[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
EXAMINING THE BSA/AML REGULATORY
COMPLIANCE REGIME
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON FINANCIAL INSTITUTIONS
AND CONSUMER CREDIT
OF THE
COMMITTEE ON FINANCIAL SERVICES
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
JUNE 28, 2017
__________
Printed for the use of the Committee on Financial Services
Serial No. 115-26
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
U.S. GOVERNMENT PUBLISHING OFFICE
28-223 PDF WASHINGTON : 2018
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
HOUSE COMMITTEE ON FINANCIAL SERVICES
JEB HENSARLING, Texas, Chairman
PATRICK T. McHENRY, North Carolina, MAXINE WATERS, California, Ranking
Vice Chairman Member
PETER T. KING, New York CAROLYN B. MALONEY, New York
EDWARD R. ROYCE, California NYDIA M. VELAZQUEZ, New York
FRANK D. LUCAS, Oklahoma BRAD SHERMAN, California
STEVAN PEARCE, New Mexico GREGORY W. MEEKS, New York
BILL POSEY, Florida MICHAEL E. CAPUANO, Massachusetts
BLAINE LUETKEMEYER, Missouri WM. LACY CLAY, Missouri
BILL HUIZENGA, Michigan STEPHEN F. LYNCH, Massachusetts
SEAN P. DUFFY, Wisconsin DAVID SCOTT, Georgia
STEVE STIVERS, Ohio AL GREEN, Texas
RANDY HULTGREN, Illinois EMANUEL CLEAVER, Missouri
DENNIS A. ROSS, Florida GWEN MOORE, Wisconsin
ROBERT PITTENGER, North Carolina KEITH ELLISON, Minnesota
ANN WAGNER, Missouri ED PERLMUTTER, Colorado
ANDY BARR, Kentucky JAMES A. HIMES, Connecticut
KEITH J. ROTHFUS, Pennsylvania BILL FOSTER, Illinois
LUKE MESSER, Indiana DANIEL T. KILDEE, Michigan
SCOTT TIPTON, Colorado JOHN K. DELANEY, Maryland
ROGER WILLIAMS, Texas KYRSTEN SINEMA, Arizona
BRUCE POLIQUIN, Maine JOYCE BEATTY, Ohio
MIA LOVE, Utah DENNY HECK, Washington
FRENCH HILL, Arkansas JUAN VARGAS, California
TOM EMMER, Minnesota JOSH GOTTHEIMER, New Jersey
LEE M. ZELDIN, New York VICENTE GONZALEZ, Texas
DAVID A. TROTT, Michigan CHARLIE CRIST, Florida
BARRY LOUDERMILK, Georgia RUBEN KIHUEN, Nevada
ALEXANDER X. MOONEY, West Virginia
THOMAS MacARTHUR, New Jersey
WARREN DAVIDSON, Ohio
TED BUDD, North Carolina
DAVID KUSTOFF, Tennessee
CLAUDIA TENNEY, New York
TREY HOLLINGSWORTH, Indiana
Kirsten Sutton Mork, Staff Director
Subcommittee on Financial Institutions and Consumer Credit
BLAINE LUETKEMEYER, Missouri, Chairman
KEITH J. ROTHFUS, Pennsylvania, WM. LACY CLAY, Missouri, Ranking
Vice Chairman Member
EDWARD R. ROYCE, California CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma GREGORY W. MEEKS, New York
BILL POSEY, Florida DAVID SCOTT, Georgia
DENNIS A. ROSS, Florida NYDIA M. VELAZQUEZ, New York
ROBERT PITTENGER, North Carolina AL GREEN, Texas
ANDY BARR, Kentucky KEITH ELLISON, Minnesota
SCOTT TIPTON, Colorado MICHAEL E. CAPUANO, Massachusetts
ROGER WILLIAMS, Texas DENNY HECK, Washington
MIA LOVE, Utah GWEN MOORE, Wisconsin
DAVID A. TROTT, Michigan CHARLIE CRIST, Florida
BARRY LOUDERMILK, Georgia
DAVID KUSTOFF, Tennessee
CLAUDIA TENNEY, New York
C O N T E N T S
----------
Page
Hearing held on:
June 28, 2017................................................ 1
Appendix:
June 28, 2017................................................ 45
WITNESSES
Wednesday, June 28, 2017
Anderson, Faith Lleva, Senior Vice President and General Counsel,
American Airlines Federal Credit Union, on behalf of the Credit
Union National Association (CUNA).............................. 6
Baer, Greg, President, The Clearing House Association............ 7
DeVaux, Lloyd, President and Chief Executive Officer, Sunstate
Bank, on behalf of the Florida Bankers Association............. 9
Lowe, Heather A., Legal Counsel and Director of Governmental
Affairs, Global Financial Integrity............................ 11
APPENDIX
Prepared statements:
Anderson, Faith Lleva........................................ 46
Baer, Greg................................................... 59
DeVaux, Lloyd................................................ 102
Lowe, Heather A.............................................. 114
Additional Material Submitted for the Record
Luetkemeyer, Hon. Blaine:
Written statement of the American Gaming Association......... 131
Written statement of the American Land Title Association..... 132
Written statement of the Independent Community Bankers of
America.................................................... 135
EXAMINING THE BSA/AML REGULATORY
COMPLIANCE REGIME
----------
Wednesday, June 28, 2017
U.S. House of Representatives,
Subcommittee on Financial Institutions
and Consumer Credit,
Committee on Financial Services,
Washington, D.C.
The subcommittee met, pursuant to notice, at 2:13 p.m., in
room 2128, Rayburn House Office Building, Hon. Blaine
Luetkemeyer [chairman of the subcommittee] presiding.
Members present: Representatives Luetkemeyer, Rothfus,
Posey, Ross, Pittenger, Barr, Tipton, Williams, Love, Trott,
Loudermilk, Kustoff, Tenney; Clay, Maloney, Scott, Velazquez,
Green, Heck, and Crist.
Ex officio present: Representatives Hensarling and Waters.
Also present: Representative Davidson.
Chairman Luetkemeyer. The Subcommittee on Financial
Institutions and Consumer Credit will come to order. Without
objection, the Chair is authorized to declare a recess of the
subcommittee at any time.
Today's hearing is entitled, ``Examining the BSA/AML
Regulatory Compliance Regime.'' Before we begin today, I would
like to thank the witnesses for appearing. We certainly
appreciate you taking time out of your schedules to be here and
participate today. I look forward to your comments.
I now recognize myself for 2 minutes for an opening
statement. The goals of the Bank Secrecy Act and anti-money-
laundering legal regime are laudable: Institutions and
government agencies should work together to prevent money
laundering and terrorist financing.
However, the reality is that well-intentioned regulation
has spiraled out of control and resulted in a breakdown of what
should be a collaborative relationship between law enforcement,
financial regulators, and institutions. Today, regulators
essentially deputize credit unions and banks as law enforcement
and allow for a regulatory regime that is both opaque and
punitive.
BSA/AML-related settlements have increased significantly in
both amount and frequency. Institutions are reporting surges in
total investment in AML. And their consumers, especially those
conducting financial transactions internationally, bear the
brunt of this regulatory cost. I fear the BSA/AML process
oftentimes benefits no one, not the institution and not law
enforcement.
Also concerning is that financial institutions are more
risk-adverse than seemingly ever before, partially as a result
of the regulatory structure. The rampant derisking seen in
recent years actually, in my opinion, increases risk to the
financial system, proving the BSA/AML regulatory regime to be
ineffective and, to some degree, dangerous.
To be clear, the intent of today's hearing is not to
discuss opportunities for financial institutions to more easily
skirt the law or to help nefarious actors participate in
illegal activity. We are here today to discuss improvements
that could benefit both law enforcement and financial
institutions while simultaneously creating a more effective
BSA/AML regulatory construct.
I look forward to a robust conversation with our
distinguished panel and thank them for their participation.
The Chair now recognizes the ranking member of the
subcommittee, the gentleman from Missouri, Mr. Clay, for 5
minutes for an opening statement.
Mr. Clay. Thank you, Mr. Chairman, for holding today's
hearing to review the compliance regime for the Bank Secrecy
Act and related anti-money-laundering requirements.
And I thank the witnesses for sharing their perspectives on
this topic.
A 2016 GAO report found that from 2009 to 2015, Federal
agencies assessed roughly $5.1 billion in fines, forfeitures,
and penalties against financial institutions for violations of
BSA/AML requirements. In one notable case, HSBC was required to
enter into a deferred prosecution agreement with the Justice
Department and forfeited more than $1.2 billion for violations
of the Bank Secrecy Act and illegally conducting transactions
with Iran and other sanctioned countries.
A 2012 bipartisan staff report issued by the Senate
Permanent Subcommittee on Investigations found that HSBC
exposed the U.S. to money laundering, drug trafficking, and
terrorist financing risk by operating its corresponding
accounts for foreign financial institutions with longstanding
severe AML deficiencies, including a dysfunctional AML
monitoring system for account and wire transfer activity, an
unacceptable backlog of 17,000 unreviewed alerts, insufficient
staffing, inappropriate country and client risk assessments,
and late or missing suspicious activity reports (SARs).
The Senate staff report also criticized the OCC for weakly
enforcing BSA/AML requirements with respect to HSBC and
included a series of recommendations that I think should be
part of our discussion on this topic.
So as the subcommittee examines the effectiveness of the
current BSA/AML compliance regime and reform proposals, these
facts should help remind us that we still need a strong system
that stops bad actors and prevents the criminal exploitation of
financial systems to conceal the location, ownership, source,
nature, or control of illicit proceeds.
There are a number of proposals that Congress should
consider. Ranking Member Waters introduced legislation last
term that would, among other things, significantly increase
civil monetary penalties for both institutions and individuals
for willful and negligent violations of the BSA. And
Congresswoman Maloney has introduced legislation on beneficial
ownership that would eliminate the ability of bad actors to
conceal their activities in shell corporations.
And, Mr. Chairman, at this time, I yield my time to
Congresswoman Maloney.
Mrs. Maloney. First, I want to thank my colleague, the
ranking member and my good friend, for yielding to me, and to
thank the chairman for holding this hearing. I would like to
also thank Chairman Hensarling for creating, first, the
antiterrorism task force and the antiterrorism financing
committee. I think it is critical, and reflects, really, the
challenges that we confront.
The anti-money-laundering rules for financial institutions
are an incredibly important tool for combating terrorism
financing. And if they can't finance their terrorist
activities, they are not going to have them. So it is a very
important part of our national security strategy.
But because criminals and terrorists are constantly
changing their strategies to elude law enforcement and to hide
their identities from financial institutions, the anti-money-
laundering obligations also require financial institutions to
do a great deal of work. So to the extent that we can
streamline this process without letting our guard down and
making it easier for criminals and terrorists to access the
U.S. financial system, that would be a win-win for everyone.
The Clearing House, which is represented on the panel
today, published a lengthy set of recommendations in February
on how to streamline the anti-money-laundering framework, and I
think it is a serious report that deserves our consideration
and support.
I would like to highlight one section of the Clearing House
report in particular. Section 2 of the report recommends that
Congress pass the Beneficial Ownership bill, which is
bipartisan, introduced today by Chairman Ed Royce, former
Chairman King, and myself. The bill, called the Corporate
Transparency Act, will require companies to disclose their true
beneficial owners when a company is formed. States would have
the option to collect this information themselves under our
bill. But if the State isn't doing it, then the Treasury
Department would collect beneficial ownership information as a
backup.
This information would be available to law enforcement and,
importantly, to financial institutions as well with customer
consent. This is important because it helps financial
institutions comply with their know-your-customer obligation.
If the customer is a company, financial institutions can't know
who their customers really are unless they know who the
beneficial owners of the company are.
This would also reduce the regulatory burden on financial
institutions, because they wouldn't have to spend an enormous
amount of resources investigating their own customers and
trying to figure out their beneficial owners. Instead, they
could just refer to the Treasury database to figure out who the
owners of these companies are.
So this bill is a win-win. It is good for our financial
institutions, good for law enforcement, and good for our
national security. Thank you.
Chairman Luetkemeyer. With that, we yield 2 minutes to the
gentleman from Pennsylvania, the vice chairman of this
subcommittee, Mr. Rothfus.
Mr. Rothfus. I thank the chairman for yielding, and I want
to thank him for having this hearing today.
Getting our Bank Secrecy Act and anti-money-laundering
policies right is a very important issue for me and my
district. In fact, it is a life-or-death issue.
Just a few days ago, we marked the International Day
Against Drug Abuse and Illicit Trafficking. It was a time to
reflect on the drug epidemic that has destroyed so many lives
and continues to ravage our hometowns. It was also an
opportunity to take stock of how our current policy framework
fails to achieve its objectives.
This committee's effort to interrupt the finances of the
transnational criminal organizations and gangs that pump the
heroine and fentanyl poison into our communities can ultimately
save lives. If we can cut off the flow of cash, we can greatly
hinder the ability of these groups to do us harm.
I am looking forward to hearing from stakeholders today as
to how we can create a more potent BSA/AML regime that makes
the best use of scarce public and private sector resources. It
is clear to me that our existing framework puts heavy burdens
on financial institutions and appears to emphasize compliance
with rigid standards over efficacy. We need to be looking at
how technology, innovation, and greater cooperation can be
employed to yield better results in this fight.
President Trump wrote in his letter marking the
International Day Against Drug Abuse and Illicit Trafficking,
``We will not stand idle as our families are devastated, our
communities are hollowed out, and our Nation's future is
diminished.'' I could not agree more with that sentiment. And
the work that we are doing here today is an example of Congress
taking action to bolster our defenses against illicit financing
and to bring down the criminals who cause so much pain in
communities across this country. We have a moral obligation to
achieve these ends.
I thank the chairman, and I yield back.
Chairman Luetkemeyer. The gentleman yields back.
