[Senate Hearing 115-158]
[From the U.S. Government Publishing Office]






                                                        S. Hrg. 115-158


    COMBATING MONEY LAUNDERING AND OTHER FORMS OF ILLICIT FINANCE: 
  OPPORTUNITIES TO REFORM AND STRENGTHEN BANK SECRECY ACT ENFORCEMENT

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                   BANKING,HOUSING,AND URBAN AFFAIRS
                          UNITED STATES SENATE

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                                   ON

 EXAMINING THE ISSUES UNDERLYING THE MODERNIZATION OF SYSTEMS DESIGNED 
 TO COMBAT MONEY LAUNDERING, TERRORIST FINANCING, CORRUPTION, WEAPONS 
          PROLIFERATION, SANCTIONS EVASION, AND OTHER THREATS

                               __________

                            JANUARY 9, 2018

                               __________

  Printed for the use of the Committee on Banking, Housing, and Urban 
                                Affairs





[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]






                Available at: http://www.govinfo.gov/

                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

28-675 PDF                     WASHINGTON : 2018
















            COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS

                      MIKE CRAPO, Idaho, Chairman

RICHARD C. SHELBY, Alabama           SHERROD BROWN, Ohio
BOB CORKER, Tennessee                JACK REED, Rhode Island
PATRICK J. TOOMEY, Pennsylvania      ROBERT MENENDEZ, New Jersey
DEAN HELLER, Nevada                  JON TESTER, Montana
TIM SCOTT, South Carolina            MARK R. WARNER, Virginia
BEN SASSE, Nebraska                  ELIZABETH WARREN, Massachusetts
TOM COTTON, Arkansas                 HEIDI HEITKAMP, North Dakota
MIKE ROUNDS, South Dakota            JOE DONNELLY, Indiana
DAVID PERDUE, Georgia                BRIAN SCHATZ, Hawaii
THOM TILLIS, North Carolina          CHRIS VAN HOLLEN, Maryland
JOHN KENNEDY, Louisiana              CATHERINE CORTEZ MASTO, Nevada
JERRY MORAN, Kansas                  DOUG JONES, Alabama

                     Gregg Richard, Staff Director
                 Mark Powden, Democratic Staff Director
                      Elad Roisman, Chief Counsel
        John O'Hara, Chief Counsel for National Security Policy
               Sierra Robinson, Professional Staff Member
                 Elisha Tuku, Democratic Chief Counsel
               Colin McGinnis, Democratic Policy Director
                       Dawn Ratliff, Chief Clerk
                      Cameron Ricker, Deputy Clerk
                     James Guiliano, Hearing Clerk
                      Shelvin Simmons, IT Director
                          Jim Crowell, Editor

                                  (ii)

































                            C O N T E N T S

                              ----------                              

                        TUESDAY, JANUARY 9, 2018

                                                                   Page

Opening statement of Chairman Crapo..............................     1

Opening statements, comments, or prepared statements of:
    Senator Brown................................................     2

                               WITNESSES

Greg Baer, President, The Clearing House Association.............     4
    Prepared statement...........................................    29
    Responses to written questions of:
        Senator Brown............................................    58
        Senator Sasse............................................    62
        Senator Tillis...........................................    70
        Senator Warner...........................................    75
        Senator Cortez Masto.....................................    79
Dennis M. Lormel, President and Chief Executive Officer, DML 
  Associates, LLC, and Former Chief, FBI Financial Crimes Program     5
    Prepared statement...........................................    35
    Responses to written questions of:
        Senator Brown............................................    86
        Senator Sasse............................................    87
        Senator Tillis...........................................    96
        Senator Warner...........................................   100
        Senator Cortez Masto.....................................   105
Heather A. Lowe, Legal Counsel and Director of Government 
  Affairs, Global Financial Integrity............................     7
    Prepared statement...........................................    46
    Responses to written questions of:
        Senator Brown............................................   111
        Senator Sasse............................................   117
        Senator Tillis...........................................   124
        Senator Warner...........................................   130
        Senator Cortez Masto.....................................   134

              Additional Material Supplied for the Record

Countering International Money Laundering........................   145
Letter submitted by the FACT Coalition...........................   174
Statement submitted by the Independent Community Bankers of 
  America........................................................   176
Letter submitted by the Credit Union National Association........   178

                                 (iii)

 
    COMBATING MONEY LAUNDERING AND OTHER FORMS OF ILLICIT FINANCE: 
  OPPORTUNITIES TO REFORM AND STRENGTHEN BANK SECRECY ACT ENFORCEMENT

                              ----------                              


                        TUESDAY, JANUARY 9, 2018

                                       U.S. Senate,
          Committee on Banking, Housing, and Urban Affairs,
                                                    Washington, DC.
    The Committee met at 10:04 a.m., in room SD-538, Dirksen 
Senate Office Building, Hon. Mike Crapo, Chairman of the 
Committee, presiding.

            OPENING STATEMENT OF CHAIRMAN MIKE CRAPO

    Chairman Crapo. This hearing will come to order.
    Today's hearing is the first of two currently planned 
hearings to explore the difficult issues underlying modernizing 
a decades-old system designed to combat money laundering, 
terrorist financing, corruption, weapons proliferation, 
sanctions evasion, and a host of other threats.
    Our Nation's financial industry has long worked on the 
front lines of preserving the integrity of the United States 
and international financial systems and in partnership with our 
Government since at least when the Bank Secrecy Act was first 
enacted, in 1970, and the phrase ``anti-money laundering''--or 
AML--was coined a few years later.
    From its tax and narcotics beginnings, the BSA, its 
regulations, and other supporting laws have evolved into a mass 
of counter-threat-finance regulatory requirements designed to 
focus the industry's attention on an ever-expanding set of 
domestic and foreign threats to the Nation.
    These threats were brought to the forefront of Americans' 
hearts and minds and have only increased after the terrorist 
attacks of September 11, 2001, and, in response, the enactment 
of the PATRIOT Act.
    The threats against our Nation, our people, and our 
financial system are real. Everyone sees these threats. One 
only needs to turn on a TV or read an article about corruption, 
drugs, or a terrorist attack and wonder about the money that 
had to be involved to make it happen or the profits that came 
as a result.
    Illicit money enables bad people to do the worst of things 
in this world. Where does it come from? Where does it go? And 
who has it now? These questions will always need to be asked 
and answered.
    In fact, these questions are being answered, whether they 
always know it or not, by an entire industry of technical and 
financial professionals dedicated to managing the day-to-day 
BSA and other threat finance compliance requirements of our 
financial institutions.
    They do the hard work of monitoring hundreds of millions of 
financial transactions and producing millions of reports so 
that law enforcement and security professionals can do their 
jobs of managing an increasingly complex domestic and 
international threat picture.
    But a lot has changed in this nearly 50 years that have 
passed since the BSA was enacted. Certainly the sophistication, 
types, and numbers of threats have increased. The regulations 
that focus the financial industry's attention on suspicious 
activities have also increased. So, too, have the resources 
that are expended and paid by industry and Government alike to 
maintain a constant vigilance over threats to the financial 
system.
    It is incumbent on this Committee to then ensure that all 
of this work and the resources involved result in a ``high 
degree of usefulness'' in protecting this Nation, as intended 
by the BSA itself.
    I welcome each of our witnesses today whose individual 
expertise in financial regulation, law enforcement, and 
financial transparency together will help inform the Committee 
of potential ways to sharpen the focus, sustainability, and 
enforcement of a modernized, more efficient U.S. counter-
threat-finance architecture.
    Getting this right saves lives. Period.
    This is a bipartisan issue.
    This is both an American and a global issue.
    I look forward to working with Senator Brown and all 
Members of the Committee to see that the needs of the 
stakeholders in this important work are critically examined and 
addressed in order to modernize a system that benefits so many, 
at home and abroad.
    Senator Brown.

           OPENING STATEMENT OF SENATOR SHERROD BROWN

    Senator Brown. Thank you, Mr. Chairman, for this important 
hearing, the first of two this month in which the Committee 
will look at ideas for strengthening and reforming our laws to 
combat money laundering and illicit financial transactions.
    Some of the world's largest banks and their foreign 
partners have run afoul of these laws. In some cases they had 
inadequate anti-money laundering oversight and compliance 
regimes. Other banks willfully and persistently violated U.S. 
bank secrecy, sanctions, and anti-corruption laws.
    In fact, the GAO concluded last year that from 2009 to 2015 
about $12 billion was collected in fines and penalties and 
forfeitures from financial institutions for violations of the 
Bank Secrecy Act, the Foreign Corrupt Practices Act, and U.S. 
sanctions requirements.
    These laws are all tools that aid the Federal Government in 
detecting and disrupting and inhibiting financial crimes, 
terrorist financing, bribery, and corruption.
    During that same period, Federal agencies assessed more 
than $5 billion specifically for Bank Secrecy Act violations. 
When one widens the lens and reaches back to 2005, that number 
grows larger, much larger.
    Many of these banks violated U.S. anti-money laundering and 
sanctions laws by knowingly facilitating financial transactions 
for rogue jurisdictions like Burma and Iran and Sudan and Libya 
and Syria.
    Some conducted transactions with individuals or entities 
affiliated with terrorist organizations and drug cartels in 
violation of U.S. law. Many violated the law for several years. 
And in some cases, foreign affiliates of banks operating in the 
U.S. were working actively to circumvent the compliance systems 
of their own banks.
    These are not victimless crimes. For example, money 
laundering on behalf of drug cartels has a direct line to the 
opioid epidemic in my State, where more die of opioid overdoses 
than any State in the country. These drug cartels have a direct 
line to the opioid epidemic in Ohio, where Sinaloa cartel 
actors have been active in robbing so many families of sisters 
and husbands and parents and children.
    These types of violations should concern those who argue we 
should loosen laws or regulations or oversight in this area. 
These laws have been critical in protecting the integrity of 
our financial system.
    That said, we should assess whether there are ways to 
responsibly update and strengthen the anti-money laundering 
framework, including through new measures to require beneficial 
ownership information when companies are formed in the U.S. 
Right now the U.S. has the dubious distinction of being a haven 
for anonymous shell companies. That needs to end so that law 
enforcement can stanch the flow of money into illegal activity.
    Broadening information sharing may make sense, but 
important questions about privacy protections, of course, must 
be answered. We should focus on sharpening suspicious activity 
reporting and bolstering efforts by law enforcement to give 
banks guidance on what to look for, instead of substantially 
raising currency reporting thresholds.
    There are many tough questions for the Committee to 
consider on these issues. I welcome our distinguished 
witnesses, and I look forward to the comments of the panel.
    Thanks, Mr. Chairman.
    Chairman Crapo. Thank you very much, Senator Brown.
    We appreciate our witnesses' being with us today, and I 
want to remind the witnesses that we have asked that you each 
keep your initial presentation to 5 minutes so that we can have 
time for our questions and answers; also, to remind the 
Senators that they should keep their questions to a 5-minute 
period.
    Our witnesses today are Mr. Greg Baer, president of The 
Clearing House Association; Mr. Dennis Lormel, president and 
CEO of DML Associates and a former Chief of the FBI Financial 
Crimes Program; and Ms. Heather Lowe, the legal counsel and 
director of Government affairs of Global Financial Integrity.
    Again, we appreciate all of you being with us today, and, 
Mr. Baer, you may proceed.

     STATEMENT OF GREG BAER, PRESIDENT, THE CLEARING HOUSE 
                          ASSOCIATION

    Mr. Baer. Thank you. Chairman Crapo, Ranking Member Brown, 
and Members of the Committee, I appreciate the chance to 
testify before you today.
    Over the past year, the Clearing House has convened off-
the-record symposia on the AML/CFT system and produced a 
comprehensive report. We included a wide range of stakeholders 
from banking, data science, diplomacy, and global development. 
We emphasized law enforcement input, which included former 
senior officials at Treasury's Office of Terrorism and 
Financial Intelligence, former FinCEN Directors, the former 
Chief of the AML Unit at the SDNY, and numerous former 
officials from Justice, DEA, IRS, Customs, and Scotland Yard. 
The consensus, reflected in our report, is that our current 
AML/CFT system is extraordinarily inefficient, outdated, and 
driven by perverse incentives.
    Collectively, U.S. financial firms act as an intelligence-
gathering agency for law enforcement and national security, 
employing thousands of people and spending billions of dollars. 
That collective agency currently yields much extremely valuable 
intelligence, but a fraction of what a modernized, properly 
targeted regime could achieve.
    An effective approach to AML/CFT should be risk-based, 
devoting the greatest majority of resources to the most 
dangerous activity. Unfortunately, banks have been pushed away 
from risk-based approaches because their performance is graded 
not by law enforcement or national security officials but, 
rather, by bank examiners, who do not track how the 
intelligence is actually used. Instead, those auditors focus on 
what they know: policies, procedures, and quantifiable 
metrics--for example, the number of computer alerts generated.
    So, for example, if a bank were to start a financial 
intelligence unit focused on the opioid crisis, it would likely 
receive no examination credit for that activity. It would 
receive blame if a diversion of resources caused it to fail to 
file a SAR in another area.
    What gets measured gets done, and providing valuable 
intelligence to law enforcement or national security does not 
get measured. According to bank analysis, there is little to no 
governmental analysis. For the average SAR filing, there is a 
less than 10 percent chance that any law enforcement follow-up 
will occur. For certain categories of SARs--structuring, 
insider abuse, and here insider abuse includes teller crimes--
the yield is close to 0 percent, and those SARs--insider abuse 
and structuring--now represent a majority of the SARs filed.
    Furthermore, banks know that the fastest way to get in 
regulatory trouble is failure to file a SAR that an examiner 
subsequently determined should have been filed. Therefore, they 
reportedly spend more time documenting decisions not to file 
SARs, papering the file, than they do following up on the SARs 
they do file. In other words, they focus on the noise, not on 
the signal.
    To file SARs, in practice, almost all banks hire one of a 
handful of vendors who construct rules for generating alerts--
for example, three cash deposits between $5,000 and $10,000 in 
a 3-week period, or a wire transfer over $1,000 to a high-risk 
country, say Mexico. These crude rules generate numerous 
alerts, and bank investigators must then decide whether to 
clear the alert or file a SAR. And examiners will criticize 
thresholds that do not generate a large number of alerts. Of 
course, it is widely understood that sophisticated criminals 
know these rules, as the software is for sale and widely 
distributed, and its rules do not change much over time.
    Consider then the potential for revolutionary change that 
artificial intelligence and other concepts therefore present. 
AI does not search for previously identified typologies but, 
rather, mines data to detect anomalies. It gets progressively 
smarter, it would not be easily evaded, and it changes as 
criminal behavior changes.
    The current system is not modernizing, however, because 
there has been no indication from the regulatory agencies or 
others that dollars can be shifted from the existing, rules-
based system to a better one--in other words, that firms will 
be rewarded, not punished, for innovation.
    Perverse incentives also explain a push for banks to 
eliminate clients in countries or industries that could end up 
creating political risk, so-called derisking. A recent report 
in The Economist notes, ``Derisking chokes off financial flows 
that parts of the global economy depend on. It undermines 
development goals such as boosting financial inclusion and 
strengthening fragile States. And it drives some transactions 
into informal channels, meaning that regulators become less 
able to spot suspicious deals. The blame for the damage that 
derisking causes lies mainly with policymakers and regulators, 
who overreacted to past money-laundering scandals.''
    The cause of derisking is clear: Regulators require banks 
to deem certain accounts ``high risk'' based on factors such as 
line of business or country of origin. The cost of maintaining 
that account thereby rises exponentially as the bank must 
conduct an independent investigation of each such client, and 
that does not even include the risk of fines in the event the 
client actually does something wrong. The safest alternative is 
always to derisk, that is, fire the client.
    Last, one important change to the current system that 
requires new legislation is ending the use of shell companies 
with anonymous ownership. The Clearing House strongly urges 
Congress to adopt such legislation promptly and is pleased to 
see bipartisan support for it.
    I hope this testimony has been helpful, and I look forward 
to your questions.
    Chairman Crapo. Thank you, Mr. Baer.
    Mr. Lormel.

 STATEMENT OF DENNIS M. LORMEL, PRESIDENT AND CHIEF EXECUTIVE 
 OFFICER, DML ASSOCIATES, LLC, AND FORMER CHIEF, FBI FINANCIAL 
                         CRIMES PROGRAM

    Mr. Lormel. Thank you, Chairman, and thank you guys for 
holding this hearing. I think this is really an important 
topic. And to your point in your opening statement, when you 
talked about saving lives, when I was in the FBI, we actually 
were able to help save lives based on Bank Secrecy Act 
information and investigations that we conducted.
    I have given you a statement for the record, and I am just 
going to highlight some points on that, and I will look forward 
to questions afterward and for the discussion. I certainly 
appreciated Greg's testimony. And as I said, I was in law 
enforcement, and I have been doing this for 45 years, and in 
law enforcement I was the direct beneficiary of suspicious 
activity reports in particular. And I agree that we have a lot 
of inefficiencies in the system, and they need to be improved, 
and this is a great starting point. And I believe that the 
Clearing House report is a good starting point for discussion.
    I also think that we need to have a more robust discussion 
on this, and I would encourage you to include law enforcement 
more actively in that dialogue, and particularly when we get 
into SARs, and I will close out my testimony on SARs when we 
get to that.
    I really applaud what you guys did in having the 
symposiums, and I was not involved in that at all. And one of 
the things that concerned me was the level of actual 
participation law enforcement was involved, and I know you 
mentioned some people that you had spoken to, and certainly 
that is very helpful. But I spoke, after you issued the report, 
to current executives in law enforcement, people that sat in 
the chairs I sat in, and in other chairs in other agencies, and 
they were not involved in the dialogue. And I think it is 
really important that going forward that those voices are 
heard, particularly if you get into the situation where you 
look at suspicious activity reports and you determine--or 
currency transaction reports, and you consider changing the 
reporting thresholds. I think particularly in today's world and 
environment, where we talk about, you know, the threat of 
homegrown violent extremists in particular, currency 
transaction reports will factor into those types of 
investigations. And I am sure the FBI can provide statistics on 
that type of thing.
    One of the things that I like to do is visualize the flow 
of funds, and as Mr. Baer pointed out, there are a lot of 
inefficiencies in the current system, and we really need to 
look at it and bring those up to date. But from the vantage 
point where I came from, the information that flows--so law 
enforcement is the back-end beneficiary of suspicious activity 
reports and other BSA reports. Financial institutions are 
really the front-end monitors when it comes to that type of 
information, and so they provide that information and it flows 
to law enforcement. And the basic flow, the basic system, and 
the information that comes to law enforcement on a regular 
basis is good information. The problem is that as you add 
filters on top of that--and the regulatory filters is what I am 
talking about--the more regulatory filters and the more 
convoluted the flow of information from banks to law 
enforcement, that is where we run into the inefficiencies and 
the system being flawed. And that, in my view, is where we need 
to focus our attention going forward in terms of improving the 
system.
    And then on the subject of SARs, as I said, I was the 
direct beneficiary of SARs in law enforcement, and one of the 
things that I would encourage you to look at, if you get into 
the SARs, is the law enforcement constituents. For instance, I 
datamined quite a bit at the program level at FBI headquarters. 
We had the ability to do datamining and a lot of broad 
analytical work that was very helpful. If you talk to people 
who work with SARs at the street agent level, at the levels of 
the SAR Review Teams--every U.S. Attorney's Office has a SAR 
Review Team. They still manually review SARs. So you are going 
to get two different perspectives on the use of SARs. From 
where I sat, more was better because we were able to use a lot 
more information and use it against other data sets. To the SAR 
Review Teams out in the streets, they have to physically look 
at every SAR, they are going to say less is better. So I think 
there is a balance there as to the quality of the SAR 
information.
    And then to the point, again, I was firsthand involved in 
and a firsthand beneficiary of some very good, innovative 
projects, and I cite one in my written testimony that JPMorgan 
Chase did back in 2009, and it came out in 2011, where they 
worked with Homeland Security, and they had targeted 
monitoring. It was to the same points that you were making 
about transaction monitoring, and this was targeted monitoring 
where they specifically set up certain rule sets. And, 
consequently, the hit rate in that type of proactive 
investigations, they have tremendous results. They are 
tremendously effective, they are very efficient, and we need to 
encourage more of that type of work. And I agree that there is 
not the incentive there for banks to conduct those types of 
investigations. And I also believe--and I do a lot of training 
with financial institutions, and I am a firm believer, and I 
look at things, and I try to assess the flows, information 
flows, and that is how I broke down the flow of SARs or BSA 
data to law enforcement from financial institutions. And I 
think that in that regard--and I will stop, sir, on this. I am 
very passionate about this topic. And I believe that the more 
we can do to encourage law enforcement and banks to work 
together as partners and to work together in terms of being 
proactive, and particularly when we were in a reactive type of 
environment, the better the outcome.
    Chairman Crapo. Thank you, Mr. Lormel.
    Ms. Lowe.

