unless there are controls associated
with how they engage with our financial institutions, I would
continue to worry about those risks.
Mr. Barr. Let me shift gears a little bit to the Obama
Administration's announcement on a change to hostage policy.
And while not directly related to the financial system, it
could have an impact on the financial system in terms of family
members now being allowed to negotiate with loved ones' captors
and accessing the financial system in order to transmit ransom.
At first glance, the policy would appear to raise
incentives for terrorist organizations to take Americans
hostage. And also, what impact would this potentially have on
the financial system? Any opinions about the policy and the
risks that it may pose?
Mr. Poncy. Thank you, Congressman. I had a few moments with
Congressman Pittenger on this. And this is the worst dilemma
imaginable, right, where you have to decide whether or not you
allow families whose loved ones are kidnapped, and frankly with
the beheadings we have seen I think any of us would do whatever
we could in our power to save our loved ones. Asking the
government to step in and aggressively enforce a policy against
that is difficult.
On the other hand, we all know that kidnapping for ransom
is an increasing part of how these terrorist organizations
finance their operations. It is a hellish dilemma.
What I would argue, because I am not in a position to judge
frankly what our policy is on this, is that understanding that
kidnapping for ransom (KRF) is on the rise, understanding that
puts us in an incredibly difficult position, that we need to go
to our allies and say we understand why this is a difficult
dilemma, we also know that state-sponsored, effectively
allowance and support of ransom payments that facilitate KFR
contribute to the problem, why don't we develop a strategy for
how to deal with territories that are under the control of
terrorist organizations or where terrorist organizations
operate that we know create risks of KFR.
It is no secret that if you go into ISIS-controlled
territory, KFR risks go up. It is no secret that if you are
operating in areas controlled by Boko Haram, KFR goes up. These
are well-known, established facts.
The real question is, what are we doing to deliver
necessary relief and assistance to these areas in ways that
allow our NGOs in to service needs that we recognize, in ways
that protect them and others from this sort of activity?
I don't know that we have done enough thinking about that
as a global community. And I do know that is something that the
Financial Action Task Force members are looking at. How do we
deal with terrorism financing associated with territory that is
under the control of terrorist organizations? It is the biggest
dilemma we face.
Chairman Fitzpatrick. The gentleman's time has expired.
Mr. Rothfus of Pennsylvania is recognized for 5 minutes.
Mr. Rothfus. Thank you, Mr. Chairman.
Mr. Poncy, what can the U.S. Government do to improve the
implementation of effective AML/CFT programs among financial
institutions with foreign correspondent banking relationships?
Mr. Poncy. That is hugely important. I am sure Mr. Vance
could tell you that every enforcement case that I can think of
that has grabbed the headlines in recent years has been one in
which foreign correspondent relationships are key. And that
happens for a couple of reasons that I tried to allude to
earlier in my remarks.
One is that our enforcement environment is so far above any
other enforcement environment in the financial system that when
financial institutions seek to clear dollars, and they must
move through New York or through the U.S. financial system to
do that, as a general matter, they encounter a different level
of compliance concerns associated with the enforcement actions
we have taken.
What that means is that the correspondent relationships
that are essential to clearing dollars become the pathway that
exposes our financial system to all forms of illicit finance.
And the enforcement actions that we have seen repeatedly
bear that out, whether it is for violation of sanctions
programs and stripping activity, whether it is for violation of
AML controls and the taking of drug money through cash without
appropriate customer due diligence, it is through our
correspondent relationships that this dirty money enters our
system. So it is critical to protecting our financial
integrity.
This Congress did an incredible job post 9/11, the Congress
in general, in giving us authority as a government, giving the
government authority under Section 312 of the Patriot Act to
strengthen corresponding controls. And I would say that as a
general matter, we have done a pretty good job at that.
At the same time, I would say that the complexity of flows
that are moving through those correspondent relationships bears
stronger compliance programs. And that is exactly what many of
the enforcement actions that have been taken to date have
insisted on, is looking at stronger programs to monitor and
manage risks associated with clearing dollars and any other
form of correspondent activity that is flowing through our
banks.