The Chair recognizes the gentleman from North Carolina, the
vice chairman of our Subcommittee on Terrorism and Illicit
Finance, Mr. Pittenger.
Mr. Pittenger. Thank you, Mr. Chairman. And I appreciate
you holding this important examination of the Bank Secrecy Act
and our AML/CFT compliance regime.
In addition to serving on this subcommittee, as you stated,
I do serve as vice chairman of our Subcommittee on Terrorism
and Illicit Finance, which is also strongly engaged in this
topic. I am also encouraged that both subcommittees are taking
a hard look at BSA modernization. We will need both
subcommittees' expertise if we are to establish a streamlined
and effective regime to protect our financial system from
illicit use.
As we examine the BSA, this committee should explore
innovative technologies and policies that can facilitate
compliance and targeted information sharing. The goal should be
getting the most relevant, timely, and actionable information
into the hands of our financial regulators and law enforcement
while providing targeted data sharing from the government to
financial institutions with privacy and civil liberty
protections that will limit the focus and oversight of
financial institutions.
We have a great opportunity to achieve this goal, and I
look forward to the testimony of our witnesses and their
suggestions for where we can improve and modernize our current
system.
Thank you, and I yield back.
Chairman Luetkemeyer. The gentleman's time has expired.
Today, we welcome the testimony of Ms. Faith Lleva
Anderson, senior vice president and general counsel for
American Airlines Federal Credit Union, on behalf of the Credit
Union National Association; Mr. Greg Baer, president, The
Clearing House Association; Mr. Lloyd DeVaux, president and CEO
of Sunstate Bank, on behalf of the Florida Bankers Association;
and Ms. Heather Lowe, legal counsel and director of government
affairs, Global Financial Integrity.
Before we recognize the witnesses, I would like to ask
unanimous consent that the gentleman from Florida, Mr. Ross, be
recognized for the purpose of making a brief introduction.
Without objection, the gentleman from Florida is recognized.
Mr. Ross. Thank you, Mr. Chairman. And it is my pleasure to
introduce one of our witnesses today, Mr. Lloyd DeVaux,
president and CEO of Sunstate Bank in Miami, Florida.
In addition to his position with Sunstate, Mr. DeVaux
serves on the Board of Directors and Executive Committee of the
Florida Bankers Association (FBA), and he is testifying today
on behalf of more than 100 Florida banks represented by the
FBA.
Mr. DeVaux brings over 25 years of experience in the
banking industry to today's hearing, including 12 years as
chief operating officer with BankAtlantic and City National
Bank of Florida prior to joining Sunstate Bank in July of 2014.
Founded in 1999, Sunstate Bank is one of Florida's most
vibrant community banks--and we want to see you continue to be
a vibrant community bank--with 3 locations and 45 employees
serving the Miami-Dade County region.
We are fortunate to have Mr. DeVaux here today to provide
us with insight into the role of community banks in Florida and
across the Nation in the fight against money laundering and
terrorist financing. I want to thank the chairman for calling
upon Mr. DeVaux to share with us the community and the Florida
bank perspective on this important issue.
And thank you to Mr. DeVaux and the rest of the witnesses
today. We look forward to your testimony.
I yield back.
Chairman Luetkemeyer. Thank you, Mr. Ross. That is such
compelling testimony there, I might want to make a deposit to
Mr. DeVaux's bank. Thank you.
Each of the witnesses will be recognized shortly here for 5
minutes to give an oral presentation of your testimony. And
without objection, each of your written statements will be made
a part of the record. Briefly, the lighting system, for those
of you haven't been here before, green means go. When the
yellow light comes on, it means you have a minute. So be ready
to start wrapping up. And when you hit the red, that means we
need to stop and move on.
A couple of quick notes. We may be interrupted by votes--we
are looking at votes sometime around 4:00, 4:15. If we do, and
we are not done, we may ask the witnesses to please return or
stay put here, and then we will return as quickly as we can. If
not, we will hopefully be able to wrap up shortly.
The other thing is, for those Members who are asking
questions, we have a large turnout today, so if you can keep it
within the 5 minutes, that would be great.
Ms. Anderson, you are recognized for 5 minutes.
STATEMENTS OF FAITH LLEVA ANDERSON, SENIOR VICE PRESIDENT AND
GENERAL COUNSEL, AMERICAN AIRLINES FEDERAL CREDIT UNION, ON
BEHALF OF THE CREDIT UNION NATIONAL ASSOCIATION (CUNA)
Ms. Anderson. Thank you, Chairman Luetkemeyer, Ranking
Member Clay, and members of the subcommittee. Thank you for the
opportunity to testify on this important topic.
I am Faith Lleva Anderson, the senior vice president and
general counsel for American Airlines Federal Credit Union,
headquartered in Fort Worth, Texas. I am also the Vice Chair of
the Consumer Protection Subcommittee of the Credit Union
National Association, on whose behalf I am testifying today.
American Airlines Federal Credit Union proudly serves over
274,000 members. We began as a single-sponsor credit union for
American Airlines over 80 years ago. Following 9/11, we
extended our membership beyond American Airlines employees to
include air transportation groups, such as TSA and FAA
employees.
My credit union's asset size is $6.5 billion, which is
quite small compared to regional or national banks. Like all
credit unions, we are a not-for-profit institution owned by the
very members we serve and are established to promote thrift and
provide access to credit for provident purposes.
American Airlines Federal Credit Union is committed to
financial security compliance and applies whatever resources
necessary to ensure our operations are solid and our members
are protected. However, since the 2008 economic crisis, credit
unions have been subject to more than 200 regulatory changes
totaling nearly 8,000 Federal Register pages. The new
regulatory regime makes Bank Secrecy Act and anti-money-
laundering regulatory compliance even more daunting.
Nevertheless, my credit union has a staff dedicated to
ensure we fully comply with BSA/AML requirements. We conduct
detailed recordkeeping and spend thousands of hours and dollars
on due diligence. In fact, due to increasing BSA requirements,
we have split our BSA department into two separate sections,
one to work on the investigative side and one to work on the
risk side. This adjustment was made so my credit union could
efficiently keep up with the many filing and recordkeeping
requirements.
Of all the requirements on BSA/AML, the most burdensome and
time-consuming are investigating open suspicious activity
report cases, monitoring the members' accounts and transaction
activity for unusual behavior, conducting the exhaustive
research on an average of 600 potential suspicious activity
scenarios per month, and filing these reports, as well as
currency transaction reports.
It generally takes my credit union 3 to 5 days to process
an average suspicious activity report for one case, and we have
about 30 to 40 filings per month.
In addition, quality control is costly and time-consuming.
Preparing for our annual exam on BSA/AML compliance requires
the work of 3 full-time professional staff members and takes
about 2 full months. This time is dedicated to ensuring reports
are filed accurately, the risk assessments are completed, and
there have been no mistakes made to the process and filings.
My credit union dedicates a great amount of time, staff,
resources, and money to BSA/AML requirements. The median size
of a credit union is less than $30 million in assets with a
total staff of just 8 employees. The reality is the cost of
technology for monitoring and ensuring compliance with BSA/AML
regulations is disproportionately burdensome on smaller and
less complex institutions.
Nevertheless, with the changes outlined in my written
testimony, the Federal Government can ease the compliance
burden for financial institutions while maintaining the
protections needed. We urge legislative and regulatory changes
to address the redundancies, unnecessary burdens, and
opportunities for efficiencies within the BSA/AML statutory
framework.
In particular, we support changes to minimize the
duplication of the same or similar information, provide
additional flexibility based on the reporting institution type
or level of transactions, curtail the continually enhanced
customer due diligence requirements, increase the currency
transaction reporting threshold, reduce defensive filings,
simplify the reporting requirements of suspicious activity
reports, and allow for greater regulatory and examination
consistency among regulators.
My written testimony provides details on issues that credit
unions face regarding BSA/AML compliance and also outlines
common-sense changes. Credit unions are committed to the fight
against terrorism and related crimes. I hope my testimony will
help this subcommittee find the balance between protection and
undue burden.
Thank you.
[The prepared statement of Ms. Anderson can be found on
page 46 of the appendix.]
Chairman Luetkemeyer. Thank you, Ms. Anderson.
Mr. Baer, you are recognized for 5 minutes.
STATEMENT OF GREG BAER, PRESIDENT, THE CLEARING HOUSE
ASSOCIATION
Mr. Baer. Thank you, Chairman Luetkemeyer, and members of
the subcommittee.
Over the past year, The Clearing House has devoted
substantial resources to analyzing the current system for anti-
money-laundering and countering the financing of terrorism.
Today, I will present some of the conclusions that we have
reached.
Our current AML/CFT system is broken. It is extraordinarily
inefficient and outdated and driven by perverse incentives.
Fundamental change is required to make that system an effective
law enforcement and national security tool and reduce
collateral damage it is doing to global development, financial
inclusion, and other U.S. policy interests.
I will begin with an analogy. Imagine an army where
officers are evaluated based not on how their units behave in
battle, but rather based on the accuracy and punctuality of
their expense reports and the casualties suffered by the unit.
The auditors do not have sufficient security clearance to be
briefed on the battles that have occurred or read any after-
action report. Thus their audits reflect only the losses
suffered by the unit itself, not the casualties inflicted by
the enemy.
What sort of an army would this system produce? One led by
officers averse to outside-the-box thinking and risky advances
and more inclined to entrench their positions and excel at
paperwork. This army inevitably would be led by a George
McClellan, not an Eisenhower or a Patton.
The U.S. AML/CFT regulatory regime circa 2017 is not
dissimilar. Law enforcement and national security officials are
the end users of the information that banks produce. They value
a risk-based approach to AML/CFT with banks using innovative
approaches that detect the most dangerous crimes. But
compliance with AML/CFT rules is not examined or enforced by
law enforcement or national security officials, but rather by
bank examiners.
These examiners are in a no-win position. On the one hand,
they are excluded when the bank they examine is pursuing real
cases with law enforcement and national security and receive no
credit for those cases. But if something goes wrong, if a
corrupt official or organization turns out to be a client of
the bank they examine, the examiner takes the blame.
Thus the rational response is to focus on what they know
and control, extremely detailed policies and procedures and
simple metrics, for example, the number of computer alerts
generated, the number of suspicious activity reports filed, and
the number of compliance employees hired.
What gets measured gets done, and providing valuable
intelligence to law enforcement or national security agencies
does not get measured. Writing policies and procedures and
filing a lot of SARs does.
So almost 2 million SARs are filed per year now. The
largest banks file one SAR per minute. Even then, the value of
those SARs to their end users is not measured, so the measure
of success is generally volume alone.
The greatest cost of this dysfunction is an opportunity
cost. Emerging technology has the potential to make the AML/CFT
regime dramatically more effective. Artificial intelligence and
machine learning could revolutionize this area, and banks
continue to discuss ways to utilize those technologies.
But those strategies require feedback loops which do not
exist in the current SARs system. They also require a mandate
from government to shift resources from investigating and
filing SARs on low-dollar crimes and instead investing in
modern methods for detecting high-impact crimes and terrorist
activity. Law enforcement and national security currently have
no authority to provide that mandate.
Another cost to the current system comes as banks are
pushed to eliminate clients in countries or industries that end
up creating political risk, so-called derisking. Here, a whole
other group of government stakeholders has concerns: global
development officials concerned about human suffering in
countries cut off from correspondent banking and remittances;
trade officials worried that American business will have to
retreat along with American banks; and diplomatic officials
concerned about a lack of influence when U.S. companies leave.
Again, though, these agencies play no role in the current
system, and Federal prosecutors seeking record fines when a
problem does develop do not internalize those costs.
In 2016, the Clearing House convened at two symposia a
remarkable group of stakeholders, including foreign policy,
development, and technology experts. Their goal was not to save
banks money, but to do what is right for this country. The
resulting report is attached to your testimony.
You will see numerous recommendations in that report. The
most important one, though, is for the Department of the
Treasury to play a strong leadership role in setting priorities
for the system. This should include reclaiming, through FinCEN,
supervisory authority over the largest internationally active
banks which filed a majority of SARs and present the toughest
issues. A dedicated FinCEN examination team for this group of
firms could receive appropriate security clearances, meet
regularly with law enforcement, and work to develop metrics in
this area. Most importantly, it could establish priorities and
stick to them.
Finally, one important change to the current regime does
require legislation: ending the use of shell companies with
anonymous ownership. I was pleased to appear this morning with
Congresswoman Maloney to endorse the Corporate Transparency Act
that she is cosponsoring with Congressman King and a bipartisan
group of Members. I hope to discuss it further this afternoon.
Thank you very much for your time, and I look forward to
your questions.
[The prepared statement of Mr. Baer can be found on page 59
of the appendix.]
Chairman Luetkemeyer. Thank you, Mr. Baer.
Mr. DeVaux, you are recognized for 5 minutes.
STATEMENT OF LLOYD DEVAUX, PRESIDENT AND CHIEF EXECUTIVE
OFFICER, SUNSTATE BANK, ON BEHALF OF THE FLORIDA BANKERS
ASSOCIATION
Mr. DeVaux. Chairman Luetkemeyer, Ranking Member Clay, and
members of the subcommittee, my name is Lloyd DeVaux. I am
president and CEO of Sunstate Bank, a community bank founded in
1999 with $200 million in assets and 3 locations in Miami-Dade
County in south Florida. Sunstate Bank has 45 employees and
focuses on the needs of small businesses, consumers, and real
estate investors, including nonresident aliens.
I appreciate the opportunity to be here today to discuss
the challenges in complying with the Bank Secrecy Act. Clearly,
BSA compliance is an important building block for our national
security. But the world has drastically changed since it was
first adopted in 1970. As the United States takes steps to
combat terrorism and financial crime, now is the time to update
BSA compliance in order to develop a system suited for the 21st
Century.