  STATEMENT OF HEATHER A. LOWE, LEGAL COUNSEL AND DIRECTOR OF 
         GOVERNMENT AFFAIRS, GLOBAL FINANCIAL INTEGRITY

    Ms. Lowe. Thank you, Chairman Crapo, Ranking Member Brown, 
and Members of the Committee, for the opportunity to testify 
before you today on this very important topic. I hope that my 
contributions to today's hearing will help you take measured 
and informed decisions that are in the public's interest with 
respect to the U.S.'s anti-money laundering regime.
    So my written testimony, of course, is much more lengthy 
and more detailed, and I hope that you have a chance to read 
through that. There are additional points in that testimony 
that I will not be making verbally today.
    So some of the key points that I did make in my testimony 
are, first, that money laundering and the technology that can 
help us combat it are both evolving. And in light of this, it 
is appropriate to consider whether changes to our regulatory 
structure should be made.
    Equally, however, it is critical that Congress balance and 
carefully weigh the potential benefits against the potential 
negative ramifications before making decisions in this area.
    Number two, as you have seen, money-laundering enforcement 
tends to be through identification of regulatory infractions as 
opposed to criminal money-laundering cases. The burden of proof 
is lower. It is far less costly for the Government to pursue 
regulatory infractions than pursuing criminal money-laundering 
charges, and yet it still has a very dissuasive effect. Despite 
this, the hallmarks of serious criminal money laundering are 
really there in those cases, in those regulatory cases. As a 
result, decreasing the ability to enforce using the regulatory 
approach may have serious, negative repercussions on compliance 
and, ultimately, allow a lot of criminal access to the U.S. 
banking system.
    Number three, it is critical that information about the 
natural person(s) who own and control companies--otherwise 
known as ``the beneficial owners''--is finally collected either 
by the States or by the Federal Government and that it be made 
available to law enforcement and to banks at the very least. 
Companies with hidden ownership are the number one problem in 
the anti-money laundering world, and the U.S. cannot continue 
to allow our failure to act to put the U.S. financial system 
and the global financial system at risk.
    Number four, I strongly oppose one of the Clearing House's 
proposals, and that is transferring responsibility for setting 
AML priorities for individual banks from those banks to FinCEN. 
Banks are best placed to understand their own business, their 
own systems, the risks that their own client base presents, and 
what is inherent therein, and to create the systems that work 
best in their own business models to combat that money-
laundering risk. FinCEN and other regulators should review 
those assessments, but they cannot be responsible for carrying 
them out. They do not have the information they need to do so.
    The Clearing House recommends greater information sharing 
among banks and with Governments in a number of ways, and we do 
really support that. It is a really significant impediment to 
AML enforcement around the world that this information sharing 
is not happening. However, it really does need to be done with 
some appropriate safeguards, especially where it may result in 
somebody being denied banking services. Say a bank in Hong Kong 
denies services for whatever reason, sends that information to 
the U.S., and U.S. banks deny services, that person may not be 
able to get a bank account anywhere, and there may be a good 
reason for that, which is fine; but they also need an 
opportunity to disprove whatever information has been collected 
on them and give them access if they do have legitimate 
business.
    Number six, transferring raw banking data from banks to 
FinCEN to analyze, with the appropriate privacy safeguards, is 
not actually a bad idea either. However, it really is essential 
that we do not absolve banks of the responsibility to carry out 
their own analysis as well, which they have the ability to 
review within the context of the additional client information 
that they are holding and because they are the gatekeepers to 
the financial system. The Federal Government cannot do that 
alone.
    Number seven, some types of entities and persons should be 
required to have AML programs in place that currently do not, 
such as those involved in real estate, lawyers, and others. The 
banking sector cannot and should not carry the responsibility 
alone, especially where these persons act as a proxy to open 
the door to the financial system for criminals and their money.
    And, finally, I just wanted to end with an overall concept, 
that money-laundering and sanctions violation cases over the 
past few years really relate to willful, knowing, and very 
egregious violations of U.S. laws and regulations that have 
resulted in U.S. and foreign banks granting access to the 
financial system for hundreds of millions of dollars in funds 
supporting genocide and funds supporting major, violent South 
American drug cartels, and many other violations. These fines 
that have resulted from these cases have been seen by the 
banking industry as heavy, so banks have begun to take AML 
regulations that have been in place for many years much more 
seriously. I would, therefore, remind Members of Congress that 
the regulatory burden here has not actually really been 
increasing. The threat of being found out is what has actually 
been increasing.
    Thank you very much.
    Chairman Crapo. Thank you very much, Ms. Lowe.
    Before I go to my questions, I would like to ask unanimous 
consent to enter into the record two letters--or a letter and a 
statement from industry: one from the Credit Union National 
Association and another from the Independent Community Bankers 
of America. Without objection, so ordered.
    My first question, Mr. Baer, is for you. There has been 
considerable discussion of the need for improved information 
sharing between financial institutions and regulators and among 
the financial institutions themselves. How is information 
sharing accomplished under the current regime?
    Mr. Baer. Sure. Thank you, Mr. Chairman. Right now, under 
Section 314(b) of the USA PATRIOT Act, information sharing is 
allowed among firms with regard to two types of offenses: one 
is terrorist activity, and the other is anti-money laundering. 
The definition of anti-money laundering can be a little complex 
because that can include some of the predicate offenses. But 
there does seem to be room, and not a lot of room, to draw a 
principal distinction between anti-money laundering and a lot 
of other Federal crimes to expand the categories of offense for 
which, you know, information sharing is permitted.
    It has multiple benefits. It certainly allows banks to 
better identify who the true criminals are. It also, in an 
underrated way, allows banks to identify people who are not 
criminals. So one bank may be looking at only one piece of the 
puzzle and see something that looks suspicious and speak to 
another bank and realize, no, in the broader context, that is 
actually OK.
    So it makes the whole system more efficient both in terms 
of finding bad guys and not finding good guys.
    Chairman Crapo. So I was going to ask how we could improve 
that, but I think you just described it, right? Yes, Ms. Lowe, 
would you like to comment on that?
    Ms. Lowe. Sure. I would like just to add some little more 
of a context to this.
    Chairman Crapo. Turn your mic on.
    Ms. Lowe. Oh, sorry. It has a green light.
    Just to add a little international context and a little 
historical context to this particular area, back in 2012, the 
Financial Action Task Force, which is the international anti-
money laundering standard-setting body, was going to update its 
recommendations, and one of the proposals that they made was 
that banks be required to share information across borders in 
this way. And, basically, everyone agreed that that was a 
really good idea and really important back in 2012, but 
realized it could not actually be included in the 
recommendations because, in particular, the EU's privacy laws 
would actually prevent that information sharing from happening. 
Since 2012, those privacy rules in the EU have actually only 
strengthened.
    So in looking in this area, if you are looking to make 
revisions here, something you also need to be looking at are 
the EU privacy laws as well as the U.S. privacy laws to see, 
you know, does anything need to change in there, and we may 
need to be doing international--work across the ocean to really 
move that forward, because we cannot really do it alone. We can 
allow it within the U.S., but abroad is going to be much more 
difficult.
    Chairman Crapo. Well, thank you, Ms. Lowe. That perspective 
is helpful.
    Mr. Lormel, you mentioned yourself the Clearing House 
report that was put out and indicated that you feel we need 
some more law enforcement engagement on that. With regard to 
the report itself, it characterizes the current AML/CFT regime 
as outdated and in need of redesign to increase the efficiency 
and effectiveness of it. Are there parts of that report that 
you agree with? And if so, which are the most critical parts of 
it that you see?
    Mr. Lormel. Well, I do agree with parts of the report for 
sure, and I believe that the comments about the system being 
antiquated is--they are good comments, and I think that we 
really need to look at the regulatory framework, and I think 
where they pointed out in the report that the regulators--they 
have a different perspective, and that is why when I wrote my 
statement, I talked on the importance of perspectives and 
understanding perspective. And, quite frankly, if you look at 
law enforcement and financial institutions and you put them in 
a triangle, where you have got the financial institutions here, 
law enforcement and regulators, you will have hard lines 
between the regulators and law enforcement, and there is a 
broken line between law enforcement and the regulators. And so 
I think a lot of the dialogue belongs--should belong there and 
bringing it--but what we need to do is we need to encourage--
and that is the other thing I agreed with in the statement. I 
am a firm believer in innovation. I think our system is very--
it is inherently reactive, and the more we can do to use 
financial intelligence information from a proactive 
perspective, the better. So where they encourage innovative and 
incentivizing innovation, I think that is important.
    In my statement I wrote about a bank--and I am not really 
at liberty to talk about it other than the fact that it is 
similar to what I described with the JPMorgan Chase thing. And 
if you talk to those bankers and they were going to be 
forthright about it, what they would tell you is that there is 
no incentive and that the regulators really do not encourage 
them to do that. And I think that is where I agree and where I 
think the building block going forward is how do we promote 
innovation.
    Chairman Crapo. Thank you very much. My time has expired. 
Senator Brown.
    Senator Brown. Thanks, Mr. Chairman. Before I start, I 
would like to ask unanimous consent to include a letter and 
other documents from the FACT Coalition into the record and 
that the record remain open for 5 days for any other documents 
that Senators might have.
    Chairman Crapo. Without objection.
    Senator Brown. Mr. Lormel, thank you for your service at 
the FBI, and thank you for serving as Chief of the Financial 
Crimes Program. Let me start with you. Give us a sense of how 
you think law enforcement can better respond to the traditional 
criticism from banks that it too seldom shares targeted 
information that is useful to banks in assessing customer 
risks.
    Mr. Lormel. Yes, sir. I think that law enforcement, really 
we need to put a feedback mechanism or we need to do more to 
encourage feedback in working with financial institutions, and 
I believe that in a lot of instances--and I certainly, when I 
was in law enforcement, was guilty of this to a degree. Again, 
it goes to a matter of perspective and almost wearing blinders 
that I am trying to develop my law enforcement case and in 
doing that I did not look or I did not consider enough the 
position of the banks and trying to determine how I could 
better share information with banks.
    One of the things I put in my statement, for instance, on 
the subject of terrorist finance is the fact that--and I am 
sorry, sir, I may be drifting from your question. But I think 
it is important that we put mechanisms in place to provide 
security clearances to people in banks where we could share 
classified information and other intelligence information back 
that they can run into their systems and use for transaction 
monitoring. If you think about it, the financial institutions 
are the repository. They have got the financial intelligence, 
and how do we provide them with more information, and maybe it 
is the----
    Senator Brown. Is there any evidence--sorry to interrupt. 
Is there any evidence that that is happening or that there is a 
mechanism, an effort to make that happen other than your saying 
you would like that to happen?
    Mr. Lormel. Which, the security clearances?
    Senator Brown. Yeah. Well, the security clearances and then 
the sharing back of information.
    Mr. Lormel. Yes, there are initiatives. There are one-off 
initiatives at different agencies. For instance, I started the 
Terrorist Financing Operations Section at the FBI. TFOS 
continues to have working groups with a number of the financial 
institutions. They have major financial institutions they deal 
with. And to the extent they can permissible, they share 
information. We were involved with the SWIFT project, for 
instance, and the sharing of information among agencies and 
sanitizing some of that information and being able to share 
that back to the extent you can with the banks. I do not think 
we do it as consistently as we can.
    Senator Brown. Thank you.
    Ms. Lowe, you have done a lot of work for the Global 
Financial Integrity on transparency internationally and in the 
U.S. with FATF and otherwise including beneficial ownership 
legislation. Describe for the Committee how you think we should 
be thinking about new beneficial ownership requirements. For 
example, what are the key elements in the definition that you 
think are critical?
    Ms. Lowe. Sure. So key elements of the definition--and the 
definition is critical to any legislation. I think we have a 
problem actually with the current customer due diligence rule 
that was adopted for banks where the definition is actually not 
sufficient. It does not meet international requirements. The 
FATF and the IMF have both said the same, so important to note 
that that is something we should probably look at. But for 
beneficial ownership, you want to know the direct or indirect 
persons who own or control a company or who have control by 
other means. And there is a recent Kazakh case which involved 
control by other means. It is a very difficult thing to 
determine, but you need to be asking the questions to figure 
out where it exists. So those are really important elements.
    I think that the U.S. Treasury has been pushing the idea 
that one should be able to simply list a senior manager of a 
company as the beneficial owner. That is not a beneficial owner 
by any international definition or anybody's idea of who is a 
beneficial owner of a company. It is the person at the top of 
the chain or people at the top of the chain who own or control 
the company.
    The other thing that I think the U.S. Treasury has been 
pushing is the concept that if a company does not have anybody 
who owns more than 25 percent of that company directly or 
indirectly at the top, then there is nobody with enough 
beneficial ownership to actually be listed. So, therefore, if 
you have or create five people to own 20 percent of a business, 
you would get away with not listing anybody as your beneficial 
owner, which is really not acceptable. It is incredibly easy to 
get around.
    I would note that the SEC accepts a 5-percent threshold 
because they do require beneficial ownership of information for 
SEC-regulated entities. And, actually, in the FATCA 
legislation, Congress put that threshold at 10 percent. 
Treasury, when it actually implemented, implemented at 25 
percent. So I would note that difference as well.
    Senator Brown. Why would that be? Why would Treasury 
implement it that way?
    Ms. Lowe. You would have to ask Treasury. I think they 
think it is easier to comply with. I think it----
    Senator Brown. Which is kind of not the point.
    Ms. Lowe. Right, which is kind of not the point to my mind. 
But I would suggest you ask Treasury that question.
    Senator Brown. Thank you.
    Chairman Crapo. Senator Rounds.
    Senator Rounds. Thank you, Mr. Chairman.
    I am just curious. The United Kingdom recently established 
a body known as the ``Joint Money Laundering and Intelligence 
Task Force'' that brings together financial institutions, law 
enforcement, and trade associations to discuss AML risks and 
how Government and private industry can work better together. 
Can you discuss the efficacy of the U.K.'s task force and 
whether or not there is anything that we can learn from the 
British system? It kind of comes back down to either a 
coordinated effort where you eliminate some of the dotted lines 
and so forth. But I am just curious if any of you have had any 
contact with or if you are familiar with that system and how 
that compares with ours. Yes, sir?
    Mr. Baer. Yes, Senator, actually we have met with them a 
couple of times, and, actually, they attended our symposia. We 
think it is a very good model. It is not an entire anti-money 
laundering system, but it is the sort of thing you would take 
for granted that, of course, you would have, you know, law 
enforcement, intelligence, senior bank folks sit down on a 
regular basis and basically work cases together. It is the type 
of informal, now through JMLIT formalized information sharing 
that we very much support, and it is done in a very thoughtful 
way there.
    Now, that is not a replacement for the broader AML/CFT 
regime or OFAC or any of the other things. So I would not 
describe it as a substitute for the current regime, but it is 
certainly a very useful component potentially of a U.S. regime, 
and we would very much support a similar endeavor here.
    Mr. Lormel. I certainly agree with that, and some of the 
training I conduct, I have trained with the former head of 
terrorist financing for Scotland Yard, and he was an original 
member of JMLIT, and he really emphasizes the importance of 
that sharing, and to bring the banks and the intelligence 
community and law enforcement together under that Government 
umbrella is a phenomenal thing. And I would really hope we can 
build on that model and try to replicate it to the extent we 
can.
    Ms. Lowe. And just to add on there, the original country 
that actually did this was Australia under what they called 
``Project Wickenby''. So that is also something to take a look 
at.
    Something that the U.K. is doing very well is this concept 
of the FinTech Sandbox, so within this area. They are creating 
a system--they have created a system where a financial 
institution can come to them and say, ``We would like to try 
this new technology. We know it is not something that is OK 
under the regulations at present. Can you take a look at it? 
Let us know what you think, let us know if we can try it out. 
And then we will give you feedback on how it is going and you 
can review.'' And then over time, the Government can then 
approve that technology for the larger industry.
    So that I think is a really good process that they have put 
in place that we should be looking at as a model at this point.
    Senator Rounds. Thank you.
    I am just curious, with regard to SARs and the reporting 
requirements right now, there is one process in which the 
regulatory processes are set up so that you define, and clearly 
everybody knows what they are with regard to the reporting 
requirements for the different monetary transactions that 
occur. Bad guys know what they are as well, and so you have, 
first of all, a system set in place today that everybody knows 
what the rules are, and the real challenge for those that wish 
to move resources around is how do we appropriately get around 
those SARs or the reporting requirements.
    Can you talk to me a little bit about our focus on the 
compliance side of making sure that the financial institutions 
are appropriately reporting the transactions that are occurring 
that are suspicious in nature versus our ability using existing 
resources or the need for new resources to go after the unique 
ways in which the bad guys can get around those reporting 
requirements?
    Mr. Baer. Sure. It is a great question, Senator. It really 
gets to sort of the heart of the matter here.
    Right now banks are, as I noted, using sort of a rules-
based system developed by a set of vendors who are common to 
all, and those rules are rather crude. They overgenerate 
alerts. They require huge investigative resources to basically 
clear away the chaff and whichever is left, the wheat. And that 
is a fantastically sort of complex and time-consuming and not 
terribly productive endeavor.
    It is also an endeavor that they have to undertake with 
regard to offenses that no Federal prosecutor would ever 
prosecute. So our estimate is that approximately 40 percent of 
SARs filed are structuring, that is, multiple cash deposits 
that add up to 10 percent--$10,000, but could just as easily in 
most cases are just simply a small business that does a lot of 
cash. But that--and the yield on those SARs is close to 0 
percent, and yet they are 40 percent of the SARs filed, maybe 
more.
    The same thing with insider abuse where you fire a call 
center employee for misstating his or her time sheets or fire a 
teller because the till is short. Those are not crimes that are 
going to be prosecuted, but that is where the SAR resources are 
going. Right now the largest focus of the AML system is filing 
sales practices SARs on low-level employees, unfortunately.
    So it gets to what I think Dennis was talking about, which 
is, yeah, we can--and I think what the Ranking Member was 
talking about, we could say, law enforcement could say let us 
prioritize opioids, let us prioritize human trafficking, let us 
prioritize other things. That is what any rational intelligence 
community would do, any rational law enforcement or national 
security organization would do. And you can tell the banks 
that. But the banks are in no way absolved by the bank 
examiners of having to file those SARs on teller abuse. So they 
cannot shift the resources out of that to the more serious 
crimes to more innovative and thoughtful artificial 
intelligence and other means of catching bad guys. They are 
sort of stuck in the mud in an old rules-based system that does 
not work very well.
    Senator Rounds. Thank you.
    Chairman Crapo. Senator Reed.
    Mr. Lormel. If I can just add one comment, sir, just on 
that.
    Chairman Crapo. Briefly.
    Mr. Lormel. I believe, though, that--I mean, and I agree 
with that statement. But at the same token, we still see a good 
number of SARs that come through that are very meaningful and 
they continue to come through. So there is a fine balance here 
that we really have to try to achieve.
    Senator Rounds. Thank you, Mr. Chairman.
    Chairman Crapo. Senator Reed.
    Senator Reed. Well, thank you very much, Mr. Chairman. Let 
me thank all the witnesses for their excellent testimony. I 
have reviewed it, and I particularly thank you, Mr. Lormel, for 
your service in the FBI. Thank you, sir.
    One of the issues that has been raised in your testimony 
and in your written statements is beneficial ownership and 
shell companies, and one of the disturbing things, we are 
getting the reputation around the world as a place to go if you 
want to hide money, and we used to think, at least when I was 
younger, that that was un-American, that, you know, it was 
these little exotic lands overseas, et cetera.
    So beginning with Mr. Baer, given the context that most of 
this is a function of State law because unless you are publicly 
traded company, the SEC does not have a lot to do--few 
exceptions, but not a lot to do. So how do we get our arms 
around this when there is a new industry for attracting 
questionable money because of beneficial ownership rules and 
limited or shell companies?
    Mr. Baer. Right. It just really gets down to what is the 
need to form a company with anonymous ownership in the United 
States, and the United States, as I think some have noted, is a 
magnet for this because we and I think Kenya are the two worst 
in the world on this.
    There is certainly a legitimate desire, I believe, that you 
may not want the whole world to know who owns your company. 
Everybody uses the example of, you know, when the Disney 
Corporation was buying up half of Orlando, they did not want to 
have to pay exorbitant rates for the last piece of land. And 
there may be valid privacy reasons where you do not want people 
to know who owns your company. But we cannot think of any valid 
reason you would not want law enforcement to know who owns your 
company, or if there is a bank that, pursuant to Federal law, 
is required to know who owns your company, well, they should 
get to peek behind and see who that is as well.
    So, you know, I think as Heather noted, there are difficult 
issues around how to define beneficial ownership. We actually 
support the FinCEN final customer due diligence rule on that. 
But there are certainly other ways to look at that. But I think 
the general notion that you should not be able to have a 
company with anonymous ownership from law enforcement and banks 
who are required to know who owns you is a pretty simple 
concept, and I think that is why it has gotten good bipartisan 
support.
    Senator Reed. Just a follow-up, and then I will go to Mr. 
Lormel. One, you could either do it through changes of State 
law requiring the acknowledgment of real ownership, or you 
could do it through the banking laws in terms of banking 
relationships, even deposits that the entity would have to 
disclose who was, so we have a Federal avenue if we have to 
deal with this.
    Mr. Baer. Yes, Senator, I think a couple of alternatives 
have been proposed. One is just to have the States do it when 
you file your articles of incorporation, you file your 
ownership.
    Senator Reed. Right.
    Mr. Baer. Some have suggested that--and I do not know if 
that is right or not--that might be a burden on the States or 
they may choose not to do that, so the alternative has been----
    Senator Reed. Well, I think there are about 45 States at 
least that require that.
    Mr. Baer. Yes. So for those, I think at least one of the 
bills I have seen has the sort of fail-safe that if the State 
does not want to do it, FinCEN can gather that information and 
hold it the way it holds a lot of confidential information 
currently. I think others have suggested the IRS. I think 
FinCEN is probably the right place if the State does not want 
to do it.
    Senator Reed. I only have about 2 minutes, but, Mr. Lormel, 
your comments? You are a law enforcement officer.
    Mr. Lormel. Well, certainly having been in law enforcement, 
I dealt with the challenge of trying to identify beneficial 
ownership. That was always a challenge, and it was always 
problematic. And in today's world, when we need to get things 
more urgently, that is problematic. I look at this and I look 
at the good-case scenario in a sense, and I agree with Greg 
that FinCEN may be the better alternative. I am a believer 
going back that the information should be collected at the 
States at the point of incorporation. To me, that makes the 
most sense. And trying to make that uniform I am sure would be 
a bit of a challenge.
    Alternatively, FinCEN would be, I think, a good 
alternative. The IRS is not a good alternative in the sense 
that that information for me as an FBI agent, when I was an FBI 
agent, I would have to get a court order, or I would not have 
access to that information. So it is not relevant then for my 
investigative purposes. So the FinCEN alternative would be a 
decent alternative.
    Senator Reed. Thank you.
    Ma'am, your final comments?
    Ms. Lowe. Sure. You know, I am happy with States collecting 
it. I am happy with FinCEN collecting it. I would note, you 
know, one of the things people raise is the privacy issue. 
First of all, on the Disney example, I would point out that you 
have two parties in that; you have Disney and you have a 
farmer. And that money--I am sorry, that land is worth whatever 
they can get for it, right? You have two parties in a 
transaction. One party should not have more information than 
the other party has. That is not good economics. So there is 
that.
    I would say that we are talking about making information on 
beneficial ownership available to law enforcement and to the 
banks, which is fine, and I think it is where we need to go 
next. But I would note that the entire European Union, 28 
countries have now decided to make beneficial ownership 
information on companies public information, and that is 
despite their very, very strong, you know, individual privacy 
laws that are in place. Other countries around the world are 
doing the same. Afghanistan is working to make public 
registration of beneficial ownership information. Ghana is 
doing that. Nigeria is doing that. And we are just grappling 
with can we give it to FinCEN. So a little context there.
    Senator Reed. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Crapo. Thank you.
    Senator Tillis.
    Senator Tillis. Thank you, Mr. Chairman. Thank you all for 
being here.
    Mr. Baer, in your written testimony there was a footnote 
that I found very striking in terms of the regulatory burden 
and whether or not we are putting our resources to their best 
use. It is on page 6. It says, ``The over 800 employees in 
Global Financial Crimes Compliance at Bank of America is 
greater than the combined authorized full-time employees in 
Treasury's Office of Terrorism and Financial Intelligence and 
the Financial Crimes Enforcement Network.'' And that does not 
include other bank employees in anti-money laundering, economic 
sanctions compliance, business operations, and technology.
    It seems like if you see that with a large bank of the 
scale of Bank of America, which happens to be down in my neck 
of the woods, I wonder what the small banks and medium banks 
are doing in terms of the regulatory burden on them. Are we 
spending that money for its best purposes? Are we spending that 
money on innovative concepts that could be worked back into the 
financial--to a broader benefit for the financial services 
industry? So I know that a part of what I think we have to do 
is go back and look at the practices that seem like they add 
cost and not value, either as they are currently implemented 
or--can you give me some sense, if you were to go through and 
just do it quick, when we come into committees like this, we 
tend to have a ``Solve World Hunger'' sort of scope to our 
discussion. And if we were just going to cook a good meal and 
make some progress, what sorts of quick hits, immediate obvious 
things that there seems to be consensus on but no action in 
terms of congressional action? And I would open that up to 
anybody, starting with Mr. Baer.
    Mr. Baer. Sure. Thank you, Senator. And I would just say we 
highlight those numbers--I mean, not to complain about the cost 
but just to emphasize how important it is that those resources 
are being misallocated.
    Senator Tillis. Well, I think it is very important for that 
purpose.
    Mr. Baer. Right, because, again, you are talking about a 
very large intelligence community that has been created under 
the PATRIOT Act and the BSA, and so it actually really matters 
whether they are well led and they are incentivized to do the 
right things, and the stakes are very high. So it is not, ``Oh, 
we do not want to spend the money anymore.'' It is, ``We are 
spending it on the wrong things.''
    And I should note, you know, I testified last year with a 
community banker who had, I think it was, a $100 million bank 
with three branches. He had seven AML compliance officers and 
four lending officers. AML was 15 percent of the budget of his 
bank. So this is not just a problem for large banks. It is a 
very large problem for small banks. He also described how he 
was pressured to dramatically increase the number of high-risk 
customers they designated and on which they had to do more and 
more investigations. I actually wrote down the number. His 
system, they generate 7,100 alerts a year and file 15 SARs. And 
they do not even know if any of those SARs are of any use.
    So I think I am sort of dodging your question, which is 
what is the easy----
    Senator Tillis. But how do we use some of those metrics, 
some of those outcomes to be instructive to what we should 
first start looking at to improve the system? Look, I am not 
against money laundering--I think it is a bad thing. What I 
want to do is make sure as much lead can be put on the target 
as possible, and right now it does not--it seems like we are 
shooting a lot, but not necessarily hitting the target near as 
much as we could, and it is costing us a lot of money.
    So, again, I want to move--we are going to submit several 
questions for the record. This is an area that is very 
important to me and of personal interest, but if we are going 
to do the best that we can, let us say harden our domestic 
banking system, we obviously have a lot of international 
depositors, and we do a good job here, and we do not have 
strong global cooperation, we do not work through some of the 
privacy differences between the EU, what have we done except 
move the snakes somewhere--I mean, what we are trying to do 
here is not limit our portfolio of banking clients. We are 
trying to identify bad actors and take their money away. And so 
what sort of global initiatives are really leading us down that 
path to say, OK, everything is great here, but the money is 
still flowing through other international banking entities? Ms. 
Lowe, I would be happy to have you answer that one and give me 
the secret sauce.
    Ms. Lowe. Well, organizations like mine are working 
internationally on these issues, so, you know----
    Senator Tillis. Yeah, but what progress are we making?
    Ms. Lowe. You know, I think actually we are making quite a 
lot of progress. In a lot of the world, the FATF 
recommendations, the sort of framework, if you will, of what we 
consider to be an anti-money laundering regime, has only 
recently in the past 2 or 3 years been put in place in many, 
many different countries. And so, you know, as it goes, you put 
laws in place, and then you give some time for the industry to 
get used to them, to understand how to implement them, et 
cetera, and then you start enforcing, et cetera. So in many 
parts of the world, this is still very nascent, but the regime 
and the framework is in place.
    The U.S. FinCEN is our financial intelligence unit, or FIU, 
and we are part of what is called the ``Egmont Group'', which 
is the network of financial intelligence units around the world 
that have methods and ways of sharing information among 
financial intelligence units or between financial intelligence 
units. And right now there are over 135 Egmont FIUs, which 
tells you that we are making progress.
    I spent a lot of time in Africa last year actually meeting 
with heads of FIUs, and, you know, it is actually inspiring to 
have those meetings because these are people that really want 
to make a difference and they are trying.
    Senator Tillis. I am going to submit several questions for 
the record.
    Ms. Lowe. Sure.
    Senator Tillis. But I would also like you to come back and 
just think about as I would do when I go in any organization, 
what are the things that we should clearly be making consensus 
on--or making progress on? Because there is consensus, you just 
need action.
    Ms. Lowe. There is no question on the beneficial ownership. 
Absolutely no question there.
    Senator Tillis. So we will look forward to your feedback so 
that we can work with the Chair and the Committee.
    Ms. Lowe. Sure. No problem.
    Senator Tillis. Thank you.
    Chairman Crapo. Senator Cortez Masto.
    Senator Cortez Masto. Thank you. Thank you all for this 
discussion. Mr. Chairman and Ranking Member, I appreciate the 
conversation. And let me follow up with what my colleague 
Senator Tillis has just been talking about. I agree. I think 
there has to be some balance absolutely on this. I hear from 
Nevada, from the gaming industry, the same thing that I am 
hearing from the banking industry, some of the concerns. They 
are absolutely open to looking at how we address the security 
necessary to attack money laundering, but at the same time 
streamlining some of the forms, making sure they want to be 
cooperative with Government, and so I am really curious about 
how we find this balance now.
    The first question I have is you have been talking about--
and let me just focus on the law enforcement piece of this--
this risk-based approach. And I am curious, Ms. Lowe, is this 
something that you would support and how would you identify 
what this looks like?
    Ms. Lowe. The risk-based approach is actually fundamental 
to the entire international anti-money laundering regime. It is 
not a question for me of how does this look. It actually 
exists. It is a framework, and it has a look, right? A casino, 
for example, or a bank looks at what are its financial products 
or what is its business line. Who are its clientele, and what 
risks do they pose? What countries am I bringing money to and 
from? And what risks does that pose based on whether or not 
those are high or low risk for money laundering, et cetera? And 
they create a profile. A casino will do this, a bank will do 
this. And then they will craft their anti-money laundering 
regime to reflect what they consider to be their highest risks, 
OK? So that is the basics and the basis of the risk-based 
analysis.
    I think a lot of the concern that you are hearing is that 
when examiners are going in, they are not really open to that 
risk base that the financial institution has put in place. They 
are looking at checking their boxes that are on their forms.
    Senator Cortez Masto. When you say the examiners, that is 
the Federal Government, the regulatory oversight.
    Ms. Lowe. Yes.
    Senator Cortez Masto. They are coming, and they are not 
recognizing----
    Ms. Lowe. Right. I understand that that is the concern, and 
I think Greg can probably tell you a little bit more about 
that. But as far as the risk-based approach goes, I absolutely 
100 percent support that. I think it is incredibly important, 
actually, in order to actually address the problem.
    Senator Cortez Masto. And that is something the industry is 
actually doing now, Mr. Baer.
    Ms. Lowe. Yes.
    Senator Cortez Masto. Is that right?
    Mr. Lormel. If I can add a comment to that.
    Senator Cortez Masto. Please.
    Mr. Lormel. Yes, it is one of the fundamentals in an AML 
program to have a risk-based approach, and fundamentally and 
the way conceptually it is supposed to work then is you 
identify that risk and to what Greg has been complaining about 
or pointing out is the inefficiency. And what has happened is 
that the regulators now have put the banks in a position where 
they are not necessarily going after that risk or putting 
metrics in place or procedures in place to deal with that high 
risk, but they are more into the check-box mentality. And I 
have done a lot of training, and I was on the quarter point and 
monitor team for Western Union, and one of the problems they 
had--and they used that as an example--was their investigative 
process was such that it was really a check-the-box mentality, 
and we had to break them from that and say, you know, you need 
to go out and you have got to have an investigative mind-set. 
And it is a similar thing when you come over to the banks, and 
I think that is where I talked earlier about law enforcement 
being that beneficiary and the banks being the monitor, is the 
process from getting information from the bank to law 
enforcement has become so convoluted, and it gets detoured 
because of the regulatory concern or the perceived concerns.
    Senator Cortez Masto. And so can you address your targeted 
monitoring? How do you--is that the same thing or is it 
something different?
    Mr. Lormel. OK. Well, it is similar in the sense that all 
financial institutions conduct transaction monitoring, and they 
will have vendors or whatever are involved in that. And they 
have a baseline monitoring system, and they identify and they 
alert to certain rules, because you establish the rules and you 
alert them, and that is where one of the problems we have is 
there are too many false positives in the system. So if you are 
going to do targeted monitoring--and I will use the human 
smuggling or the human trafficking. We understand these are the 
scenarios that we know that smugglers are going to follow, and 
this is where, to the question earlier from Mr. Reed about how 
we can help, is to provide the financial institutions, the 
compliance people, with those scenarios, and for them then to 
build into their systems targeted monitoring where you are 
specifically on top of your regular transaction monitoring, you 
have a targeted monitoring for a specific crime problem, you 
know, and I would like to see us carry that over to terrorist 
financing if we can--I think the area of human smuggling, you 
have got more defined and identifiable patterns of activity so 
that it is more workable there.
    Senator Cortez Masto. Right. And I know my time is up, and 
thank you, Mr. Chair, but this is something, I agree, the 
technology gives us the ability now to be targeted to also 
focus on the risk-based, and we do need law enforcement at the 
table when we are having this conversation. So I appreciate the 
dialogue today. Thank you all.
    Chairman Crapo. Thank you.
    Senator Warren.
    Senator Warren. Thank you, Mr. Chairman, and thank you all 
for being here today.
    Money laundering is a massive problem. The United Nations 
estimates that between 2 and 5 percent of global GDP--that is 
about $800 billion to $2 trillion--is laundered through the 
international banking system every single year. That money 
funds terrorists. It funds human traffickers. It funds crime 
syndicates. So everything we can do to try to crack down on 
that is good, and that is what we should be doing.
    But it seems to me we need to rethink a lot of our money-
laundering laws, some of which, as you noted, were written back 
in the 1970s and are badly out of date, because that makes it 
hard for law enforcement that is trying to stop money 
laundering and bad for financial institutions that are trying 
to comply with these laws.
    So my colleagues have probed some areas, but I want to ask 
about some other areas where we might be able to update our 
rules and help both law enforcement and financial institutions. 
So let me start with reporting requirements.
    Mr. Baer, I have heard from a lot of community banks and 
credit unions that anti-money laundering reporting requirements 
are a big part of their overall compliance costs, so let us 
probe that a bit. They have pointed out that the threshold that 
triggers a currency transaction report to the Treasury 
Department has been at $10,000 since 1972. So let me ask, do 
you support raising that number?
    Mr. Baer. Thank you, Senator. I think here--I mean, 
obviously, our organization is slightly larger, somewhat larger 
banks. I think for them that number is not as big a burden in 
the sense that they have the capability to file whatever the 
number is. Those systems are built, and it is at least a clear 
rule. You know the number, right?
    Senator Warren. Right.
    Mr. Baer. The larger problem for them has been questions 
like: How do you decide whether it is $10,000? If you own with 
someone else a company and you make a cash deposit, the company 
makes a cash deposit, and the other owner makes a cash deposit, 
do you add all those up? So those are the tougher issues. But 
certainly for community banks, I agree with you it is a large 
burden.
    Senator Warren. OK, that it is large burden. All right. And 
we should at least talk about where the number should 
appropriately be set. But community banks also, when they come 
in and talk, and other small financial institutions, often 
mention the costs associated with filing the suspicious 
activity reports with the Treasury Department. You know, the 
banks are filing more and more of these reports every year. I 
note that there was a 50-percent increase in filings just from 
2012 to 2017 over this 5-year period. At the same time, the 
banks are submitting this information through a reporting 
process that, as I understand it, makes it actually harder for 
law enforcement to use.
    So, Mr. Baer, let me ask, the Clearing House has proposed 
letting banks directly share data with the Treasury Department 
with proper guardrails to protect customers' privacy. This 
sounds like it would make it easier for the banks, but can you 
say a word about how it would impact Treasury's ability to 
catch criminals that are laundering money?
    Mr. Baer. Yes, Senator. I think it would have both those 
effects. A lot of times what law enforcement really wants is 
just the underlying data. They do not need a carefully 
calibrated paragraph written by a bank compliance officer about 
that information. So with regard to certain types of 
activities, it would certainly be much more efficient to 
avoid--you know, you have the alert, and then you have to 
conduct an investigation to decide whether to file a SAR, and 
you have to document why you did not file a SAR if you decide 
not to file a SAR, and that is a massive resource drain. And it 
would be much simpler just to file the data with law 
enforcement and let them datamine it to the heart's content.
    Senator Warren. OK.
    Mr. Baer. And that would be a very efficient----
    Senator Warren. So I hope we keep digging into this because 
we might be able to reduce costs for the banks and at the same 
time help law enforcement do this more efficiently.
    I have got two more questions I want to hit, if I can very 
quickly. Another one is anonymous shell corporations that make 
money laundering easier. You know, there are a variety of 
proposals out there to deal with the so-called beneficial 
ownership legislation at the Federal level that would require 
companies to disclose their owners. Just setting aside the 
details, which we could go into for a long time, can I just 
ask, do all of you support the idea in principle? Can I just 
have an on-the-record yes?
    Ms. Lowe. Yes.
    Mr. Lormel. Yes.
    Mr. Baer. Yes.
    Senator Warren. Good. OK. So we have got three yeses on 
that, Mr. Chairman. I support this as well.
    Let me ask one more question. Ms. Lowe, in your estimation, 
if we did that, if we revealed the beneficial ownership, would 
that increase or decrease the costs of anti-money laundering 
compliance for small financial institutions?
    Ms. Lowe. It should certainly decrease it. If they have 
access to that information as a place to start their customer 
due diligence, you know, a lot of people equate customer due 
diligence and just beneficial ownership, and that is not 
correct. You also need to know the source and use of the funds 
coming in for that account and many other things. But that is 
the start. And if a bank has someplace to start, I think it 
really reduces their costs significantly.
    Senator Warren. Good. And I take it that both of you would 
agree with that.
    I just want to say I introduced a bill with Senator Rubio 
to increase oversight of money laundering used by human-
trafficking networks, and I was very glad when we were able to 
adopt that at the Committee and get it into the language on the 
North Korea sanctions bill. But we need to do a lot more with 
our money-laundering laws, and I think we can make some changes 
to reporting requirements and beneficial ownership disclosure 
that would make life easier both for law enforcement and for 
our smaller banks. And I look forward to working with the 
Committee to be able to do exactly that.
    Thank you, Mr. Chairman.
    Chairman Crapo. Thank you.
    Senator Schatz.
    Senator Schatz. Thank you, Mr. Chairman.
    I want to ask a question about AI. I think, you know, in 
challenging spaces, especially challenging spaces that include 
data, there is a tendency to think of this as sort of a magical 
solution where you just sort of throw big data, throw AI at the 
problem, and I want to get your sense--in the intelligence 
community, there is a conversation about the sort of 
overabundance of data and the overreliance on data points and 
an underutilization of human intelligence and instincts. And I 
am wondering what you think about the balance between utilizing 
new data analytics, big data AI in terms of fighting money 
laundering, but also how do we balance that with the fact that 
we probably still need human beings who have instincts, who 
have experience? I think we should move in this direction. I 
just think we should not overcorrect and abandon the sort of 
institutional knowledge of people. I will start with Mr. Baer.
    Mr. Baer. Senator, I think that was very well put. I think 
those, like us, who believe there is great potential here do 
not believe that you would eliminate the human element. Really 
what you would use the AI for is--we have talked a lot about 
alert SAR filing. So you would use AI in order to generate 
fewer alerts but much smarter alerts, and you would then still 
need to have an investigator come in and decide whether or not 
that was truly a suspicious activity that needed to be reported 
to law enforcement.
    The true great advantage of the AI approach, though, is you 
get rid of what we have discussed earlier, which is a rules-
based approach. If X, then alert. If Y, then alert. But there 
is a whole other alphabet that you are not even looking at. And 
what AI is able to do is look for anomalies. So instead of 
typologies, it is anomalies. And it gets smarter and smarter 
and it learns.
    So particularly in the world we would hope to get to is 
where, you know, banks could share that information. A friend 
of mine uses the example of a food truck, which is a great way 
to launder money, but it is also a great way to feed people in 
D.C. So one bank may only have three food truck clients, so 
they do not know what is anomalous. But if that bank could 
share information with a bank that has 300 food truck clients 
say in San Francisco, that bank would get smarter.
    Senator Schatz. And isn't that the Square model, on the 
private sector side, isn't that what Square does? They just 
sort of presumptively give you the device, and then if you look 
different than the thousands of other florists or food trucks, 
then you get scrutiny as opposed to sort of preapproval?
    Mr. Baer. I think it is a very similar approach.
    Senator Schatz. Mr. Lormel.
    Mr. Lormel. I agree. I think we definitely need to keep 
human intelligence in the mix. It is very important. And 
certainly you hit the word of ``instincts,'' and, again, I do a 
lot of training, and I always talk about trusting your 
instincts, because even with the best technology, you need to 
rely on human experience. And I think that is important. But I 
also think we need to leverage newer technologies to improve 
our efficiencies and certainly our capabilities. And I will 
look at it from the law enforcement perspective. The more that 
we could use analytical tools, certainly the better and the 
more sharply we can focus our attention, and I think the more 
timely we can act.
    Senator Schatz. Ms. Lowe.
    Ms. Lowe. I do not think I have anything to add as far as 
the AI element of it, but just to go back to some of the things 
that were being discussed a little earlier. So a bank is 
concerned that they are spending too much time filing SARs 
about structuring transactions under a $10,000 threshold. I 
understand that. But if they do not do that, then law 
enforcement does not see that that same client is doing that at 
six different banks, right? And all of a sudden, what would 
have been, well, a problem but probably something that would 
not be investigated if it was only at that one bank will be 
investigated if it is at six different banks, right? So I think 
we need to also bear that in mind when we are talking about 
what do we file SARs on and what don't we.
    Senator Schatz. One final question. I will start with you, 
Ms. Lowe. It appears to me that I do not think we are going to 
settle the sort of technical aspect of these questions and 
these system improvements, process improvements, and rule 
changes and all the rest of it. And so I know Senator Tillis 
mentioned the U.K. model, the working group. There has been 
some discussion about a sort of FinTech, FinCEN Sandbox. I am 
wondering what you think about establishing a public-private 
either task force or working group to kind of work the 
technical details, because as much wisdom as is possessed on 
this dais, I am not sure we can settle this in statutory law or 
that that is where this belongs. So I am just wondering, very 
quickly, if you like the idea of some sort of working group in 
statute.
    Ms. Lowe. Sure, I think that that is an important thing, I 
think at least for a limited time period. I do not think it 
would have to go on forever. I would note, though, that the 
people that are really innovating in the FinTech area are 
actually mainly Nordic. So a lot of the companies are based in 
Sweden and Denmark and Norway, and not actually in the U.S. So 
I would be concerned about limiting it just to sort of U.S. 
involvement. I think you actually need to be looking further.
    Senator Schatz. Fair enough. But, listen, in the Defense 
Department, you have the Defense Policy Advisory Board. You can 
have sort of standing committees without authority to actually 
establish policy, but who are highly influential and can help 
agencies to iterate. Do either of you have anything to add on 
this as my time runs out?
    Mr. Lormel. Well, just if I may, in terms of a working 
group, the Association of Certified Anti-Money Laundering 
Specialists has a FinTech working group that is exploring some 
of these issues now.
    Mr. Baer. I guess maybe I will end with a discouraging 
note.
    Senator Schatz. Thanks.
    [Laughter.]
    Mr. Baer. To what I was saying earlier, I mean, I think 
before this can really be realized, there are a lot of great 
vendors out there with great AI approaches and other types of 
approaches, but there really is a break on the system in the 
sense that there is no sense from the bank regulatory agencies 
that banks are going to be allowed to shift from the old rules-
based system where they file thousands and thousands of SARs to 
a new smarter system. And so what you are effectively telling 
them is you have to double your budget. You are not going to 
get any----
    Senator Schatz. You have got to do both.
    Mr. Baer. Yeah. And so somebody in charge--and that is 
really our core recommendation for all this. Somebody has got 
to step up and say, ``I am in charge, and we want you to stop 
filing SARs where the yield is effectively 0 percent for law 
enforcement and start filing higher''----
    Senator Schatz. Got it. Thank you.
    Chairman Crapo. Senator Warner.
    Senator Warner. Thank you, Mr. Chairman, and I appreciate 
you having this. This is something I need to learn more about, 
and we have got a lot of intersection with it on the 
Intelligence Committee side. And I was really disappointed when 
Senator Schatz came in and jumped the line again, but he 
actually asked really good questions.
    [Laughter.]
    Senator Schatz. You seem so surprised.
    Senator Warner. I know.
    One, I am glad to see the consensus around beneficial 
ownership and the need for new rules. I thought I was also 
hearing, similar to what Mr. Baer has said, that, you know, we 
need to move from this rules-based approach to a more 
collaborative approach, and actually perhaps with some of the 
smaller institutions shift some of the--shift more of the data 
to some central point and allow that to be analyzed.
    Ms. Lowe, I think earlier on didn't you push back on that 
and felt that--I thought you made some comments that you 
thought this responsibility ought to stay with the bank 
examiners. Could you explain, if I heard it right?
    Ms. Lowe. Sure. I actually think it is important to shift 
that information, you know, to, for example, FinCEN because I 
think they need to be looking at that intelligence across 
different banks. What are they seeing as far as trends? Where 
do you have certain--again, you will have clients that have 
accounts at many different banks in order to not raise 
suspicion, for example. So I think that that is a really 
important shift, and I think it is important that FinCEN do 
that.
    But what is also important is the banks not be absolved of 
their responsibility of doing their own analysis as well 
because they have so much more information about the client 
and, you know, the risks that that client may pose and what 
they should expect----
    Senator Warner. But how would you get at the problem of the 
$100 million bank that has got seven AML individuals and only 
four lenders? There has got to be some way we can move this 
from the rules-based, check-the-box approach.
    Ms. Lowe. Right, and I think that that has a lot to do with 
the examinations. I go back to the examinations. And, you know, 
it is more work for the regulators to actually accept that they 
cannot do a one-size-fits-all, check-the-box approach when you 
have an entirely risk-based system. And so that shift needs to 
happen, and it will be a big one.
    Senator Warner. Let me move to two other areas, if I can. I 
may ask for an extra minute since I waited so long.
    One, we are seeing all the problems with the existing 
system and how we need to change and modernize machine learning 
and AI. I also see that back in August of 2015, FinCEN talked 
about extending this type of anti-money laundering activities 
toward registered investment advisers, and then back in 2017 
there was some motion, some need to look at bringing real 
estate into the fold as well.
    As these proposals around registered investment advisers, 
around real estate move forward, are they being moved forward 
with kind of more modern forward thinking? Or how can we avoid, 
if we were to take in these two industries, simply going back 
to a check-the-box type approach? If I could get each of you to 
quickly address that.
    Mr. Baer. Actually, I am glad you mentioned real estate 
because I think one of the major reasons to support beneficial 
ownership legislation is most of these companies do not 
establish bank accounts so it is not really that much about the 
banks. What they do is they put real estate in, or jewelry or 
art or whatever. So there is clearly a need to expand the scope 
of potential money laundering. You know, cryptocurrencies right 
now----
    Senator Warner. That is what I was going to come to next.
    Mr. Baer. ----is certainly going to be an area of great 
concern, and there are a lot of other financial institution 
types that are not necessarily subject to the customer due 
diligence rule, or if they are subject to it, are not examined 
for it. So there clearly is a sense that a lot of this is being 
pushed out of the largest banks and the banks that are best 
able to detect bad behavior to places where it is a little 
less----
    Senator Warner. And how do we get that right? Having seen a 
great deal of Russian activity in terms of using real estate, 
wearing my other hats, how do we get that right? What is the 
regime that we ought to be looking at? Since, clearly, I would 
think that the real estate industry and the financial 
investment advisory industry would say, oh, my gosh, look at 
the burden this has put on us on the banking side, we want 
nothing about that. Who is doing the best thinking, Ms. Lowe, 
on real estate and investment advisers?
    Ms. Lowe. So on the real estate end of things, FinCEN has 
had geographic targeting orders in place in Florida, 
California, Texas, and New York in specific counties to have 
title insurers--which are part of that industry, right?--
determine the beneficial owners of any entity that is 
purchasing high-value real estate and then provide that 
information to FinCEN.
    FinCEN found that they had crossover where 30 percent of 
the beneficial owners identified by those title companies, 
title insurance companies, had SARs filed on them already by 
banks. So it tells you just the sort of saturation of what we 
are talking about here.
    Apart from investment advisers, there is a list of what are 
called ``designated nonfinancial businesses and professions,'' 
or DNFBPs, that FinCEN has identified as sort of nonbanks that 
play a role in access to the financial system and should have 
money-laundering regimes in place that essentially require 
them----
    Senator Warner. But are those industries fighting back 
against--I would think they do not----
    Ms. Lowe. Many of them are, yes.
    Senator Warner. Let me also, since my time has expired, 
have you also address--and, Mr. Baer, you raised this. You 
know, we are seeing how we try to move from a rules-based 
system to a more collaborative system, but, you know, we are 
about to be overwhelmed with bitcoin and other kind of 
cryptocurrencies. How are we preparing--how is the system 
preparing for this whole new movement? And I would love to hear 
briefly from each of you? With that, I----
    Mr. Baer. I think we are all looking at each other on that 
one. I will admit to a certain amount of bank myopia. Actually, 
I do not know how this system is preparing for 
cryptocurrencies. I am not sure there is a way to prepare.
    Ms. Lowe. I can say----
    Mr. Baer. Go ahead.
    Ms. Lowe. So FinCEN--I am sorry, not FinCEN. FATF has 
actually been looking at this quite closely. The last two 
private sector meetings that I attended, there were breakout 
sessions specifically on this and how do we regulate in this 
area. You know, FinCEN has done some regulation, and we are the 
first country to actually have put some regulation with respect 
to cryptocurrencies in one part of the transaction. And I think 
that that is a good discussion to have with FinCEN about how 
effective that has been. I really could not tell you. I think, 
again, I would discuss that with FinCEN.
    There have been moves to make the cryptocurrencies or the 
technology, et cetera, actually more anonymous. The biggest 
problem with it is that you are talking about movement of funds 
in a very anonymous way.
    So the underlying technology of blockchain has a lot of 
different potential positive uses, and because it is a closed 
system, that does not allow you to go back and amend something. 
So you can only amend going forward, and you have to sort of 
explain why you are doing that, right?
    So a lot of financial institutions are adopting the 
underlying technology of blockchain for various applications, 
and I think that that would actually be a really good hearing 
to have to understand the difference between what is the 
cryptocurrencies and dangers posed versus the technology, the 
underlying technology itself, and, you know, how do we draw the 
line and how do we regulate in a way that allows that 
technology to be used in a really positive way--I think it can 
be really used in a positive way in anticorruption as well--
versus the dangers of the anonymity of the actual currencies 
that are traded using that technology.
    Senator Warner. I would hope, Mr. Chairman, that we could 
take a look at this and maybe get ahead of it rather than 
chasing the issue after the fact.
    Chairman Crapo. Definitely, and we should.
    Well, that concludes our questioning. I want to thank our 
witnesses again for coming. Both your written and your oral 
testimony has been very helpful. As you can see, there is a lot 
of very serious interest in this issue on this Committee, and 
we will be working to try to find a way to improve and 
strengthen and make our approach to this more efficient, both 
in terms of the burden that is carried by those who engage in 
our anti-money laundering efforts and in terms of the results 
that we get in terms of achieving the objectives.
    I have a couple of quick announcements. For those Senators 
who want to ask questions following the hearing, those will be 
due by January 16th, Tuesday. And to the witnesses, you will 
probably get some follow-on questions. I ask you to respond to 
them very promptly.
    With that, the hearing is adjourned. Thank you.
    [Whereupon, at 11:25 a.m., the hearing was adjourned.]
    [Prepared statements, responses to written questions, and 
additional material supplied for the record follow:]
                    PREPARED STATEMENT OF GREG BAER
               President, The Clearing House Association
                            January 9, 2018
    Chairman Crapo, Ranking Member Brown, and Members of the Committee, 
my name is Greg Baer and I am the President of the Clearing House 
Association and General Counsel of the Clearing House Payments Company. 
Established in 1853 and owned by 25 large commercial banks, we are the 
oldest banking payments company in the United States, and our 
Association is a nonpartisan advocacy organization dedicated to 
contributing quality research, analysis and data to the public policy 
debate.
    The Clearing House is grateful that the Senate Banking Committee is 
holding this hearing to review our Nation's anti-money laundering and 
countering the financing of terrorism (AML/CFT) regime.
Introduction
    Our AML/CFT system is broken. It is extraordinarily inefficient, 
outdated, and driven by perverse incentives. A core problem is that 
today's regime is geared towards compliance expectations that bear 
little relationship to the actual goal of preventing or detecting 
financial crime, and fail to consider collateral consequences for 
national security, global development, and financial inclusion. 
Fundamental change is required to make this system an effective law 
enforcement and national security tool, and reduce its collateral 
damage.
    The U.S. AML/CFT regulatory regime, circa 2017, is a system in 
which banks have been deputized to act as quasi law-enforcement 
agencies and where the largest firms collectively spend billions of 
dollars each year, amounting to an annual budget somewhere between that 
of the ATF and the FBI. \1\ One large bank may employ more individuals 
dedicated to BSA/AML/OFAC compliance than the combined staffs of 
Treasury's Office of Terrorism and Financial Intelligence, OFAC, and 
FinCEN. However, in talking to senior executives at banks large and 
small, their primary concern is not how much they spend, but how much 
they waste. And that waste derives from a series of perverse incentives 
embedded in the current system.
---------------------------------------------------------------------------
     \1\ See PwC Global Anti-Money Laundering available at http://
www.pwc.com/gx/en/services/advisory/consulting/forensics/economic-
crime-survey/anti-money-laundering.html (``According to new figures 
from WealthInsight, global spending on AML compliance is set to grow to 
more than $8 billion by 2017''); FBI FY2017 Budget Request at a Glance 
available at https://www.justice.gov/jmd/file/822286/download; ATF 
FY2017 Budget Request at a Glance available at https://www.justice.gov/
jmd/file/822101/download.
---------------------------------------------------------------------------
    As an analogy, think of the collective resources of the banks as a 
law enforcement agency where officers are evaluated solely based on the 
number of tickets they write and arrests they make, with no 
consideration of the seriousness of the underlying crimes or whether 
those arrests lead to convictions. Imagine further that suspension or 
firing is most likely in the event that a ticket is not written or an 
arrest not made, or if a resulting report is not filed in a timely 
manner.
    To appreciate how misdirected the system has become, it's helpful 
to first consider what kind of incentives should be at its heart. From 
a public policy perspective, any rational approach to AML/CFT would be 
risk-based, devoting the greatest majority of resources to the most 
dangerous financial crimes and illicit activity. For example, law 
enforcement and national security officials would prefer that banks 
allocate significant resources to so-called financial intelligence 
units (FIUs)--basically, in-house think tanks devoted to finding 
innovative ways to detect and prevent serious criminal misconduct or 
terrorist financing--or to following up on high-value suspicious 
activity reports; or SARs.
    Unfortunately, our AML/CFT regulatory system is focused elsewhere. 
Large banks have been pushed away from risk-based approaches, because 
their performance is not graded by law enforcement or national security 
officials, but rather by bank examiners, who do not know of or consider 
their successes. \2\ Instead, those examiners focus on what they know 
and control: policies, procedures, and quantifiable metrics--for 
example, the number of computer alerts generated, the number of SARs 
filed, and the number of compliance employees hired. This means that a 
firm can have a program that is technically compliant, but is not 
effective at identifying suspicious activity, or is producing adverse 
collateral consequences. The converse is also true (and frequently true 
in practice).
---------------------------------------------------------------------------
     \2\ See article by Bob Werner and Sabreen Dogar, ``Strengthening 
the Risk-Based Approach'', in TCH Q3 2016 Banking Perspectives issue; 
available at: https://www.theclearinghouse.org/research/banking-
perspectives/2016/2016-q3-banking-perspectives/strengthening-the-rba.
---------------------------------------------------------------------------
    As a result, we have banks filing SARs that are in less than 10 
percent of cases followed up on in any way. For certain categories of 
SARs, the yield is close to 0 percent. Meanwhile, given the draconian 
consequences of missteps and prohibitively high cost of compliance, 
banks are exiting regions or businesses categorized by regulators as 
high risk.
Specific Problems With the Status Quo
    Background. The BSA/AML regime is primarily codified in the Bank 
Secrecy Act (BSA), enacted in 1970 and amended periodically since then. 
The Act requires financial institutions to keep certain records and 
make certain reports to the Government, including reports on cash 
transactions greater than $10,000. In the 1990s, the law was amended to 
require financial institutions to detect and report their customers' 
``suspicious'' transactions. Finally, in 2001, the USA PATRIOT Act 
amended the BSA and imposed additional requirements on financial 
institutions to, among other things, verify and record information 
relating to the identity of their customers; and conduct enhanced due 
diligence on correspondent banks, private banking clients and foreign 
senior political figures.
    Congress granted authority to implement the BSA to the Secretary of 
the Treasury, thereby designating an agency with both financial and law 
enforcement expertise as its administrator. \3\ The Secretary in turn 
delegated most of these functions to FinCEN. The Secretary was also 
given authority to examine financial institutions for BSA compliance, 
which Treasury then delegated to various regulators according to 
institution type. \4\ This has resulted in a regime where banking 
agency examiners, with their safety-and-soundness focus, evaluate the 
BSA/AML policies, procedures, and processes at the institutions they 
supervise, while Treasury and law enforcement officials use the 
information supplied by financial institutions to mitigate domestic and 
international illicit finance threats. \5\
---------------------------------------------------------------------------
     \3\ See 31 U.S.C. 5318(a)(2) and (h)(2). As recently as 2014, the 
Secretary delegated that authority to FinCEN. See Treasury Order 108-01 
(July 1, 2014).
     \4\ See 31 CFR 1010.810(b).
     \5\ As in other areas, regulators have imposed requirements 
through guidance or manuals that are not published for comment, and can 
conflict with valid FinCEN rules. See TCH letter to the Federal banking 
agencies, ``Appropriate Implementation of FinCEN's Customer Due 
Diligence Rule'', (December 14, 2017); available at https://
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
%2020171214_TCH_Letter_CDD_Rule_Implementation.pdf. See also The 
Clearing House Letter to FinCEN, Re: RIN 1506-AB15--Advance Notice of 
Proposed Rulemaking on Customer Due Diligence Requirements for 
Financial Institutions (June 11, 2012); available at https://
www.theclearinghouse.org/-/media/files/association%20documents%202/
20120611%20tch%20comments%20on%20customer%20due%20diligence.pdf.
---------------------------------------------------------------------------
    SAR Filings. A key obligation of banks under the current BSA 
reporting regime--and the key area of focus by bank examiners--is the 
filing of SARs. The current SAR reporting regime went into effect in 
April 1996 as a way for banks to provide leads to law enforcement. The 
process typically begins with an alert generated by a bank's monitoring 
system, with a SAR filed in the event that investigation determines 
that the activity is suspicious. For example, negative media reports on 
an existing bank customer could trigger an alert, prompt an 
investigation by a bank compliance department, and result in a SAR 
filing.
    In the current regulatory and enforcement climate, bank compliance 
officers have powerful incentives to trigger as many alerts and file as 
many SARs as possible, because those metrics demonstrate a quantifiable 
culture of compliance. (There appears to be no case of a bank being 
sanctioned for filing spurious SARs.) And even where no grounds for a 
SAR filing are found, financial institutions can also spend a 
significant amount of time documenting, for review by their examiners, 
why they closed an alert without filing a SAR.
    What gets measured gets done, and providing valuable intelligence 
to law enforcement or national security agencies does not get measured; 
writing policies and procedures and filing SARs does. So, almost two 
million SARs are filed per year. \6\ Worse yet, SAR filing rules and 
metrics fail to consider the relative severity of the offense. SAR 
dollar thresholds have not changed in 21 years, and there is no dollar 
threshold for so-called insider abuse (say, a teller stealing a small 
amount of money). \7\ No Federal law enforcement agency would ever 
prosecute the large and growing majority of offenses to which SAR 
filings relate, and this is one reason the ``yield'' on SARs is 
generally reported to be well under 10 percent, and close to 0 percent 
for many types of SARs.
---------------------------------------------------------------------------
     \6\ See ``SAR Stats'', available at https://www.fincen.gov/fcn/
Reports/SARStats. The total number of SARs filed in 2017 was 1,867,269.
     \7\ See 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Board of 
Governors of the Federal Reserve System) (Federal Reserve) 12 CFR 353 
(Federal Deposit Insurance Corporation) (FDIC) 12 CFR 748 (National 
Credit Union Administration) (NCUA) 12 CFR 21.11 and 12 CFR 163.180 
(Office of the Comptroller of the Currency) (OCC) and 31 CFR 1020.320 
(FinCEN) for Federal SAR regulations. The SAR requirement became 
effective April 1, 1996, and dollar thresholds have not been raised 
since.
---------------------------------------------------------------------------
    In practice, almost all banks hire one of a handful of vendors who 
construct rules for generating alerts: for example, three cash deposits 
between $5,000 and $10,000 in a 3-week period, or a wire transfer over 
$1,000 to a high-risk country (Mexico, for example). These crude rules 
generate numerous alerts, and bank investigators must then clear the 
alert or file a SAR. And examiners will be critical if the thresholds 
for a given bank are set at a level that does not generate a large 
number of alerts; so, in the event that a $1,000 threshold is not 
generating many alerts, the bank may be told to lower the threshold to 
$250, or even $0. Of course, it is widely understood that sophisticated 
criminals know these rules, as the software is for sale and widely 
distributed, and its rules do not change much over time.
    Consider the potential for revolutionary change that artificial 
intelligence therefore presents. AI does not search for typologies but 
rather mines data to detect anomalies. It gets progressively smarter; 
it would not be easily evaded; and different banks with different 
profiles would end up producing different outcomes. The current system 
is not progressing from typology to anomaly, however, because there has 
been no signal whatsoever from the regulatory agencies that dollars can 
be shifted from the existing, rules-based system to a better one.
    To be clear, this is not a criticism of bank examiners, but rather 
of the role the current system forces them to play. From a political 
and personal risk perspective, they are in a no-win situation. On the 
one hand, they are excluded when the bank they examine is pursuing real 
cases with law enforcement, national security or intelligence community 
officials, and therefore receive no credit when those cases are 
successful. But if something goes wrong--if a corrupt official or 
organization turns out to be a client of the bank they examine--the 
examiner faces blame. Thus, from an examiner and banking agency 
perspective, the only possible safe harbor is to demand more policies 
and procedures, ensure that a lot of alerts are generated and SARs 
filed, and encourage the bank to investigate exhaustively any client 
deemed high risk. While all other aspects of banking--for example, 
credit risk management--have risk appetites and tolerances, for AML/
CFT, there is none. And because banks know that the easiest way to get 
in trouble is to fail to file a SAR when examiners subsequently 
determine they should have, they probably spend more time documenting 
decisions not to file SARs--papering the file--than they do following 
up on SARs they do file. In other words, they are incentivized to 
follow the noise, not the signal.
    Enforcement trends have only served to exacerbate the impact of the 
perverse incentives underlying our system; AML/CFT-related fines on 
U.S. banks have increased exponentially over the past 5 years. 
Certainly, there have been some egregious cases where enforcement 
action was warranted, but many enforcement actions taken involve no 
actual money laundering. Rather, they are based on a banking agency 
finding that an insufficient number of alerts were being generated by 
bank systems or that not enough SARs were filed. But the primary 
problem with this enforcement history is not the size and number of 
fines that are imposed periodically, but rather how those fines and 
accompanying consent orders incentivize financial firms to allocate 
their AML/CFT resources. Such orders uniformly result in the hiring of 
more compliance personnel, the retention of consultants, the drafting 
of more policies and procedures, and the direct involvement of the 
board of directors, with resources reallocated to those functions, and 
away from more proactive ones.
    Derisking. Nowhere is this set of perverse incentives more clear 
than in the push for banks to eliminate clients in countries or 
industries that could end up creating political risk to examining 
agencies. A recent set of articles in The Economist details the 
unfortunate consequences that the misalignment in AML/CFT expectations 
and standards has created as financial institutions have worked to 
balance fear of enforcement and supervisory expectations with the AML 
compliance costs of maintaining a global business. As the writers note, 
``[d]erisking chokes off financial flows that parts of the global 
economy depend on. It undermines development goals such as boosting 
financial inclusion and strengthening fragile States. And it drives 
some transactions into informal channels, meaning that regulators 
become less able to spot suspicious deals. The blame for the damage 
that derisking causes lies mainly with policymakers and regulators, who 
overreacted to past money-laundering scandals.'' \8\
---------------------------------------------------------------------------
     \8\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too 
Risk-Averse'', The Economist, July 6, 2017, available at https://
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See 
also ``A Crackdown on Financial Crime Means Global Banks Are 
Derisking'', The Economist, July 8, 2017, available at https://
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
    The causes of derisking are clear: the systems, processes, and 
people required to manage examiner expectations for clients deemed to 
be of ``higher risk'', are extremely costly. For example, a bank may 
prepare a lengthy report on a customer only to be criticized for not 
further documenting the grounds on which it decided to retain the 
customer. Institutions are therefore required to make difficult 
decisions, because it is often times too expensive to build out this 
infrastructure to support higher risk accounts. And this does not even 
include the risk of massive fines and reputational damage in the event 
a customer designated high-risk actually commits a criminal act.
    Similarly, domestically, banks of all sizes report that customer 
due diligence (CDD) requirements have dramatically increased the cost 
of opening new accounts, and now represent a majority of those costs. 
Of course, disproportionate and heightened account opening requirements 
make low-dollar accounts for low- to moderate-income people much more 
difficult to offer and price. While the connection is not immediately 
apparent, AML/CFT expense now is clearly an obstacle to banking the 
unbanked, and a reason that check cashers and other forms of high-cost, 
unregulated finance continue to prosper. The problem, of course, is 
that bank examiners and Federal prosecutors seeking record fines do not 
internalize those costs. And those in the Government who do internalize 
those costs play no role in examining the performance of financial 
institutions.
    To put some numbers to the issue, one AML director recently 
testified that his firm employs 800 individuals worldwide fully 
dedicated to AML/CFT compliance, detection and investigation work, as 
well as economic sanctions compliance. \9\ Today, a little over half of 
these people are dedicated to finding customers or activity that is 
suspicious. The remainder--and the vast majority of employees dedicated 
to these efforts in the business and operations teams that support the 
firm's AML program--are devoted to perfecting policies and procedures; 
conducting quality assurance over data and processes; documenting, 
explaining and governing decisions taken relating to their compliance 
program; and managing the testing, auditing, and examinations of their 
program and systems.
---------------------------------------------------------------------------
     \9\ This number does not include other employees dedicated to 
anti-money laundering or economic sanctions compliance in Bank of 
America's lines of businesses, operations or technology teams. The over 
800 employees in Global Financial Crimes Compliance at Bank of America 
is greater than the combined authorized full-time employees in 
Treasury's Office of Terrorism and Financial Intelligence (TFI) and the 
Financial Crimes Enforcement Network (FinCEN).
---------------------------------------------------------------------------
The Great Opportunity Being Lost
    This lack of focus on the goals of the system is especially 
disheartening in an age in which emerging technology has the potential 
to make the AML/CFT regime dramatically more effective and efficient. 
One of the most pressing needs in enhancing the U.S. regime is to 
enable financial institutions to innovate their anti-money laundering 
programs and coordinate that innovation with their peers. As noted 
above, artificial intelligence (AI) and machine learning could 
revolutionize this area, and banks continue to discuss various concepts 
for greater sharing of information. When the SAR requirement (and its 
predecessor the criminal referral form) was first implemented, 
relatively few reports were filed, and each SAR was read by someone in 
law enforcement. Now, with banks and other financial institutions 
employing tens of thousands of people and using computer monitoring to 
flag potentially suspicious activity, almost two million SARs are filed 
per year. \10\ Law enforcement generally reads SARs only if they are 
specifically flagged by the institution, or if a word search identifies 
it as relevant to an existing investigation.
---------------------------------------------------------------------------
     \10\ SAR Stats, supra n. 6.
---------------------------------------------------------------------------
    Thus, the role of a SAR in law enforcement has changed completely, 
which is not necessarily a bad development. Because so much more data 
is available, there is extraordinary potential for the use of AI and 
machine learning to improve the system, as previously described. But 
there are obstacles. AI strategies require feedback loops, which do not 
exist in the current system. In addition, there are barriers to cross-
border information sharing of suspicious activity for global financial 
institutions. \11\ As noted above, resources are trapped elsewhere and 
several AML executives have reported that efforts to construct novel 
approaches to detecting illegal behavior have resulted in examiner 
criticism. Examiners have now also begun applying to bank AML models 
the same model risk governance rules they adopted for capital 
measurement, even though models are much more dynamic and have no 
financial reporting consequence; as a result, it now takes months, as 
opposed to weeks, to change an AML model to capture new behaviors, 
which serves as a major disincentive to innovation. \12\
---------------------------------------------------------------------------
     \11\ See TCH and FSR letter to the Treasury on its ``Review of 
Regulations'', (``2017 Joint Trades Letter to Treasury on Review of 
Regulations'') July 31, 2017, available at https://
www.theclearinghouse.org/sitecore/content/tch/home/issues/articles/
2017/07/
20170731%20tch%20and%20fsr%20comment%20on%20fincen%20and%20ofac%20regula
tions.
     \12\ Id.
---------------------------------------------------------------------------
    In sum, banks will be reluctant to invest in systems unless someone 
in the Government can tell them that such systems will meet the banking 
examiners' expectations, and can replace old, outdated methods--in 
other words, that they will be rewarded, not punished, for innovation. 
Until then, we have a database created for one purpose and being used 
for another.
    To get a sense of the potential for improvement, note that one bank 
has publicly reported that it receives follow-up requests from law 
enforcement on approximately 7 percent of the SARs it files, which is 
consistent with other reports we have received. More importantly, for 
some categories of SARs--structuring, insider abuse--that number is far 
lower, approaching 0 percent. But no one can afford to stop filing SARs 
in any category, because examination focuses on the SAR that was not 
filed, not the quality or importance of the SAR that was filed.
    Furthermore, in resolving this issue, we also must deal with the 
``last piece of the puzzle'' problem. Law enforcement will report 
anecdotally that it sometimes finds a low-dollar SAR of use as part of 
a larger investigation--not as a lead but as the last piece in a large 
puzzle. However, it is important to consider the opportunity cost of 
that SAR--the resources necessary to produce it, and whether those 
resources, if allocated elsewhere, would produce the first piece in a 
more important puzzle. As an analogy, if law enforcement rigorously 
enforced jaywalking rules, it would occasionally capture a wanted 
fugitive, but no one would consider that a good use of finite law 
enforcement resources. Again, a core problem with the current regime is 
that there is an absence of leadership making choices like these.
The Beginning of a Solution
    In early 2017, TCH issued a report offering recommendations on 
redesigning the U.S. AML/CFT regime to make it more effective and 
efficient. This report reflects input from a wide range of 
stakeholders, including foreign policy, development and technology 
experts. \13\
---------------------------------------------------------------------------
     \13\ See The Clearing House, ``A New Paradigm: Redesigning the 
U.S. AML/CFT Framework To Protect National Security and Aid Law 
Enforcement'', (TCH AML/CFT Report) (February 2017), available at 
https://www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/
2017/20170216_TCH_Report_AML_CFT_Framework_Redesign.pdf. See also TCH 
press release ``The Clearing House Publishes New Anti-Money Laundering 
Report'', (February 16, 2017), available at https://
www.theclearinghouse.org/press-room/in-the-news/
29170216%20tch%20aml%20cft%20report.
---------------------------------------------------------------------------
    The most important recommendation in the report is for the 
Department of the Treasury to accept--or, better yet, claim--
responsibility for the system. That includes convening on a regular 
basis the end users of SAR data--law enforcement, national security and 
others affected by the AML/CFT regime including the State Department--
and setting goals and priorities for the system. Treasury is uniquely 
positioned to balance the sometimes conflicting interests relating to 
national security, the transparency and efficacy of the global 
financial system, the provision of highly valuable information to 
regulatory, tax and law enforcement authorities, financial privacy, 
financial inclusion, and international development.
    Such a process has a clear precedent. The National Security 
Strategy (NSS) is a document prepared periodically by the National 
Security Council (NSC) for submission to Congress which outlines the 
major national security concerns of the United States and how the 
Administration plans to deal with them. The strategy is developed by 
the NSC through an iterative, interagency process to help resolve 
internal differences in foreign policy/national security agendas and 
effectively communicate priorities to a number of different audiences. 
There's also the National Intelligence Priorities Framework (NIPF), 
which is used to establish national priorities for the intelligence 
community. \14\ We believe that measurable outcomes or goals should be 
clearly and specifically defined for each component of our Nation's 
AML/CFT regime (including the anti-money laundering programs in 
financial institutions), and then agreed upon ways to measure the 
achievement of those outcomes or goals should be set and reported. From 
these outcomes or goals, priorities should be set regularly for the 
AML/CFT regime and promptly revisited when new risks emerge. We believe 
this is the best way to build a regime that is ultimately effective in 
achieving the desired outcome of a robust and dynamic national AML/CFT 
regime that can efficiently and quickly adapt to address new and 
emerging risks. For financial institutions, we believe that such an 
exercise would change the focus from technical compliance with 
regulations or guidance, to building anti-money laundering programs 
that achieve the clearly articulated desired and measurable outcomes or 
goals of the regime. And we believe that setting measurable outcomes or 
goals, and then tracking progress to the achievement of these goals, is 
the best way to build anti-money laundering programs and a national 
AML/CFT regime that are both effective and efficient.
---------------------------------------------------------------------------
     \14\ See Intelligence Community Directive Number 204--``Roles and 
Responsibility for the National Intelligence Priorities Framework'', 
(September 13, 2007); available at https://www.dni.gov/files/documents/
ICD/ICD_204.pdf.
---------------------------------------------------------------------------
    Reform must also recognize that of the roughly one million SARs 
filed annually by depository institutions (banks and credit unions), 
approximately half are filed by only four banks. Whereas a small to 
mid-sized bank might file a handful of SARs per year, the largest banks 
file roughly one SAR per minute. These are the same banks that are 
internationally active, and therefore present almost all of the most 
difficult policy questions with respect to derisking. Certainly, reform 
is warranted for smaller firms, where the cost of filing that handful 
of SARs is wildly disproportionate to its benefit. But if the goal is 
to catch dangerous criminals, identify terrorist activity, and reduce 
collateral damage to U.S. interests abroad, FinCEN need focus its 
examination energy on only a very few firms. This creates an 
extraordinary opportunity.
    We estimate that an examination team of only 25-30 people at FinCEN 
could replicate the existing work of the Federal banking agencies and 
the IRS (for the largest MSBs) at the largest, most internationally 
active institutions. More importantly, a dedicated FinCEN exam team for 
this small subset of large institutions could receive appropriate 
security clearances, meet regularly with end users and other affected 
parties, receive training in big data and work with other experts in 
Government. They in turn would be supervised by Treasury officials with 
law enforcement, national security, and diplomatic perspectives on what 
is needed from an AML/CFT program--not bank examiners with no 
experience in any of those disciplines. And when FinCEN turned to 
writing rules in this area, it would do so informed by its experience 
in the field. It would see the whole battlefield, and promote 
innovative and imaginative conduct that advanced law enforcement and 
national security interests, rather than auditable processes and box 
checking.
    Remarkably, this arrangement is exactly what Congress intended and 
authorized. In the Bank Secrecy Act, Congress granted FinCEN, not the 
banking agencies, authority to examine for compliance. However, over 20 
years ago, FinCEN delegated its supervisory authority to the Federal 
banking agencies, while retaining enforcement authority. At the time 
the delegation was made, FinCEN's decision was logical, even 
inevitable. The agency had few resources, and insufficient knowledge of 
the banking system. Furthermore, the Nation had over 10,000 banks, and 
those banks were more alike than different. \15\ Restrictions on 
interstate banking meant that there were no truly national banks, and 
U.S. banks generally were not internationally active. As a result, 
there was no real basis by which FinCEN could have distinguished among 
banks. Given the choice between supervising 10,000 banks or none, it 
logically chose none, effectively sub-contracting its statutory duties 
in this area to the banking agencies. \16\
---------------------------------------------------------------------------
     \15\ See ``Commercial Banks in the U.S., Economic Research of the 
Federal Reserve Bank of St. Louis'' available at https://
fred.stlouisfed.org/series/USNUM.
     \16\ In addition, in 1986, Congress granted the Federal banking 
agencies authority to prescribe regulations requiring banks to comply 
with the Bank Secrecy Act, and examine for such compliance. See 31 CFR 
1010.810. As the rule notes ``[o]verall authority for enforcement and 
compliance, including coordination and direction of procedures and 
activities of all other agencies exercising delegated authority under 
this chapter, is delegated to the Director, FinCEN.'' Id. 1010.810(a). 
See also 12 U.S.C. 1818(s).
---------------------------------------------------------------------------
    Importantly, the benefits of a FinCEN examination function would 
extend well beyond the handful of banks it examined. Priorities set and 
knowledge learned could be transferred to regulators for the remaining 
financial institutions. And innovation started at the largest firms, 
with encouragement from FinCEN, would inevitably benefit smaller firms. 
The result of FinCEN assuming some supervisory authority would be a 
massive cultural change, as the focus shifted to the real-world 
effectiveness of each institution's AML/CFT program, rather than the 
number of SARs filed or number of policies written. That change would 
start with those banks under sole FinCEN supervision, but would 
eventually spread to all institutions.
    (In that regard, I testified last year alongside a community banker 
who reported that his three-branch bank has four lending officers--and 
six AML compliance officers. \17\ While my testimony has focused on 
challenges faced by the largest banks, the AML/CFT regime is no more 
rational when imposed on the smallest.)
---------------------------------------------------------------------------
     \17\ See Testimony of Lloyd DeVaux before the House Financial 
Services Committee Subcommittee on Financial Institutions and Consumer 
Credit, June 28, 2017, available at https://
financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-ldevaux-
20170628.pdf.
---------------------------------------------------------------------------
    Relatedly, TCH recommends that Treasury undertake a review of the 
BSA/AML reporting regime to ensure information of a high degree of 
utility is reported to law enforcement as well as encourage the 
exchange of AML/CFT information between the Government and the private 
sector as well as between and among financial institutions. We applaud 
FinCEN's recently announced ``Exchange'' program which aims to 
strengthen public-private sector AML/CFT information sharing by 
convening regular briefings between FinCEN, law enforcement and 
institutions. Such sharing not only makes financial institutions' 
programs more effective and efficient, it assists in focusing their 
resources on important matters.
    Finally, one important change to the current system that requires 
new legislation is ending the use of shell companies with anonymous 
ownership. Here, the United States trails the rest of the world, and 
has been criticized by the Financial Action Task Force for being a 
shelter for criminals or kleptocrats seeking to launder money by 
adopting the corporate form and cloaking their ownership. \18\ There 
may be valid reasons why corporate owners would want to keep their 
ownership secret from the broader public; however, it is difficult to 
imagine a valid reason why corporate owners would want to keep their 
ownership secret from the State incorporating them, law enforcement, 
and a financial institution that is legally obligated to determine that 
ownership in the exercise of its BSA/AML obligations. The Clearing 
House strongly urges Congress to adopt such legislation promptly, and 
is pleased to see bicameral, bipartisan support for it.
---------------------------------------------------------------------------
     \18\ See FATF Anti-money laundering and counterterrorist financing 
measures, Mutual Evaluation of the United States (December 2016) at 18 
available at http://www.fatf-gafi.org/media/fatf/documents/reports/
mer4/MER-United-States-2016.
---------------------------------------------------------------------------
    In conclusion, I thank you for inviting me today and focusing 
Congressional attention on such an important topic. I look forward to 
your questions.
                                 ______
                                 