Where this game is headed and where I think concerns need
to be focused is in the non-banking space. What happens with
respect to correspondent relationships between non-bank
financial institutions? How are those being managed? And what
kind of risks are we seeing?
Mr. Rothfus. Yes. I want to raise this. On June 12, 2015,
The New York Times published an article that described how
tough it is to impose and administer economic sanctions in an
effective and meaningful way. It identified individuals and
organizations that are crowdfunding the separatist conflict in
eastern Ukraine.
Individuals who are designated by both the United States
and European Union for economic restrictions are freely raising
donations, channeling funds to Sberbank, a prohibited state
bank in Russia, to buy equipment and stand up modern combat-
ready military units fighting the Ukrainian central government.
Because correspondent transactions are permitted with
otherwise restricted banks, Visa, PayPal and Western Union, the
article claims, have all facilitated the crowdfunding.
How can government agencies here and in Europe effectively
impose economic sanctions when targeted entities can evade the
effort?
Mr. Poncy. The activity you are referring to, Congressman,
I am not familiar with the specifics, but I can tell you that
Sberbank, because it is subjected to a different kind of
sanctions program, it is an SSI-designated entity. What that
means is that there are sanctions against Sberbank with respect
to debt and equity instruments that are used to benefit
Sberbank.
But those sanctions are calibrated to put financial
pressure on the Russian regime in a way that changes their
behavior in the Ukraine. But they are not designed to cut
Sberbank off from the financial system. And there are a lot of
reasons for that.
But it does complicate efforts to then address what might
be activity that offends or sanctions against Russia and parts
of Ukraine for the activity that is going on there if that
activity is not part of a specific targeted financial sanction
program.
And the Sberbank designation is really not a designation
against Sberbank as much as it is against a Russian regime that
we are trying to, through financial pressure, change its
behavior.
So it continues to represent a gateway that is permissible
under the current sanctions programs and frankly is necessary
to maintain what are complicated capital market flows between
Eastern Europe and Russia on the one hand and the U.S. market.
If those flows are squeezed through additional sanctions,
that may have collateral consequences beyond that of what you
are describing.
I know the Administration has historically looked at this
very closely. It is a very complicated set of measures. But I
will say that the advent of this program, the SSI program, is
exactly where sanctions needs to go, to target specific types
of activity in addition to general actors that enter our
financial system.
Mr. Rothfus. If I could jump in really quick, going back to
this issue of beneficial ownership and disclosure, are there
any legitimate business reasons for an entity not to want to
have its beneficial owner's identity made public?
If Mr. Vance, and maybe Mr. Poncy could comment on that?
Mr. Vance. Yes. I think there are understandable and
legitimate reasons. It may be, for example, that someone, an
individual is a well-known individual and does not want his or
her identity made public and, therefore, a target of harassment
or cyber bullying there. And the same would apply for
businesses.
But the fact that there is a legitimate reason to want to
remain anonymous does not mean, in my opinion, that there
should not be an availability of the Federal Government, or
State government to get this information by subpoena and have
the other information remain in confidence at the State and not
disclosed publicly.
Chairman Fitzpatrick. The gentleman's time has expired.
Mr. Schweikert of Arizona is recognized for 5 minutes.
Mr. Schweikert. Thank you, Mr. Chairman.
Can I ask us all to sort of take a step backwards and say,
what if I had this amazing ability to see money that is moving
to all types of bad actors, whether it be money flowing from
drug cartels, terrorist financing, bad actors out of Russia or
wherever we may deem it, what would that money look like?
My fear is that much of the conversation we have had in
here is money moving through fairly formal channels. How much
of that bad-actor money, let's just call it that to make up a
title, is moving in commodities?
It was a decade or two ago we used to hear the stories of
diamond exchanges that were just a way of moving value.
Informal networks of deposit here and somehow it pops up in the
rural areas in Pakistan.
And I would like to start with Mr. Vance. Are we making a
mistake in believing that a sanctions regime, a regulatory
regime, an ID'ing, an intelligence regime that focuses on
formal networks doesn't just move the money to informal?
Mr. Vance. I think we are not fully attacking the problem
if we are only looking at financial institutions as the group
whose behavior we are trying to change.