The resources devoted to compliance, especially BSA
compliance, are significant for a bank our size. Sunstate Bank
has seven people in compliance, six of whom are just in BSA.
BSA is our largest department. We have only four full-time
lenders. That means we have fewer staff devoted to making loans
that benefit the community than we have devoted to compliance.
Our experience is not unique. In 2007, 14 percent of the
Florida banks had 5 or more BSA officers. Today, 38 percent
have 5 or more. While some of this increase is due to
acquisitions, much has been driven by regulatory pressure and
the heightened regulatory risk of enforcement actions.
This is not a recipe for success. Direct BSA expenses were
more than 10 percent of the bank's total expenses in 2016. The
more we spend on compliance, the less we spend on services for
our communities. Every $100,000 spent on compliance translates
to a million dollars less that we can lend.
The added cost of BSA compliance on top of the significant
cost of the Dodd-Frank Act has led to the disappearance of many
smaller banks in Florida. For example, 111 banks merged or sold
after Dodd-Frank was enacted. That is a consolidation of 50
percent of all Florida banks in just 7 years.
Even more important than the direct cost of BSA compliance
is the impact on our customers. For example, many legal
businesses are labeled high risk by the regulators. This means
banks must collect more data, do more analysis, provide more
oversight, and engage in more site visits, all of which
translates to higher costs for us and our customers.
The best option in many cases is not to bank certain
industries and certain customers and to even ask existing
customers to close their accounts. From the bank's perspective,
the economics of compliance make it unprofitable to maintain
certain accounts.
This has serious drawbacks. First, it makes no sense to
create a system that drives legitimate customers outside the
formal banking system to less regulated or even unregulated
providers. Second, it creates a series of financial
transactions that may not be reported or available to law
enforcement. Third, it can create a shadow financial system
that is readily available for criminals and terrorists.
We need to modernize our approach. Banks should not be
serving as undeputized law enforcement agents. For example,
rather than doing a full-blown investigation on a suspicious
transaction, banks should file a short suspicious activity
report and let law enforcement agents do what they are trained
and qualified to do.
Moreover, the partnership between law enforcement and the
private sector needs to be a two-way street to succeed. Banks
produce a huge amount of information but seldom get any
feedback on its use or its effectiveness. More communication
from law enforcement is needed to help banks focus resources in
more useful ways. We also need to eliminate red tape that
restricts bank from sharing information with each other.
Finally, we need to focus on real risk appropriate to the
institution. For example, many of the 5 to 10 percent of our
customers who are considered high risk by the regulators would
not even be on the radar of very large banks. Our customers
complain all the time that small banks are asking questions
that larger banks never ask.
We all want to fight money laundering and terrorist
financing. We only asked that regulation be sensible so that
resources are used in a wise and efficient manner to combat the
crime.
Thank you for holding this hearing today. I look forward to
answering your questions.
[The prepared statement of Mr. DeVaux can be found on page
102 of the appendix.]
Chairman Luetkemeyer. Thank you, Mr. DeVaux.
Ms. Lowe, you are recognized for 5 minutes.
STATEMENT OF HEATHER A. LOWE, LEGAL COUNSEL AND DIRECTOR OF
GOVERNMENTAL AFFAIRS, GLOBAL FINANCIAL INTEGRITY
Ms. Lowe. Chairman Luetkemeyer, Ranking Member Clay, and
members of the subcommittee, thank you very much for the
opportunity to address you here today. You have my biographical
details in front of you, so I won't belabor that.
I hope my contributions to today's hearing will help you
make measured and informed decisions that are really in the
public's interest as well with respect to the U.S.'s AML
regime. In my written testimony, which is about 17 pages, I
provide information and opinions regarding trends in
compliance, suspicious activity reports, know your customer
(KYC) and customer due diligence, and balance of activity and
obligations between FinCEN, the regulators, and the private
sector.
And I would stress balance. I do think that is really
important here, and that is something that has been mentioned
by other panelists today. Some of my remarks also directly
address some of the proposals by The Clearing House.
So to summarize some of my key points in my testimony, the
first point is that money laundering and the technology that
can help us combat both are evolving. And in light of this, it
is appropriate to consider whether changes to our regulatory
structure should be made.
Equally, however, it is critical that Congress understands
and carefully weighs the potential benefits against the
potential ramifications that may be negative before making
decisions in this area. Regulation and enforcement are
primarily dissuasive measures because they can carry potential
liability and we should be very careful when we decrease those
dissuasive measures.
The second point I really wanted to stress here is that AML
compliance and reporting is undertaken by a really wide range
of entities and persons going far beyond the banking sector.
You have bankers in front of you today. But any proposed
changes being considered should really be looked at in light of
that wide range of actors, those types of entities and persons.
Third, some types of entities and persons should be
required to have AML programs in place but currently don't,
such as those involved in real estate closings, lawyers, and
others. The banking sector cannot and should not carry this
responsibility alone, especially where these persons act as
proxies to open the door to the U.S. financial system for
criminals and their money.
Fourth, Congress should request from the various regulators
data regarding formal and informal enforcement actions
pertaining specifically to AML/BSA violations and deficiencies
so that they are better able to independently assess the
appropriateness of the enforcement regime currently in place.
Fifth, I wanted to point out as well that both small banks
and large banks have been the subject of major money laundering
cases. You don't often see the smaller banks in the news and
hitting the national news, because they tend to be considered a
local matter.
Sixth, enforcement against money laundering is primarily
through the identification of regulatory infractions as opposed
to through criminal charges of actual money laundering. This
may be because it is easier to find the evidence of regulatory
infractions, the burden of proof is lower, the cost of doing so
is far less than pursuing criminal money laundering charges.
But the dissuasive effect is just as great.
However, when one looks at the cases where enforcement was
merely through identification of deficiencies of AML systems
and filing requirements, the hallmarks of serious criminal
money laundering are in those cases. As a result, decreasing
the ability to enforce using the regulatory approach may have
serious negative repercussions on compliance and ultimately
criminal access to the U.S. system.
My seventh point is that suspicious activity reports are
meant to be just that, reports of suspicious activity.
Requiring bank employees to determine if activity is, in fact,
illegal before filing a SAR, as has been recommended by The
Clearing House, would actually be counterproductive, I think,
in a lot of ways, including increasing the burden on bankers
who would have to then actually make a legal determination that
they didn't previously have to make.
I do think that there are some issues with respect to how
much information needs to be provided on SARs and how much
background work banks need to do before filing those, and I
think that is something that we should really seriously
discuss. But that bright line, illegal/legal line, I think, is
very counterproductive.
Eighth, The Clearing House also recommends that greater
information-sharing take place among banks and with the
government in a number of ways. We generally support that
greater sharing of information in the AML area, but it has to
be done with appropriate privacy safeguards. Where it may
result in people being, essentially, debanked, there has to be
some sort of system for redress for people to be able to prove
that what they are doing is legitimate activity, and we need to
be taking that into account.
Ninth, it is critical that information about the natural
persons who own and control companies, otherwise known as the
beneficial owners, is finally collected by either the State or
the Federal Governments and that it is made available to so
both law enforcement and to the financial institutions.
Companies with unknown or hidden ownership are the number one
problem in the AML world, and the U.S. cannot continue to allow
our failure to act here to put the U.S. and the global
financial system at risk.
I am really pleased that this morning a bipartisan bill was
introduced in both the House and the Senate to do just that. We
wholeheartedly support the Corporate Transparency Act and thank
Representatives Maloney, King, and Royce for introducing the
House bill.
Tenth, I would strongly caution against transferring
responsibility for setting AML priorities for individual banks
from those banks to FinCEN. Banks really are best placed to
understand their business and their systems and the money
laundering risks that are inherent in those things. They really
need to be able to create--
Chairman Luetkemeyer. Can you wrap up pretty quickly?
Ms. Lowe. Don't I have another minute? No?
Chairman Luetkemeyer. You had 5 minutes.
Ms. Lowe. Oh, I'm sorry.
Chairman Luetkemeyer. Everybody else had 5 minutes.
Ms. Lowe. Am I--
Chairman Luetkemeyer. You are way over.
Ms. Lowe. I am on the wrong side of 5 minutes. That would
explain it. I apologize. I thought I had a minute left.
Chairman Luetkemeyer. We thank for your testimony.
Hopefully, you can delve into more of your suggestions here as
we go through the discussion.
Ms. Lowe. Sure.
[The prepared statement of Ms. Lowe can be found on page
114 of the appendix.]
Chairman Luetkemeyer. Thank you.
Without objection, the gentleman from Ohio, Mr. Davidson,
is permitted to participate in today's subcommittee hearing.
Mr. Davidson is not a member of the subcommittee, but he is a
member of the full Financial Services Committee, and we
appreciate his interest in this topic, and welcome his
discussion here when he returns.
With that, I recognize myself for 5 minutes for questions.
It was interesting to hear your discussion, and I certainly
appreciate everybody's testimony this afternoon. There were
lots of interesting comments from the standpoint of Mr. Baer's
analogy to the army with regards to how this whole structure is
working, I thought that was pretty enlightening, and bankers
have become law enforcement officers instead of being bankers.
I think we need to put everybody back in their own pew.
But I was interested in your discussion, Mr. Baer, when you
talked about some of the technology that can actually help
detect some of this stuff. I know with the fintech explosion
here it seems like there is a lot of ability to go in and
assess data. And is there a place for that, are we doing that
now, or are we not doing that?
Because it would seem to me that we can figure out what
kind of magazine I would like to read based on all the things
in my background here--where I do business, what I eat, where I
go--and yet, we are not doing that with regards to suspicious
activities.
Mr. Baer. It is a great question. Among the experts we
considered or consulted in our work were folks who were experts
in big data and AI.
And just as background, I think what is important to
understand is the SAR database was created 25, 30 years ago for
a very different purpose. It was a suspicious activity report
where there were a sufficiently small number of them that one
of them was read by an Assistant United States Attorney (AUSA)
somewhere in this country. So they were actually written to be
read, every one read by someone.
Now that we have almost 2 million filed per year, there is
no one reading them in the first instance. Instead, what law
enforcement does is word searches against that database. The
banks also do searches against the database, basically looking
for patterns.
So we have gone from sort of providing leads in a very
personal way to a prosecutor to basically having a big bunch of
data, and what do you do with that data? And that is where the
system has never caught up, because the first thing we heard
from the big data folks is you have to have a feedback loop. If
you want your algorithms to get smarter, you have to know for a
given SAR, is that a good SAR or a bad SAR?
They have even proposed you should just have law
enforcement have a green button and a red button for good SAR
or bad SAR. That would actually make things work a lot better.
But there are a lot of other concepts like that that you could
apply once you start thinking about that database in terms of a
searchable bunch of data as opposed to an individual lead.
Also, you could think about--and I think Mr. DeVaux was
talking about this--the format of it. When it was an individual
lead to be read, it had to be very carefully written in great
syntax and reviewed at three levels. But if it is just going to
be searched, do you even need a paragraph? Can you just dump in
the data from the underlying account?
So those are the kinds of questions that aren't being faced
now.
Chairman Luetkemeyer. Okay. Very good.
Mr. DeVaux, you are in the trenches every day. You deal
with this every day. So can you explain to me the impact of the
rules and regulations presently on your--you kind of outlined
it with regards to the numbers of people in there. But are you
finding problems? Are you finding people who do illicit
activities with the process that we have? Or can you give us
ideas on how to do something different that would actually
streamline the process so that you don't have to have more
compliance officers than you do loan officers?
Mr. DeVaux. Thank you, Mr. Chairman.
To give you an example, when you set a customer up in your
system, you build a profile on that customer. If that customer
deviates from the profile, the BSA area gets an alert. We got
7,100 alerts last year. We filed 29 total SARs, 15 from alerts.
We had to go through every one of those alerts. And any alert
that creates suspicious activity is then turned into an
investigation.
Chairman Luetkemeyer. Okay. Let me interrupt for just one
second. Do you the investigating or does law enforcement do the
investigating?
Mr. DeVaux. The bank.
Chairman Luetkemeyer. The bank does the investigating.
Mr. DeVaux. The bank's BSA department does an
investigation. And it may eventually lead to a SAR. Last year,
we filed 29 SARs; 15 were generated from the alerts. So we did
7,100 alerts turning into 15 SARs. That is a lot of work. About
7 or 8 percent of our accounts are high risk, and that is what
generates a lot of our alerts.
Chairman Luetkemeyer. Okay. Very good.
I think you made a comment also with regards to the
consistency of the rules. I think you made the comment with
regards to being a small bank, that a lot of times, you are
looked at differently than larger banks with regards to your
client base. Can you expand on it for just a second?
Mr. DeVaux. Yes, sir. Thanks.
We run our database to determine how many high-risk
accounts we have. And we have had regulators come back and tell
us that number is not high enough, you can't just have 4
percent high risk, you need to have 6 or 8 percent high risk. A
high-risk account is a high-risk account. It shouldn't be
determined by an arbitrary number.
Chairman Luetkemeyer. So they are asking you to go in and
fudge the numbers, then, so you get to a higher number? Because
I would assume you are giving the actual amount of high-risk
business in your book of business.
Mr. DeVaux. The way the high risk is built is by parameters
associated with the country they are doing business with, the
amount of money they are running through the account, etc. So
if you set the level of account transactions at a higher or
lower level, you will generate more or less alerts. So, they
are saying, and I wouldn't use the word ``fudge,'' but they are
basically saying you need to decrease your high-risk account
parameters to pick up more alerts.
Chairman Luetkemeyer. Okay. Thank you very much. My time
has expired.
With that, we will recognize the gentleman from Georgia,
Mr. Scott, for 5 minutes.
Mr. Scott. Thank you very much, Mr. Chairman.
Mr. Baer and Mr. DeVaux, I would like to, first of all,
direct this to you two to respond.