                 PREPARED STATEMENT OF DENNIS M. LORMEL
President and Chief Executive Officer, DML Associates, LLC, and Former 
                  Chief, FBI Financial Crimes Program
                            January 9, 2018
    Good morning Chairman Crapo, Ranking Member Brown, and 
distinguished Members of the Committee. Thank you for the opportunity 
to testify before you today. My name is Dennis M. Lormel. I have been 
engaged in the fight against money laundering, financial crimes, 
terrorist financing and other forms of illicit finance for 45 years. I 
served in the U.S. Government for 31 years, 28 of which I served as a 
Special Agent in the Federal Bureau of Investigation (FBI). I amassed 
extensive investigative experience in complex and labor intensive 
financial investigations as a street agent, first line supervisor, 
middle manager, and senior executive. In 2000, I was promoted to Chief 
of the Financial Crimes Section, in the FBI's Criminal Division. 
Following the terrorist attacks of September 11, 2001, I formulated, 
established and led the Terrorist Financing Operations Section (TFOS) 
within the FBI's Counterterrorism Division. During my FBI career, I was 
the direct beneficiary of Bank Secrecy Act (BSA) data to include 
currency transaction reports (CTRs) and suspicious activity reports 
(SARs). I experienced firsthand the value BSA data brought to 
investigations. This was especially true after 9/11. One of our 
important initiatives was a datamining project which included SAR 
reporting. For the past 14 years, I have been a consultant, primarily 
working in the financial services industry, in the anti-money 
laundering (AML), terrorist financing and financial crimes prevention 
community. In this capacity, I have worked with private sector clients 
to improve the effectiveness and efficiency of BSA reporting.
    My Government investigative and private sector consulting 
experience has provided me a unique opportunity to understand and 
appreciate two very distinct perspectives regarding the BSA. Two of the 
principal stakeholders of the BSA are law enforcement and financial 
institutions. Putting this in the context of the flow and utilization 
of financial information, law enforcement is the back end user and 
beneficiary of BSA data. Financial institutions serve as the front end 
repository and custodian of financial intelligence. Financial 
institutions also serve the critical function of being the monitor for 
identifying and reporting suspicious activity and other BSA data to law 
enforcement. Simply put, law enforcement uses BSA data to predicate or 
enhance investigations from a tactical standpoint. Law enforcement also 
uses BSA data for strategic purposes. From a simplistic standpoint, the 
flow of BSA data that is continuously filtered to law enforcement is 
invaluable. When you layer the complexities of regulatory compliance 
requirements over the monitoring and filtering process financial 
institutions must follow, the effectiveness and efficiency of BSA 
reporting from the front end monitor to the back end beneficiary, 
becomes flawed.
    My point is that the BSA system is not broken. The system is 
fraught with many inefficiencies but it works. Law enforcement 
consistently receives valuable intelligence from BSA data. The 
challenge is that the BSA system can and should be much more effective 
and efficient. In this context, I applaud the Committee for dedicating 
the time to assess the effectiveness and efficiency of BSA enforcement 
and considering reform measures to strengthen BSA reporting 
requirements.
    I'd like to take the opportunity to commend the Clearing House for 
having issued their report in February 2017 ``A New Paradigm: 
Redesigning the U.S. AML/CTF Framework to Protect National Security and 
Aid Law Enforcement''. I believe the report is a good point of 
reference to initiate discussion for reform consideration. I laud the 
Clearing House for recognizing the importance of including all 
stakeholders in the discussion. I was not involved in the two 
symposiums held to formulate the report. One concern I have about the 
report is the actual extent to which law enforcement was included as a 
contributing stakeholder. In my view, law enforcement is the most 
important stakeholder because the BSA was intended to assist law 
enforcement. When the report was issued, I contacted then current law 
enforcement executives in positions like I held and none were included 
in the deliberations. I encourage the Committee to include a variety of 
active and former law enforcement executives in your ongoing dialogue 
and efforts to strengthen the BSA.
    The BSA was passed in 1970 with the legislative purpose of 
generating reports and records that would assist law enforcement in 
following the money and developing prosecutable criminal cases. Since 
passage of the BSA, additional legislation has periodically been 
enacted to enhance regulations. Most notably, passage of the USA 
PATRIOT Act established a host of new measures to prevent, detect, and 
prosecute those involved in money laundering and terrorist financing. 
Going forward, deliberations to enhance the BSA should focus on 
systemic vulnerabilities, evolving technology, emerging trends and 
opportunities to leverage public and private partnerships and 
information sharing with an eye on continuing to enhance law 
enforcements investigative ability.
    As noted in the introduction of the BSA, ``the implementing 
regulations under the BSA were originally intended to aid 
investigations into an array of criminal activities, from income tax 
evasion to money laundering. In recent years, the reports and records 
prescribed by the BSA have also been utilized as tools for 
investigating individuals suspected of engaging in illegal drug and 
terrorist financing activities. Law enforcement agencies have found 
CTRs to be extremely valuable in tracking the huge amounts of cash 
generated by individuals and entities for illicit purposes. SARs, used 
by financial institutions to report identified or suspected illicit or 
unusual activities are likewise extremely valuable to law enforcement 
agencies''. This statement is a true reflection of BSA reporting. 
However, there is a troubling back story about perceived regulatory 
expectations that have resulted in systemic inefficiencies.
    Regardless of the extent or effectiveness of BSA regulations, 
criminals and terrorists must use the financial system to raise, move, 
store and spend money in order to sustain their illicit operations and 
enterprises. The reality is that no matter how robust an anti-money 
laundering (AML) program is, it cannot detect all suspicious activity. 
The BSA standard is that financial institutions maintain AML programs 
that are reasonably designed to detect and report suspicious activity. 
One of the regulatory challenges confronting financial institutions 
today is the question: What constitutes a reasonably designed AML 
program? Regulatory expectations, either real or perceived, have caused 
financial institutions to lose sight of the purpose of BSA reporting 
and have consequently led to many of the systemic inefficiencies of BSA 
reporting.
    In using the financial system, criminals and terrorists are 
confronted with distinct contrasts. On one hand, the financial system 
serves as a facilitation tool enabling bad actors to have continuous 
access to funding. On the other hand, the financial system serves as a 
detection mechanism. Illicit funds can be identified and interdicted 
through monitoring and investigation. Financing is the lifeblood of 
criminal and terrorist organizations. At the same time, financing is 
one of their major vulnerabilities. At the basic core level of the 
front end and back end data process flow, BSA reporting works and is 
more apt to serve as the intended detection mechanism. The more 
convoluted and distracting the regulatory process becomes, the greater 
the likelihood that the financial system serves as a facilitation tool 
for criminals and terrorists.
    There are a number of vulnerabilities or high risk areas in the 
financial system that criminals and terrorists exploit. I categorize 
them as criminal activity and facilitation tools bad actors use to 
exploit their ill-gotten gains derived from their criminal activity. 
The biggest crime problems we encounter include fraud and money 
laundering. Most criminal activity, other than select violent crimes, 
includes elements of fraud and money laundering. Drug trafficking, 
human trafficking, corruption, and other crimes contain elements of 
fraud and require money laundering. Some of the more significant 
facilitation tools include wire transfers, correspondent banking, shell 
companies (beneficial ownership), illegal money remitters (informal 
value transfer systems), non-Government organizations, credit and debit 
cards, and electronic mechanisms. In my experience, one of the biggest 
areas of vulnerability in the financial system is identifying illegal 
money remitters.
    One facilitation tool that consistently garners Congressional 
attention is the issue of beneficial ownership. Year after year, 
potential bills are introduced regarding beneficial ownership. I 
strongly encourage the Committee to consider beneficial ownership 
legislation as an enhancement to the BSA. Throughout my law enforcement 
career, I dealt with the challenge of shell companies and identifying 
true beneficial owners. Based on my experience, I believe beneficial 
ownership should be required by Secretaries of States, at the point of 
incorporation. On May 11, 2016, the Financial Crimes Enforcement 
Network (FinCEN) issued Customer Due Diligence Requirements for 
Financial Institutions (the COD Rule). The rule strengthens existing 
customer due diligence (CDD) requirements and requires banks to 
identify and verify the beneficial owners of legal entity customers. 
Financial institutions are in the process of implementing COD 
requirements. If identification of beneficial ownership were required 
at point of incorporation, the burden on financial institutions would 
be lessened.
    Regarding the BSA, it is important that all stakeholders be engaged 
in the discussion and deliberation to improve the effectiveness and 
efficiency of BSA reporting and enforcement. More importantly, all 
stakeholders should be involved in breaking down real or perceived 
regulatory impediments. In each of our areas of responsibility, all BSA 
stakeholders should strive to exploit the financial vulnerability of 
criminals and terrorists by ensuring the financial system serves as a 
detection mechanism disrupting illicit funding flows. Although the BSA 
system works, it is flawed and lacks the effectiveness and efficiency 
it was intended to achieve.
    The starting point toward improving the effectiveness and 
efficiency of BSA reporting is to improve the current system through 
building meaningful and sustainable public and private sector 
partnerships beginning with BSA stakeholders, including the financial 
services industry, regulators, policy makers, sanctioning authorities, 
intelligence experts, law enforcement, legislatures and other 
stakeholders. We need to start by improving the efficiencies of our 
current system by breaking down impediments. We then need to determine 
what enhancements to regulations should be considered.
    Building meaningful and sustainable partnerships begins with 
understanding perspectives. Each stakeholder partner possesses a 
perspective based on their professional responsibilities and 
experience. Each of our perspectives will be somewhat unique. 
Understanding and blending the perspectives of our partners will enable 
us to establish a middle ground to improve or build efficiencies upon. 
As this process evolves, we can leverage the capabilities and capacity 
of our partners. This type of evolution sets the stage for developing 
innovative ideas and proactive measures.
    One of the inherent disadvantages we have in our financial system 
and AML environment is that we are reactive. Criminals and terrorists 
have the advantage of being proactive. Our ability to add innovative 
ideas and proactive measures to an otherwise reactive system can 
achieve impactful investigative results. In fact, there have been 
recurring innovative and proactive law enforcement investigations. I 
speak from firsthand experience when I talk about developing proactive 
techniques. I can point to specific proactive law enforcement 
initiatives following 9/11 that were the direct result of innovative 
public and private sector partnerships. My emphasis here is we can be 
innovative within the current framework. We can also improve the 
current landscape through enhancements to encourage and/or incentivize 
innovation. For example, financial institutions conduct baseline 
transaction monitoring to alert to anomalies that can lead to 
identification of suspicious activity. By developing rule sets and 
scenarios that are targeted to specific transactions or financial 
activity, we are more likely to identify specific or targeted 
suspicious activity regarding specific crime problems such as human 
trafficking. Financial institutions are reluctant to employ targeted 
monitoring initiatives because of concern for the potential regulatory 
expectations or other perceived impediments such innovative thinking 
could incur.
    Included as an attachment to my testimony is an article I wrote in 
2011 for publication by the Association of Certified Anti-Money 
Laundering Specialists (ACAMS) titled ``Perspectives. Partnerships and 
Innovation''. As an example of innovative and proactive targeted 
monitoring, the article details the public and private partnership of a 
special AML investigative team at JPMorgan Chase (JPMC) in 2009, with 
Homeland Security Investigations (HSI), Immigration and Customs 
Enforcement (ICE). I provide extensive training to the financial 
services industry regarding AML, terrorist financing, fraud, 
investigations, suspicious activity reporting and related topics. I 
frequently site the JPMC and ICE collaboration as one of the best 
models for partnerships and innovation. One of the accomplishments of 
this collaboration was the effective and efficient use of BSA data 
based on targeted monitoring against human trafficking. The attached 
article also provides a sense of leveraging perspective and, the 
regulatory and collateral challenges financial institutions face by 
endeavoring to be innovative.
    As an extension of public and private partnerships, we should 
consider how to improve information sharing. The PATRIOT Act provided 
us with information sharing vehicles such as Section 314(a) where 
financial institutions can share financial information with law 
enforcement and Section 314(b) where financial institutions can share 
information with each other. Efforts should be made to enhance Section 
314 information sharing in the current environment. In addition, any 
proposed enhancements to the BSA should consider additional information 
sharing mechanisms. The more we can do to enhance information sharing, 
the more meaningful information will be for law enforcement and the 
more detrimental to criminals and terrorists. During their plenary 
session in June 2017, the Financial Action Task Force (FATF) stressed 
the importance of information sharing to effectively address terrorist 
financing. I have always been a huge proponent of information sharing 
to the extent legally allowable.
    One of the most productive examples of public and private sector 
partnership, and information sharing, is the Joint Money Laundering 
Intelligence Task Force (JMLIT) in the United Kingdom (U.K.). JMLIT was 
formed by the Government National Crimes Agency (NCA) in partnership 
with the financial sector to combat high end money laundering. JMLIT 
was established as a business-as-usual function in May 2016. It has 
been developed with partners in Government, the British Bankers 
Association, law enforcement and more than 40 major U.K. and 
international banks. I'm hopeful that the U.S. can assess and work 
through information sharing and privacy concerns in order to replicate 
the U.K. JMLIT model.
    With respect to terrorist financing, any legislative enhancement to 
the BSA should consider facilitating obtaining security clearances for 
select financial institution personnel. In most instances, law 
enforcement is precluded from sharing classified information with 
financial institutions. If financial institutions had select personnel 
with a security clearance and they could gain access to select 
classified information, they would be able to either search for 
specific financial information or establish targeted monitoring 
initiatives to identify specific financial intelligence that would be 
meaningful to classified or otherwise sensitive counterterrorism 
investigations.
    Throughout my career, I have worked closely with financial 
institution AML and fraud compliance professionals. I have the utmost 
respect for their dedication and commitment to protecting the integrity 
of their financial institutions and for identifying the misuse of the 
financial system by bad actors. Next to my former law enforcement 
colleagues, I hold my friends in AML and fraud compliance in the 
highest regard. It is important to note that the BSA shortcomings we 
face are systemic problems caused by multiple factors and not by groups 
of individuals. One of the positive trends evolving within financial 
institutions, in part, founded on the dedication factor of AML 
professionals that I complimented, is the formation of financial 
intelligence units and/or special investigations teams established to 
deal with terrorist financing and emergency response situations such as 
the Panama Papers, the FIFA scandal and human trafficking. In addition 
to developing proactive mechanisms, like targeted monitoring, these 
teams have developed ``urgently'' reactive capabilities to respond to 
terrorist and emergency situations requiring immediate response. As I 
mentioned earlier, AML programs are inherently reactive. One of the 
best reactive mechanisms we possess is negative news reporting. For 
example, when terrorist incidents like the attacks in New York in 
October and December 2017 occurred, as soon as the names of the 
perpetrators are announced, these special investigations teams 
immediately run the perpetrator names through their systems and should 
they identify accounts or transactional activity involving those 
individuals, they immediately contact law enforcement.
    Like the JPMC and ICE human trafficking targeted monitoring program 
I mentioned, I'm aware of a major bank that has formed a special 
investigative team to similarly search for human trafficking that could 
be related to a forthcoming major sporting event. I' m not at liberty 
to further identify the financial institution or circumstances. 
However, it is important to note that financial institutions and law 
enforcement do participate in targeted monitoring projects and when 
they are able to do so, BSA data flows from the front end monitor (a 
financial institution) to the back end beneficiary (law enforcement) in 
a timely and, effective and efficient manner.
    I encourage all financial institutions to establish special 
investigations or critical incident response teams. I teach and view 
these teams analogous to law enforcement Special Weapons and Tactics 
(SWAT) teams. SWAT officers receive regular intensive training to deal 
with dangerous emergency response situations. Most SWAT officers have 
other primary law enforcement assignments, and SWAT is a collateral 
duty. Financial institution SWAT or critical incident response or 
special investigations teams should also receive special training for 
dealing with emergency response and targeted proactive investigative 
situations. Regardless of the size of a financial institution, all 
financial institutions should establish special investigative teams to 
identify and report targeted suspicious activity. Whether the team is a 
unit or one investigator, all financial institutions should develop 
emergency response capabilities.
    In my training programs regarding money laundering, fraud and 
terrorist financing, I stress the importance of situational awareness. 
Situational awareness is being aware of and responsible for your 
physical surroundings regarding your personal safety and security. If 
you see something, say something. The same principles apply to money 
laundering, fraud and terrorist financing. You need to be situationally 
aware of and understand the flow of funds for illicit purposes. Much 
the same, we all need to be situationally aware of the vulnerabilities 
to the financial system and ensure the BSA is as effective and 
efficient as it can be.
    The most important BSA report is a SAR. In most instances, the 
biggest regulatory compliance breakdown resulting in some sort of 
enforcement or regulatory action is the failure to file SARs or to 
adequately file SARs. I cannot underscore enough that law enforcement 
is the direct beneficiary of SARs. Regardless of systemic 
inefficiencies, law enforcement consistently benefits from SAR filings.
    SARs are used tactically to predicate and/or enhance criminal 
investigations. SARs are also used strategically for analytical 
purposes. When attempting to measure effectiveness and efficiency of 
SAR filing, we cannot solely rely on the percentage of SARs filed 
versus the number of SARs used to predicate or enhance an 
investigation. We must also factor in how SARs are used strategically 
for trend analysis and analytical purposes. Finding accurate metrics to 
determine the effectiveness and efficiency of SAR filing is extremely 
difficult.
    When I was in law enforcement, I used SARs for both strategic and 
tactical purposes. When I was Chief of TFOS at the FBI, we established 
a financial intelligence unit. I wanted to know on a recurring basis 
what were the emerging threat trends, as well as emerging crime 
problems. SARs were one of the data sets we used for such trend 
analysis. We also used SARs for tactical purposes in furtherance of 
investigations. We used financial intelligence, some of which was 
derived from BSA data, to include SARs and CTRs, for tactical proactive 
investigations and for tactical reactive or more traditional ``books 
and records'' ``follow the money'' investigations. We used datamining 
technology for both strategic and tactical initiatives. I believe that 
the FBI continues to use BSA data for strategic and tactical 
investigative purposes.
    I developed a flow chart I use for training purposes describing the 
``lifecycle'' of a SAR. It tracks a SAR from the point of origin when 
it's filed with FinCEN through both regulatory and law enforcement 
review and investigative tracks. During their lifecycle, some SARs go 
directly to support investigations and some remain in the SAR database. 
A number of SARs that go into the SAR database will be used to support 
investigations at later times. Regardless of whether SARs are used to 
support investigations, they will be used in datamining initiatives to 
develop trend analysis or other strategic analyses.
    Following my retirement from the FBI and as I have gained more of a 
financial institution perspective, based on my experience as a 
consultant, I have become more sensitive to the perceived lack of 
feedback to financial institutions from FinCEN and law enforcement 
regarding the value of SARs and how SARs should be written to get law 
enforcements attention. FinCEN has done a good job of discussing the 
value of SARs in their SAR Activity Review publications. In recent 
years, FinCEN has recognized financial institution personnel as the 
front end provider and law enforcement agents as the back end consumer 
for outstanding investigations involving BSA data.
    When I was Chief of Financial Crimes, and subsequently TFOS, I had 
frequent meetings with Jim Sloan. During that time period, Mr. Sloan 
was Director of FinCEN. We often discussed developing a SAR feedback 
mechanism from law enforcement through FinCEN to financial 
institutions. There were many impediments that existed at the time, 
much as they continue to exist today, that precluded us from developing 
a consistent feedback mechanism. Some impediments include the ongoing 
nature and secrecy of Federal grand jury investigations, the time lapse 
from when a SAR was filed and an investigation completed, resource 
constraints and other factors. Feedback regarding SARs warrants further 
consideration. This is an area where the Committee should consider 
dialogue with FinCEN and senior law enforcement executives.
    The law enforcement utilization of SARs, as I have described how I 
used SARs as an FBI executive, was more at a program level than at the 
grass roots investigations level. At the program level there is a 
greater use of datamining and advanced analytics. At the grass roots 
field level, SARs are dealt with more in the form of individual manual 
reviews where each SAR is physically reviewed. For example, every U.S. 
Attorney's Office has a SAR review team. Even though the SAR review 
teams use excel spreadsheets and other analytics, they review SARs by 
hand. The reason this is important for the Committee is at the program 
level, I was more inclined to want to see more SARs filed. For our 
datamining purpose, more was better. At the grass roots level, SAR 
review teams would prefer to see less numbers of SARs filed. In this 
context, less is better. As a field agent and middle manager, I 
reviewed SARs manually, and I understand the grass roots perspective as 
well as the program perspective. Therefore, it is incumbent that as the 
Committee proceeds, you speak to a variety of law enforcement 
stakeholders to gain the best context available.
    One final issue where law enforcement should be the primary 
stakeholder to potential legislation is the issue of CTR and SAR 
reporting thresholds. Since SARs were first implemented, the reporting 
thresholds have been the same. Periodically, banking associations and 
financial institutions have recommended that reporting thresholds be 
adjusted to account for inflation. I strongly believe that CTR and SAR 
reporting thresholds should remain as they are. Law enforcement would 
lose valuable financial intelligence if thresholds are raised. This is 
especially true for terrorist financing, where our primary threat is 
from homegrown violent extremists. My sense is that when we identify 
homegrown violent extremists and financial institutions run their 
names, a high percentage of them will have transactional activity 
involving CTRs.
    As I've stated, at the core level, the flow of BSA data from the 
front end provider (financial institutions) to the back end consumer 
(law enforcement) is good. When financial institutions can be proactive 
and more targeted in their monitoring and reporting, the BSA data they 
provide is more effective and efficient. When the data flow becomes 
convoluted and more constrained, the system becomes more flawed and 
ineffective and inefficient.
    Thank you again for affording me the opportunity to testify today. 
I look forward to responding to any questions you have.