In our jurisdiction in Manhattan, we have a number of
investigations moving money in the manner you describe,
informal bases, not through official, organized entities that
we believe are going to fund terrorist activities elsewhere in
the country.
We have a number of them in ongoing investigations, and so
I can't quantify that, Congressman, in terms of how big that
number is in either New York City or the country. But I think
it is something, again, that every, that large metropolitan
prosecutors should be looking at to support the efforts that
are being done by Federal prosecutors.
Mr. Schweikert. I want to do a hop and then back one.
Mr. Carlson, one of my fears here is we come up with both
legislation in support for the Administration, we squeeze down
and we make a more robust system of bad actors moving cash that
is right under our nose that we cannot smell. Mixed metaphors.
You have done compliance with, what, large institutions in
the past. When you started to clamp down, did that money just
stop or did you see it moving to other types of activities?
Mr. Carlson. I don't have any personal experience to
comment on that. I do know at least from where I sit that what
we certainly need is better mechanisms to share information
around these bad actors and how they are affecting
institutions' critical infrastructure, other parties.
Because right now we are in the world of playing constant
defense in a constant flow of attacks, and so we feel like we
are fighting this a little bit with our hands tied behind our
backs in terms of not having all the tools that we could have
to at least share the information so that we can take
appropriate steps to respond.
I think in response to some other questions that were
raised, we certainly need a greater role for deterrence, and
that includes obviously enforcement in terms of what you
require reputable businesses to do to enforce it.
But that is where I think the Congress needs to provide
resources to law enforcement to go after these parties and to
prosecute and not always go after the institutions that are
implementing policy.
Mr. Schweikert. But my fear is, do we end up enforcing and
create a more robust mechanism that just goes right around our
back door?
Mr. Poncy?
Mr. Poncy. It is a great question. I will make four quick
points. The first is the game of illicit finance is a cops-and-
robbers game that will never end, right? So in many respects,
what we are chasing will always be there, it is a question of
where it is and how disruptive we can be.
Our objectives, in this campaign, as long as there are bad
guys in the world, there will be bad-guy financing. Our
objectives are to make it costlier, riskier, and more difficult
for these guys to operate, get the money they need, move it
from place one to place two. That is our objective.
In that respect, moving people out of the formal banking
system to make it harder for them to deal with value transfer
is a sign of success, but it is not the end of the road.
Mr. Schweikert. But in a world of technology where this is
now my bank, it is cracking down on the institutions.
I constantly wonder, and I know I am almost out of time,
whether much of this resource we should be really doubling down
on the financiers, the people who use their wealth and treasure
for bad acts, and the receivers of that.
So possible success on the barbells and not necessarily
those who are in the middle of the transfer.
Thank you. I yield back, Mr. Chairman.
Chairman Fitzpatrick. The gentleman's time has expired.
The gentleman from Texas, Mr. Williams, is recognized for 5
minutes.
Mr. Williams. Thank you, Mr. Chairman.
Mr. Vance, you mentioned specifically that your office has
supported the Incorporation Transparency and Law Enforcement
Assistance Act previously.
As a former secretary of state myself, of Texas, our
association has previously opposed this legislation due to
concerns over implementation costs. In fact, State secretaries
have advocated for the collection of ownership entity
information by the best paper trail that already exists for
Federal tax filings and customer due diligence requirements for
the U.S. financial institutions at no additional cost to
taxpayers or businesses.
So in addition, this proposal expands regulatory authority
into an area that has traditionally been the jurisdiction of
the States.
I would like to hear your comments on the concerns we hear
from the association.
Mr. Vance. I understand, Congressman, that there are
questions of cost and that there will be some additional costs
in various States for implementation of the beneficial
ownership rule.
What I would respond to is I think we have to measure the
benefits versus the detriments. I personally, having listened
to the arguments of those who oppose this legislation, I am
more persuaded that the benefit of enabling our law enforcement
officials to identify illegal money movement is outweighed by
the incremental additional costs.
I respect the fact that will occur, but that occurs, I
think, in any regulatory scheme that is imposed upon the
States.
Mr. Williams. Return on investment.
Mr. Vance. Yes. I think you will get good return on
investment criminally, in terms of criminal prosecution.