Last month, in May, we received a report from the FBI's
Internet Crime Complaint Center. And according to this report,
attempts at cyber wire fraud globally surged in the last
several months of 2016. Fraudsters sought to steal some $5.3
billion in schemes where they pretended to be trusted business
associates requiring wire transfers. And this spike in fraud
saw a total number of business email companies' cases almost
doubled from May to December of last year, rising to 40,000, up
from just 22,000.
So, Mr. Baer, I listened to your testimony, and I want you
to address the issue of these financial innovation units. It
seems to me that you are sort of plowing down this road as a
possible way of dealing with this. And so my understanding is--
don't get me wrong--is that we need to provide regulatory safe
harbors to these financial innovation units or institutions so
that these units can operate in a sandbox outside of bank
examiners' sanctions.
Now, that is a lot. What is the sandbox? How well does this
work? Is this a pattern we have to follow on?
And then, Mr. DeVaux, I would like for you to agree or
disagree.
Mr. Baer?
Mr. Baer. Sure. In some ways it is unfortunate that you
actually have to request a safe harbor or a sandbox in order to
do the right thing, which is to innovate and try to find more
interesting ways--or more effective ways to catch very bad
people doing bad things.
The problem that has arisen, however, and we have heard
this from multiple banks, is that--and to some extent this gets
back to Mr. DeVaux, where there is a certain number of alerts
that are expected or a certain number of SAR filings--when you
are trying out a new way of identifying criminal behavior, you
don't have policies and procedures for that. You are
experimenting. You may not know what the yield is supposed to
be. If you have a new algorithm, you don't know how many alerts
that is supposed to trigger.
And yet banks do face criticism when they do that. And so
what they are really saying is, yes, we will comply with all
the rules that we are complying with currently, but we want to
have the chance to innovate and find new ways to do this, which
I would hope could be relatively uncontroversial.
Mr. Scott. Let me tell you a little bit of my concern about
this. In providing a regulatory sandbox approach to combating
terrorism, could we be hurting the very people we are trying to
help if financial institutions can operate in a sandbox like
this?
Mr. DeVaux?
And, Mr. Baer, you can chip in too.
Mr. DeVaux. I think fighting BSA crime is a team effort
across-the-board. The question for me is which members of the
team should be doing what. For banks, we get very little
feedback on what works and what doesn't work.
Mr. Scott. You get very little feedback from whom?
Mr. DeVaux. From law enforcement, from FinCEN, from the
people who actually receive our BSA product, our SARs, any
reports, our OFAC hits, our 314 hit lists of suspected
terrorists.
So if we get no feedback, it is very hard for us to know
what works and what doesn't work. But if we make a mistake, we
know very quickly what we did wrong. And it may not have been
any type of transaction or illegal money moving. It could have
been just that they didn't like our policy, they didn't like
our program.
It seems there has to be some kind of safe harbor to say,
you have a decent program. One of the analogies I use from my
old farming days is we are looking for a needle in a haystack
with BSA. If we can make that haystack smaller, we have a
better chance of finding that needle.
So why don't we look at the things that work and do those
and maybe do more of those, and look at the things that don't
work and let's stop doing that.
Mr. Scott. So one of the things that you are saying that
has worked are these financial units. You don't see a problem
there?
Mr. DeVaux. No, not at all.
Mr. Scott. Okay. And the fact that so many of them are
manned by former law enforcement people certainly could help
with getting the communications.
Is that right, Mr. Baer?
Mr. Baer. Yes. And I wanted to add too, although there
aren't really policies and procedures for it, banks of all
sizes are very good, I believe, about alerting law enforcement
when they actually see something that is truly suspicious, as
opposed to just an alert you have to file because it hit some
parameter. There is actually a term for this now called ``super
SAR.'' And banks actually walk those into the U.S. Attorney's
Office or the FBI, or whomever, and say, look, we filed the SAR
like we always do, but this one really means it.
Mr. Scott. All right. Thank you, sir.
Chairman Luetkemeyer. The gentleman's time has expired.
The gentleman from Pennsylvania, Mr. Rothfus, is recognized
for 5 minutes.
Mr. Rothfus. Thank you, Mr. Chairman.
Mr. Baer, in your testimony, you described the current AML
regime as, ``inefficient and outdated and driven by perverse
incentives.'' You described a system where financial
institutions face broad reporting requirements and file large
numbers of SARs, some of which are purely defensive in nature.
I think we can all agree that our BSA/AML regime should
seek to provide law enforcement with actionable intelligence
that they can actually use rather than volumes of SARs that
waste resources and provide minimal value to law enforcement.
With this in mind, do you believe that the provisions of
the Bank Secrecy Act with respect to required reports of
suspicious activity by financial institutions are overly broad
and, as a result, produce too many reports that are not
particularly useful to law enforcement?
Mr. Baer. It is a great question and it is very difficult
to answer. There was a time when we used to say there were too
many SARs and it was adding hay to the haystack and making it
more difficult to find needles. That was when someone was
actually reading every SAR.
You can actually argue now that no one is reading them in
the first instance and you are just running word searches
against them. Why not have more SARs? That is just more data to
search.
The real problem there, though, and with a SAR database
is--again we have heard this from the big data folks--that the
SAR database is filled with noise because you're filing a bunch
of SARs on low-level, low-dollar offenses that no Federal
prosecutor would ever look at, and then it is really the
absence of a feedback loop.
It is just not a smart database. It is not necessarily more
or less, it is more, how are you going to search that database
and how are you going to get feedback so that you are searching
it smarter and smarter every day?
Mr. Rothfus. Are there any changes you would suggest to the
reporting requirements, or is it more the feedback loop that
you are looking at here?
Mr. Baer. On the reporting requirements, for example, there
is no dollar limit for insider abuse. So if you think a teller
is taking some money and decide to let him or her go, you
actually have to decide whether to file a SAR on that, even
though, again, there is no Federal law enforcement official in
the world who will ever bring a case on that.
The dollar limits have not been raised, I believe, since
the BSA was originally enacted with regard to other low-level
offenses. So for a $2,000 theft, you are filing a SAR.
And I think as both Ms. Anderson and Mr. DeVaux noted, that
is a lot of resources, because you actually have to investigate
those like a law enforcement agency. And so you could take
massive resources away from those low-product, low-utility
efforts and put them to much more useful purposes.
Mr. Rothfus. The report that The Clearing House issued,
``Redesigning the U.S. AML/CFT Framework,'' discusses the
possibility of setting up a no-action letter procedure at
FinCEN. This would allow financial institutions to query FinCEN
on enforcement issues. Could you describe how you would
envision no-action letters working in this context?
Mr. Baer. I will give you one example. With respect to
sharing of information among firms under 314(b), that is
actually permitted with respect to two categories of offenses:
anti-money-laundering; and terrorist financing.
It is not quite clear what anti-money-laundering means with
respect to that exception, because just about any crime
involves having to launder the proceeds of it. So, for example,
in that area, you would be able to write in and say, ``Is this
sort of offense the kind where I could share information with
another financial institution to the extent I am investigating
that conduct?''
But there are millions of questions like that where firms
have a very difficult time knowing what the exact right answer
is and are at great risk if they get it wrong.
Mr. Rothfus. Mr. DeVaux, in your testimony, you suggested
that there are deficiencies in how Section 314(b) of the USA
PATRIOT Act has been implemented. As you know, this section
encourages banks to share information with each other.
Specifically, you wrote, ``The restrictions and red tape
surrounding its use make it impractical.''
What are some of these restrictions that hinder bank-to-
bank cooperation?
Mr. DeVaux. There are always privacy issues related to
sharing information. In order to share information with another
bank, you have to first file with FinCEN. And before you share,
you have to also be certain that the other institution has
filed with FinCEN. And then you can share information.
And the process is not as smooth as it should be in terms
of having to go through that procedure. Many banks do not do
it. They just don't share the information.
Mr. Rothfus. Ms. Anderson, in your testimony, you wrote
that it takes your credit union 3 to 5 days to process an
average SAR for one case from beginning to end, and American
Airlines Federal has 30 to 45 filings per month. How has
technology helped to mitigate this compliance burden?
Ms. Anderson. We use a system that generates the cases. And
so what we do to eliminate false positives is once a year, we
look at the rules that we have established in the system so
that we can eliminate the false cases, which takes time,
because the ones that I mentioned where it takes 3 to 5 days to
research, it takes that long for a true SAR, because you have
to look at the deposits, you have to look at the lending
system, you have to look at what is in your imaging system.
There is a lot of research in the background to truly grasp
what is going on, especially if a lot of individuals are
involved. And then you have to look at all those accounts.
So what we try to do once a year is we do a quality review,
and we look at our rules to eliminate those that have false
positives.
Mr. Rothfus. I yield back. Thank you, Mr. Chairman.
Chairman Luetkemeyer. The gentleman yields. His time has
expired.
The gentlelady from New York, Mrs. Maloney, is recognized
for 5 minutes.
Mrs. Maloney. Thank you very much, Mr. Chairman.
And I thank all the panelists for your testimony.
Mr. Baer, I would like to ask you about the Beneficial
Ownership bill. You and your organization, The Clearing House,
have been extremely helpful on this bill and we deeply
appreciate your support. And I want to thank you for that. But
we both share a common goal, which is to prevent terrorists and
criminal organizations from using the U.S. financial system to
move their money around.
And as you know, the Corporate Transparency Act will allow
financial institutions to have access to the same beneficial
ownership information that law enforcement has, because we want
financial institutions to know their customers, and they can't
know their customers if they don't know who owns the
corporation.
Can you talk about why it is important for both law
enforcement and financial institutions to have accurate
beneficial ownership information?
Mr. Baer. Sure. Thank you, Congresswoman.
Actually, I think you noted this morning, which I think is
a really important point, that the greatest benefit from that
legislation is actually outside the banking system. As you
noted, sophisticated criminals, or kleptocrats, know not to use
the banking system. So they use LLCs to set up--to hold real
estate or diamonds or art or whatever it is. So even if you
left aside the banking system, there would be a great reason to
enact the bill.
For banks, they already are under, as we have discussed, a
customer due diligence requirement from FinCEN, that they know
their customers, and if it is a corporate customer, that they
know the beneficial owners of that corporation.
Currently, that is a game of hide-and-go-seek where they
have to ask and then investigate. If they had access to an
established database filed under penalty of law where a
corporation had to identify to the State or to FinCEN who the
beneficial owners are, obviously that would reduce the burden
on the bank, it would reduce the risk of getting it wrong, and
that is all to the good.
But I think the primary reason we support the legislation
goes beyond those marginal reductions in cost and risk and is
more just to having a much safer system and a much safer
country.
Mrs. Maloney. But it would be a substantial benefit to
financial institutions as it would reduce the regulatory burden
on those institutions?
Mr. Baer. No. Absolutely.
Mrs. Maloney. It was interesting in the ``60 Minutes'' show
that was done on the hiding of money in America, that in that
show they interviewed 15 lawyers, and all of them were
cooperating in trying to hide money in America.
What I thought was very interesting was they all said,
don't go to a bank, whatever you do, don't go to a bank,
because they are going to know their customer, and that is not
a good place to hide your money.
It was disturbing to me to see the American legal system
cooperating with an alleged criminal on how to hide money, but
it shows that the banks have been successful in knowing who is
there. But every single one of them said, ``Don't go to a bank,
go to these LLCs, we will help you set it up.''
How many banks are part of your clearinghouse?
Mr. Baer. It is basically the 25 largest commercial banks
in the United States.
Mrs. Maloney. And are they all supporting this legislation?
Mr. Baer. As well as we can determine, yes. We have asked
them repeatedly, and they are all for it, yes.
Mrs. Maloney. I appreciate it. I represent an area that has
a lot of terrorism financing. And any way we can crack down on
it makes America safer. So thank you so much.
I would also like to ask the gentlelady, Ms. Lowe, and you
have been very supportive of this bill too, which we introduced
today with your support. And can you talk a little bit about
why you think it is important? And how will this help crack
down on terrorism financing in America?
Ms. Lowe. The issue of anonymous companies and beneficial
ownership is not simply a U.S. issue. It is, certainly, a
global issue.
The U.S. started off actually quite strong many years ago,
trying to push to make it more difficult to create anonymous
companies, but has actually fallen quite far behind many other
countries in actually operationalizing that.
The U.K. today, for example, has a completely publicly
available register of beneficial ownership information that,
for example, U.S. law enforcement could access, U.S. banks
could access now as they wish.
So terrorism finance today, as you have heard in many of
your hearings last year, is not something that is done only by
terrorists. There are a lot of people working together among
the criminal systems around the world, and that is terrorism
folks working together with organized crime, working together
with human traffickers, because they are all using the same
systems.
And a fundamental vehicle for moving any of this criminal
money is unanimous companies. Again, that is global.
The U.S. is particularly important in this area--
Chairman Luetkemeyer. Very quickly.
Ms. Lowe. --because we do incorporate the largest number of
companies in the world, and the rest of the world thinks that
they are very legitimate.
Chairman Luetkemeyer. The gentlelady's time has expired.
The gentleman from North Carolina, Mr. Pittenger, is
recognized for 5 minutes.
Mr. Pittenger. Thank you, Mr. Chairman.
And I thank each of you for your expert testimony today.
Previously, I had drafted legislation to strengthen and
clarify Section 314, information sharing mechanisms that were
written in the USA PATRIOT Act.
How important is it for us, in our anti-money-laundering
regime, that we fully enable vital information-sharing between
the government and financial institutions, and between the
financial institutions themselves? And in this legislation,
part of our objective, of course, was to streamline this
process, enabling the government to focus in on those entities
that would be a strategic importance to them.
Yes, sir?
Mr. Baer. Yes. Congressman, I think it is very important. I
think it is important, under the current paradigm, where I
think it is more a matter of banks picking up the phone and
calling each other to the extent that they share a customer and
want to know if they are seeing the complete picture.