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                 ______
                                 
                 PREPARED STATEMENT OF HEATHER A. LOWE
  Legal Counsel and Director of Government Affairs, Global Financial 
                               Integrity
                            January 9, 2018
    Thank you for the opportunity to testify before you today on the 
subject of Combating Money Laundering and Other Forms of Illicit 
Finance and the Opportunities to Reform and Strengthen BSA Enforcement. 
I hope that my contributions to today's hearing will help you take 
measured and informed decisions that are in the public's interest with 
respect to the U.S.'s anti-money laundering (AML) regime as set forth 
in the Bank Secrecy Act (BSA).
    Money laundering is a vast subject and there are many different 
facets that it would be worthwhile for this Committee to examine. I 
will discuss some of those areas in my testimony today but, as I am 
sure you will discover as we delve deeper into the topic, there may be 
a great deal more that you wish to explore moving forward. I am happy 
to assist to the extent that I can.
    In my testimony, I will provide information and opinions regarding 
the following: Trends in compliance, Suspicious Activity Reports 
(SARs), Know Your Customer (KYC)/Customer Due Diligence (CDD), and the 
balance of activity and obligations between the Financial Crimes 
Enforcement Network (FinCEN) and the private sector. Some of my remarks 
will directly address recent proposals by The Clearing House in their 
publication ``A New Paradigm: Redesigning the U.S. AML/CFT Framework to 
Protect National Security and Aid Law Enforcement'', as I am sure that 
you are giving consideration to those proposals. (CFT refers to 
countering the financing of terrorism.)
    Some of the key points that I will be making in my testimony are:

  1.  Money laundering and the technology that can help us combat it 
        are both evolving and, in light of this, it is appropriate to 
        consider whether changes to our regulatory structure should be 
        made. Equally, however, it is critical that Congress consider 
        and carefully weigh the potential benefits against potential 
        negative ramifications before making decisions in this area.