Mr. Williams. Next question also to you, Mr. Vance. Based
on your experience as a prosecutor, what are the challenges
associated with prosecuting terrorist financing-related cases?
Mr. Vance. I am speaking from a State perspective. We are
not like a typical State prosecutor's office because we do a
lot of this work and most don't. But I still am not the Federal
Government.
So one problem from where I sit is the ability to trace
money once it gets to Lebanon or some other jurisdiction where
we no longer have eyes and ears on the ground.
We have been involved in a number of cases where we believe
we know what is going on, we can trace the money from wherever
it is in the United States or even in South America to a Middle
Eastern country typically, but then we lose the trail.
So how do we develop information and allies in those
jurisdictions, which is a tough thing, to enable us to make
those cases?
I think that is the biggest problem. And this is
particularly, this is money going out to those jurisdictions,
we are not talking about large financial institutions clearing
dollars to us.
Mr. Williams. Let me give you a follow-up question. To what
extent do U.S. law enforcement investigations and subsequent
prosecutions strategically prioritize cases involving the most
pressing terrorist financing threats?
Mr. Vance. I cannot speak to the Federal Government's
prioritization, which I think raises the question of, should
there not be more coordination between Federal prosecutors and
regulators on discussion of these priorities with State law
enforcement who could in fact initiate or help in achieving
those priorities?
So I am not privy to what the U.S. Government, what their
list of priorities are. But if I knew them and if I was told
how we could help in achieving them, that is what I would do.
Mr. Williams. Okay, thank you.
And I appreciate all of your testimony.
Mr. Chairman, I yield back.
Chairman Fitzpatrick. The gentleman yields back.
The gentleman from Arkansas, Mr. Hill, is recognized for 5
minutes.
Mr. Hill. Thank you, Mr. Chairman.
And I thank the ranking member.
I also want to thank Mr. Lynch and Mr. Sherman for their
pointed and excellent questions on Iran and Iran financing and
I think the fallacy of the deal as we come up on the June 30th
negotiation deadline.
Mr. Vance, I thought Mr. Williams did a good job of talking
a little bit about the Secretaries of State and the burdens
there. I understand those, some States are better than others.
I am going to ask this question as a former Deputy
Assistant Secretary of Treasury and a banker of 35 years. So on
the credit side of all banks, people get beneficial
information. And if we were asked by a law enforcement officer,
we would certainly provide that.
So I think the real challenge then becomes on the deposit
side under Gramm-Leach-Bliley. We do know our customers, we do
identify them, we do have two forms of ID. But in a business we
also verify the business exists through the Secretary of State
function, but we don't always know beneficial owner on the
depository side.
One of the primary ways of finding depository ownership is
through the tax system. Just about 6 years ago, we had a
complete, wholesale redo of the Form 990 for private charity
entities, which was very painful to implement.
But we have LLCs and pass-through ownership and, by
definition, beneficial ownership is contained in that tax
return and public companies are, of course, public. So we are
really talking about C corps, I guess, for IRS purposes.
Could you reflect, as you did for Mr. Williams, on
Secretaries of State, and talk about the use of existing IRS
forms for determining and obtaining that information?
Mr. Vance. Congressman, as I indicated earlier in a
response, our State government access to those records is
limited. And therefore, I really can't--
Mr. Hill. From one State to the other as a district
attorney?
Mr. Vance. --from the Federal Government to the State. And
so therefore, we would appreciate it if there were changes in
Federal legislation that permitted the IRS to provide
information directly to a local prosecutor's office upon a
certain showing.
That doesn't really exist now, and so therefore I can't
comment further intelligently other than to say that access to
Federal tax information, individual and otherwise, is not
generally something that we at the state level get access to.
Mr. Hill. But when you get access to it, you acknowledge
that is where beneficial ownership lies.
Mr. Vance. I think there will be information relevant to
beneficial ownership. But I am still, respecting that others
disagree, I am having a hard time just personally understanding
that the net negative of understanding when a corporation is
formulated who is the owner of it and identification for that
individual.
I don't necessarily think that is an inhibition to
commerce, to business development. And so from my perspective,
I don't look at that as an impediment that outweighs the
benefits to public safety on the other side.