I think in a future paradigm, where there was, again, more
use of data. I have been taught by the data folks that the
importance is not the algorithm, it is how much data you are
running that algorithm against.
If you have a customer who has four bank accounts, you
would certainly want to see the behavior in all of those
accounts in order to determine whether it is truly suspicious
or troublesome. So, whether it is the informality now and
picking up the phone, or whether it is a future state where you
are actually sharing data in real time, I think it is important
in both cases.
Of course, there are privacy concerns here, and we respect
those. I think those should be addressed, but they seem
solvable.
Mr. Pittenger. In respect to that, and when you consider--
and I will get to the privacy issues, if the government was
able to identify those particular entities that they wanted you
to respond back to, that in itself, it seems to me, would
provide greater privacy for those relieving you of others that
you would not have to be engaged with.
Would you concur with that?
Mr. Baer. Yes. I agree, Congressman.
Mr. Pittenger. Ms. Lowe?
Ms. Lowe. Thank you. Just to add, moving forward and
looking at this issue, I think you need to be looking at the
international data privacy regulations in place. The
internationally-operating banks are very much bound by those,
and what they can and cannot share. The European Union, in
particular, has had the strictest regime, and that is a pretty
wide-ranging regime. And they just adopted a new directive in
May on this that will come into effect in May of 2018.
Around the world, countries generally have adopted either
this sort of European approach or the American approach, and so
it is sort of a hodgepodge out there in the world as far as how
these data policy restrictions interplay with the information-
sharing. But I think it is something that this committee should
look at in that sort of much wider context, understand what we
can and cannot do and how to make that better.
Mr. Pittenger. Mr. DeVaux?
Mr. DeVaux. Yes. I agree 100 percent. The 314(a) list is a
list of people of interest, and I would like to get that list.
That is a very efficient activity. We can just run it against
our database. If we get a hit, we report it.
I think about the situation where you may have people who
are criminals--or doing criminal activity, and they are not
banking at just one bank. They are banking at four or five
banks, and they could be moving money around.
You can imagine the scenario where five banks are writing a
SAR on the same person. If there were ways to better share this
information so we could get the information out there, we might
save a lot of that redundant work.
Mr. Pittenger. And part of your objective is to have a
safety capacity where you would be protected from litigation
sharing information one with another as well. Is that correct?
Mr. Baer. I probably reaffirm Ms. Lowe's point, in the
sense, internationally, there are now currently restrictions on
the ability of a given bank to share even within the bank to
the extent there is a foreign affiliate, or even branch
involved. So that is a very real concern.
Mr. Pittenger. Ms. Anderson, do you have a comment?
Ms. Anderson. I just wanted to echo the remarks made by Mr.
Lloyd DeVaux. We would also like to share information, but as
was previously mentioned, you are limited to only two instances
where you can share information.
And at credit unions, we have what is called shared
branching, where if they are involved in a system, they could
go to another credit union and make a deposit or withdrawal.
And so it would be great if we could openly share that type of
information so that we are not spending so much time trying to
call them, or they are trying to call us so they can file a
proper SAR or a CTR.
Mr. Pittenger. You have a safe harbor where you are able to
provide information with each other?
Ms. Anderson. Yes.
Mr. Pittenger. Thank you very much. I yield back.
Chairman Luetkemeyer. The gentleman yields back his time.
Ms. Velazquez from New York is recognized for 5 minutes.
Ms. Velazquez. Thank you, Mr. Chairman.
Ms. Anderson, Mr. Baer, and Mr. DeVaux, I am hearing from
real estate title and settlement professionals in my district
that criminals are doctoring up fraudulent wire instructions
and sending them to home buyers. They make the instructions
look legitimate as if they were coming from the title insurance
company.
The buyer then goes to the bank and sends a wire using the
incorrect instructions. These funds, then, get transferred to
the criminal before a series of transfers sends the money
offshore. So my question to you is, can each one of you tell me
what you are doing to prevent your institutions from being used
by these criminals?
Ms. Anderson. I would like to start. Thank you,
Congresswoman.
What we do when a member wants to send a wire is that they
have to complete a form, and we verify their identity. And so,
to make sure that we send funds from their account, because
funds can go so quickly. And so we do authenticate our members,
and we also contact them. And then depending on the dollar
amount, it might have a second level of approval. That is what
we try to do to discourage fraud. But also what we do, is we
also have alerts that we send our members. If we see a pattern
of a type of fraud, we try to send newsletters to them.
Ms. Velazquez. Thank you.
Ms. Anderson. Thank you.
Ms. Velazquez. Mr. Baer?
Mr. Baer. I think I will defer to the real bankers here,
although The Clearing House runs a payment system. It is
actually a bank-to-bank, very large dollar payment system,
which I don't think would be relevant.
Mr. DeVaux. From our perspective, one of the beauties of
being a community bank is we know our customers. So when we get
a wire request, in addition to the comments Ms. Anderson made,
we call every customer on every wire, and we have a
conversation with them. They complete a wire authorization
form, and the information we call is in that form. And we
verify using that form, if we don't recognize the voice, which
it would be very rare that we wouldn't recognize the person on
the other end.
Ms. Velazquez. Does your AML program detect these crimes?
And if so, how?
Mr. DeVaux. Every wire in and out of the organization is
run through OFAC, first of all. Also, we run OFAC every single
night on every single customer, and on every transaction that
comes in and out of the organization. I talked about the 314(a)
list, which is a list of people of interest to FinCEN.
I like OFAC. OFAC is easy for us. We run the list against
our database, so we know the people they are looking at, and
the places they are trying to avoid sending money to;
therefore, it is very, very efficient.
Ms. Velazquez. Thank you.
Mr. DeVaux, how can Congress help facilitate greater
communication from FinCEN and a better relation between law
enforcement and financial institutions?
Mr. DeVaux. The first thing, as I said earlier in my paper,
would be to share information with us, to tell us what is
working and what is not working.
It is very difficult for us to know the things we do that
are valuable and the things we do that are not valuable. And
sometimes, everybody gets busy and doesn't take the time to
step back and take the bigger view and say, okay, what is
working?
I think if we could focus on the things are working and
maybe even do more of the things that are working and stop
doing the things that don't provide value, I think it would
help the entire system be better.
And I mentioned earlier, there is so much redundant work
going on, so if we had the ability to share through some type
of database, or some type of sharing agreement where we could
not have to repeat all the work that has been done dozens of
times by other organizations, it would save us a lot of
resources.
Ms. Velazquez. Thank you.
I yield back, Mr. Chairman.
Chairman Luetkemeyer. The gentlelady yields back.
The gentleman from Colorado, Mr. Tipton, is recognized for
5 minutes.
Mr. Tipton. Thank you, Mr. Chairman.
I thank the panel for participating today, on a very
important issue. We appreciate the efforts you all are making
on this.
Mr. DeVaux, you commented that your compliance department
has grown significantly. In fact, you have the largest
compliance department when it comes to the AML. Is that
accurate?
Mr. DeVaux. Yes, Congressman. That is accurate. In fact, it
has doubled since 2011. But what I am talking about here is the
compliance department and the direct expenses related to
compliance.
We have 45 employees, and all 45 employees are in BSA, not
just the 6 who are in the compliance department. Every customer
who walks through the door, you have to follow the know-your-
customer rules in the CIP program. You have to go through an
extensive process to identify who that customer is.
The frontline officer who is dealing with that customer has
to build a profile of that customer to know what type of
activity, where every dollar is coming from and where every
dollar is going to go, and the level of dollars and types of
transactions.
And we have to train across the entire organization on the
four pillars of BSA. You have to train every person in the
organization specific to their responsibilities in the
organization. So when they should be out developing business
and trying to generate new customers, they are spending a lot
of time trying to onboard customers. And if an alert comes up,
they are the ones who make that phone call back to the customer
to get more information.
If a lender is trying to do a loan, they have a lot of
responsibility around gathering BSA information. So instead of
being able to call on five customers that day, they can maybe
call on two, because the process takes so much longer.
Mr. Tipton. Great.
Ms. Anderson, Mr. DeVaux, maybe you both would like to be
able to address this. Earlier this month, the Treasury
Department released a report on the current state of the
financial system. And following the release, I wrote a letter,
which is currently being circulated among membership or
cosigners encouraging Federal regulators to institute policies
requiring greater coordination for supervisory exams.
In your testimony, you recommended that BSA/AML reform
include minimizing duplication of some or similar information
as well as greater regulatory examination consistency among
regulators to minimize the regulatory overlap.
Can you expand, perhaps, on why this is an important issue,
not only for supervised entities, but also for the regulators
themselves?
Ms. Anderson. Yes. The reason that it is a burden is
because from the regulator's point of view, they usually have
agreements with FinCEN on the examination process. And there is
such a high threshold with BSA that if you have one minor
inadvertent mistake, you are written up. So what our compliance
department does is prior to our examiner coming in, we review
the whole BSA program from top to bottom, and that is where we
have three people dedicated to reviewing that we filed all the
SARs timely, that we didn't have to file any amendments, that
our CTRs look right. We look at all our risk assessments.
Because, unfortunately, the way that it appears that the
agreement is between the regulators is that BSA has a higher
threshold than if you would have, for example, errors in
lending.
In lending, they may make informal comments, the examiner
will. But if it is something to do with BSA, they will
automatically make it a finding, or they could raise it to a
letter of understanding, or a DOR. So that is where we spend so
much time on quality control besides doing the day-to-day
investigating and filing.
Mr. Tipton. Anything to add, Mr. DeVaux?
Mr. DeVaux. We are a State-regulated bank, a State-
chartered bank, which means we are regulated by the State and
by the FDIC, and by FinCEN--a lot of regulators.
We just had a CRA compliance exam that started in early
April. And when it finished, by the end of April, our safety
and soundness exam started, and it continued until just last
week.
So we have actually had over 60 days of regulators in the
bank, a $200 million bank, going through everything we do. It
was the FDIC in both cases, but the exam reports then go to the
State, and the State may call us up, and want to come in for a
visit, and relook at some of the things that we did. So we are
put through a lot of hoops in order to comply with regulation.
And, we understand as banks, we need to be regulated. We
are dealing with people's money. But at the end of the day, we
would rather be out enabling the dreams of our community,
enabling the small businesses, creating jobs, revitalizing the
economy. So let's eliminate some of the duplication so we can
do that. We can spend more resources on developing our economy
and developing the small businesses in our area.
Mr. Tipton. Thank you.
And, Mr. Chairman, I think I have 22 seconds left?
Chairman Luetkemeyer. I think you are 22 seconds over.
Mr. Tipton. That is okay. Thank you. I yield back.
Chairman Luetkemeyer. We are going to have to go back to
basic 101 math here. Fortunately, we are Congressmen. We don't
take education well.
The gentleman from Texas, Mr. Williams, is recognized for 5
minutes.
Mr. Williams. Thank you, Mr. Chairman.
And thanks to all of our witnesses today for your
testimony.
And, Ms. Anderson, it is good to see you. I always
appreciate when the committee brings in a Texan, and I am from
Fort Worth. So thank you for being here.
Ms. Anderson, let me start with you. Banks, credit unions,
are in an era of compliance. I have seen this in my own
personal life. I hear this from small business owners like
myself across my district. Every business is worried about
making sure they comply with whatever regulatory authority
oversees them.
So along those lines, let me start by simply asking this:
What is involved with preparing for your Federal regulatory
agency examination of BSA/AML compliance?
Ms. Anderson. Thank you, Congressman.
As I mentioned earlier, what we do is we--the three people
do a top-to-bottom review of the whole program. And so we look
at all the filings, all of the--we make sure that the risk
assessment that we have is final and complete. We look to make
sure that we don't have--we didn't have any errors. And if we
have to file any amendments, we will file amendments.
We make sure that everyone has taken their required annual
training, because when the examiner comes in, they want to make
sure that besides the employees taking the training, that also
the board of directors has been given training, and that if
someone wasn't there, for example, at a board meeting, that we
sent them the presentation that was given. We make sure that
they don't have questions.
So, it does take a full 2 months. We get all the documents
ready for the examiners. And we have a stack this high of the
documents that we have ready for them. So it is a very time-
consuming process, but we do that because we want to be in
compliance with BSA.
Mr. Williams. Okay. Let me follow up.
What kind of training--you touched on this--do your
employees go through on a regular basis to make sure they are
up-to-date on the most current rules? You kind of touched on
that. Go ahead.
Ms. Anderson. We do online training, because we have
branches in 13 States and the District of Columbia. But what we
also do is we supplement that training with personal training
specific to that department, whether it be a loan officer, or
the wire department, or with the teller. We do a lot of
training when we see there may be deficiencies.
So we are always training our folks to make sure they are
always catching and reporting to us any suspicious activities.
Mr. Williams. And every now and then you try to do some
business, right?
Ms. Anderson. Yes. Thank you.
Mr. Williams. Let me follow up. I have always said that
banks, credit unions, and small businesses are the first people
you turn to when you need something in your local community,
whether it is sponsoring the Little League team or donating an
item for charity. And you all are certainly pillars of our
community, and people know that.
In your testimony, you said that the American Airlines
Credit Union was previously able to conduct online training for
employees spread out over the 13 States. But now you must
supplement that online training with one-on-one customized
training, combined with the BSA/AML training every year for all
600 employees. This is, obviously, a huge burden to all
employees.
So my question is this: In general, have the increased,
BSA/AML compliance costs caused your credit union to miss out
on opportunities to serve your community like we are talking
about?
Ms. Anderson. Yes. I always feel, and I am sure other
financial institutions do, that you never have enough people
who are working in BSA. So I always try to ask for an
additional head, or we always try to make sure we have the best
technology so that we can support the BSA regulations.