  2.  Enforcement against money laundering is primarily through 
        identification of regulatory infractions as opposed to through 
        criminal charges of actual money laundering. This may be 
        because it is much easier to find evidence of regulatory 
        infractions, the burden of proof is lower, and it is far less 
        costly for the Government than pursuing a criminal money 
        laundering charge, and there is a clear dissuasive effect. 
        Despite this, when we look at the cases where enforcement was 
        merely through identification of deficiencies of AML systems 
        and filing requirements, the hallmarks of serious criminal 
        money laundering are there in the cases. As a result, 
        decreasing the ability to enforce using the regulatory approach 
        may have serious, negative repercussions on compliance and, 
        ultimately, criminal access to the U.S. banking system.

  3.  It is critical that information about the natural person(s) who 
        own or control companies (the beneficial owners) is finally 
        collected by either the State or Federal Government and is made 
        available to law enforcement and to financial institutions. 
        Companies with unknown or hidden ownership are the number one 
        problem in the AML world and the U.S. cannot continue to allow 
        our failure to act to put the U.S. and global financial system 
        at risk.

  4.  I would strongly caution against transferring responsibility for 
        setting AML priorities for individual banks from those banks to 
        FinCEN. Banks are best placed to understand their business and 
        their systems and the money laundering risks inherent therein, 
        and create the systems that work best in their business models 
        to combat money laundering. FinCEN and/or other regulators 
        should review those assessments but cannot be responsible for 
        carrying them out.

  5.  The Clearing House recommends greater information sharing among 
        banks and with the Government in a number of ways. While we 
        generally support greater sharing of information in the AML 
        area, it must be done with appropriate privacy safeguards. 
        Where it may result in a person being denied banking services 
        at all, there must be a system for redress for people to be 
        able to restore that access if they can demonstrate that they 
        are involved in legitimate activity.

  6.  Transferring raw banking data from banks to FinCEN to analyze 
        (with appropriate privacy safeguards) is not a bad idea. 
        However, it is essential that we do not absolve banks of the 
        responsibility to carry out their own analysis as well, which 
        they have the ability to review within the context of the 
        additional client information that they have, because they are 
        the gatekeepers to the financial system. The Federal Government 
        cannot do this alone.

  7.  AML compliance and reporting is undertaken by a wide range of 
        entities and persons, going far beyond the banking sector. Any 
        proposed changes should consider the implications for all of 
        these types of entities and persons.

  8.  Some types of entities and persons should be required to have AML 
        programs in place that currently do not, such as those involved 
        in real estate closings, lawyers, and others. The banking 
        sector cannot and should not carry this responsibility alone, 
        especially where these persons act as a proxy to open the door 
        to the financial system for criminals and their money.

  9.  Suspicious Activity Reports are meant to be just that, reports of 
        ``suspicious'' activity. Requiring bank employees to determine 
        if activity is in fact illegal before filing a SAR would be 
        counterproductive for a number of reasons, including increasing 
        the burden on bankers who would consequently have to make a 
        new, legal determination.

  10.  Congress should request from the various regulators data 
        regarding formal and informal enforcement actions pertaining to 
        AML/BSA violations and deficiencies so that they are able to 
        independently asses the appropriateness of the enforcement 
        regime currently in place.

  11.  Both small banks and large banks have been the subject of major 
        money laundering cases.

  12.  Money laundering and sanctions violation cases over the past few 
        years relate to willful, knowing, and egregious violations of 
        U.S. laws and regulations that have resulted in U.S. and 
        foreign banks granting access to hundreds of millions of 
        dollars in funds supporting genocide and funds supporting 
        major, violent South American drug cartels into our system, to 
        name a few examples. The fines that have resulted from these 
        cases have been seen by the banking industry as heavy and so 
        banks have begun to take AML regulations that have been in 
        place for many years more seriously as the possibility and 
        repercussions of enforcement have increased. I would therefore 
        remind Members of Congress that the regulatory ``burden'' has 
        not actually been increasing, the threat of being found out is 
        what has actually increased.
Preface: Who Has AML Compliance Responsibilities?
    One thing to keep in mind for the purposes of AML is that the term 
``financial institution'' (FI) is defined very broadly and encompasses 
a much wider range of types of entities than most people realize. Being 
classified as a financial institution means that an entity must 
generally have some sort of AML compliance in place, with the main 
types of FIs \1\ being required to have an AML compliance program, 
conduct customer due diligence and know your customer checks, monitor 
accounts, and file suspicious activity reports and currency transaction 
reports. I have included the definition of ``financial institutions'' 
at the end of this testimony for information. Today you have before you 
representatives from three banking associations, but it is important to 
consider that any changes to the AML/CFT regime will affect a much 
wider range of entities and persons, such as currency exchanges, 
casinos, dealers in precious metals, stones or jewels, pawn brokers, 
and insurance companies, which you should also factor into your 
decision making.
---------------------------------------------------------------------------
     \1\ This includes insured banks, commercial banks, agencies or 
branches of a foreign bank in the U.S., credit unions, savings 
associations, corporations acting under section 25A of the Federal 
Reserve Act 12 U.S.C. 611, trust companies, securities broker-dealers, 
futures commission merchants (FCMs), introducing brokers in commodities 
(IBs), and mutual funds. FATF Mutual Evaluation Report of the United 
States, December 2016, available at http://www.fatf-gafi.org/media/
fatf/documents/reports/mer4/MER-United-States-2016.pdf.
---------------------------------------------------------------------------
    There are also a few persons that ought to have U.S. AML 
obligations but currently do not. Although banks serve as an immediate 
gateway into the U.S. financial system and must therefore bear 
significant responsibility for preventing criminals and other 
wrongdoers from finding safe haven here, they shouldn't bear that 
responsibility alone. Other actors that handle large sums of money, 
such as persons involved in real estate transactions, escrow agents, 
investment advisors, lawyers, corporate service providers, and 
accountants must also take responsibility for knowing with whom they 
are doing business and guard against their services being used to 
launder dirty money. Excluding these nonbank sectors renders the U.S. 
financial system vulnerable to serious, ongoing money laundering 
threats as shown by multiple media reports about how, for example, 
anonymous ownership of high-value real estate facilitates money 
laundering, \2\ a 60 Minutes segment showing how lawyers facilitate 
money laundering by corrupt foreign Government officials, \3\ and of 
course the Panama Papers which disclosed how corporate formation agents 
and lawyers help wrongdoers hide and launder criminal proceeds.
---------------------------------------------------------------------------
     \2\ See, e.g., The New York Times series ``Towers of Secrecy'' 
available at https://www.nytimes.com/news-event/shell-company-towers-
of-secrecy-real-estate.
     \3\ Can be accessed at http://www.cbsnews.com/news/anonymous-inc-
60-minutes-steve-kroft-investigation/.
---------------------------------------------------------------------------
    Technically, persons involved in real estate closings are already 
classified as FIs per the definition established by the USA PATRIOT Act 
in 2001, but they were given a ``temporary exemption'' (which had no 
sunset clause) from AML compliance requirements in 2002. Despite 
Treasury conducting a comment period with respect to AML compliance in 
the real estate sector in 2003, they have not removed that temporary 
exemption. Congress should consider doing so.
    Addressing the money laundering risks posed by these nonbank 
sectors and actors would finally bring us in line with international 
anti-money laundering standards--agreed to by the U.S., as a leading 
member of the Financial Action Task Force (FATF), the international 
anti-money laundering standard-setting body. In FATF parlance, most of 
these persons are referred to as ``Designated Non-Financial Businesses 
and Professions''. Members of FATF, including the U.S., are supposed to 
require most of these persons to have AML compliance programs, and many 
of its member countries have already done so.
I. Trends in Compliance
A. Understanding Regulatory Enforcement Data
    As you know, the money laundering realm is governed by statutes 
which both criminalize the act of laundering money \4\ and impose civil 
and criminal penalties for the failure of a financial institution to 
have an effective AML program. \5\ Under Federal law, the type, nature, 
and scope of a financial institution's AML systems and controls depend 
upon the institution's risk profile, which differs significantly for 
banks that, for example, serve a local, rural community versus a global 
institution that operates in high-risk foreign environments. A 
financial institution's risk profile depends upon its assessment of the 
types of risks it faces, which are a function of where it operates, 
what products and services it offers, and what clients it takes on, 
among other variables.
---------------------------------------------------------------------------
     \4\ 18 U.S.C. 1956-1957.
     \5\ The Currency and Foreign Transactions Reporting Act of 1970, 
31 U.S.C. 5311 et seq. (regulations at 31 CFR Ch. X).
---------------------------------------------------------------------------
    Developing accurate risk assessments and AML compliance regimes is 
therefore an art and not a science, and requires a great deal of 
judgment. It is the job of the regulators to determine if a financial 
institution has gotten it right--whether the FI's risk assessment is 
comprehensive and reasonable, whether its AML systems and controls are 
appropriately responsive to those risks, and whether those systems and 
controls are effective. The examination reports that result from 
regulators' reviews are highly confidential and exempt from public 
records requests, \6\ although this Committee has the authority to 
review those examination reports should it want to review their content 
and reasonableness. \7\
---------------------------------------------------------------------------
     \6\ Exemption of examination reports from public availability. See 
12 CFR 261.14 (Federal Reserve Board); 12 CFR 309.5(g)(8) (FDIC); 12 
CFR 4.12(b)(8) (OCC).
     \7\ Prohibition on banks disclosing information from their 
examination reports. See 12 CFR 261.20(g), 12 CFR 261.2(c)(1) 
(Federal Reserve Board); 12 CFR 350.9 (FDIC); 12 CFR 18.9 (OCC).
---------------------------------------------------------------------------
    My organization was hired by a third party in 2015 to undertake a 
confidential study of AML enforcement in the U.S. and the U.K. between 
2001 and 2015. That study was carried out by myself and our Policy 
Counsel Elizabeth Confalone. I have permission to share some of our 
observations from that report with you today, but unfortunately I am 
unable to share the entire report.
    One of our primary observations was that, apart from the rather 
small number of publicly available deferred prosecution agreements 
(DPAs) and nonprosecution agreements (NPAs) that financial institutions 
have entered into with respect to AML-related activity, it is extremely 
difficult to determine the number and nature of the formal and informal 
enforcement actions taken by regulators in response to BSA/AML 
deficiencies because (i) very little information about informal actions 
is available to Congress or the public, (ii) information about formal 
actions is not in a machine-readable format--meaning that one must open 
and read every file to know what the infraction(s) was, and (iii) 
``actions'' taken by regulators do not always indicate misconduct--an 
``action'' for the FDIC terminating deposit insurance for a banking 
unit whose deposits were transferred to another bank within the group 
is lumped together with an ``action'' for the systemic violation of 
U.S. sanctions laws.
    A second observation was that, based upon a review of the 
enforcement actions that could be identified as related to AML 
deficiencies, the Federal Government rarely charged a financial 
institution with the criminal offense of money laundering, favoring 
instead a finding that the institution had violated Federal 
requirements to have an effective AML program and report suspicious 
activity to law enforcement. This was the approach even when the 
hallmarks of criminal money laundering seemed clearly present in the 
cases. This may be because it is easier to prove deficiencies in AML 
compliance than it is to meet the criminal standard of proof for money 
laundering. In light of this, it is important to carefully consider 
how, for example, shifting responsibility for AML risk analysis for FIs 
and aggregate data analysis from the private sector to FinCEN (as has 
been proposed in different ways by The Clearing House) could hamper the 
Government's use of civil enforcement actions to combat money 
laundering, which uses far less time and fewer Government resources 
than criminal prosecution would entail, with important dissuasive 
results.
B. What Does an Overview of Selected Enforcement Tell Us?
    The best source of data on AML/BSA-specific enforcement actions 
providing sufficient detail for adequate analysis are (i) 
nonprosecution agreements (NPAs) and deferred-prosecution agreements 
(DPAs), and (ii) FinCEN data. My organization, Global Financial 
Integrity, reviewed those data sets in order to conduct a more detailed 
analysis of AML/BSA-specific violations and trends in enforcement. I 
will discuss each of these in turn.
    FinCEN Enforcement Actions
    Unlike bank regulatory agencies that tend to be more concerned with 
ensuring the general health and stability of our financial system, 
FinCEN's specific mission is to ``safeguard the financial system from 
illicit use and combat money laundering and promote national 
security.'' \8\ As a result, FinCEN's enforcement actions relate solely 
to issues involving money laundering and illicit finance.
---------------------------------------------------------------------------
     \8\ Financial Crimes Enforcement Network, Mission Statement, 
available at http://www.fincen.gov/about_fincen/wwd/mission.html.
---------------------------------------------------------------------------
    Given the available data, we analyzed 61 separate actions \9\ 
against 52 different banks. \10\ There were 26 American banks subject 
to FinCEN actions, and 26 foreign banks and U.S. branches and offices 
of foreign banks that were subject to FinCEN actions. Each case 
involved multiple failings over a period of years, making 
categorization of the violations challenging.
---------------------------------------------------------------------------
     \9\ Technically, the DPAs and NPAs are ``cases'' and the FinCEN 
notices are ``actions,'' however for ease of reference we will use the 
term ``actions'' here.
     \10\ In a few instances there was both a FinCEN action, as well as 
a DPA or NPA relating to the same bank activity, and we have counted 
those as one case each because they cover the same bank activity.
---------------------------------------------------------------------------
    Within the FinCEN actions, the most common thread was a failure to 
file suspicious activity reports, however the violations were usually 
accompanied by a large range of other AML system violations such as a 
failure to carry out customer due diligence, failure to verify the 
source and use of funds, failure to identify red flag activity, failure 
to have an adequate AML program, failure to have enough compliance 
staff, and failure to train staff, among other deficiencies.
    Among the full body of 61 cases, 13 of the actions included 
problems relating to money service businesses (MSBs) (mainly foreign) 
and the processing of the cash and monetary instruments by those MSBs, 
including issues with the identification and risk-rating of MSB 
clients. Ten of the actions involved problems with the management of 
foreign correspondent accounts and the processing of the cash and 
monetary instruments for correspondent accounts, including the 
identification and risk-rating of the clients. Several banks had 
violations relating to their failure to file required currency 
transaction reports, and there were a hodge-podge of other specific 
violations as well, such as fraud and problematic trade finance 
activity. Five of the actions involved banks that had foreign 
Politically Exposed Person (PEP) clients, some coupled with failures to 
carry out adequate customer due diligence on those PEPs, to verify the 
source and use of funds, or monitor the client accounts appropriately.
    The FinCEN actions contained damning details illustrating the 
banks' failures, but were always drafted to focus on the civil law 
violations as opposed to the activity that might, in fact, be criminal. 
For example, The Foster Bank, based in Chicago, was sanctioned by 
FinCEN for violations relating to having an ineffective money 
laundering program in place. Illustrating the types of activity that 
Foster's AML deficiencies permitted to occur, the FinCEN action states:

        For example, from April 1999 through August 2002, one customer 
        who operated a sportswear business purchased approximately 
        $674,390 in cashier's checks, all individually purchased below 
        the $3,000 Bank Secrecy Act record-keeping threshold for 
        monetary instrument transactions. Concurrently, from April 1999 
        through August 2002, the same customer engaged in a pattern of 
        structured transactions involving over $6,199,616 in cash 
        deposits in amounts under $10,000 per deposit. Ultimately, in 
        December 2002, the Bank discovered that this customer had 
        conducted nearly $10 million in cash transactions between April 
        1999 and November 2002.

        Another Foster customer routinely made cash deposits in the 
        amounts of $9,900 up to four times daily. The Bank retained no 
        documentation in its file to support a legitimate business 
        reason for these deposits.

        Other customers engaged in large aggregate cash transactions, 
        totaling an average of $300,000 to $600,000 per month, at least 
        some of which appeared to be designed to avoid currency 
        transaction reporting. Foster did not have documentation 
        supporting the legitimacy of the customers' banking activities 
        and failed to file timely suspicious activity reports for these 
        customers. \11\
---------------------------------------------------------------------------
     \11\ FinCEN, ``Assessment of Civil Money Penalty Against the 
Foster Bank'', Case No. 2006-8, at 5, http://www.fincen.gov/news_room/
ea/files/foster.pdf.

    This description indicates that that these customers were engaging 
in activities that were likely illegal, given the lengths that they 
went to in order to the avoid money laundering reporting requirement 
that deposits of $10,000 or more be reported to FinCEN on a Currency 
Transaction Report (CTR). The FinCEN action is concerned with Foster's 
failure to identify these avoidance techniques, but we can find no 
corresponding case in Illinois where the bank is actually charged with 
the criminal act of laundering money for its clients. At the time we 
conducted this research, we did not find any records relating to 
prosecution of persons in Illinois who used the accounts at Foster 
Bank, although a case against an individual might not mention the 
bank's name. Therefore, while this case has multiple hallmarks of money 
laundering activity, there was no prosecution for the laundering that 
we could find. Further, we were unable to find evidence that these 
clients' activities were even investigated by Illinois State or Federal 
authorities.
    Having reviewed the FinCEN actions, we are under the impression 
that the vast majority of the sanctioned banks knew or should have 
known (as is the standard) that their services were being used to 
launder proceeds of some sort of illegal activity (although they may 
not have known precisely what kind of illegal activity), and that some 
of the banks may have either been established for that specific 
purpose, or the banks' business was somehow taken over by those 
clients. This misconduct is most evident in the cases relating to small 
banks, where in several cases the clients that were engaging in 
activity that should have raised red flags and caused the banks to file 
SARs were a large percentage of the small bank's business.
    For example, North Dade Community Development Federal Credit Union 
was a nonprofit community development bank based in North Dade County, 
Florida, with $4.1 million in assets. As a community development bank, 
its clients were supposed to be limited to people who live, work or 
worship in the North Dade County area. North Dade had only one branch 
and only five employees. Despite its small, local focus, North Dade was 
servicing multiple money service businesses that were located outside 
of its geographic field of membership and that were engaging in high-
risk activities. For example, records showed ``(1) deposits in excess 
of $14 million in U.S. cash that was physically imported into the 
United States on behalf of nearly 40 Mexican currency exchangers, and 
(2) hundreds of millions of dollars in wire transfers to foreign bank 
accounts of MSBs located in Mexico and Israel.'' \12\ It is difficult 
to believe that the bank's five staff members were unaware of the 
likelihood that the bank was being used to launder money via their MSB 
clients, and it is wholly possible that the bank was either established 
to carry out illegal activity or was overtaken by criminal clientele.
---------------------------------------------------------------------------
     \12\ FinCEN, ``In the Matter of North Dade Community Development 
Federal Credit Union'', Number 2014-07, at 7, 8, 9, Nov. 25, 2014 
(hereinafter, ``FinCEN North Dade Enforcement Action''), http://
www.fincen.gov/news_room/ea/files/NorthDade_Assessment.pdf.
---------------------------------------------------------------------------
    DPAs and NPAs
    We also reviewed deferred prosecution agreement and nonprosecution 
agreements (DPAs and NPAs) related to BSA/AML violations, which we drew 
from the University of Virginia School of Law's Federal Organizational 
Prosecution Agreements collection. \13\ As you know, NPAs and DPAs 
represent a step beyond agency enforcement actions. They represent 
settlements of criminal and civil cases brought by the Government 
against corporations where the corporation generally admits to certain 
facts, agrees to take certain remedial measures, and often pays a fine 
in exchange for the Government deferring or discharging the 
prosecution. In the case of NPAs, the matter is settled once the 
Government has signed the agreement. In the case of DPAs, the 
Government has the option of renewing the prosecution if the company 
does not implement the required remedial measures or continues to 
otherwise act unlawfully.
---------------------------------------------------------------------------
     \13\ Brandon L. Garrett and Jon Ashley, ``Federal Organizational 
Prosecution Agreements'', University of Virginia School of Law, at 
http://lib.law.virginia.edu/Garrett/prosecution_agreements/.
---------------------------------------------------------------------------
    The DPAs and NPAs we reviewed settled actual cases against banks 
brought by the U.S. Department of Justice. We reviewed 36 DPAs and NPAs 
involving banks. Eleven of those did not involve AML/BSA-related 
infractions. Eight of the agreements related to sanctions-busting 
violations, where the banks were stripping wires of key information, 
re-routing the wires, or taking other actions to evade U.S. sanctions 
laws. Fourteen cases involved money laundering violations, ten of which 
were also the subject of FinCEN actions, and therefore included in the 
analysis above. Only four banks were the subject of money laundering-
related DPAs/NPAs that did not have a corresponding FinCEN action. Five 
of the cases were against large, international banks for aiding and 
abetting large-scale tax evasion by Americans. Several cases were 
included in the count of both the sanction violations and money-
laundering categories because their conduct and the terms of their 
agreements included both types of violations.
    Several of the money laundering cases involved funds being moved 
from developing or middle income countries into the U.S. via money 
service businesses or correspondent banking activities. The majority of 
the countries involved were South or Central American (mainly focusing 
on the Black Market Peso Exchange) or Middle Eastern. One case involved 
a bank in Nigeria and one case involved Russian banks. The countries 
that arise in these cases are not surprising in light of the American 
political priorities of fighting drug crime and terrorist financing.
    Some Useful Perspective
    Lastly in this section, I'd like to remind Members of the Committee 
that although the headline-grabbing figures relating to BSA/AML 
enforcement for FIs' may seem large, they pale in comparison to some of 
the egregious, willful violations taking place. Two examples:
    HSBC USA was fined a mere $1.9 billion in 2012 for:

    Failing to have required money laundering controls applied 
        to over $200 trillion in wire transfers it received over a 3-
        year period (that's about 3x global GDP),

     Of which $670 billion came from Mexico, which it had 
        classified as a low risk country for money laundering although 
        the U.S. Department of State and many, many others classify it 
        as high risk, and

     Of which $881 million was determined to be proceeds of 
        drug trafficking by the Mexican Sinaloa Cartel and the 
        Columbian Norte de Valle Cartel.

     Bear in mind that we have no idea what other percentage of 
        that $200 trillion was dirty money flowing through HSBC USA 
        because the AML controls were turned off.

    Failing to have the required money laundering controls in 
        place with respect to the purchase of $9.4 billion in cash from 
        its Mexican subsidiary.

    Processing wire transfers with inadequate information that 
        were the result of other HSBC subsidiaries' efforts to ensure 
        that U.S. dollar transactions from sanctioned countries like 
        Iran and Libya were cleared in the U.S.

    BNP Paribas, France's largest bank, was fined $8.9 billion in 2014 
for:

    Processing over $190 billion in transactions through its 
        New York office for clients in the sanctioned countries of 
        Sudan, Iran, and Cuba,

     at one point providing over half of the banking services 
        in use by the Sudanese Government, enabling this Government, 
        sanctioned by the U.S. for perpetrating genocide, to process 
        its oil money (denominated in dollars) and continue to purchase 
        the weapons it needed and pay its soldiers to continue to 
        engage in mass-murder, and

     knowingly providing banking services in U.S. dollars for 
        people subject to individual and specific sanctions.
C. Conclusion of Analysis and Recommendation
    Our analysis of the AML enforcement data showed that small banks, 
even local banks, can be and are used to move illicit funds in the same 
way that large, international banks are used. In addition, our analysis 
of the DPAs, NPAs, and FinCEN actions establishes that banks of all 
sizes knowingly and intentionally facilitate the movement of illicit 
funds. In none of the cases reviewed does it appear that the bank was 
unwittingly involved in the movement of illicit money, many of which 
appeared to have been the subject of previous regulatory warnings. SAR 
filing violations were a factor in almost every single one of these 
cases, but they were far from the most serious violations.
    Due to the limitations on access to data, our analysis is 
incomplete. Additional analysis should be undertaken prior to making 
major alterations to the existing U.S. AML regime. We therefore 
recommend that the Members of the Committee undertake a more in-depth 
review of the AML enforcement data prior to making any policy changes. 
This review could include requesting each regulator to identify which 
of their formal and informal enforcement actions over the last 10 years 
relate to AML/BSA or sanctions violations and to include information in 
the searchable/sortable data fields indicating the type of infraction 
involved and the laws or regulations that were violated. In addition, 
we recommend that the Committee obtain the documents related to a 
sample of the formal and informal enforcement actions taken by each 
agency to get a better sense of the misconduct involved and the quality 
of enforcement actions taken. Finally, it would be ideal if all the 
regulators adopted the same fields and display format on their website. 
This will allow for more effective and efficient Congressional 
oversight moving forward, and make it easier for FIs to search the data 
to identify evolving criminal methods and trends.
II. Suspicious Activity Reports (SARs)
    The Nature of SARs. Suspicious Activity Reports (SARs) are an 
important part of the BSA/AML framework, but the nature of SAR filing 
has changed over time and could be reviewed. It is important for the 
Committee to understand that SARs were intended to be just that, 
reports of suspicion of criminal activity. They are not called illegal 
activity reports, because FI employees are not required to determine if 
the activity they are seeing is actually illegal. Instead, FI employees 
are supposed to file reports where they see something out of the 
ordinary and simply have a suspicion that there is a problem. Requiring 
bank employees to go further and make a determination that an activity 
is actually illegal would be an unrealistic and unwarranted 
expectation. There is no ``bright line'' test for when a SAR should be 
filed because that is contrary to the intended nature of a SAR.
    The Clearing House has nevertheless proposed that further guidance 
be provided by FinCEN to ``relieve financial institutions of the need 
to file SARs on activity that is merely suspicious without an 
indication that such activity is illicit.'' That recommendation would 
fundamentally change the nature of SAR reports and would actually make 
bank employees' tasks much more difficult and risky. After all, it 
clearly requires a greater amount of effort and legal analysis to 
determine whether an activity is, in fact, illicit rather than merely 
suspicious.
    One source of tension in this area appears to be that law 
enforcement wants SARs to include as much information as possible, in 
as standard a format as possible, and that their demands for greater 
detail and specificity have grown over time. FI employees may not have 
the desired level of detail that law enforcement would like, but that 
is simply a reality of money laundering cases which often involve 
hidden conduct and individuals. The SAR instructions properly allow FI 
employees to indicate on the form that the information is ``unknown''; 
that option should be honored by law enforcement rather than trying to 
require FI employees to become detectives uncovering illegal conduct.
    The Sharing of SARs. The Clearing House has proposed that new 
regulations allow FIs to share SAR information among foreign affiliates 
and branches. GFI supports this recommendation; its importance was made 
clear in the HSBC case. A related issue, however, is what actions FI's 
affiliates and branches are required or permitted to take in response 
to receiving this information. I understand that there have been cases 
where a person's accounts have been closed by a bank because it 
received information that another bank identified the person as 
suspicious, making it difficult for that person to establish banking 
relationships elsewhere. If FIs are permitted to close accounts based 
upon suspicions communicated to them by other banks, Congress should 
ensure that there is some mechanism for appeal or redress for 
individuals wishing to establish their bona fides. Such closure of 
accounts may also serve to ``tip off'' the account holder that they are 
the subject of a SAR, contrary to the SAR confidentiality requirements.
    Integrating New Technology. I am in favor of exploring the ways in 
which today's (and tomorrow's) technology can be used to innovate in 
the AML compliance sphere and believe that the Government should be 
supporting such innovation (usually referred to as ``FinTech''). 
Northern Europe seems to be leading in this space, and it would be 
helpful to create a better environment for such innovation in the U.S. 
I therefore support the creation of a technological ``sandbox'', as has 
been proposed by The Clearing House and has been implemented in the 
U.K. The U.K. structure appears to have some specific safeguards to 
protect consumers, however, which they consider to be an integral part 
of their system. I have not had an in-depth look at the U.K. program, 
however regulators presented it at a recent FATF industry consultation 
meeting I attended. They stressed the importance of ensuring that 
consumers were protected at all times as innovative approaches were 
being tested, and the U.S. should do the same. It is important to note 
that, in the House of Representatives, Members are discussing 
legislative language that does not require any of the safeguards 
present in the U.K. system, potentially giving FIs an unlimited safe 
harbor for the use of any new technology with no Government oversight. 
This is a significant danger because if an FI spends the money to 
integrate new technology that, it turns out, isn't as effective as 
alternative methods, they would have no incentive to change their 
approach. They would incur some unwelcome cost for doing so and they'd 
have the security of an unlimited safe harbor, so there would be no 
incentive to act.
III. Know Your Customer (KYC)/Customer Due Diligence (CDD)
    As part of their customer due diligence, or CDD, procedures, FIs 
are supposed to know their customers by engaging in Know Your Customer, 
or KYC, procedures. In banking terms, knowing your customer is more 
than just knowing who the owners or controllers of the company are 
(known as ``beneficial ownership'' information), it is also 
understanding how that legal or natural person will be using the 
account so that the account can be appropriately monitored for possible 
money laundering activity. Establishing the expected normal use of the 
account is imperative if the FI is to effectively monitor for 
suspicious activity going forward. Moreover, characteristics of the 
beneficial owner of the account (such as nationality/residence, whether 
a politically exposed person (PEP), etc.), the type of business using 
the account, whether that business is cash intensive, and many other 
factors all contribute to an account's risk profile, and that risk 
profile determines what type and level of monitoring the account will 
be subject to.
    Beneficial Ownership Information. Knowledge of the beneficial 
owner(s) of a company holding an account is a critical question in KYC, 
however. Therefore, one Clearing House proposal that GFI wholeheartedly 
supports is its proposal that information about the beneficial owners 
of U.S. companies--the actual individuals who own or control those 
companies--should be collected at the time that companies are 
incorporated in the U.S. and that this information should be made 
available to law enforcement and financial institutions. This is an 
issue that has been gaining visibility and urgency on a global level. 
This is because anonymous companies, or companies with hidden owners, 
are the most frequently used vehicle for money laundering. That's why 
identifying who owns or controls a company is a fundamental step 
necessary to combat the problem.
    In response to the global movement towards greater corporate 
ownership transparency, in May 2016, the U.S. Treasury Department 
adopted a regulation which more explicitly requires banks to obtain 
beneficial ownership information beginning in May 2018. Unfortunately, 
that regulation includes some significant loopholes and so has not been 
deemed compliant with international AML standards in the most recent 
evaluation of the U.S. AML system by the IMF. Hopefully, Treasury will 
be making improving that regulation a priority in order to bring the 
U.S. into compliance with international AML standards and ensure that 
true beneficial ownership information is being collected.
    But whether or not the U.S. improves its regulation, U.S. banks 
that operate in other countries are already subject to strong corporate 
transparency standards that are only getting stronger. As a result, the 
multinational banks that belong to The Clearing House want beneficial 
ownership information for U.S.-formed entities to be collected by 
either those who incorporate the companies or by an appropriate 
Government entity so that they can use the information as a key data 
point in their customer due diligence process. While we do not support 
banks being allowed to rely exclusively on this information in their 
customer due diligence procedures, the information could and should be 
an extremely helpful starting point in the ``know your customer'' 
process and as a tool to verify information supplied by the client. 
Accordingly, we strongly support The Clearing House beneficial 
ownership proposal, which is soon to be the subject of bipartisan 
legislation in the House and Senate.
    I wanted to note that in discussions of relevant legislative text 
in the House of Representatives, some Members have been pushing the 
idea that law enforcement should only have access to information about 
the beneficial owners of companies if they can produce a summons or 
subpoena, while at the same time not discussing any limitations on 
availability of the information to the banks. As a fundamental 
principle, U.S. law enforcement should have free access to beneficial 
ownership information because it is critical information they have been 
requesting for years, as evidenced by their many letters of support for 
beneficial ownership bills introduced over the past 10 years. We should 
not, under any circumstances, have a situation in which the banks have 
easy access to this information and our law enforcement does not. I 
would also note that last month, the European Union adopted legislation 
which requires all 28 EU Member States to create registers of 
beneficial ownership information and for that information to be made 
available to the public, including law enforcement and financial 
institutions. The U.K. already has such a public registry in place, and 
countries such at Ghana, the Ukraine, Afghanistan, Kenya, and Nigeria 
are all actively working on putting the same in place. At this point, 
free access by law enforcement and banks must be seen as a minimum 
standard.
IV. The Balance of Activity and Obligations Between FinCEN and the 
        Private Sector
    The Clearing House has proposed that (i) for the large 
multinational FIs, all enforcement power should be consolidated within 
FinCEN, (ii) data collection and analysis should be shifted from the 
private sector to FinCEN, and (iii) for the large multinational FIs, 
FinCEN/Treasury should establish priorities for each FI on an annual 
basis, review progress with each FI every 3 months, and oversee any 
examination of an FI. I'll address each in turn.
    Consolidation of AML Enforcement Power. While the proposal to 
consolidate AML enforcement power in FinCEN has surface appeal, it 
would also be at odds with a major principle in Federal law regulating 
FIs. Federal law now authorizes different functional regulators to 
regulate different FI activities in order to make use of their 
specialized expertise. For example, the SEC is given primacy over 
securities activities at FIs because it understands the securities 
markets and their inherent risks. Similarly, the Commodity Futures 
Exchange Commission oversees AML issues affecting commodity trading, 
and State insurance regulators examine AML issues affecting FI 
insurance activities, again because each regulator is expert in their 
own field. If AML enforcement power were instead consolidated in 
FinCEN, the sector-specific AML experts now working at the individual 
regulators would have to be transferred to FinCEN, swelling its ranks 
and reach. There are strengths and weaknesses to continuing the current 
disaggregated AML oversight system versus concentrating AML oversight 
at FinCEN, and the issues and tradeoffs would need to be carefully 
thought through.
    Data Collection and Analysis Transferral to FinCEN. The suggestion 
that FinCEN be given access to bulk data transfers from FIs to enable 
it to analyze AML trends and patterns across institutions is another 
potentially useful idea. But questions about the effectiveness and cost 
of this proposal include whether FinCEN currently has the technological 
capability and personnel needed to perform that type of data analysis 
or whether it would need to be built, which could be a significant 
expense. In addition, charging FinCEN with industrywide data collection 
and analysis should not be seen as a way for banks to absolve 
themselves of their AML obligations. The banks would retain their 
position as the primary gateway into the U.S. financial system, so the 
first level of responsibility to safeguard the system against money 
laundering abuses must remain with the individual banks who open their 
accounts to individuals and entities around the world.
    Requiring FinCEN To Establish AML Priorities. The third proposal, 
to essentially charge FinCEN with establishing annual AML priorities 
for every large multinational bank and monitoring every bank's progress 
every 3 months, is extremely ill-advised. The FI understands its own 
business and products better than anyone else. It is therefore best-
placed to determine what its AML risks are and how best to address 
those risks within the systems that it has created. We support the idea 
of an FI working with FinCEN/Treasury to discuss those risks in the 
context of national and global trends observed by FinCEN, and whether 
adjustments might be made as a result, however. In addition, reviewing 
each FI's progress in AML every 3 months seems like far too short a 
time frame to observe how an FI is progressing in this respect, 
however, and entirely impractical from a Government resource allocation 
perspective.
    Creates Bigger Government. Overall, it is critical that the 
Committee understand that changes of the magnitude suggested by The 
Clearing House would require a significant appropriation from the 
Federal budget to pay for, among other things, a very large staff 
increase and procedural and technological improvements at FinCEN. In 
addition, many new regulations would have to be drafted to give effect 
to these changes. The result would be a much bigger Government agency 
and a bigger FinCEN impact on AML activities. Careful analysis is 
needed to determine whether the benefits of each of these changes would 
outweigh the costs.
V. Conclusion
    In conclusion, positive changes can be made to the AML regulatory 
structure, but they must be made carefully, with good data, and only 
after thinking through as many of the potential ramifications as 
possible.
    Unfortunately for the banking community, many of the high profile, 
incredibly egregious cases that involve the biggest banks in the world 
have eroded public trust that banks will indeed act in a manner that is 
law-abiding and actively try to turn away proceeds of crime. Even many 
bankers lack faith in their institutions. The Members of this Committee 
may find a 2015 study by the University of Notre Dame and the law firm 
of Labaton Sucharow, entitled ``The Street, the Bull, and the Crisis'', 
to be of interest. The researchers surveyed more than 1,200 U.S. and 
U.K.-based financial services professionals to examine views on 
workplace ethics, the nexus between principles and profits, the state 
of industry leadership and confidence in financial regulators. As the 
report states, ``The answers are not pretty. Despite the headline-
making consequences of corporate misconduct, our survey reveals that 
attitudes toward corruption within the industry have not changed for 
the better.'' \14\
---------------------------------------------------------------------------
     \14\ ``The Street, the Bull, and the Crisis'' is available at 
https://www.secwhistlebloweradvocate.com/pdf/Labaton-2015-Survey-
report_12.pdf.
---------------------------------------------------------------------------
    Some of the banks that have been the subject of these high-profile, 
egregious cases are members of The Clearing House, whose proposals for 
regulatory change are before this Committee. That does not necessarily 
mean that the proposed changes are unwarranted, but it is the 
responsibility of Congress to make informed decisions about the extent 
to which each of these proposals is also in the public interest. 
Deregulation for the sake of deregulation in the AML area is most 
certainly not in the public's interest. Making it easier for banks, 
knowingly or unknowingly, to take in greater inflows of drug money, the 
proceeds of human trafficking, the ill-gotten gains of foreign 
dictators, and terror financiers is not in the best interest of anyone.
    Thank you for the opportunity to share my views on such an 
important topic.