Mr. Hill. But you would support some sort of beneficial
ownership form for a C corp filing, for a private company's C
corp filing?
Mr. Vance. I will say I think I am going to have to
understand more closely what the issues would be for a C corp.
I don't pretend to understand the specifics.
But where one would want to be is, with any filing of any
corporation in a State, is to understand who the owner is and
to prove that person is in fact the owner.
Mr. Hill. Mr. Poncy, on this FinCEN Treasury proposal, it
suggests that beneficial owners, anyone who owns more than 25
percent of the equity interest in a company, and as somebody
who has been doing this for 35 years, if I were hiding my
interest, I wouldn't own 25 percent, I would own 1 percent and
99 percent would be divided by as many people as possible.
So I find I am not even sure as drafted it is particularly
helpful to your mission. Do you want to comment on that?
Mr. Poncy. Absolutely. Thank you, Congressman. There have
been experts from both the financial system and from the
counter-illicit-finance community for decades who have looked
at this question of beneficial ownership in the context of the
Financial Action Task Force, from financial centers around the
world.
It is a difficult problem. You can't draw a line and say
this fixes it; I fully agree with you.
At the same time, it is clear that if we were to obtain
beneficial ownership information as defined in the proposal,
which is not just 25 percent ownership, because you are right,
that just invites structuring, I will say that means you have
to find five guys now who are willing to front for an
organization rather than one.
And that is not the only element of the definition. There
is also an element of control. And if you think about what that
means, it means that if there are meaningful consequences to
not presenting information, law enforcement no longer has to
prove money laundering, they have to prove that you committed
fraud in representing who you represent.
That is an easier case, it is a bigger lift. And those guys
talk about whose interests they represent when they have to go
to jail for not disclosing that truth.
Mr. Hill. Thank you, Mr. Chairman.
Chairman Fitzpatrick. The gentleman's time has expired.
The gentleman from Maine, Mr. Poliquin, is recognized for 5
minutes.
Mr. Poliquin. Thank you, Mr. Chairman. I appreciate the
time.
And thank you, gentlemen, for being here. I appreciate it.
You folks have an awful lot of experience on the ground
dealing with these issues. And it is so important that you help
educate us here in Congress in making sure that our country
stays on offense against these threats to our homeland and our
freedoms.
I hear on an ongoing basis the issue with regulation
throughout our economy, in the financial services sector and
elsewhere. Some of the numbers I looked at, gentlemen, and I am
sure you have seen them, too, is that the annual cost of
regulations, to comply with regulations, to our business
community is something like $1.7 trillion per year. That is
about 1/10 of our GDP output every year. And that is a huge
cost, waste of time and so forth and so on.
Now, at the same time, I know there has to be a balance
between making sure there is proper regulation that the
businesses can handle and pay for and in keeping us safe.
Our economy has been, notwithstanding the problems we have
now, the envy of the world for a very long period of time. It
has given us the opportunity to have better lives, fatter
paychecks, through more freedom. And the reason we have this
strong economy that has lasted for so long, notwithstanding its
problems, is because we have such a deep, diverse, and creative
financial sector.
Without this financial sector being healthy and growing, we
do not have the economy we need to have; and therefore, we will
not generate the tax revenues we need to protect ourselves.
So this is absolutely critical. And I know we are all
onboard here.
We had a fellow who came into our office not long ago who
is a senior manager at a financial services company. And he was
going on about how many different regulators that he has to
deal with when it comes to an examination dealing with
cybersecurity. He deals with the Federal Reserve, the SEC, the
Comptroller of the Currency, maybe FSOC, and also the FDIC.
And I know this has been discussed earlier, gentlemen, and
I am thrilled to death to hear that with all these problems
that we have, it seems like we are all in agreement, is that
why in the world can't we coordinate this examination process
to keep our financial services sector safe, as best we can keep
money out of the hands of terrorist organizations, but not put
these poor folks out of business?
Now, you folks have the experience with this, I don't.
So Mr. Carlson, we will start with you, if you don't mind,
sir. Do these various regulators of the financial sector have
the personnel and the talent to make sure they can do their
work when it comes to investigating cyber activity? And what is
the best way to coordinate this activity among these
institutions?