Mr. Williams. My last question would be, how do these
burdens that we are talking about, BSA/AML compliance and
reporting, affect the credit unions, aside from just the
training commitment?
Ms. Anderson. It takes resources away from the credit union
as a whole, because those resources could be spent elsewhere on
providing better products and services for our members.
We could do more. Other types of services, like offering to
maybe beef up and hire more loan officers, or maybe hire more
credit counselors, but because of the BSA regulations, we are
staffed up for BSA, because it is such an important area, and
it is looked at very closely.
Mr. Williams. Thank you. I appreciate you being here, and I
yield my time back.
Chairman Luetkemeyer. The gentleman yields back. With that,
we go to the gentlelady from California, the ranking member of
the full Financial Services Committee, Ms. Waters. You are
recognized for 5 minutes.
Ms. Waters. Thank you very much, Mr. Chairman.
And I would like to thank our witnesses who are here today.
I have wrestled with what we can do to deal with violations
of the BSA/AML. And at the same time, I share some of the
concerns about the smaller banks and smaller institutions that
are having difficulty, for any number of reasons that have been
identified today.
But here is what is causing us to be very concerned in this
general area. In recent years, we have witnessed a seemingly
endless stream of money laundering violations by some of the
largest global banks, with Deutsche Bank being the most recent
large global financial institution to disregard the anti-money-
laundering requirements contained in the Bank Secrecy Act.
Given that large mega banks continue to treat our current BSA/
AML enforcement penalties as merely the costs of doing
business, it is what is driving our concern.
When I take a look at some of the banks, big banks that
have been involved with the money laundering, or at least
disregarding any efforts that should be made to do the kind of
detection that has been discussed here today, for example, in
2014, BNP Paribas, the world's fourth largest bank, agreed to
pay $8.9 billion for knowingly and willfully moving over $8.8
billion through the U.S. financial system on behalf of three
countries the U.S. had already sanctioned for acts of terrorism
and other atrocities.
In 2012, HSBC agreed to pay $1.9 billion in U.S. fines
while allowing itself to be used by money launderers in Mexico
and terrorist financiers in the Middle East. HSBC allowed
Mexican and Colombian drug cartels to launder at least $881
million. And in another case, HSBC instructed a bank in Iran on
how to format payment messages so that its transactions would
not be identified as an Iranian entity, and be blocked or
rejected by the United States. Again, with Deutsche Bank, it
was $41 million for anti-money-laundering deficiencies.
So given all of that, and our concerns about the smaller
banks, what would you recommend that we do that could be
helpful to smaller banks and credit unions, but at the same
time, not interfere with our ability to deal with what I have
just described?
Ms. Lowe?
Ms. Lowe. Thank you, Congresswoman Waters. There is no
doubt that there have been some very willful and very egregious
cases over the past several years that have come down in this
area. And as I noted in my testimony, they are almost entirely
based on what are, essentially, violations of the BSA/AML
procedures. But when you look at the cases, you see so, so many
hallmarks of actual money laundering, but there is no criminal
prosecution related to these, not of the individuals nor of the
banks.
There are a number of reasons for that, as I mentioned,
potentially. But what the DOJ tells me is that they don't have
enough evidence to actually bring a prosecution against a
person. I find that very difficult to believe when I read the
statement of facts, because those statements very often contain
things like emails, where people are exchanging emails about
exactly what they are doing, and they know they shouldn't be
doing it, right?
So I find that difficult to believe. I want to really
understand better why we are not prosecuting the individuals
who are actually perpetrating these actions.
I think that when a bank is fined, its bankers say, Oh,
that is terrible. I think when a banker goes to jail, his
fellow bankers say, Oh, that is not going to happen to me, and
I am not going to do that. So I think we need to be focusing a
lot more on individuals.
Sally Yates made a memo in 2015 to this effect. I would
like to see us, actually, following through on that.
Ms. Waters. Ms. Lowe, I understand that some of the drug
dealers that these banks were dealing with have gone to prison
for long periods of time, but their enablers in the banks have
not been penalized personally. No head of a bank, no CEO, has
been placed in prison for knowingly laundering drug money.
Ms. Lowe. That is correct. With respect to the very large
cases, that is correct.
Ms. Waters. I yield back the balance of my time.
Chairman Luetkemeyer. The gentlelady's time has expired.
The gentlelady from Utah, Mrs. Love, is recognized for 5
minutes.
Mrs. Love. Thank you so much for being here today.
As a former mayor of a growing city, when I first started
off at the city council, our city had a population of about
7,000 people. And it may seem like it is an easy task, because
there wasn't very much going on. You tend to learn that all of
the decisions you make at the very beginning you end up either
reaping the benefits of, or suffering the consequences of the
decisions that you make very early on.
But it is really interesting, as the city grew, the first
people who were in our cities were our credit unions and the
banks. And a lot of people kept asking, why do we have so many
banks, and why do we have so many--they were the ones that were
coming.
And it wasn't until later that we realized that the small
banks that were there, and the credit unions that were in our
community, were the ones that were the lifeblood of our
community. They were the ones that were helping support all the
city events. They were the ones that were actually the
financial credit. They were the ones giving the financial
credit to all of our businesses that were there, and our city
grew from, at that time, 7,000 to, when I left, over 27,000, a
viable, growing city.
And I am so glad that I didn't listen to all of the people
who were saying, we don't need any more banks, just start
getting other businesses, because they were the ones that were
a great foundation for our city.
So I want to focus on striking the right balance of
oversight and regulation. And I guess the question that I
have--and, Ms. Anderson, if you can help me answer this, and we
can go down the line as quickly as we possibly can, what kind
of analysis must an institution conduct to provide adequate
oversight and monitoring in compliance with BSA? I haven't been
here for the whole hearing, so if you answered this already,
please forgive me.
Ms. Anderson. What we look at, when we look at suspicious
activity, is we look at if there is a lot of money being
transferred. We look to see whether that person has the salary
from our records to justify that amount of cash in their
account. And then we look to see does the cash stay--does the
money stay in their deposit account, or is it quickly moved
out? And then, is there more than one individual? Is there more
than one individual who has access to the accounts? And where
is the money going? Is it going overseas? How long does it stay
there?
And so that is, for example, when we would file, because
the funds are unknown. When we determine from our system that
they are trying to avoid us filing a currency transaction
report, when they deposit, like, more than $10,000, we also
then file suspicious activity report, as do others here.
Sometimes it is more complicated, because you have to look
at many accounts if there is more than one individual, or the
individual may have other accounts where they are joint with
other people. And so that is why it takes so long to
investigate when it is a true SAR filing, because it just looks
suspicious on our end. We don't know if it is legal, but it
doesn't look right based on what we know about our members.
Mrs. Love. Okay. So, obviously, a lot goes into that. And,
also, what is the result of the failure to comply?
Ms. Anderson. So if you don't file, then there is no safe
harbor. You are written up. There could be fines, especially if
they find it to be willful. And so, I know some institutions,
if--sometimes if we are not sure whether we should file or not,
we will file, because there is a safe harbor for filing.
And then if we decide not to file, we keep a spreadsheet of
the reasons why we didn't file so that our examiner can see
that we have good reasons for not filing.
Mrs. Love. Okay.
Mr. Baer, Did you have something you wanted to add to that?
Mr. Baer. I think that was very well-stated. I think the
only information I would add, and Mr. DeVaux and I were talking
about this earlier before the hearing began, is that most of
these banks are running proprietary systems that they purchase
from a vendor, that basically generates the alerts, and then it
is up to them to investigate. A lot of the burden comes around,
where do you set those dials? You can set those dials to
generate 100 alerts a month, or 1,000 alerts a month. And I
think one of the concerns that banks of all sizes have is the
regulators will tell you, you know what, you only generated 100
alerts. We want you to generate 500.
But we are not aware of any analysis around why that is.
And certainly, we are not aware of any analysis about the
quality of the SARs that are being filed and how many of them
are actually leading to prosecutable cases. And that is where,
when I talked earlier about, sort of, the big data problems
here, it is a system that is just fundamentally lacking in
rigor in terms of the metrics for assessing whether it is being
successful or not, and that is not a very good system.
Mrs. Love. Right. As I look at all of this--my time has
expired, but as I looked at all of this, striking that right
balance is incredibly critical, because again, these
institutions in the small communities can make or break that
community.
And, again, thank you for your expertise. I really
appreciate it.
I yield back.
Chairman Luetkemeyer. The gentlelady's time has expired.
The gentleman from Washington, Mr. Heck, is recognized for
5 minutes.
Mr. Heck. Thank you, Mr. Chairman.
I would like to preface this by stipulating to the
consensus point of view that anything we can and should do in
this area does not compromise our efforts in fighting
terrorism. I think that is something on which we all agree.
That said, I am among those who believe that there is
fertile soil here to cultivate regulatory modernization, as I
would call it. And that has been brought about, my point of
view that part has been brought about by two things. The first
is I took it upon myself earlier to go on a tour of all the
banks, big and small--not all, but many, many credit unions,
big and small, in my district, to ask about what had happened
to their regulatory compliance burden over the years.
As you might imagine, it had increased very substantially,
most graphically represented by piles of paper. I wish some of
you had brought the piles of paper in.
And probably the most common complaint I got, frankly, was
about SARs and compliance with the Bank Secrecy Act and anti-
money-laundering, in fact, the preponderance over majority. And
I am not trying to pick a fight at all, but I found it
interesting that in the main regulatory relief bill we passed
here, the CHOICE Act, there were--count them--exactly zero
words related to bank secrecy, or anti-money-laundering, and
that was the chief complaint that I got.
And it just seems to me, however--and I will offer this as
a friendly suggestion to the Chair, because I am grateful for
this topic being heard, that it would be nice to hear from law
enforcement as well. We learn more when we hear from both
sides.
I think about the CTRs. It defies my comprehension that we
cannot update that to reflect inflation, but I want to hear
what the other side says. I think other work product would be
better if we had had an opportunity for that conversation.
I also want to suggest, Ms. Anderson, I have asked over and
over and over again for people to give me concrete examples of
how we can improve regulatory burdens on financial
institutions, and I found your testimony to be refreshingly
specific and concrete. And I thank you for it very sincerely.
The second reason I got very involved in this was when
FinCEN published their guidance for banks serving marijuana
businesses in the State of Washington, which the voters
approved, as you know, they chose to legalize it and to
regulate it; that guidance says that banks are required to
check to make sure that marijuana businesses aren't violating
any of--yes, count them--14 Federal priorities on marijuana.
They are intuitively obvious: Don't sell to minors, don't sell
across State lines, et cetera. That struck me as an incredible
compliance burden, frankly, on these organizations. But you
know what, our State regulators had an unbelievably clever
solution. Because the DOJ, the other hand, asked the State
regulators to check against the same 14 Federal priorities.
So here is what happens in our State: The banks are able to
look directly into the database of the Liquor and Cannabis
Board, our State regulator, to see if there are any red flags
for businesses. They are able to largely rely on the State to
check for conformance with the 14 priorities, and then
piggyback on that work instead of duplicating it.
And so my question is, how can that be a model for reform
for other SARs filings? What statutory changes would be
required in order implement it if there is a possibility of
doing this kind of creative database sharing very efficiently,
very quickly? Any of you?
Mr. Baer. This sort of gets to the questions about AI, at
least with regard to the largest firms that are my owners. We
think there is extraordinary potential for--``utility'' may be
the wrong word--sharing of expense whether it is around account
opening or account monitoring. And also, sharing of data in
order to make the algorithms work better. So, we think that is
clearly the future here. That is where this database is going
to end up going. As I said earlier, you are having 2 million
SARs filed a year. So this is no longer a personal need law
enforcement proceeding.
Mr. Heck. If I may, sir, on the issue of the number of SARs
filed per year, when the financial institutions submit SARs, if
there are multiple financial institutions involved in that
SARs, we are required to do duplicate investigations, and if
there is a correspondent bank, a triplicate investigation, why
doesn't it make sense to just kick it up to the financial
institution in that chain and say, It is your responsibility to
do this? What benefit is there to multiple SARs, when it is the
same transaction?
Mr. DeVaux. Right. There isn't. And then I think there is
another case where you may have somebody who is banking at four
different banks. None of them file a SAR. But if they all had
shared the information about that customer, the lights would
have gone on, and they would have said Oh, yes, we should all
be filing a SAR. So that is also a potential concern.
Mr. Heck. Thank you. My time has long expired.
Thank you for your indulgence, Mr. Chairman.
Chairman Luetkemeyer. Thank you. The gentleman's time has
expired.
And to respond to your suggestion, Mr. Heck, the problem
with bringing in law enforcement to this particular committee,
is that it actually goes into the purview of the Terrorism and
Illicit Financing Subcommittee. And so our intention is to work
with the bank side of the issue here, and then marry this with,
perhaps, a bill or suggestions or guidelines with the other
subcommittee, which is doing very similar work. And that is
what we want to try to accomplish here. So I appreciate your
suggestion.
Mr. Heck. And I appreciate the explanation very much, Mr.
Chairman.
Chairman Luetkemeyer. The gentleman from Georgia, Mr.
Loudermilk, is recognized for 5 minutes.
Mr. Loudermilk. Thank you, Mr. Chairman.
And I thank the panel for being here. I would like to
direct my question, really, around the transaction amount, the
amount that triggers the reporting and the investigation.
I believe it was 1970 when this was enacted. The first time
I found out about the BSA was when I left the Air Force in
1992. I was living in Alaska, and moving back to my home State
of Georgia, so we sold our house. Fortunately, we made a little
equity on it. I had a truck with a trailer packed full of
everything that I owned, and I was leaving Alaska to go to
Georgia--and, actually, I was going to start over, start a new
business, open a bank account. So I asked the bank to give me
all of my money, and they wouldn't. They said all we can give
you is less than $10,000. I ended up getting my money through
multiple transactions, but that is when I found out that they
were reporting it.