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



        RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
                         FROM GREG BAER

Q.1. Shifting BSA Oversight Back to FinCEN--One Clearing House 
recommendation is to have FinCEN's BSA oversight authority over 
large banks--originally delegated to Federal banking agencies 
over 20 years ago--returned to FinCEN. But it seems clear 
FinCEN does not have the bandwidth to make such a radical 
change.
    Can you describe your organization's effort to assess what 
this change would require, in terms of additional Federal 
funding and personnel, or new assessments on big banks? Why 
should we redo wholesale a system that has been working 
reasonably well, and put in place the kind of centralized 
examination teams you suggest, when examiners have expertise 
and experience with these large entities, and have been doing 
this job successfully for many years?

A.1. While it would be a significant undertaking for FinCEN to 
examine all financial institutions subject to the BSA, we 
instead recommend that FinCEN retake exam authority for large 
international financial institutions that present complex 
cross-border issues and file a majority of SARs. We estimate 
that an examination team of only 25-30 people at FinCEN could 
replicate the existing work of the Federal banking agencies and 
the IRS (for the largest MSBs) at these institutions. More 
importantly, a dedicated FinCEN exam team for this small subset 
of large institutions could receive appropriate security 
clearances, meet regularly with law enforcement and other end 
users, receive training in big data analytics and work with 
other experts in Government. They, in turn, would be supervised 
by Treasury officials with law enforcement, national security, 
and diplomatic perspectives on what is needed from an AML/CFT 
program--not bank examiners who frequently bring no experience 
in any of those disciplines. Furthermore, when FinCEN turned to 
writing rules in this area, it would do so informed by its 
experience in the field. It would see the whole field, and 
promote innovative and imaginative conduct that advanced law 
enforcement and national security interests, rather than 
auditable processes and box checking. Funding such an exam team 
could be accomplished many ways, including: (i) assessing 
financial institutions for examinations costs; \1\ or (ii) 
establishing a centralized team funded pro rata by each of the 
affected agencies but reporting directly and solely to the 
FinCEN Director.
---------------------------------------------------------------------------
     \1\ Existing statutory authority appears to allow for such an 
assessment and affected institutions should see a corresponding 
reduction in the assessment they currently pay to prudential regulators 
for supervision of this function. The Independent Offices Appropriation 
Act provides general authority for a Government agency to assess user 
fees or charges by administrative regulation, based on the value of the 
service to the recipient. See 31 U.S.C. 9701. OMB Circular No A-25 
provides further guidance regarding ``user fees'' (``A user charge . . 
. will be assessed against each identifiable recipient for special 
benefits derived from Federal activities beyond those received by the 
general public.''). See OMB Circular No. A-25 Revised.
---------------------------------------------------------------------------
    This recommendation aims to address one of the fundamental 
drivers of the inefficiency in the U.S. AML/CFT regime--the 
fact that the end users of the information generated by banks 
(e.g., law enforcement and national security officials) have no 
say in how banks allocate their resources and provide financial 
intelligence to them. Therefore, examiners do not have insight 
into the utility of the material provided by banks, law 
enforcement AML/CFT priorities, or the degree to which banks 
can innovate their compliance programs in order to provide 
better leads to law enforcement. Instead they focus on 
auditable policies, procedures, and metrics.
    From a political and personal risk perspective, examiners 
are in a no-win situation. On the one hand, they are excluded 
when the bank they examine is pursuing real cases with law 
enforcement, national security or intelligence community 
officials, and therefore receive no credit when those cases are 
successful. But if something goes wrong--if a corrupt official 
or organization turns out to be a client of the bank they 
examine--the examiner faces blame. Thus, from an examiner and 
banking agency perspective, the only possible safe harbor is to 
demand more policies and procedures, ensure that a lot of 
alerts are generated and SARs filed, and encourage the bank to 
investigate exhaustively any client deemed high risk. Given 
that banks have been complying with AML/CFT requirements for 
decades, examiners are also fairly comfortable with the current 
technological and programmatic aspects of the regime, so rather 
than encourage institutions to make innovative programmatic 
changes to detect high-risk financial crimes, the examiner 
focuses on auditing processes like the number of computer 
alerts generated, SARs filed and compliance employees hired. As 
a result, banks of all sizes generate a lot of SARs that are of 
little to no use to law enforcement.
    Importantly, the benefits of a FinCEN examination function 
would extend well beyond the handful of banks it examined. 
Priorities set and knowledge learned could be transferred to 
regulators for the remaining financial institutions. And 
innovation started at the largest firms, with encouragement 
from FinCEN, would inevitably benefit smaller firms. The result 
of FinCEN assuming some supervisory authority would be a 
massive cultural change, as the focus of exams shifted to the 
real-world effectiveness of each institution's AML/CFT program, 
rather than the number of SARs filed or number of policies 
written. That change would start with those banks under sole 
FinCEN supervision, but would eventually spread to all 
institutions.

Q.2. Protecting Information Shared Among Banks--With any 
increase in information sharing between financial institutions 
beyond that allowed under current law would come an increased 
responsibility for those institutions to protect consumer and 
commercial data.
    What additional steps are needed to ensure that expanding 
information sharing among banks doesn't put customers at 
greater risk of data theft, or of unjustified exclusion from 
the financial system because of inaccurate information being 
shared? Should we consider a more formal redress mechanism for 
persons debanked as a result of increased information sharing? 
Has the Clearing House surveyed its members to assess, over the 
last 5 years or so, how many 314b inquiries were made, and how 
many responded to, by member banks? If not, could you do such 
an informal survey and provide to the Committee that data?

A.2. Financial institutions work very hard to ensure that their 
customers can conduct their financial transactions in a safe 
and secure manner, while protecting their privacy. U.S. banks 
are subject to a host of regulatory and other requirements and 
devote substantial time and investment to safeguarding customer 
data--and have every incentive to do so. We believe that 
greater information sharing is fully consistent with the 
important privacy risks of bank customers. If a customer has an 
account at multiple banks, each of those banks is already 
monitoring those accounts for suspicious activity. Allowing a 
bank that believes that it has detected suspicious activity to 
consult the other relevant banks would allow it to develop a 
more complete picture of the customer's financial activity, and 
in many cases would result in a SAR not being filed. (For 
example, one bank might see suspicious wire transfers to 
another country, while a second bank might explain that it 
banks a company owned by that customer in that country, so the 
transfers are entirely appropriate.) Of course, in some cases, 
a more complete picture might confirm initial suspicions, and 
lead to a higher quality SAR filing.
    We do not believe there should be concerns about 
information sharing on SARs leading to customers becoming 
unbanked. Sharing would only occur if there was already cause 
for suspicion, and would occur only among those banks that 
currently share the customer. Even in the event that all those 
banks, as a result of the sharing, decide to close the 
customer's accounts, this fact will not be disclosed to other 
banks or to the public. Thus, this case is not akin to credit 
reporting, where a customer's experience with one bank affects 
his or her credit score, and thereby the ability to obtain 
credit from any bank.
    In order to be covered by the 314(b) safe harbor, financial 
institutions or an association of financial institutions must 
comply with a number of requirements, including: (i) annually 
registering with FinCEN and providing a point of contact for 
requests; (ii) taking reasonable steps to verify that the 
recipient institution is also registered with FinCEN; and (iii) 
ensuring that the information shared is adequately protected, 
secure and confidential. \2\ In particular, FinCEN's 314(b) 
regulation states that institutions who share under this 
program are to ``maintain adequate procedures to protect the 
security and confidentiality of such information . . . [which] 
shall be deemed satisfied to the extent that a financial 
institution applies to such information procedures that the 
institution has established to satisfy the requirements of 
section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801), and 
applicable regulations issued thereunder, with regard to the 
protection of its customers' nonpublic personal information.'' 
\3\ As a general matter, FinCEN notes that sharing under 314(b) 
must only be done to ``[i]dentify[] and, where appropriate, 
report[] on activities that may involve terrorist financing or 
money laundering; [d]etermine[] whether to establish or 
maintain an account, or to engage in a transaction; or 
[a]ssist[] in compliance with anti-money laundering 
requirements.'' \4\
---------------------------------------------------------------------------
     \2\ See FinCEN ``Section 314(b) Fact Sheet'', (314(b) Fact Sheet) 
November 2016, available at www.fincen.gov/sites/default/files/shared/
314bfactsheet.pdf.
     \3\ See 31 CFR 1010.540(b)(4)(ii).
     \4\ See 314(b) Fact Sheet, supra n. 2.
---------------------------------------------------------------------------
    While it would be difficult to provide you with data on the 
frequency of requests and responses as requests carry varying 
degrees of urgency and significance--some are critical and 
merit an institution's immediate attention while others are 
more routine and can function as alerts--we note that FinCEN 
guidance suggests that financial institutions reference 314(b) 
in SAR narratives when it has assisted institutions in 
determining whether information is suspicious, so the agency 
may be able to provide you with a comprehensive assessment of 
the relative effectiveness of the program. Relatedly, our 
members have been told anecdotally by law enforcement that 
their investigative work, using 314(b) and other tools, has 
resulted in the production of highly useful information. \5\
---------------------------------------------------------------------------
     \5\ See Testimony of William J. Fox before the U.S. House 
Financial Services Subcommittees on Financial Institutions and Consumer 
Credit and Terrorism and Illicit Finance, November 29, 2017, available 
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
    Finally, when dealing with financial inclusion concerns, we 
note that the present regulatory framework lends itself to 
overly conservative evaluations of risk. This is why TCH 
recommends that Treasury lead the regime as it is uniquely 
positioned to balance the sometimes conflicting interests 
relating to national security, the transparency and efficacy of 
the global financial system, the provision of highly valuable 
information to regulatory, tax and law enforcement authorities, 
financial privacy, financial inclusion, and international 
development.

Q.3. SAR Filings--You noted in your testimony that currently 
the largest number of SARs being filed against banks are for 
insider threats and abuses such as deceptive and fraudulent 
sales practices, and seemed to suggest that was inappropriately 
high. But I note that in cases like Wells Fargo, which has 
recently been forced to pay out hundreds of millions in fines, 
penalties, and a class action settlement, the filing of SARs is 
often a useful tool to identify such patterns of misconduct 
among employees, and throughout a bank and its branches.
    Are there specific types of insider threats, deceptive or 
fraudulent practices, or other types of illicit conduct that 
you think should NOT be subject to SAR filings?

A.3. We are aware of no case, including Wells Fargo, where SAR 
filings served as a ``useful tool to identify . . . patterns of 
misconduct among employees, and throughout a bank and its 
branches.'' Rather, our strong presumption is that SAR filings 
with respect to minor offenses in small dollar amounts are 
rarely if ever investigated by law enforcement. We do not know 
but strongly suspect that any post hoc SAR filings made by 
Wells Fargo have not resulted in any prosecution of employees 
subject to those filings, and that law enforcement, if it were 
interested in prosecuting or interviewing those employees, did 
not require a SAR filing to identify them. Again, this is only 
speculation, so we would strongly urge the Committee to ask 
FinCEN for data on the yield on SARs filed on insider abuse, 
and for examples of where such filings initiated or advanced a 
prosecution.
    None of this is to minimize the importance of enforcing the 
law against banks and their employees. We do question strongly 
whether resources deployed to filing SARs on insider abuse 
could be better deployed to innovative approaches to detecting 
more serious crimes. As a general matter, the current BSA/AML 
reporting regime should be reviewed and the investigation and 
reporting of activity of limited law enforcement or national 
security consequence should be deprioritized, while increasing 
law enforcement feedback, to allow financial institutions to 
re-allocate resources to higher value AML/CFT efforts. This 
effort corresponds with the statutory purpose of the BSA, which 
is to provide the Government with AML/CFT information that is 
of a ``high degree of usefulness.'' \6\
---------------------------------------------------------------------------
     \6\ See 31 U.S.C. 5311, which states that ``[i]t is the purpose 
of this subchapter [the BSA] to require certain reports or records 
where they have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' Note that the last clause 
was added by the USA PATRIOT Act in 2001.
---------------------------------------------------------------------------
    TCH believes that the SAR regime should be modernized 
through the tailoring of various requirements and facilitation 
of the submission of raw data from financial institutions to 
law enforcement. This could be done in part by (i) providing 
guidance further clarifying that a SAR is not required simply 
because a transaction appears to have no economic, business, or 
lawful purpose; (ii) eliminating requirements to file SARs when 
there are single instances of structuring activity and under 
the 90-day continuing activity review requirements; (iii) 
reducing the number of fields deemed ``critical'' and 
``optional'' to SAR and CTR filings, as each one imposes 
associated regulatory expectations and burdens with varying 
benefits; and (iv) reviewing, revising or retracting as 
necessary all existing SAR guidance to ensure it aligns with 
the priorities of law enforcement and the regime more broadly 
and clearly communicates expectations to institutions. CTR 
expectations should also be streamlined as, when coupled with 
the SAR regime, many may be of low law enforcement or national 
security value. \7\
---------------------------------------------------------------------------
     \7\ See The Clearing House, ``Re: Request for Comments Regarding 
Suspicious Activity Report and Currency Transaction Report 
Requirements'', (April 10, 2018), available at 
www.theclearinghouse.org/-/media/tch/documents/tch-weekly/2018/
20180410_tch_comment_letter_to_fincen_on_sar_and_ctr_requirements.pdf.
---------------------------------------------------------------------------
    To get a sense of the potential for improvement, note that 
one bank has publicly reported that it receives follow-up 
requests from law enforcement on approximately 7 percent of the 
SARs it files, which is consistent with other reports we have 
received. More importantly, for some categories of SARs--
structuring, insider abuse--that number is far lower, 
approaching 0 percent. However, no one can afford to stop 
filing SARs in any category because examiners focus on the SAR 
that was not filed, not the quality or importance of the SAR 
that was filed. A core problem with the current regime is that 
there is an absence of leadership making choices like these--
therefore we also recommend that Treasury set priorities for 
the AML/CFT regime and allow financial institutions to deploy 
their resources in support of those priorities.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
                         FROM GREG BAER

Q.1. Our current money laundering regulatory regime evaluates 
financial institutions based on how they meet process-based 
metrics such as the filing of suspicious activity reports. As 
this hearing discussed, the drawback to this is that financial 
institutions end up focusing on meeting these metrics instead 
of developing innovations that will better catch the bad guys. 
One proposed way to encourage innovation that focuses on 
results is to find ways to allow financial institutions to 
experiment with new anti-money laundering technologies without 
facing regulatory liability. For example, some have proposed a 
no-action letter system which would allow financial 
institutions to gain guidance from FinCEN and other regulators 
about the legality of proposed actions. How would such a system 
function and how could it encourage innovation? Would FinCEN 
need legislative authorization to implement a no-action letter 
process, either to issue no-action letters themselves or to 
have the authority to exempt financial institutions from any 
particular reporting requirements?

A.1. TCH supports efforts to institute a no-action letter like 
process that resembles the Securities and Exchange 
Commission's. \1\ While rulemaking and the issuance of guidance 
are cumbersome processes that do not always promote innovation 
or dialogue with the industry, a no-action letter system could 
be more effective. It would allow individual financial 
institutions to ask particular questions about actions they 
plan to take, thereby spurring innovation; provide quick 
answers, thereby nurturing innovation; and increase the flow of 
information from industry to FinCEN. As with other areas of 
reform, Congressional efforts to encourage the establishment of 
a no-action letter process for Bank Secrecy Act-related issues 
would be helpful. \2\ We note that the Bank Secrecy Act grants 
Treasury broad interpretive authority including to ``prescribe 
an appropriate exemption from a requirement under this 
subchapter and regulations prescribed under this subchapter.'' 
\3\
---------------------------------------------------------------------------
     \1\ See The Clearing House, ``A New Paradigm: Redesigning the U.S. 
AML/CFT Framework To Protect National Security and Aid Law 
Enforcement'', (TCH AML/CFT Report), February 2017, available at 
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
     \2\ While legislative authorization would be helpful, we note that 
the Securities and Exchange Commission's no-action letter regime 
appears to be established under broad authorities. See Nagy, Donna M., 
``Judicial Reliance on Regulatory Interpretations in SEC No-Action 
Letters: Current Problems and a Proposed Framework'', Cornell Law 
Review, Vol. 83: 921, p. 931 which says ``[i]n addition to rulemaking 
and adjudicatory powers of statutory origin, the SEC possesses inherent 
power to issue interpretations of the Federal securities laws and the 
SEC rules it has promulgated thereunder. This authority to make 
interpretive statements derives from Congress's charge to the SEC to 
administer and enforce the Federal securities laws.'' Available at 
www.lawschool.cornell.edu/research/cornell-law-review/upload/Nagy.pdf.
     \3\ See 31 U.S.C. 5318(a)(7).
---------------------------------------------------------------------------
    More broadly, a cultural change is necessary in how banks 
are examined for compliance, and assessed for potential 
enforcement action. The current focus of examination is 
reviewing a sample of alerts and attempting to demonstrate that 
a SAR should have been filed in some of those cases. There is 
little to no focus on the value of the SARs the bank filed. 
There is little to no contact between examiners and the law 
enforcement and national security officials who use those SARs. 
We believe that any assessment of a firm's AML/CFT program 
should include all that information, and that any examination 
criticisms (in the form of Matters Requiring Attention) or 
formal enforcement action should come only after a holistic 
review of the program, and not perceived compliance lapses in a 
particular area, particularly where there was no attempt to 
actually assist (as opposed to failure to detect) money 
laundering. We have proposed achieving that result for the 
largest, internationally active banks--which file the majority 
of SARs and present global derisking issues--by having FinCEN 
reclaim the examination authority that Congress assigned it, 
rather than continuing to delegate it. For other banks, we 
believe FinCEN needs to set priorities and assist in reviewing 
the value of a firm's program.

Q.2. What should our risk tolerance be for the fact that the 
U.S. financial system facilitates crimes like human 
trafficking? Should we strive to have zero incidence of money 
laundering in our financial system?

A.2. Financial institutions around the globe are proactively 
working among themselves and with the public sector to disrupt 
human trafficking networks. In a 2016 Financial Times op-ed, 
Standard Chartered's Group General Counsel discussed the need 
for enhanced public-private sector sharing, noting that 
presentations from NGOs and Government agencies ``have improved 
banks' ability to detect potentially [human trafficking] 
related financial transactions. In turn, they have helped law 
enforcement disrupt trafficking networks.'' \4\ Such movements 
are also underway in the United States. \5\
---------------------------------------------------------------------------
     \4\ See Financial Times op-ed by David Fein, ``How To Beat the 
Money Launderers: Banks Must Work With Governments To Combat This 
Scourge'', November 22, 2016, available at www.ft.com/content/569c2e26-
adb9-11e6-ba7d-76378e4fef24.
     \5\ See TCH Banking Perspectives article by Juan C. Zarate and 
Chip Poncy, ``Designing a New AML System'', Q3 2016, available at 
www.theclearinghouse.org/research/banking-perspectives/2016/2016-q3-
banking-perspectives/a-new-aml-system.
---------------------------------------------------------------------------
    However, a core problem with the current regime is that it 
does not prioritize the allocation of financial institution 
resources to generate leads that are of a ``high degree of 
usefulness'' as required by the BSA. \6\ Therefore, TCH 
recommends that Treasury set AML/CFT priorities for the regime 
to assist financial institutions as they work to fulfill their 
statutorily mandated reporting obligations--including for 
potential human trafficking. \7\ Furthermore, we encourage the 
development and improvement of public-private sector AML/CFT 
information sharing partnerships. The authorized and 
appropriate sharing of information between the Government and 
the private sector as well as the sharing of information 
between and among financial institutions is critical to efforts 
to address illicit finance. We note that the USA Patriot Act's 
Section 314(b) private sector information sharing provisions 
have reportedly been useful in addressing human trafficking and 
other crimes. \8\
---------------------------------------------------------------------------
     \6\ See 31 U.S.C. 5311, which states that ``[i]t is the purpose 
of this subchapter [the BSA] to require certain reports or records 
where they have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' Note that the last clause 
was added by the USA PATRIOT Act in 2001.
     \7\ We note that the U.K.'s Joint Money Laundering Intelligence 
Taskforce (JMLIT) has established the following operational priorities 
for its public-private sector information sharing partnership: (i) 
understanding and disrupting the funding flows linked to bribery and 
corruption; (ii) understanding and disrupting trade based money 
laundering; (iii) understanding and disrupting the funding flows linked 
to organized immigration crime, human trafficking and modern slavery; 
(iv) understanding and disrupting money laundering through capital 
markets; and (v) understanding key terrorist financing methodologies. 
See JMLIT website at www.nationalcrimeagency.gov.uk/about-us/what-we-
do/economic-crime/joint-money-laundering-intelligence-taskforce-jmlit.
     \8\ See Testimony of William J. Fox before the U.S. House 
Financial Services Subcommittees on Financial Institutions and Consumer 
Credit and Terrorism and Illicit Finance, November 29, 2017, available 
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.

Q.3. I'd like to understand better how technological innovation 
is transforming the fight against money laundering and how 
Government policy can help or hurt these efforts.
    In the health care context, I hear about how researchers 
have used machine learning and artificial intelligence to 
identify diseases and predict when they will occur, using data 
points that humans would have never put together. How have 
financial institutions or law enforcement officials been able 
to use of similar techniques to identify money laundering and 
how much more progress can be made in this front?
    Outside of AI and machine learning, how can recent FinTech 
innovations such as blockchain fight money laundering?
    What regulatory requirement or requirements--if any--most 
hinders the adoption of technological innovations?

A.3. Financial institutions are in the early stages of 
exploring various ways to apply technological innovations to 
AML/CFT efforts. In particular, artificial intelligence has the 
potential to improve the way that banks identify suspicious 
activity. AI does not search for typologies but rather mines 
data to detect anomalies. It gets progressively smarter; it 
won't be easily evaded; and different banks with different 
profiles would end up producing different outcomes.
    Our banks report that they are working to pilot AI 
solutions in this area, yet the experts that they need to work 
on these initiatives are instead required to validate their 
current programmatic processes to examiners. \9\ Financial 
institutions need to be able to innovate their AML programs and 
coordinate that innovation with their peers. Yet, the most 
consequential impediment to innovation is the current 
regulatory structure as examiners focus on auditing banks' 
policies, processes, and metrics versus encouraging financial 
institutions to shift their resources to developing innovative 
methods of detecting financial crime.
---------------------------------------------------------------------------
     \9\ Id.
---------------------------------------------------------------------------
    Furthermore, some firms have expressed concerns that if 
they adopt new and more effective methods, and actually 
identify more illicit activity, they will be sanctioned by the 
banking agencies for failing to detect that conduct earlier. It 
is a reflection of the current dysfunction that this is an 
actual concern.
    This is why TCH believes that Treasury should take a more 
prominent role in coordinating AML/CFT policy and examinations 
across the Government and conduct a robust and inclusive annual 
or biennial process to establish AML/CFT priorities and provide 
an overarching purpose for the regime. Furthermore, we believe 
that FinCEN should retake exam authority for multinational, 
complex financial institutions. A dedicated FinCEN exam team 
for this small subset of large institutions could receive 
appropriate security clearances, meet regularly with law 
enforcement and other end users, receive training in big data 
analytics and work with other experts in Government. They, in 
turn, would be supervised by Treasury officials with law 
enforcement, national security, and diplomatic perspectives on 
what is needed from an AML/CFT program. This change would 
promote innovative and imaginative conduct that advanced law 
enforcement and national security interests, rather than 
auditable processes and box checking. Importantly, the benefits 
of a FinCEN examination function would extend well beyond the 
handful of banks it examined. Priorities set and knowledge 
learned could be transferred to regulators for the remaining 
financial institutions. And innovation started at the largest 
firms, with encouragement from FinCEN, would inevitably benefit 
smaller firms. The result of FinCEN assuming some supervisory 
authority would be a massive cultural change, as the focus of 
exams shifted to the real-world effectiveness of each 
institution's AML/CFT program, rather than the number of SARs 
filed or number of policies written. That change would start 
with those banks under sole FinCEN supervision, but would 
eventually spread to all institutions.

Q.4. How much does bitcoin, blockchain, and other 
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering 
in traditional banks? How can law enforcement officials best 
stop this newer form of money laundering?