Mr. Carlson. I think it is a qualified ``yes'' in that the
agencies do have expertise to conduct cyber exams.
I think an area we have been advocating that they do more
on is to try to harmonize the requirements both at the policy
level and at the examination level across all these different
U.S.-based regulatory agencies.
We have also advocated that they work with their
counterparts overseas to also harmonize, given that many of the
larger firms are global firms and have to deal with
requirements in the EU and Asia as well.
It is a huge issue in terms of cost and compliance. But
they do have the capability.
They are also struggling with some of the same issues we
are struggling with in our sector, as is the government, and
that is talent in the information technology field. There is a
limited supply of talent and everyone is vying for those
people.
Mr. Poliquin. Mr. Carlson, is the information that is
required from these regulators uniform enough? Is there enough
overlap such that there might be uniformity when it comes to
the type of information that is asked, the reporting
requirements, how it is reported and so forth and so on?
Because some of these folks come to our office and they say it
is different for everybody, even though they are generally
asking for the same information.
Is that too simplistic or can that be streamlined?
Mr. Carlson. It can be streamlined further. There are
efforts already in place through what is called the Federal
Financial Institutions Examination Council (FFIEC), which
includes the Federal Reserve, the FDIC, the OCC, and the CFPB;
they all coordinate together in terms of developing unified
procedures.
Mr. Poliquin. And do I hear you saying that there is one
entity, separate from all these other institutions we have
talked about, that coordinates this activity?
Mr. Carlson. It is a body that then coordinates with all of
the other bodies.
Mr. Poliquin. And in your opinion, are they effective? And
do they have the support they need from Congress to make sure
they are effective?
Mr. Carlson. They are effective. Could they do a better
job? Yes.
Mr. Poliquin. And how could they do a better job, Mr.
Carlson?
Mr. Carlson. More intensive collaboration, more engagement
with the sector in terms of new requirements, as well as
constantly revisiting existing requirements to make sure they
are relevant.
Mr. Poliquin. Okay. So this is not a resource issue, this
is not a money issue, it is just providing some leadership--
Mr. Carlson. Both.
Mr. Poliquin. --making sure someone steps up and gets this
done.
Mr. Carlson. It is both. It is a resource issue, but it is
also a leadership coordination effort.
Mr. Poliquin. Do you think there is enough intense focus
and priority from the administrative branch to make sure this
happens, the Executive Branch?
Mr. Carlson. There is an unprecedented level of engagement
in the broader Administration on cybersecurity issues, from the
White House to a multitude of agencies, from the Treasury
Department, regulators, Homeland Security, law enforcement,
intelligence communities. We are in a completely different
world over the past 3 years in terms of the level of engagement
with multiple government agencies.
Mr. Poliquin. And do you think, is there anything that we
can do in this committee or Congress can do to help with that
process?
Mr. Carlson. I think, number one, it would be immensely
helpful to pass cyber-threat information-sharing legislation.
Number two, it would be important to make sure that
agencies are properly funded so they can fulfill their
missions, whether it is law enforcement or even the regulatory
agencies.
And three, I think there is an importance in investing in
R&D. It is an area where the government has really stepped back
on kind of core R&D, particularly around technology and
infrastructure and things of that nature.
Mr. Poliquin. Gentlemen, thank you very much for being
here. I appreciate it. Let's make sure we solve this problem.
Thank you.
I yield back my time.
Thank you, Mr. Chairman.
Chairman Fitzpatrick. The gentleman's time has expired.
The Members' questions are concluded.
Again, I would like to thank our witnesses for their
testimony to the task force today.
The Chair notes that some Members may have additional
questions for this panel, which they may wish to submit in
writing. Without objection, the hearing record will remain open
for 5 legislative days for Members to submit written questions
to these witnesses and to place their responses in the record.
Also, without objection, Members will have 5 legislative days
to submit extraneous materials to the Chair for inclusion in
the record.
And without objection, this hearing is adjourned.
[Whereupon, at 4:24 p.m., the hearing was adjourned.]
A P P E N D I X
June 24, 2015
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]