And as I was thinking about this, around 1970 I was still
in elementary school. My dad bought a house, paid $25,000 for
this house. When my dad passed away, we sold this house. And it
was in much worse condition than when he bought it. The
neighborhood had gone downhill. We sold it for over $100,000.
When I am looking at $10,000 in 1970, $10,000 today is not the
same thing. It has to be that transfer of $10,000 is done
multiple times on multiple accounts, especially, when you think
of somebody who has a sub S corporation, or some type of pass-
through through the businesses has to happen.
I am a small business owner. Several times in a month, we
would have transactions of $10,000 or more happen quite often.
I know two of you, in your statements, mentioned that if
you adjust it for the rate of inflation, we are looking at
somewhere around $60,000 today. Is that correct?
Mr. DeVaux. So, $64,009.
Mr. Loudermilk. Okay. I believe the credit union said about
$58,000 is what you guys calculated. You are using different
interest rates now. So you may want to up yours. People invest
more in credit unions. But let's start with Mr. DeVaux.
What do you think the appropriate threshold should be? Is
this a crux of part of the problem that we are having?
Mr. DeVaux. It is a good question. And the issue we have,
without knowing how the information is used, what is valuable,
what is not valuable, it is very tough for us to say that it
should be $5,000 or it should be $25,000.
It came about in 1970. And if you run it through CPI, it is
$64,000 today. Or in other words, as you stated, $10,000 buys
$1,500 worth of stuff today.
So without us having feedback, saying, here is how we are
using the currency transaction reports (CTRs), and here is what
works and here is what doesn't work, it is very difficult for
banks on their side to be able to pick a number that works.
Mr. Loudermilk. Okay. Ms. Anderson, would you like to
respond?
Ms. Anderson. Yes, for currency transaction reports, that
is where we would have to file if there is a deposit or
withdrawal or $10,000 more in cash. I was looking at a recent
month in our activity for what we receive. So if the currency
transaction threshold was increased just to even $20,000, we
filed 27 when it was $10,000 and above. But if it was increased
to $20,000, our filing sort of dropped to just 5. So that would
be of great benefit, because if you don't file a CTR within 15
days, there is a large penalty. So we are always on the clock
to file that.
From the suspicious activity point of view, from the
subpoenas that we have received that I am aware of, it seems
that law enforcement goes for the larger dollar items. They are
not concerned with $10,000 or $25,000. It seems like they go
for a larger amount. So maybe just, in the interim, try
doubling it just so see so that it is $10,000 minimum instead
of the $5,000, where you know who the perpetrator is, then
maybe instead of $25,000 where you don't know who the bad
person is, you increase it to $50,000.
At least just try it, and we can at least determine if
there is anything there. And it would be very helpful if when
we respond to a subpoena and they finally do go after the bad
people, that we do receive some validation that, Oh, yes,
because of your institution, we were able to go after this
person or that person or that ring of criminals.
Mr. Loudermilk. I'm running out of time here, but you do
believe that we definitely need to address what this value is;
I think that is what I am hearing. But we really don't know
what it is unless we get proper feedback from law enforcement.
Is that kind of a good summary?
Mr. Baer, I see you--
Mr. Baer. Yes. I refer to it in my testimony. It is the
last piece of the puzzle argument. There will always be a case
where an $11,000 transaction was the last piece of the puzzle
in some investigation. Just the way you can end up arresting
somebody for jaywalking, and they turn out to be a horrible
criminal, but that doesn't mean you increase your jaywalking
arrests. You actually have to do a cost-benefit analysis, and
think, how much did that last piece of the puzzle cost you? And
that is where Mr. DeVaux has it exactly right, which is we
don't know because there are no metrics or analysis around it.
Mr. Loudermilk. Thank you, Mr. Chairman.
Chairman Luetkemeyer. The gentleman's time has expired.
The gentleman from Michigan, Mr. Trott, is recognized for 5
minutes.
Mr. Trott. Thank you, Mr. Chairman.
Before I begin my questions, I want to allow my good friend
from Colorado to ask a follow-up question. So I yield to Mr.
Tipton.
Mr. Tipton. Thank you, Mr. Trott, for yielding.
And, Mr. DeVaux, I just want to be able to follow up a
little bit on some of your testimony, in terms of some of the
examination and compliance between smaller banks like yours,
and larger banks on the reporting.
Do you basically feel that since you are smaller, some of
the activity actually gets magnified, as opposed to a bigger
bank, when it comes to some of the compliance?
Mr. DeVaux. Yes, sir. It is a good question. And I think
what happens is regulators are trained in a certain way. And
they don't really see a lot of times the bank size or the risk
of the bank. They just know how to do their exam. And so
whether they are walking into a big bank or a small bank, they
are applying all the same rules. They are looking for all the
same percentages.
As I mentioned earlier, we had 7,100 alerts generated last
year. From those alerts, we filed 15 SARs. And we feel like we
could tune our alerts a little better, and probably still get
14 or 15 SARs out of it by not doing so much work.
A lot of times--and I am not trying to be critical of
regulators--it comes down to personality or the person who
comes through the door. What is their specialty? What is their
expertise? You can go through an exam at a bank 3 years, 3
times. On the fourth time, you get a different regulator, and
the whole story changes. And what was good before is now bad,
and what was bad before is now good. So it is an issue for us.
Mr. Tipton. Thank you.
I thank the gentleman for yielding to me, and I yield back.
Mr. Trott. Thank you.
Mr. DeVaux, I want continue to follow up on what you just
said. And one of my concerns is the heavy hand of the
regulators. So very quickly, I heard stories that examiners
tell institutions to file a certain number of CTRs and SARs or
be written up for having a bad audit. Is that happening, to
your knowledge?
Mr. DeVaux. Yes, sir, it does happen. For clarification, on
the CTRs, when the transaction is over $10,000, it is clear,
you file a CTR. You file a currency transaction report. So if
they ever come back and say, you are not filing enough, it is
because you didn't file something that you are required to
file. But when it comes to SARs, and when it comes to high-risk
accounts and high-risk reviews and investigations, that is
where the regulators want to see a certain number in a lot of
cases.
You can run your database, you would get 3 or 4 percent
high-risk accounts, and they can come back and say, you know
what, this seems a little low. Maybe you should change your
parameters and rerun your database again. But for me, a high-
risk account is a high-risk account. It doesn't matter what
your parameters are. It doesn't change just because you change
dollar amounts and other things like that.
Mr. Trott. Thank you, sir.
Ms. Anderson, on the same lines, do you ever feel that the
government uses the complex regulations to set banks and credit
unions up to fail, or if not to fail, but to find a supposed
error and then use that error to try and leverage the bank or
the credit union to make--get some other concessions as part of
the audit?
Ms. Anderson. Yes. From just what I have heard from other
credit unions, it does appear that Bank Secrecy Act exams are
more--can become a ``gotcha,'' especially when--if you are
looking at the whole examination, not just BSA, but lending,
the call report filing. And we have seen where you have just a
minor discrepancy, for example, use a P.O. Box instead of the
street address. Clearly, we had the street address, it was just
a minor issue. But you don't fight it, because you don't want
to argue on that. If that is all they found, I guess that is
great.
Mr. Trott. Thank you so much.
Mr. Baer, you worked with the 25 largest banks, as you
mentioned. In my prior life, I represented most of those folks.
And our biggest concern was reputational risk. If we didn't do
something that didn't reflect well--I used to joke that my
number one goal when representing Chase was to make sure Jamie
Dimon didn't know my name.
So any concern that maybe reporting a suspicious
transaction or a mistake could cause reputational risk to a
bank, particularly a large bank, which would thereafter cause
them not to want to report that because of the risk or because
of government action.
I assume it is not happening, but that would be a terrible
set of circumstances if the oversight caused them not to report
something they should.
Mr. Baer. No. I think all of the incentives are to file.
There is a safe harbor if you file, so you are protected if you
file. And it just goes into a big database.
I want to add, though, to some extent, as Ms. Anderson was
talking about, the regulators, the examiners here, are in a
very difficult position, too. And as I highlighted in my
testimony, it is not their fault that they are in a position
where they don't get to know what law enforcement is doing with
these SARs or what national security is doing with these SARs.
What they know is if they don't have enough people written
up, or they don't have enough consent orders, they are going to
be hauled to Washington and criticized for that. And then, God
forbid, something goes wrong at the institution they are
examining, they are going to be held to account. And their only
defense can be, I have them under a consent order. I wrote them
up for 50 MRAs. It is not my fault.
Mr. Trott. Would an advisory opinion process help?
Mr. Baer. I'm sorry?
Mr. Trott. Would an advisory opinion process help?
Mr. Baer. I hadn't thought about that. Yes, I think that
could be helpful. Yes.
Mr. Trott. Thank you.
I yield back.
Chairman Luetkemeyer. The gentleman's time has expired.
The gentleman from Tennessee, Mr. Kustoff, is recognized
for 5 minutes.
Mr. Kustoff. Thank you, Mr. Chairman.
Ms. Anderson, if I could ask you a question that is along
the same track, but a little bit different relating to real
estate, and real estate loans.
In the last 12 months or so, according to the FBI Internet
Crime Complaint Center, there have been, supposedly, over 3,000
victims who reported the actual attempt or attempted theft of
almost $400 million in assets through fraudulent wire transfers
related to real estate transactions. That is a big increase
over the last several years. And my concern is is that these
funds represent, often, the large majority of savings that are
held by families who are being victimized.
And if it is not detected within a few hours or several
hours of the fraud taking place, as I understand it, it becomes
almost impossible to recover that money as it gets laundered
and transferred through a network of accounts and fraudulent
schemes.
There are sophisticated hackers that mine data to identify
the victims near the conclusion of these real estate
transactions. And they often mimic trusted participants, such
as a real estate agent, a mortgage lender, or a closing agent,
to provide transfer information that the victim has little or
maybe no reason to suspect.
With the real estate-related email compromise schemes, is
it common, in your experience, for the nominal payee who is
listed on the instructions in the payment order not to match
the holder of the account at the receiving institution?
Ms. Anderson. Usually for us, when the name and the account
number doesn't match, it is a red flag. And so we do more due
diligence. And the fraud that you alluded to, where title--the
customer will receive an email to transfer the funds somewhere
else, it has just recently come to our attention that that does
happen.
And so we try to be vigilant in informing our members who
are purchasing houses, to know to be careful when they receive
emails like that.
For example, they need to be more vigilant on the side of--
with their title company. And the title companies need to also
be vigilant in telling their customers, we would never send you
an email telling you to transfer money from this account or to
another bank.
Because we do what we can for our side, for our members on
our side, but it is hard to also control what is going on on
the other side, because we don't know what is going on on that
other side. We don't have that information.
Mr. Kustoff. And I appreciate you saying that.
Would your particular AML program catch that discrepancy?
Ms. Anderson. How that is caught is through the training
that we would give, for example, to the wire folks. So while it
may be caught with our system, we get the cases at the
beginning of every month. It is not a live system. Our fraud
system may catch it the next day, but really, it is the
training that you give to your employees that catches fraud
right at the beginning.
Mr. Kustoff. And if I could follow up on that, do you know
what your credit union does to double-check that both the
account number and the payee's name matches before sending a
wire and making the funds available for withdrawal after a wire
transfer?
Ms. Anderson. If we are the receiving institution, we make
sure that the name and the account match, the number, but
generally, it is the account number that controls. But I know
that when there is fraud, working with other financial
institutions, sometimes when you are able to talk to them, if
it hasn't processed yet on the other side if we are sending.
But we do what we can to make sure our members' money is safe
and gets into the right accounts.
Mr. Kustoff. As it relates to these email schemes, I would
assume you are seeing more and more of those type of emails and
situations relating to your customers?
Ms. Anderson. Actually, I just heard of one just recently,
and we were able to stop it.
Mr. Kustoff. Very good.
Thank you, Mr. Chairman. I yield back my time.
Chairman Luetkemeyer. The gentleman yields back his time.
With that, we go to the gentlelady from New York, Ms.
Tenney, for 5 minutes.
Ms. Tenney. Thank you, Mr. Chairman.
And thank you to the panel. I know this is a very--it has,
actually, turned into an interesting discussion. I sort of have
even more questions than I had before. And I appreciate you
being here and your expertise on this issue.
I recently took a trip to the Middle East, to Iraq,
Afghanistan, and central Asia. And one of the issues that we
came across was countering the financing of terrorism, which we
discussed, and how many of these banking institutions end up
being financed through porous borders in Central and South
America getting all the way to the Middle East, and how these
are happening through banking and financial institutions.
That was a concern to me, and we had a lot of interesting
conversations about what to do about that, and international
banks, how to regulate banks. And what was really interesting
is that most of--a lot of it is cash. So there is no way, no
matter how many regulations you put out, you are not going to
be able to catch the virtual needle in a haystack, which it
seems you are describing today, that we have been tasked with
this enormous burden to try to find a needle in a haystack by
combing through thousands of tiny transactions. As you
indicated, a $10,000 transaction may not net something that
maybe a $500 transaction would net.
And I might reference that in 2007, we brought a New York
Governor down, who ended up resigning over a $4,000 transaction
in another State.
So it really isn't the amount of the transaction. It is all
the information that goes into it. And it just raised a lot of
questions for me, and some of those are--what would be the
approach that you would recommend? Because, honestly, I am a
little leery about the idea of having a central network and
worrying about a lot of concerns. Are we actually going to have
an open case against an individual? Are there constitutional
rights there, maybe a privacy right? And balancing that with,
obviously, our need to find a lot of schemes through terrorism.
I just thought I would start maybe with Ms. Anderson, or
the Credit Bureau, or any small banking institutions, because
many rural areas rely on you.
What would you suggest that is a better way to make it more
efficient for the bank, or the credit union, and still have--
being meaningful into finding cases of illegal illicit money
laundering, financial issues?