A.4. As a general matter, customers are using various tools to 
conduct transactions around the globe with bank and nonbank 
financial institutions. In 2013, FinCEN issued guidance 
indicating that a cryptocurrency ``administrator or exchanger 
is an MSB under FinCEN's regulations, specifically, a money 
transmitter, unless a limitation to or exemption from the 
definition applies to the person.'' \10\ We also note that in 
the past few years, FinCEN has levied enforcement actions 
against cryptocurrency exchangers. While TCH is not privy to 
data on the extent of money laundering within virtual 
currencies, we note that others are beginning to look into this 
issue. \11\
---------------------------------------------------------------------------
     \10\ See FIN-2013-G001 ``Application of FinCEN's Regulations to 
Persons Administering, Exchanging, or Using Virtual Currencies'', March 
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
     \11\ For example, in January 2018, Yaya J. Fanusie and Tom 
Robinson published a memorandum on ``Bitcoin Laundering: An Analysis of 
Illicit Flows Into Digital Currency Services''. Available at: 
www.defend democracy.org/content/uploads/documents/
MEMO_Bitcoin_Laundering.pdf.
---------------------------------------------------------------------------
    Any review of the BSA/AML regime and its effectiveness 
should investigate the changing ways in which customers 
interact with financial institutions and ensure that statutory 
authorities are adequately tailored to address the evolving 
nature of illicit finance threats.

Q.5. I'd like to discuss Suspicious Activity Reports (SARs). 
Today, around 2 million SARs are filed each year. While every 
SAR used to be read by law enforcement officials, that is no 
longer the case today. Financial institutions often complain 
that they rarely, if ever, receive feedback from law 
enforcement officials on the utility of any particular 
suspicious activity report that they file. This lack of 
feedback loops increases the burdens on financial institutions, 
who continue to file SARs that are of little utility to law 
enforcement officials. It also prevents financial institutions 
from developing better analytical tools to more precisely 
discern between the signal and the noise.
    What percentage of SARs are actually read by someone in law 
enforcement?
    How often do financial institutions receive feedback from 
law enforcement officials as to the utility of their SAR 
filing?
    While some have proposed reducing the number of SARs and 
CRT filings because they are often superfluous and are never 
read, others argue that this poses risks, because investigating 
minor infractions may still lead to significant law enforcement 
successes. How should policymakers resolve this conflict?

A.5. TCH members report that they receive follow-up requests 
for additional information from law enforcement on their SAR 
filings in less than 10 percent of cases. For certain 
categories of SARs, the number of requests is close to 0 
percent. It should be noted that a follow-up request does not 
mean that the SAR led to an arrest or conviction; it means only 
that someone in law enforcement wanted to learn more about the 
case. Our understanding is that FinCEN does not routinely 
research how SARs are used and what their yield is. Obviously, 
a more modern system would be more data-driven.
    While law enforcement is best placed to provide data on how 
many reports are read, we note that they are generally used by 
FinCEN and law enforcement for data searches and mining. While 
one BSA report may be the ``last piece of the puzzle,'' it's 
important to consider the resources deployed for the production 
of that report and whether they would be better spent if 
redirected to produce the first piece in a more important 
puzzle. As an analogy, if law enforcement rigorously enforced 
jaywalking rules, it would occasionally capture a wanted 
fugitive, but no one would consider that a good use of finite 
law enforcement resources. Again, a core problem with the 
current regime is that there is an absence of leadership making 
choices like these.
    This is why TCH recommends that Treasury lead the regime by 
coordinating AML/CFT policy and examinations across the 
Government and conduct a robust and inclusive annual or 
biennial process to establish AML/CFT priorities that would 
form the basis for the deployment of financial institution 
resources. Relatedly, Treasury should undertake a review of 
BSA/AML reporting requirements to ensure information of a high 
degree of utility is reported to law enforcement, which 
conforms with financial institutions' obligations under the 
BSA. \12\
---------------------------------------------------------------------------
     \12\ See 31 U.S.C. 5311, which states that ``[i]t is the purpose 
of this subchapter [the BSA] to require certain reports or records 
where they have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' Note that the last clause 
was added by the USA PATRIOT Act in 2001.

Q.6. How could regulators (1) set up better feedback loops 
between financial institutions and law enforcement officials 
that could help financial institutions better identify money 
laundering; and (2) empower financial institutions to act upon 
their improved ability to distinguish between useful and 
superfluous reports, including by filing fewer unnecessary 
SARs, without fearing regulatory consequences for doing so?
    Would a better feedback loop system exist if financial 
institutions employed more people with security clearances? If 
so, what, if anything, can the Federal Government do to 
facilitate this?

A.6. There are substantial benefits to developing additional 
pathways, both formally and informally, for AML/CFT information 
sharing between various stakeholders in the public and private 
sector. Granting law enforcement and national security 
authorities opportunities to provide general feedback on the 
reports filed, and incorporating this feedback into supervisory 
evaluations of firms' compliance, could assist financial 
institutions in targeting their resources to efforts that 
provide information that is of the greatest use in preventing 
illicit financing. We note that under the current regime, many 
large financial institutions operate financial intelligence 
units (FIUs) that employ former law enforcement or national 
security officials, yet still receive little to no useful 
feedback.
    It would also be helpful if a pathway for sharing 
information was established to allow financial institutions to 
efficiently share raw data with law enforcement, under a safe 
harbor, and with reforms made to current reporting 
requirements. The current regime is built on individual, 
bilateral reporting mechanisms grounded in the analog 
technology of the 1980s, rather than the more interconnected 
and technologically advanced world of the 21st century. \13\ 
Therefore, providing such data in bulk would modernize the 
current regime and allow institutions to provide law 
enforcement with information in a timelier manner. Furthermore, 
it would allow law enforcement, using big data analytics, to 
effectively have access to and sift through large quantities of 
data more efficiently.
---------------------------------------------------------------------------
     \13\ See The Clearing House, ``A New Paradigm: Redesigning the 
U.S. AML/CFT Framework To Protect National Security and Aid Law 
Enforcement'', (TCH AML/CFT Report), February 2017, available at 
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
    Further coordination and information sharing between and 
among public sector authorities is critical to establishing 
AML/CFT priorities and providing an overarching purpose for the 
regime. In order to empower institutions to deploy resources to 
high-value activities, TCH recommends that Treasury take a more 
prominent role in coordinating AML/CFT policy and examinations 
across the Government and conduct a robust and inclusive annual 
or biennial process to establish AML/CFT priorities, which 
could form the basis of financial institution examinations. 
This is particularly important in the U.S. where law 
enforcement, national security, and financial institution 
oversight responsibilities are dispersed among multiple 
agencies. This stands in contrast to other approaches (e.g., 
the U.K.'s Joint Money Laundering and Intelligence Task Force 
(JMLIT)) that better address barriers to information sharing by 
bringing together relevant actors to share information as well 
as allowing financial institutions to follow-up on SAR 
activity, thereby potentially improving the effectiveness of 
financial institution reporting mechanisms. However, as alluded 
to above, with any public-private sector dialogue, and more 
generally, we believe that national authorities should speak 
with one voice when providing feedback as well as disseminating 
red flags, threats, and typologies to the private sector as 
disparate voices create confusion.

Q.7. Often, financial institutions will derisk by refusing to 
serve customers that could be involved in illegal activity. As 
financial institutions start to share more information with 
each other, this practice could become more prominent and 
potential criminals could more frequently lose access to the 
United States' financial system altogether.
    Are there instances in which derisking is actually 
unhelpful for law enforcement purposes, because it drives these 
criminals underground and makes it more difficult to track 
them?
    At the moment, do the regulators that evaluate and enforce 
financial institutions compliance with our Federal money 
laundering take this into account?
    Are there promising ways to increase cooperation between 
financial institutions, regulators, and law enforcement 
officials, so that financial institutions can make a more 
informed decision about when and how to derisk?
    Would financial institutions need to hire more employees 
with a top security clearance and/or a law enforcement 
background for this coordination to be effective?

A.7. The current derisking trend is in part a reaction to 
Government and supervisory characterizations of correspondent 
banking as a high risk business and the evolving standards 
within the domestic and international community. \14\ The 
causes are clear--the systems, processes, and people required 
to manage examiner expectations for clients deemed to be of 
``higher risk'', are extremely costly. For example, a bank may 
prepare a lengthy report on a customer only to be criticized 
for not further documenting the grounds on which it decided to 
retain the customer. For certain regions or businesses it is 
often times too expensive to build out this infrastructure to 
support higher risk accounts. And this does not even include 
the risk of massive fines and reputational damage in the event 
a customer designated high-risk actually commits a criminal 
act.
---------------------------------------------------------------------------
     \14\ See ``The Great Unbanking: Swingeing Fines Have Made Banks 
Too Risk-Averse'', The Economist, July 6, 2017, available at 
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See 
also ``A Crackdown on Financial Crime Means Global Banks Are 
Derisking'', The Economist, July 8, 2017, available at 
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
    As discussed previously, TCH believes that Treasury should 
take a more prominent role in coordinating AML/CFT policy and 
examinations for the regime. That includes convening on a 
regular basis the end users of BSA data--law enforcement, 
national security, and others affected by the AML/CFT regime 
including the State Department--and setting goals and 
priorities for the system. Treasury is uniquely positioned to 
balance the sometimes conflicting interests relating to 
national security, the transparency and efficacy of the global 
financial system, the provision of highly valuable information 
to regulatory, tax and law enforcement authorities, financial 
privacy, financial inclusion, and international development.
    In addition, and as discussed above, TCH believes that 
greater information sharing will assist in further clarifying 
whether a customers' activity is, in fact, suspicious. 
Presently the USA PATRIOT Act grants various statutory 
authorities, under Sections 314(a) and 314(b) to allow for 
public-private and private-private sector sharing. While 
security clearances and additional staff may be helpful, we 
note that large financial institutions employ hundreds of staff 
members, some of whom are former law enforcement officials, to 
assist with compliance efforts yet it's the ``check-the-box'' 
nature of the compliance regime that prevents them from 
utilizing these resources for more proactive AML/CFT efforts. 
\15\
---------------------------------------------------------------------------
     \15\ See Testimony of William J. Fox before the U.S. House 
Financial Services Subcommittees on Financial Institutions and Consumer 
Credit and Terrorism and Illicit Finance, November 29, 2017, available 
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
                         FROM GREG BAER

Q.1. How can we leverage technology to make the process 
simultaneously less onerous on banks while enhancing the 
outcomes of catching illegal behavior? Are there regulatory and 
legislative barriers to getting that down?

A.1. Allowing financial institutions to innovate their AML 
programs is key to enhancing their ability to identify 
suspicious activity. The biggest barrier to innovation is the 
current exam paradigm. As one bank recently testified, from 
2010-11 they were able to innovate the way in which they used 
technology to identify potentially suspicious activity. 
However, since then, they have found innovation difficult as 
regulatory guidance has been inappropriately applied to their 
programs and examiners have in turn rigorously enforced this 
guidance, thereby delaying the implementation of programmatic 
changes that used to take weeks to 9 months or a year. \1\ 
Under the current AML/CFT regime, examiners focus on auditing 
banks' policies, processes, and metrics versus encouraging 
financial institutions to shift their resources to developing 
innovative and effective methods of detecting financial crime.
---------------------------------------------------------------------------
     \1\ See Testimony of William J. Fox before the U.S. House 
Financial Services Subcommittees on Financial Institutions and Consumer 
Credit and Terrorism and Illicit Finance, November 29, 2017, available 
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
    This is why TCH believes that Treasury should take a more 
prominent role in coordinating AML/CFT policy and examinations 
across the Government and conduct a robust and inclusive annual 
or biennial process to establish AML/CFT priorities and provide 
an overarching purpose for the regime. Furthermore, we believe 
that FinCEN should retake exam authority for multinational, 
complex financial institutions. A dedicated FinCEN exam team 
for this small subset of large institutions could receive 
appropriate security clearances, meet regularly with law 
enforcement and other end users, receive training in big data 
analytics and work with other experts in Government. They, in 
turn, would be supervised by Treasury officials with law 
enforcement, national security, and diplomatic perspectives on 
what is needed from an AML/CFT program. This change would 
promote innovative and imaginative conduct that advanced law 
enforcement and national security interests, rather than 
auditable processes and box checking. Importantly, the benefits 
of a FinCEN examination function would extend well beyond the 
handful of banks it examined. Priorities set and knowledge 
learned could be transferred to regulators for the remaining 
financial institutions. And innovation started at the largest 
firms, with encouragement from FinCEN, would inevitably benefit 
smaller firms. The result of FinCEN assuming some supervisory 
authority would be a massive cultural change, as the focus of 
exams shifted to the real-world effectiveness of each 
institution's AML/CFT program, rather than the number of SARs 
filed or number of policies written. That change would start 
with those banks under sole FinCEN supervision, but would 
eventually spread to all institutions.

Q.2. Financial institutions often complain that FinCEN, law 
enforcement officials, and prudential regulators do not tell 
them whether their BSA filings serve a useful purpose, or how 
the reports they submit are being used--and that the filings go 
into a black hole. Can you shed some light on the filings that 
you make or have used and what could be done to improve this 
process?

A.2. TCH members report that they receive follow-up requests 
for additional information from law enforcement on their SAR 
filings in less than 10 percent of cases. For certain 
categories of SARs, the number of requests is close to 0 
percent. It should be noted that a follow-up request does not 
mean that the SAR led to an arrest or conviction; it means only 
that someone in law enforcement wanted to learn more about the 
case. Our understanding is that FinCEN does not routinely 
research how SARs are used and what their yield is. Obviously, 
a more modern system would be more data-driven.
    TCH believes that the SAR regime and BSA filing 
requirements generally, should be modernized through the 
tailoring of various requirements and facilitation of the 
submission of raw data from financial institutions to law 
enforcement. The current regime is built on individual, 
bilateral reporting mechanisms grounded in the analog 
technology of the 1980s, rather than the more interconnected 
and technologically advanced world of the 21st century. \2\ 
Therefore, providing such data in bulk would modernize the 
current regime and allow institutions to provide law 
enforcement with information in a timelier manner. Furthermore, 
it would allow law enforcement, using big data analytics, to 
effectively have access to and sift through large quantities of 
data more efficiently.
---------------------------------------------------------------------------
     \2\ See The Clearing House, ``A New Paradigm: Redesigning the U.S. 
AML/CFT Framework To Protect National Security and Aid Law 
Enforcement'', (TCH AML/CFT Report), February 2017, available at 
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
    Furthermore, additional pathways for AML/CFT information 
sharing between various stakeholders in the public and private 
sector should be developed. Granting law enforcement and 
national security authorities opportunities to provide general 
feedback on the reports filed, and incorporating this feedback 
into supervisory evaluations of firms' compliance, could assist 
financial institutions in targeting their resources to efforts 
that provide information that is of the greatest use in 
preventing illicit financing.
    Further coordination and information sharing between and 
among public sector authorities is critical to establishing 
AML/CFT priorities and providing an overarching purpose for the 
regime. In order to empower institutions to deploy resources to 
high-value activities, TCH recommends that Treasury take a more 
prominent role in coordinating AML/CFT policy and examinations 
across the Government and conduct a robust and inclusive annual 
or biennial process to establish AML/CFT priorities, which 
could form the basis of financial institution examinations. 
This is particularly important in the U.S. where law 
enforcement, national security, and financial institution 
oversight responsibilities are dispersed among multiple 
agencies. This stands in contrast to other approaches (e.g., 
the U.K.'s Joint Money Laundering and Intelligence Task Force 
(JMLIT)) that better address barriers to information sharing by 
bringing together relevant actors to share information as well 
as allowing financial institutions to follow-up on SAR 
activity, thereby potentially improving the effectiveness of 
financial institution reporting mechanisms. However, with any 
public-private sector dialogue, and more generally, we believe 
that national authorities should speak with one voice when 
providing feedback as well as disseminating red flags, threats, 
and typologies to the private sector as disparate voices create 
confusion.

Q.3. Another compliance challenge often cited by banks is that 
they feel pressured by bank examiners and law enforcement 
authorities to exit certain business lines or cease offering 
certain services to customers viewed as presenting particular 
money-laundering vulnerabilities, i.e., severing corresponding 
banking relationships with foreign institutions in certain 
geographic areas, and also ending money services businesses 
(MSBs, i.e., check cashing, money transmitters, currency 
exchange outlets, etc.)
    As banks reevaluate their business relationships with MSBs 
in light of what they may view as a hostile regulatory 
landscape, what can we do to change this type of behavior/is 
this a prevalent problem in the industry?
    It is my understanding that there are times when law 
enforcement and the bank regulators work at cross purposes. 
That is, law enforcement might want a bank to continue banking 
an individual or company that they are following and building a 
case against but the bank regulators, whose incentives are to 
not be embarrassed by their regulated entities, force the banks 
to ``derisk'' or close those accounts. Is that actually the 
case?

A.3. We do not have hard data on this question. With respect to 
specific customers, we have heard of cases where law 
enforcement asked a bank to keep an account open, and the bank 
agreed; we have also heard of cases where banks felt that the 
regulatory risk was too high, and declined. At a broader level, 
with respect to certain lines of business or regions, we do not 
believe there are cases where banks have agreed to remain 
engaged at law enforcement or other governmental request. For 
example, it has been reported that the State Department 
expressed considerable concern at the decision by banks to 
derisk foreign embassies in the United States, but the banks 
involved could not get sufficient assurance that the banking 
agencies would not sanction them if something went wrong, so 
closed or refused to open those accounts.

Q.4. In terms of AML, we know that the success of AML is 
centric around whether or not the predicate crime of money 
laundering has been reduced, but we only really know how 
pervasive money laundering is on a reactive basis, i.e., when 
someone/some entity is caught. To that end, do you believe the 
advent/popularity of cryptocurrencies could affect the capture 
of money laundering/could it affect AML? Do enforcement 
authorities have the technological capabilities to work with 
private industry to capture mal-actors?

A.4. As a general matter, customers are using various tools to 
conduct transactions around the globe with bank and nonbank 
financial institutions. In 2013, FinCEN issued guidance 
indicating that a cryptocurrency ``administrator or exchanger 
is an MSB under FinCEN's regulations, specifically, a money 
transmitter, unless a limitation to or exemption from the 
definition applies to the person.'' \3\ We also note that in 
the past few years, FinCEN has levied enforcement actions 
against cryptocurrency exchangers. While TCH is not privy to 
data on the extent of money laundering within virtual 
currencies, others are beginning to look into this issue. \4\ 
In addition, in a recent speech, Treasury Under Secretary for 
Terrorism and Financial Intelligence Sigal Mandelker provided 
an example of cryptocurrencies being used for money laundering 
and terrorist financing stating that ``law enforcement 
authorities recently arrested a woman in New York who used 
Bitcoin to launder fraud proceeds before wiring the money to 
ISIS.'' \5\
---------------------------------------------------------------------------
     \3\ See FIN-2013-G001 ``Application of FinCEN's Regulations to 
Persons Administering, Exchanging, or Using Virtual Currencies'', March 
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
     \4\ For example, in January 2018, Yaya J. Fanusie and Tom Robinson 
published a memorandum on ``Bitcoin Laundering: An Analysis of Illicit 
Flows Into Digital Currency Services''. Available at: www.defend 
democracy.org/content/uploads/documents/MEMO_Bitcoin_Laundering.pdf.
     \5\ See U.S. Department of the Treasury Under Secretary Sigal 
Mandelker Speech before the Securities Industry and Financial Markets 
Association Anti-Money Laundering and Financial Crimes Conference, 
(Treasury Under Secretary Mandelker's 2018 SIFMA Speech), February 13, 
2018, available at home.treasury.gov/news/press-release/sm0286.
---------------------------------------------------------------------------
    Any review of the BSA/AML regime and its effectiveness 
should investigate the changing ways in which customers 
interact with financial institutions and ensure that statutory 
authorities are adequately tailored to address the evolving 
nature of illicit finance threats.

Q.5. In your opinion, do you think that the overall AML regime 
has been effective? Additionally, what do you see as the best 
way to ensure future effectiveness?
    Is it to have Treasury be the lead to:
    1. Define with other stakeholders specific and clear 
national priorities of the regime; and
    2. Determine, working with other stakeholders, clear and 
measurable objectives of the regime in light of those 
priorities. Should Treasury or someone else have to report 
those measurements against the objectives back to Congress?

A.5. The U.S. AML/CFT regime is broken. It is extraordinarily 
inefficient, outdated, and driven by perverse incentives. A 
core problem is that today's regime is geared towards 
compliance expectations that bear little relationship to the 
actual goal of preventing or detecting financial crime, and 
fail to consider collateral consequences for national security, 
global development, and financial inclusion. Fundamental change 
is required to make this system an effective law enforcement 
and national security tool, and reduce its collateral damage.
    The Department of the Treasury should reclaim 
responsibility for the system. That includes convening on a 
regular basis the end users of SAR data--law enforcement, 
national security, and others affected by the AML/CFT regime 
including the State Department--and publicly setting goals and 
priorities for the system. Treasury is uniquely positioned to 
balance the sometimes conflicting interests relating to 
national security, the transparency and efficacy of the global 
financial system, the provision of highly valuable information 
to regulatory, tax, and law enforcement authorities, financial 
privacy, financial inclusion, and international development.
    In addition, FinCEN should retake exam authority for 
multinational, complex financial institutions. Relatedly, 
Treasury should review the BSA/AML reporting regime to ensure 
information of a high degree of utility is reported to law 
enforcement as well as encourage the exchange of AML/CFT 
information between the Government and the private sector as 
well as between and among financial institutions. Finally, one 
important change to the current system is the passage of 
legislation ending the use of shell companies with anonymous 
ownership.

Q.6. Mr. Baer, does the current process of having FinCEN 
delegate authority to the bank regulators work? What are the 
challenges and deficiencies of the current system and how best 
do we improve outcomes?
    Does the current system take full advantage of 
technological advancements?
    How does BSA affect financial institutions of different 
size, with different staff and tech resources?

A.6. Congress in the Bank Secrecy Act explicitly vested sole 
regulatory, examination, and enforcement authority in the 
Treasury Department, an agency with considerable financial but 
also law enforcement and national security knowledge--not the 
banking agencies. Congress rightly saw that this was an 
altogether different mission, requiring different expertise. 
However, decades ago, an understaffed and underfunded FinCEN 
delegated all examination authority to the banking agencies, 
and then abdicated any oversight role in how they conducted it.
    The result is a system where the end users of suspicious 
activity reports, or SARs--law enforcement and national 
security--have little or nothing to say when a bank's 
compliance is evaluated. Examiners are generally not permitted 
to know which SARs are valued by the end users, and so focus on 
what they do know: policies and procedures.
    For example, banks know that examiners test compliance by 
reviewing alerts and trying to identify cases where a SAR was 
not filed but arguably should have been. Therefore, they 
reportedly spend more time documenting decisions not to file 
SARs than they do following up on SARs they do file. In other 
words, they focus on the noise, not the signal. And they 
continue to use antiquated, consultant-devised, rules-based 
systems--rules known to the bad guys, by the way--rather than 
innovative artificial intelligence approaches, largely because 
the former are conducted under policies and procedures that 
have passed muster with regulators.
    Furthermore, under this regime no one sets priorities--
unlike any law enforcement or national security agency in the 
world. According to bank analysis--there is little to no 
governmental analysis--the great majority of SAR filings 
receive no uptake from law enforcement. For certain categories 
of SARs--structuring, insider abuse--the yield is close to 0 
percent. And those categories now represent a majority of the 
SARs filed.
    BSA/AML reform would benefit institutions of all sizes. In 
2017, TCH testified before the House with a community banker 
who reported that his three-branch bank has four lending 
officers and six AML compliance officers. While TCH represents 
25 large commercial banks, the regime is no more rational for 
smaller banks. \6\
---------------------------------------------------------------------------
     \6\ See Testimony of Lloyd DeVaux before the House Financial 
Services Committee Subcommittee on Financial Institutions and Consumer 
Credit, June 28, 2017, available at financialservices.house.gov/
uploadedfiles/hhrg-115-ba15-wstate-ldevaux-20170628.pdf.
---------------------------------------------------------------------------
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
                         FROM GREG BAER

Q.1. What are the costs and benefits of having bank examiners 
assess bank compliance with the Bank Secrecy Act's (BSA) 
requirements instead of having anti-money laundering (AML) and 
combating the financing of terrorism (CFT) experts at the 
Financial Crimes Enforcement Network (FinCEN) examine bank 
compliance programs?

A.1. As you know, Congress assigned examination authority to 
the Treasury Department given its considerable financial, law 
enforcement, and national security knowledge. The benefit of 
delegation is clear: there are thousands of banks in the 
country, and bank regulators already have examiners assigned to 
them. Thus, they can efficiently add AML/CFT compliance to the 
list of items for which they examine. It would be inefficient 
for FinCEN to examine the vast majority of these banks, who 
present few issues.
    On the other hand, for the largest, multinational banks, we 
believe that the equation is quite different. We estimate that 
an examination team of only 25-30 people at FinCEN could 
replicate the existing work of the Federal banking agencies and 
the IRS (for the largest MSBs) at these institutions. More 
importantly, a dedicated FinCEN exam team for this small subset 
of large institutions could receive appropriate security 
clearances, meet regularly with law enforcement and other end 
users, receive training in big data analytics, and work with 
other experts in Government. They, in turn, would be supervised 
by Treasury officials with law enforcement, national security, 
and diplomatic perspectives on what is needed from an AML/CFT 
program--not bank examiners with no experience in any of those 
disciplines. And when FinCEN turned to writing rules in this 
area, it would do so informed by its experience in the field. 
It would see the whole battlefield, and promote innovative and 
imaginative conduct that advanced law enforcement and national 
security interests, rather than auditable processes and box 
checking.
    Importantly, the benefits of a FinCEN examination function 
would extend well beyond the handful of institutions it 
examined. Priorities set and knowledge learned could be 
transferred to regulators for the remaining financial 
institutions. And innovation started at the largest firms, with 
encouragement from FinCEN, would inevitably benefit smaller 
firms. The result of FinCEN assuming some supervisory authority 
would be a massive cultural change, as the focus of exams 
shifted to the real-world effectiveness of each institution's 
AML/CFT program, rather than the number of SARs filed or number 
of policies written. That change would start with those banks 
under sole FinCEN supervision, but would eventually spread to 
all institutions.
    Funding such an exam team could be accomplished many ways, 
including (i) assessing financial institutions for examinations 
costs; \1\ or (ii) establishing a centralized team funded pro 
rata by each of the affected agencies but reporting directly 
and solely to the FinCEN Director.
---------------------------------------------------------------------------
     \1\ Existing statutory authority appears to allow for such an 
assessment and affected institutions should see a corresponding 
reduction in the assessment they currently pay to prudential regulators 
for supervision of this function. The Independent Offices Appropriation 
Act provides general authority for a Government agency to assess user 
fees or charges by administrative regulation, based on the value of the 
service to the recipient. See 31 U.S.C. 9701. OMB Circular No. A-25 
provides further guidance regarding ``user fees'' (``A user charge . . 
. will be assessed against each identifiable recipient for special 
benefits derived from Federal activities beyond those received by the 
general public.''). See OMB Circular No. A-25 Revised.

Q.2. Is there a way to maintain a top-shelf effective AML/CFT 
policy while maintaining a commitment to increase access to 
financial products for the underbanked and immigrants who rely 
---------------------------------------------------------------------------
on remittance services?

A.2. With respect to remittances, the current derisking trend 
is in part a reaction to Government and supervisory 
characterizations of correspondent banking as a high risk 
business and the evolving standards within the domestic and 
international community. \2\ The causes are clear--the systems, 
processes, and people required to manage examiner expectations 
for clients deemed to be of ``higher risk'', are extremely 
costly. While those who care about poverty or international 
development might conclude that the benefits of allowing 
remittances exceed the costs, in the form of potential money 
laundering, banking agencies in our experience have not 
undertaken such a cost-benefit analysis. Thus, they impose 
documentation requirements and expectations that make certain 
lines of business uneconomical.
---------------------------------------------------------------------------
     \2\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too 
Risk-Averse'', The Economist, July 6, 2017, available at 
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See 
also ``A Crackdown on Financial Crime Means Global Banks Are 
Derisking'', The Economist, July 8, 2017, available at 
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
    We believe more research is warranted on how AML/CFT 
requirements affect the unbanked. Our understanding is that AML 
customer due diligence requirements are a substantial, perhaps 
majority, cost of opening an account. For low-dollar deposit 
accounts for lower income people, that can make the account 
difficult to offer and price.

Q.3. I'm interested in the ways in which technology can aid AML 
compliance efforts. What are some of the innovative 
technologies that you've seen that hold some promise for either 
the Government or the private sector?
    What are the barriers to either the Government or the 
private sector adopting these technologies?
    What can we be doing as legislators to ensure that we 
promote technological innovation in this sector?

A.3. Financial institutions are in the early stages of 
exploring various ways to apply technological innovations to 
AML/CFT efforts. In particular, artificial intelligence has the 
potential to improve the way that banks identify suspicious 
activity. AI does not search for typologies but rather mines 
data to detect anomalies. It gets progressively smarter; it 
won't be easily evaded; and different banks with different 
profiles would end up producing different outcomes.
    Our banks report that they are working to pilot AI 
solutions in this area, yet the experts that they need to work 
on these initiatives are instead required to validate their 
current programmatic processes to examiners. \3\ Furthermore, 
they lack feedback from the public sector on the BSA reports 
that they file--such feedback would assist institutions in 
tuning their systems to provide more targeted leads to law 
enforcement. Financial institutions need to be able to innovate 
their AML programs and coordinate that innovation with their 
peers. Yet, the most consequential impediment to innovation is 
the current regulatory structure as examiners focus on auditing 
banks' policies, processes, and metrics versus encouraging 
financial institutions to shift their resources to developing 
innovative methods of detecting financial crime. Banks will be 
reluctant to invest in systems unless someone in the Government 
can tell them that such systems will meet the banking 
examiners' expectations, and can replace old, outdated 
methods--in other words, that they will be rewarded, not 
punished, for innovation.
---------------------------------------------------------------------------
     \3\ Id.
---------------------------------------------------------------------------
    While there are instances where legislation is needed, in 
many cases agencies already have existing authority to address 
some of the concerns outlined during the hearing. For example, 
TCH believes that Treasury should take a more prominent role in 
coordinating AML/CFT policy and examinations across the 
Government, a step currently within their existing authority, 
to conduct a robust and inclusive annual or biennial process to 
establish AML/CFT priorities, which would form the basis for 
financial institution exams. Furthermore, we believe that 
FinCEN should retake exam authority for multinational, complex 
financial institutions, which is also within their current 
authorities. A dedicated FinCEN exam team for this small subset 
of large institutions could receive appropriate security 
clearances, meet regularly with law enforcement and other end 
users, receive training in big data analytics and work with 
other experts in Government. They, in turn, would be supervised 
by Treasury officials with law enforcement, national security, 
and diplomatic perspectives on what is needed from an AML/CFT 
program. This change would promote innovative and imaginative 
conduct that advanced law enforcement and national security 
interests, rather than auditable processes and box checking. 
Importantly, the benefits of a FinCEN examination function 
would extend well beyond the handful of institutions it 
examined. Innovation started at the largest firms, with 
encouragement from FinCEN, would inevitably benefit smaller 
firms. The result of FinCEN assuming some supervisory authority 
would be a massive cultural change, as the focus of exams 
shifted to the real-world effectiveness of each institution's 
AML/CFT program, rather than the number of SARs filed or number 
of policies written. That change would start with those banks 
under sole FinCEN supervision, but would eventually spread to 
all institutions.