What would you suggest, quickly?
Ms. Anderson. I think as we have mentioned before, it would
be good to know what law enforcement does with our information,
because right now we don't know. So even though we are filing
all these suspicious activity reports, we don't know if they
are fruitless or if it is helping law enforcement. So that
would be one step.
And to the extent that anything can be automated, we need
to make sure that smaller financial institutions, such as
credit unions, have access to that, because it can be
expensive.
And then, if there is anything else, I will send in written
testimony. Thank you.
Ms. Tenney. And, Mr. Baer, I am just curious. It just seems
like we have this metadata type of idea. I hate to bring that
in, but it sounds like we are just collecting all this data
when we don't really have a defined mission. And you said we
could isolate that. If you had just a quick comment on that?
Mr. Baer. Sure. I think it is kind of interesting. On
behalf of the largest banks, I think I would have pretty much
the same observation as Ms. Anderson has on behalf of credit
unions. A lot of it is about getting better feedback and being
smarter about it.
I think with regard to the international issues you talk
about, there is another component, which is there needs to be--
and we believe it is the Treasury Department--somebody really
has to be in charge and has to put everyone in a room and
decide what is the cost-benefit of banks continuing to operate
in Somalia, say. That may create terrorist risks, development
risks on the other side, diplomacy risks.
But that is a decision that needs to be made by somebody
with a very heavy title, we think in our government, but right
now it is being made by default by bank examiners where the
push is always to derisk and leave.
Ms. Tenney. Right. The pressure on banks and the pressure
on banks to actually be the law enforcement as opposed to just
a tool for law enforcement.
And I thought maybe I could ask Mr. DeVaux, if you could
just explain--how would you eliminate this idea--how would you
enhance what Ms. Anderson had said about whether it is
redundant or inefficient? And what can we do to eliminate this
redundancy on banks that isn't really netting what we hope it
would?
I am going to lose my time in a minute, but if you could
answer quickly, I would appreciate it. Thank you.
Mr. DeVaux. I think it really does come down to sharing of
information and working together. I mentioned earlier that this
has to be a team approach, and there are pieces of this work
that need to be done in the most efficient place.
Ms. Tenney. Can I ask quickly, is there a privacy issue
with a private citizen, with bank information, that would
expose banks to liability as well?
Mr. DeVaux. There is a privacy issue today. The more you
share information about customers, the more likely customers
are to leave the banks. They may want to go underground if the
information is being shared too much.
So we have to balance that. But we do have to share--I
think we have to share and work together.
Ms. Tenney. Excellent point.
Thank you very much, panel. I appreciate it.
Chairman Luetkemeyer. The gentlelady's time has expired.
The gentleman from Florida, Mr. Posey, is recognized for 5
minutes.
Mr. Posey. Thank you, very much, Mr. Chairman.
To the representatives of the banks and credit unions, do
you feel that the Federal Government initiatives, such as
Operation Choke Point, that seek to disrupt banking
relationships with legal, yet undesirable, according to the
Administration, businesses are concerning?
Mr. DeVaux. Congressman, that is a good question, and one I
talked about earlier. When it comes down to banking certain
types of businesses and certain types of customers, the burden
is overwhelming. And in a lot of cases these are legal
businesses, and these are small businesses. And so if we turn
them away, it becomes very difficult for them to do business.
There are businesses that the regulators have deemed as
high risk, and it is very tough for us to spend extra time on
them when we could focus more on our communities and developing
the businesses that grow our communities and grow jobs rather
than have to spend all our time trying to clear BSA issues on a
business that has been deemed high risk by a regulator.
Ms. Anderson. I would like to add to that that, yes, there
are certain types of businesses that are deemed high risk. And
because of that, we know that under the regulations the amount
of due diligence that we would need to really get to know that
business and monitor them, it would be too burdensome and not
fair to the rest of our members that we are spending so much
time on a particular type of business. So we actually
discourage that type of business from having accounts at our
credit union.
Mr. Posey. Okay. Do you think it is pertinent that
financial institutions have due process and know if they are
acting in compliance with applicable laws, not ideology or
certain examiners who may personally disfavor a certain
industry?
Mr. Baer. I will address that. One of the other members
alluded earlier to the phrase, ``reputational risk,'' which to
me is the most troubling in bank supervision currently. Because
what that really means is, what you are doing is legal, you
seem to have the risk under control, but I just don't like it.
Therefore, it poses a reputational risk to you. Namely, because
I am going to say I don't like it as your regulator.
And so it can become very circular and basically just boils
down to, I don't have a legal basis for saying don't do this,
but don't do this. And so whether it is BSA or in other areas,
I think what banks really want is certainty and due process.
Mr. Posey. Anyone else?
How do you know who you don't want to do business with per
the government's bias against that business? How do you
determine?
Mr. DeVaux. If we don't know before the examiners come in,
we know after they come in, because they spend a lot of time
digging through the high-risk businesses, such as money
services businesses (MSBs). I could name a few, but I won't.
The regulators continue to push and ask for more information
and more due diligence and more oversight.
We had one customer recently where I actually had a friend
who used to be at another bank that I knew had banked the
business, and I was talking to him about it. And he said, ``You
know what, we even had an outside audit firm come in and do a
full risk assessment of this business, and they said there is
no risk in this business. The regulators never stopped pushing
for more information.'' He said: ``My recommendation is, don't
bank them.''
Ms. Anderson. I would like to add to that.
So, for example, if we file two or three suspicious
activity reports because we don't know the sources of the
funds, we will reach out to our member and ask them, ``Would
you please let us know where you are getting this money, where
is it going?'' So we have to dig into their business. And if
they won't respond to us, we don't want to keep on filing
suspicious activity reports, and so we limit services.
Mr. Posey. What would you say if I was a manufacturer of
pistols, say, and I wanted to open up an account with your
bank? Would you open an account with me if you know that I was
manufacturing pistols?
Ms. Anderson. In theory, if you answered all of our due
diligence questions, then we would open the account. We just
need to make sure that whatever you tell us at the beginning
when you open an account, what you actually do once you have an
account with us matches what you told us you would be doing.
And if it doesn't match, then we would--we may file a
suspicious activity report or we may go back to you and ask you
what changed in your business and how come you are using more
cash or sending out more wires.
Mr. Posey. Okay. I had a manufacturer in my district, and
his bank told him, ``The government said you can't bank with us
anymore. You have to find somewhere else.'' And every bank that
he went to told him the same thing. That creates a life hazard,
obviously, even for bad guys who know, if you are in this
business or this business or that business, you can't have a
bank account, so you are going to have to be a target for a
large amount of cash.
Have you ever heard--Mr. Chairman, my time is up. I yield
back. I'm sorry.
Chairman Luetkemeyer. The gentleman's time has expired.
The gentleman from Ohio, Mr. Davidson, is recognized for 5
minutes.
Mr. Davidson. Thank you, Mr. Chairman.
Thank you all for your testimony today. Thank you for your
written testimony as well.
Mr. Baer, in particular, you provided some good position
papers. And one of the topics that has come up a fair bit is
information-sharing. And Mr. Pittenger's topic that he and I
don't agree on, we agree on lots of things, and the safe harbor
that a lot of financial institutions want.
And, Ms. Lowe, I believe you were the only one who
addressed the concern on privacy there. So we have just talked
with Ms. Tenney and Mr. Posey expressing some concerns. And up
until now we really hadn't heard much on the concern of
privacy.
Just kind of an open question, in your assessment, should
Americans have any expectation of privacy upon opening a bank
account?
Mr. Baer. Congressman, of course they should. The question
is how far that privacy extends. Clearly, it is privacy with
regard to disclosing to non-law-enforcement. And the question
is, does it extend to other affiliates of that bank? Does it
extend to other banks? Does it extend to law enforcement?
There are clearly very difficult tradeoffs here, and every
bit of sharing for a law enforcement or national security
purpose is incrementally less privacy for the person whose
information is being shared for sure.
But we have seen pilot projects. For example, there is one
around human trafficking with a group of banks getting together
and sharing customer information with the approval, I believe,
of FinCEN, and saying, can we make more cases on human
trafficking?
I think there you would say, ``Yes.'' The cost-benefit
analysis there would be, yes, there was incrementally less
privacy accorded those customers, but they were able to make
cases they never would have made. And I think the information
was cabined among the institutions that were doing that
sharing.
So I do think it is a very difficult issue. But I think our
lean would be towards more sharing rather than less at this
point.
Mr. Davidson. Okay. So let's say, yes, of course, I am for
catching human traffickers, we want to stop all the terrorists,
all sorts of other things. But we have the constitutional
safeguards in place because we can see things that happen, as
Mr. Posey alluded to, disfavored speech, shaming, and not even
against the law, just not liked by a regulator. I wonder if
Bernie Sanders would be okay banking Mr. Vought's church or
Wheaton College or something after his testimony in the Senate
recently.
So we have these protections in the Bill of Rights for a
reason, which was wise of our Founders. How do you provide
those safeguards today?
Particularly, Mr. DeVaux, dealing with banks in Florida
there, very similar to Ohio issues, just a different State, but
a lot of the same challenges with the size of banks.
Mr. DeVaux. Privacy is a big issue. We do not share with
other banks. There is a mechanism for doing that. But we
generally do our investigation and we file our suspicious
activity report.
But I think the same question comes to the passport office
and the driver's license office, do they share that
information? We are talking about money, which is an enabler of
terrorism.
So, for me, I think there should be some sharing at some
point along the way. Why would five banks write a SAR on the
same customer or investigate a customer who looks like they are
doing illegal activity when maybe they could file, I think, as
I mentioned earlier, a short SAR, shoot it off to law
enforcement, and they have a database of the bad guys?
One of the things I talked about earlier, also, was a list
called a 314(a) list that is provided by law enforcement to us.
Those are the bad guys they are interested in. So they are
sharing information with us, saying, we are interested in these
bad guys. We like that list. We can run that list very quickly.
And we know immediately if we have any criminals and we can
report back to them.
Mr. Davidson. And if the 314(a) list comes in, does that
come in, in terms of a subpoena, or is that just regular flow
of information covered under 314(a)?
Mr. DeVaux. It comes in as a list. It comes in as a
database multiple times during the year, and we just run our
database against it.
Mr. Davidson. Ms. Lowe, since you addressed privacy in your
written remarks, your thoughts on privacy?
Ms. Lowe. Thank you.
Privacy is definitely an issue. I think redress, some sort
of way to have somebody be able to get their rights restored
should there be a problem on the other end, is important.
But I think, actually, the technology today allows us to do
a lot of different types of encryption and anonymization of
data. And I think we really need to be looking in those areas
as well to see if there are solutions, technological solutions,
that can be brought to bear to really protect privacy while
also sharing information in a way that is useful for law
enforcement
Mr. Davidson. Distributed ledger is very promising.
Thank you all.
My time has expired. Mr. Chairman, I yield back.
Chairman Luetkemeyer. The gentleman's time has expired. And
with that, we are done with our questions. And we want to thank
the panel for all of your great testimony and your answers
today. You were very forthcoming. We certainly appreciate that.
Just a couple of closing comments and thoughts.
We appreciate what you have told us from the standpoint
that--I think Mr. Heck probably said it best, from the
standpoint of we want to make sure we catch the bad guys and
prohibit folks from doing illegal, illicit things. At the same
time, the laws and rules we are talking about haven't been
``modernized,'' was his term--I thought it was a good term--for
a long, long time. And so we need to take a look at
streamlining, updating. I think we have talked about technology
is a good way, perhaps, that we need to utilize it better, to
streamline the process.
Mr. Davidson brought up some good points with regards to
privacy. Somehow we have to thread the needle between what is
the protection of the privacy of our customers yet be able to
find ways to ferret out the bad guys' illicit activities.
What works, what doesn't work. I know you mentioned the
``know your customer'' program. Maybe we need to take a look at
fine-tuning that to find some streamlining. I appreciate your
thoughts on that.
Again, it was interesting, the discussion that was had by I
think Mr. Loudermilk with regards to the level at which we
decide to set the determination for, that $10,000 is really a
good spot. And I appreciate it.
Somebody, I think, Mr. Baer, your testimony was that
$10,000 in 1970 is $64,000 today. Is that what you said? Or Mr.
DeVaux. There we go. I thought that was an interesting comment,
and I appreciate that, because it gives us some perspective.
Maybe we need to take a look at that and maybe we need to work
with law enforcement and see where the sweet spot is there.
So I think, as Mr. Heck alluded to, we are on one side of
this issue from the standpoint of the banks and the money
folks, the financial services industry's rules and regulations.
We need to go on the other side to also figure out law
enforcement's perspective and how we can interface with them
and find ways to come together.
Reputational risk is something that is frustrating to me as
a result of working all of these years with what is going on
and the different rules and regulations, and now we have
examiners doing the Operation Choke Point stuff, which is all
based on reputational risk. And a lot of it is not really on
illicit activity. And so we need to find ways to curtail that.
So, again, sincerely thank you for your testimony. You have
given us a lot of good ideas, a lot of good information. We
want to continue to work with each of you and your associations
to come to some solutions and we can take those solutions then,
as I said, to the law enforcement sector and see how we can
find ways to actually make this system better, streamline it
for your benefit, while also, at the same time, helping them be
able to do their job, which is to protect our country and our
citizens.
The Chair notes that some Members may have additional
questions for this panel, which they may wish to submit in
writing. Without objection, the hearing record will remain open
for 5 legislative days for Members to submit written questions
to these witnesses and to place their responses in the record.
Also, without objection, Members will have 5 legislative days
to submit extraneous materials to the Chair for inclusion in
the record.
And with that, the hearing is adjourned.
[Whereupon, at 4:25 p.m., the hearing was adjourned.]
A P P E N D I X
June 28, 2017
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]