Q.4. The regulatory definition of ``financial institution'' has 
been expanded several times over the years, both by FinCEN 
rulemaking and by legislation by Congress.
    Should the definition of financial institutions be expanded 
to include other sectors? If so, which sectors?
    Could these changes be made via FinCEN rulemaking or should 
legislation be passed?

A.4. As a general matter, the BSA/AML regime should be reviewed 
and its effectiveness investigated to account for the changing 
ways in which customers interact with bank and nonbanks and 
ensure that statutory authorities are adequately tailored to 
address the evolving nature of illicit finance threats.
    Such a review could be undertaken by Treasury without 
Congressional action, with recommendations on further 
administrative, legislative, or regulatory changes that need to 
be made to improve the efficiency and effectiveness of the AML/
CFT regime.

Q.5. In August 2017, FinCEN issued an advisory encouraging real 
estate brokers to share information with them that could be 
helpful in AML efforts, while noting they are not required to 
do so under current law.
    How do we increase information sharing between real estate 
brokers and FinCEN?
    Geographic Targeting Orders (GTOs), which impose additional 
record keeping and reporting requirements on domestic financial 
institutions or nonfinancial trades or businesses in a specific 
geographic area for transactions involving certain amounts of 
United States currency or monetary instruments, have been 
deployed since 2016 to target high-end real estate sectors in 
major metropolitan areas by requiring U.S. title insurance 
companies to identify the natural persons behind shell 
companies used to pay ``all cash'' for high-end residential 
real estate.
    Are GTOs an effective tool or would regulation be a 
preferable way to cover the real estate sector?

A.5. As previously mentioned the AML/CFT regime should be 
reviewed and adequately tailored to address the evolving nature 
of illicit finance threats, including those in the real estate 
sector. There are substantial benefits to developing additional 
pathways, both formally and informally, for AML/CFT information 
sharing between various stakeholders in the public and private 
sector.
    While we are not privy to any data on the effectiveness of 
FinCEN's GTO program, when discussing money laundering in the 
real estate sector we would urge Congress to pass legislation 
that prohibits the forming of companies with anonymous 
ownership. Such companies can be used by criminals to ``mask 
their identities, involvement in transactions, and origins of 
their wealth, hindering law enforcement efforts to identify 
individuals behind illicit activity.'' \4\
---------------------------------------------------------------------------
     \4\ See FIN-2017-A003, ``Advisory to Financial Institutions and 
Real Estate Firms and Professionals'', August 22, 2017, available at 
www.fincen.gov/sites/default/files/advisory/2017-08-22/
Risk%20in%20Real%20 
Estate%20Advisory_FINAL%20508%20Tuesday%20%28002%29.pdf.

Q.6. Cryptocurrency exchanges are money services businesses 
supervised by State regulators and subject to Federal AML and 
CFT laws.
    Should FinCEN play an enhanced role in assessing the 
compliance of cryptocurrency exchanges, or are State regulators 
sufficiently equipped to handle compliance monitoring?
    What additional tools could we give regulators and law 
enforcement?
    How prevalent is money laundering in cryptocurrency 
markets?

A.6. As a general matter, we believe that Treasury should take 
the lead in coordinating AML/CFT priorities and exams for all 
financial institutions, including cryptocurrency exchanges. 
Customers are using various tools to conduct transactions 
around the globe with bank and nonbank financial institutions 
and having one agency leading the regime would help coordinate 
disparate regulatory and law enforcement perspectives.
    In 2013, FinCEN issued guidance indicating that a 
cryptocurrency ``administrator or exchanger is an MSB under 
FinCEN's regulations, specifically, a money transmitter, unless 
a limitation to or exemption from the definition applies to the 
person.'' \5\ We also note that in the past few years, FinCEN 
has levied enforcement actions against cryptocurrency 
exchangers. While TCH is not privy to data on the extent of 
money laundering within virtual currencies, we note that others 
are beginning to look into this issue. \6\ Finally, in a recent 
speech, Treasury Under Secretary for Terrorism and Financial 
Intelligence Sigal Mandelker provided an example of 
cryptocurrencies being used for money laundering and terrorist 
financing stating that ``law enforcement authorities recently 
arrested a woman in New York who used Bitcoin to launder fraud 
proceeds before wiring the money to ISIS.'' \7\ As 
circumstances change AML/CFT authorities and requirements 
should be flexible and tailored enough to adapt to evolving 
threats.
---------------------------------------------------------------------------
     \5\ See FIN-2013-G001 ``Application of FinCEN's Regulations to 
Persons Administering, Exchanging, or Using Virtual Currencies'', March 
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
     \6\ For example, in January 2018, Yaya J. Fanusie and Tom Robinson 
published a memorandum on ``Bitcoin Laundering: An Analysis of Illicit 
Flows Into Digital Currency Services''. Available at: 
www.defenddemocracy.org/content/uploads/documents/
MEMO_Bitcoin_Laundering.pdf.
     \7\ See U.S. Department of the Treasury Under Secretary Sigal 
Mandelker Speech before the Securities Industry and Financial Markets 
Association Anti-Money Laundering and Financial Crimes Conference, 
(Treasury Under Secretary Mandelker's 2018 SIFMA Speech), February 13, 
2018, available at home.treasury.gov/news/press-release/sm0286.
---------------------------------------------------------------------------
                                ------                                


               RESPONSES TO WRITTEN QUESTIONS OF
              SENATOR CORTEZ MASTO FROM GREG BAER

Q.1. Gaming and tourism are some of Nevada's top industries. In 
the State of Nevada, our gaming operators employ thousands of 
hard working Nevadans, and the industry as a whole domestically 
supports 1.7 million jobs across 40 States. Qualified casinos, 
like financial institutions, are also subject to Banking 
Secrecy Act requirements. Organizations within Nevada have 
suggested that gaming operators would welcome a review of BSA 
requirements, which they find to be burdensome. They look 
forward to this Committee's thoughtful, bipartisan, review of 
BSA requirements that takes into account the security 
imperative for robust anti-money laundering efforts, as well as 
the impact those requirements have on all industries. For 
example, the Suspicious Activity Report (SAR) ($5,000) and the 
Currency Transaction Report (CTR) ($10,000) levels were set 
years ago. Some have recommended increasing these to correspond 
with inflation. Others believe that would be too high but do 
support a higher amount than currently.
    One of the top priorities of the gaming industry is to 
remove the requirement for a detailed factual narrative for 
structuring in the suspicious activity forms. What do you think 
of this recommendation?

A.1. We strongly support that recommendation. We note that when 
the SAR regime was implemented in the mid-1990s it was based on 
the concept of providing law enforcement a narrative analytical 
lead, but SARs are instead used today as a source for word 
searches and datamining by FinCEN and law enforcement. This is 
particularly true with respect to structuring. Our 
understanding is that the yield on structuring SARs is close to 
zero, as most cash transactions are entirely legitimate. Thus, 
resources invested in constructing a narrative is wasted. To 
the extent that datamining identifies a structuring transaction 
as truly suspicious, then law enforcement can contact the bank 
and obtain whatever detail is necessary.

Q.2. Do you have specific recommendations regarding how the 
gaming industry can benefit from greater communication with 
Government agencies and law enforcement? Is there something the 
Federal Government can do to share information with casinos and 
others filing SARs about broad benefits that may occur because 
of some of the 58,000 SAR forms filed by gaming firms.
    Would the creation of a Qualitative Feedback Mechanism help 
reduce money laundering and terrorist financing? Should the 
Secretary of the Treasury establish a mechanism to communicate 
anti-money laundering (AML) and countering terrorism financing 
(CTF) priorities to financial institutions, gaming 
establishments and Federal financial regulators? Could such a 
mechanism provide qualitative feedback on information shared by 
financial institutions with the Department of Treasury, 
including CTRs and SARs? Please describe the pros and cons of 
such a system.

A.2. There are substantial benefits to developing additional 
pathways, whether through a qualitative feedback mechanism or 
some other structure, for improved AML/CFT information sharing 
between various stakeholders in the public and private sector. 
As the Financial Action Task Force recently noted ``[l]ack of 
guidance and feedback by public sector authorities on 
information shared by the private sector may hinder private 
sector's ability to effectively monitor transactions and 
provide well-developed reports to FIUs . . . [and] may also 
impede or discourage information sharing between different 
private sector entities, or between private and public sectors, 
and vice versa, e.g., because regulatory expectations are 
unclear or because there is insufficient information available 
about risks.'' \1\
---------------------------------------------------------------------------
     \1\ See ``FATF Guidance: Private Sector Information Sharing'', 
November 2017, p.26, available at www.fatf-gafi.org/media/fatf/
documents/recommendations/Private-Sector-Information-Sharing.pdf.
---------------------------------------------------------------------------
    For example, the absence of public sector feedback on SARs 
in the current regime is hindering financial institutions' 
ability to tune their systems to provide more targeted leads to 
law enforcement. Granting law enforcement and national security 
authorities opportunities to provide general feedback on the 
reports filed, and incorporating this feedback into supervisory 
evaluations of firms' compliance, could assist financial 
institutions in targeting their resources to efforts that 
provide information that is of the greatest use in preventing 
illicit financing.
    It would also be helpful if a pathway for sharing 
information were established to allow financial institutions to 
efficiently share raw data with law enforcement along with 
reforms to SAR and other BSA reporting requirements. As 
discussed in the TCH AML/CFT report, the current regime is 
built on individual, bilateral reporting mechanisms grounded in 
the analog technology of the 1980s, rather than the more 
interconnected and technologically advanced world of the 21st 
century. \2\ Therefore, providing such data in bulk would 
modernize the current regime and allow institutions to provide 
law enforcement with information in a timelier manner. 
Furthermore, it would allow law enforcement, using big data 
analytics, to effectively have access to and sift through large 
quantities of data more efficiently.
---------------------------------------------------------------------------
     \2\ See The Clearing House, ``A New Paradigm: Redesigning the U.S. 
AML/CFT Framework To Protect National Security and Aid Law 
Enforcement'', (TCH AML/CFT Report), February 2017, available at 
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
    Further coordination and information sharing between and 
among public sector authorities is also critical to 
establishing AML/CFT priorities and providing an overarching 
purpose for the regime. Therefore, TCH recommends that Treasury 
take a more prominent role in coordinating AML/CFT policy and 
examinations across the Government and conduct a robust and 
inclusive annual or biennial process to establish AML/CFT 
priorities and provide an overarching purpose for the regime. 
This is particularly important in the U.S. where law 
enforcement, national security, and financial institution 
oversight responsibilities are dispersed among multiple 
agencies. This stands in contrast to other approaches (e.g., 
the U.K.'s Joint Money Laundering and Intelligence Task Force 
(JMLIT)) that better address barriers to information sharing by 
bringing together relevant actors to share information as well 
as allowing financial institutions to follow-up on SAR 
activity, thereby potentially improving the effectiveness of 
financial institution reporting mechanisms.

Q.3. The Office of the Comptroller of the Currency mentioned in 
its 2018 Banking Operating Plan that financial institutions 
should not inadvertently impair financial inclusion. But, as of 
September 2017, the OCC has not identified any specific issues 
they plan to address. We know that derisking has become an 
epidemic across many communities and industries, such as 
communities along the Southwest border, humanitarian 
organizations aiding Nations wracked with violence, and 
remittances providers that serve fragile Nations like Somalia.
    What type of guidance could the OCC, FinCEN, FDIC, and the 
Federal Reserve provide to help banks meet the banking needs of 
legitimate consumers and businesses that are at risk of losing 
access--or have already lost access?

A.3. The current derisking trend is in part a reaction to 
Government and supervisory characterizations of correspondent 
banking as a high risk business and the evolving standards 
within the domestic and international community. \3\ The causes 
are clear--the systems, processes, and people required to 
manage examiner expectations for clients deemed to be ``higher 
risk'' are extremely costly. For example, a bank may prepare a 
lengthy report on a customer only to be criticized for not 
further documenting the grounds on which it decided to retain 
the customer. Institutions are therefore required to make 
difficult decisions, because it is often times too expensive to 
build out this infrastructure to support higher risk accounts. 
And this does not even include the risk of massive fines and 
reputational damage in the event a customer designated high-
risk actually commits a criminal act.
---------------------------------------------------------------------------
     \3\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too 
Risk-Averse'', The Economist, July 6, 2017, available at 
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See 
also ``A Crackdown on Financial Crime Means Global Banks Are 
Derisking'', The Economist, July 8, 2017, available at 
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
    Similarly, domestically, banks of all sizes report that 
customer due diligence (CDD) requirements have dramatically 
increased the cost of opening new accounts, and now represent a 
majority of those costs. Of course, disproportionate and 
heightened account opening requirements make low-dollar 
accounts for low- to moderate-income people much more difficult 
to offer and price. While the connection is not immediately 
apparent, AML/CFT expense now is clearly an obstacle to banking 
the unbanked, and a reason that check cashers and other forms 
of high-cost, unregulated finance continue to prosper. The 
problem, of course, is that bank examiners do not internalize 
those costs. And those in the Government who do internalize 
those costs play no role in examining the performance of 
financial institutions.
    As noted in my testimony, TCH believes that Treasury should 
take a more prominent role in coordinating AML/CFT policy and 
examinations for the regime. That includes convening on a 
regular basis the end users of BSA data--law enforcement, 
national security, and others affected by the AML/CFT regime 
including the State Department--and setting goals and 
priorities for the system. Treasury is uniquely positioned to 
balance the sometimes conflicting interests relating to 
national security, the transparency and efficacy of the global 
financial system, the provision of highly valuable information 
to regulatory, tax and law enforcement authorities, financial 
privacy, financial inclusion, and international development.
    In addition, while the AML/CFT regime is supposed to be 
risk-based, particularly in the context of correspondent 
banking relationships, it is instead perceived as being ``zero 
miss or tolerance.'' Supervisors must reaffirm the risk-based 
nature of the regime and make clear that isolated failures to 
identify potentially suspicious activity should not call into 
question a bank's entire BSA/AML/OFAC compliance framework. 
Furthermore regulators should continue to clarify correspondent 
banking and other regulatory expectations and should provide 
banks with greater certainty that the banks' good-faith 
application of clear regulatory guidance and expectations will 
ensure that banks are found by their regulators and auditors to 
be in compliance with those requirements.

Q.4. Last year, the Countering Iran's Destabilizing Activities 
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it 
required the Treasury Department to publish a study by May 1, 
2018, on two issues:
    Somali Remittances: The law required the U.S. Department of 
Treasury to study if banking regulators should establish a 
pilot program to provide technical assistance to depository 
institutions and credit unions that wish to provide account 
services to money services businesses serving individuals in 
Somalia. Such a pilot program could be a model for improving 
the ability of U.S. residents to make legitimate funds 
transfers through easily monitored channels while preserving 
strict compliance with BSA.
    Sharing State Banking Exams: The law also required Treasury 
to report on the efficacy of money services businesses being 
allowed to share certain State exam information with depository 
institutions and credit unions to increase their access to the 
banking system.
    Have you or your organization been involved with these 
Treasury studies?

A.4. TCH has not received a request to participate in this 
study.

Q.5. What advice did you give--or would you give--on the pilot 
studies?

A.5. We encourage the Treasury Department to solicit input from 
the industry on each of these studies to ensure that any 
recommendations incorporate private sector perspectives.

Q.6. In 2016, William and Margaret Frederick were moving from 
Ohio to Las Vegas. Unfortunately, it is alleged that the title 
company they used in Columbus, Ohio, fell for an email scam and 
wired the $216,000 profit from their home sale to a hacker, not 
to the Fredericks. William is 83 and Margaret is 75 and as of 
October, they were still trying to get their money back. While 
the Fredericks' tale is now a court case to determine who was 
responsible for the fraudulent information, we know that the 
Fredericks' experience is ``very typical'' of scams that divert 
an estimated $400 million a year from title companies into 
bogus accounts.
    Please describe the responsibilities of financial firms to 
avoid these frauds?
    What penalties should be assessed and by which agencies 
when financial firms enable theft?
    What is the role for the Consumer Financial Protection 
Bureau to ensure financial firms protect their customers' money 
and information?

A.6. Wire transfers are a ``push'' payment in which a bank 
customer instructs its bank to pay another party. Under the law 
that applies to wire transfers, Uniform Commercial Code Article 
4A, a bank is liable for losses resulting from unauthorized 
wire transfer instructions unless the bank and its customer 
have entered into a commercially reasonable security procedure 
agreement and the bank follows those procedures when it 
receives instructions. Generally banks enter into these 
agreements with their customers and have security procedures in 
place to verify that instructions are in fact the instructions 
of their customer.
    In the unfortunate case described above, the instruction 
from the title company was authorized. However, the title 
company had been deceived, through means outside of the bank's 
control, into paying the wrong party. Legally it is not the 
bank's responsibility to determine if its customer has been 
deceived into paying a fraudulent actor. However, banks do not 
want their customers to be victims of fraud. In response to the 
increase in fraud attacks on their corporate and institutional 
customers banks have conducted extensive educational campaigns 
using in-person sessions, webinars, and conference calls to 
alert customers to fraud schemes and the steps customers can 
take to avoid fraud losses. These measures that customers are 
encouraged to take include verifying the authenticity of email, 
telephone, or other communications before relying on those 
communications to instruct wire transfers. Failure to take 
these precautions can result in a customer's authorized wire 
transfer instruction to its bank that is based upon information 
received from a criminal.

Q.7. In 2014, FinCEN issued an advisory with human trafficking 
red flags, to aid financial institutions in detecting and 
reporting suspicious activity that may be facilitating human 
trafficking or human smuggling.
    To what extent do you assess that financial institutions 
are currently utilizing these red flags, in order to better 
assess whether their banks are being used for to finance human 
trafficking? If institutions are not widely utilizing the red 
flags, what actions is FinCEN taking to encourage them to do 
so?

A.7. As previously discussed, TCH recommends that Treasury set 
AML/CFT priorities for the regime to assist financial 
institutions as they work to provide leads to law enforcement--
including on human trafficking. \4\
---------------------------------------------------------------------------
     \4\ We note that the U.K.'s Joint Money Laundering Intelligence 
Taskforce (JMLIT) has established operational priorities for its 
public-private sector information sharing partnership 
www.nationalcrimeagency.gov.uk/about-us/what-we-do/economic-crime/
joint-money-laundering-intelligence-taskforce-jmlit.
---------------------------------------------------------------------------
    Financial institutions around the globe are proactively 
working among themselves and with the public sector to disrupt 
human trafficking networks. In a 2016 Financial Times op-ed, 
Standard Chartered's Group General Counsel discussed the need 
for enhanced public-private sector sharing, noting that 
presentations from NGOs and Government agencies ``have improved 
banks' ability to detect potentially [human trafficking] 
related financial transactions. In turn, they have helped law 
enforcement disrupt trafficking networks.'' \5\ Such movements 
are also underway in the United States. \6\
---------------------------------------------------------------------------
     \5\ See Financial Times op-ed by David Fein, ``How To Beat the 
Money Launderers: Banks Must Work With Governments To Combat This 
Scourge'', November 22, 2016, available at www.ft.com/content/569c2e26-
adb9-11e6-ba7d-76378e4fef24.
     \6\ See TCH Banking Perspectives article by Juan C. Zarate and 
Chip Poncy, ``Designing a New AML System'', Q3 2016, available at 
www.theclearinghouse.org/research/banking-perspectives/2016/2016-q3-
banking-perspectives/a-new-aml-system.
---------------------------------------------------------------------------
    Furthermore, the U.K.'s Royal United Services Institute 
published a report in 2017 on the role financial institutions 
play in disrupting human trafficking. It studied efforts in 
both the U.K. and U.S. and notes the following: (i) the 2016 
Dow Jones and ACAMS Global Anti-Money Laundering Survey found 
that ``nearly 70 percent of respondents report their 
organizations have modified AML training and/or transaction 
monitoring to incorporate human trafficking and smuggling red 
flags and typologies,'' with heavy U.S. participation in that 
survey; (ii) financial institution approaches to disrupting 
human trafficking networks are mixed as some adapt alerts and 
guidance; others create bespoke algorithms; and others utilize 
other sources of information such as law enforcement inquiries 
or negative media alerts; and (iii) many financial institutions 
are proactively investigating historic transaction records 
rather than relying on real-time monitoring as it may not be as 
effective in detecting potential trafficking. \7\
---------------------------------------------------------------------------
     \7\ See Tom Keating and Anne-Marie Barry, ``Disrupting Human 
Trafficking: The Role of Financial Institutions'', Whitehall Report 1-
17, Royal United Services Institute for Defence and Security Studies, 
March 2017, available at rusi.org/sites/default/files/
201703_rusi_disrupting_human_trafficking.pdf.
---------------------------------------------------------------------------
    The report also notes that barriers to financial 
institutions' efforts to combat human trafficking include: (i) 
difficulties with automating triggers as most human 
trafficking-specific signals are similar to normal commercial 
activity; \8\ (ii) concerns from financial institutions that 
they receive no regulatory credit for their efforts and instead 
will be penalized or censured; (iii) the diverse number of 
financial institutions and payment methods, in multiple 
jurisdictions, over which such high volume and small 
denomination activity can occur which makes it difficult to 
detect without law enforcement leads and greater information 
sharing; and (iv) the lack of formal law enforcement feedback 
as well as coordinated law enforcement-endorsed efforts to 
address human trafficking.
---------------------------------------------------------------------------
     \8\ FinCEN implicitly acknowledges this in their 2014 human 
trafficking advisory when it says ``financial institutions may consider 
incorporating [FinCEN's red flags] into their monitoring programs. In 
applying these red flags, financial institutions are advised that no 
single transactional red flag is a clear indicator of human smuggling 
or trafficking-related activity.'' See www.fincen.gov/resources/
advisories/fincen-advisory-fin-2014-a008.
---------------------------------------------------------------------------
    As a general matter, the USA PATRIOT Act's Section 314(b) 
private sector information sharing provisions have reportedly 
been useful in addressing human trafficking and other crimes. 
\9\
---------------------------------------------------------------------------
     \9\ See Testimony of William J. Fox before the U.S. House 
Financial Services Subcommittees on Financial Institutions and Consumer 
Credit and Terrorism and Illicit Finance, November 29, 2017, available 
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.

Q.8. What are the pros and cons of reducing or eliminating the 
standards requiring SARs filing for insider abuse (i.e., 
employee misconduct)?
    The common expectation is that any financial institution 
subjected to a cyberattack would be in touch with law 
enforcement about whether or not it's required to file an SAR. 
What are the pros and cons of eliminating SAR filing 
requirement for cyberattacks against financial institutions?

A.8. While we do not support eliminating SAR filings in all 
insider abuse cases, we do believe that those filing 
requirements should be further tailored, perhaps by making them 
subject to the same dollar thresholds as other submissions. We 
believe that this would allow firms to shift resources away 
from investigating activity that, even if it proved criminal, 
would almost certainly never be prosecuted, and towards 
innovative efforts to detect more serious offenses. We cannot 
think of a ``con'' for this change.
    Similarly, with respect to cyber, we presume that cyber SAR 
filings are of little to no utility, for the reasons you state. 
However, we would strongly urge the Committee to confirm this 
impression with law enforcement or FinCEN--that is, by asking 
them whether there are investigations where a SAR filing, as 
opposed to direct engagement with the firm, helped make a case.

Q.9. Most of the cost of regulatory compliance for financial 
institutions has been in the BSA/AML area. Yet, when we talk of 
simplifying regulations for community banks, we have not 
addressed this issue even though our banks and credit unions 
tell us this is the most costly and complex.
    Can you give a percent of staff resources invested in AML/
BSA compliance for financial institutions of less than $50 
billion in assets?

A.9. BSA/AML reform would benefit institutions of all sizes. In 
2017, TCH testified before the House with a community banker 
who reported that his three-branch bank has four lending 
officers and six AML compliance officers. While TCH represents 
25 large commercial banks, the regime is no more rational for 
smaller banks. \10\
---------------------------------------------------------------------------
     \10\ See Testimony of Lloyd DeVaux before the House Financial 
Services Committee Subcommittee on Financial Institutions and Consumer 
Credit, June 28, 2017, available at financialservices.house.gov/
uploadedfiles/hhrg-115-ba15-wstate-ldevaux-20170628.pdf.
---------------------------------------------------------------------------
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
                     FROM DENNIS M. LORMEL

Q.1. Strengthening Financial Intelligence Tools--You have 
studied the financial underpinnings of recent terrorist 
attacks, like the 2017 attack in Manchester, England, where a 
suicide bomber killed 22 people and injured more than 100. 
Investigations in the aftermath of that event led to the arrest 
of a network of at least 15 more suspects. At the time, you 
wrote it was unlikely our current AML and terror finance 
regimes could have alerted U.K. or U.S. authorities to this 
type of attack.
    What specific financial intelligence tools should we 
strengthen to detect and disrupt the planning and finance of 
such attacks? Is our current response capability sufficiently 
joined up, both within the United States and with key allies, 
so that key financial evidence is swiftly identified and shared 
with relevant law enforcement authorities?

A.1. In attacks like Manchester, it is extremely unlikely that 
financial institutions would generate alerts through 
transaction monitoring because the banking activity of most of 
the individuals involved would usually not raise any suspicion 
to cause an alert. The funding flowing through the account, 
particularly for homegrown violent extremists would be 
generated by their employment compensation, entitlement funds, 
or other sources that would usually not raise suspicion. If 
they were engaged in criminal activity, there would be more 
likelihood this type of funding might generate an alert as 
being potentially suspicious but that would be contingent on 
the funding flow. These types of individuals, for the most 
part, want to avoid detection. It's usually not until after the 
event occurs, when names are reported in the media that 
financial institutions would identify transactional activity or 
account relationships through name identification of the 
negative news.
    I've written a number of articles with different ideas 
about identifying terrorist financing. It's extremely 
difficult. I'm happy to forward a sampling of the articles to 
provide more context. The problem is most people, including 
individuals working in financial institutions do not adequately 
understand the funding flows nor are they familiar with 
terrorist financing typologies. We tend to look at terrorist 
financing more generically and do not visualize sources of 
funds, methods of moving funds or how terrorists access funds. 
I believe there are three funding streams with numerous 
variations of the three primary funding streams.
    I believe U.S. law enforcement and their international law 
enforcement do a good job of sharing and exchanging 
information. Law enforcement does not do as good a job sharing 
information with financial institutions. Part of the problem is 
a lack of capacity. Part of the problem is a good deal of 
information cannot be shared do to considerations to include 
grand jury secrecy and classified information. I have been a 
proponent for providing security clearances to select personnel 
in financial institutions dating back to when I formed and ran 
the Terrorist Financing Operations Section (TFOS) at the FBI. 
In fact, I recommended that the 9/11 Commission recommend that 
security clearances should be granted to bankers. They did not 
concur with this. I am still a firm believer that security 
clearances would lead to better information sharing.
    Financial institution AML personnel are very dedicated to 
identifying money laundering and terrorist financing.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
                     FROM DENNIS M. LORMEL

Q.1. I'd like to understand better the law enforcement context 
for the U.S.'s efforts to fight money laundering.
    Does the U.S. financial system substantially--even if 
inadvertently--facilitate human trafficking?

A.1. The U.S. financial system does facilitate human 
trafficking. The financial system also serves as a detection 
mechanism. I conduct a lot of AML training, speak frequently at 
AML and terrorist financing conferences and write articles 
published mostly by the Association of Certified Anti-Money 
Laundering Specialists (ACAMS). I make the point that financial 
institutions are either facilitation tools or detection 
mechanisms. I stress that we need to do more to enhance 
detection and limit facilitation.
    I believe that AML compliance professionals are dedicated 
to identifying money laundering and especially for heinous 
crimes such as human trafficking. In my response to Senator 
Cortez Masto's questions, I spoke about proactive initiatives 
certain financial institutions have taken in partnership with 
law enforcement. Below is the answer I provided which puts 
context around my comment above about public-private 
partnerships.
    The Association of Certified Anti-Money Laundering 
Specialists (ACAMS) has made human smuggling a long time 
priority. They started a working group in 2010 with a group of 
major banks and Homeland Security Investigations. Bank analysts 
and Homeland Security Investigations analysts developed 
patterns of activity or typologies consistent with human 
smuggling. JPMorgan Chase had a team of special investigators 
who conducted targeted transaction monitoring and identified 
potential suspicious activity. ACAMS gave JPMorgan Chase and 
Homeland Security a special award in recognition of their 
outstanding collaboration. Another outstanding example of 
public-private sector partnerships occurred in January 2018, in 
the run up to the Super Bowl. The ACAMS Minneapolis Chapter 
held a half-day long learning event focused entirely on human 
slavery/trafficking. I was proud to be the first speaker. U.S. 
Bank, Homeland Security Investigations, and the U.S. Attorney's 
Office in Minneapolis collaborated to develop typologies to 
identify human sex trafficking specifically related to travel 
for the Super Bowl. These types of initiatives have a great 
impact on crime problems like human trafficking. I must give a 
cautionary comment, that this type of initiative is not as easy 
as it sounds. It can be costly; there are regulatory concerns 
and other impediments that must be overcome. The September 
issue of ACAMS Today magazine had a detailed article about the 
Minneapolis learning event. I would be happy to provide a copy 
of ACAMS Today if you'd like one.

Q.2. What about terrorism?

A.2. Like money laundering for human trafficking, financial 
institutions serve as either facilitation tools or detection 
mechanisms for terrorist financing. It is easier to develop 
typologies and red flags for human trafficking and other crimes 
than it is for terrorist financing. That is one reason I spend 
a considerable amount of my time teaching and writing about 
terrorist financing. Terrorist financing is very complex and 
multifaceted. I believe there are three basic funding streams 
and many variations of the three funding streams. What also 
needs to be considered is who you are dealing with, 
organizations or individuals. I have a great deal of content in 
terms of power point presentations and articles providing 
greater detail that I'm happy to share.
    AML professionals are vigilant and would like to identify 
potential terrorist financing but generally, they do not 
understand terrorism or the funding flows to be concerned about 
and how it impacts their institutions. This is not for a lack 
of trying. It's an extremely complex issue. I encourage 
financial institutions to form specialized investigations 
teams, analogous to law enforcement SWAT teams to address 
issues like terrorist financing, human trafficking and 
transnational criminal organizations, as you inquire about 
below. One of the problems we have in AML compliance is that we 
are inherently reactive. The more we can be ``urgently'' 
reactive and to the extent we can be proactive, the more 
detective and disruptive we can be.

Q.3. What about drug cartels and violent gangs such as MS-13?

A.3. I would characterize drug cartels, violent gangs, and 
organized crime organizations as either transnational criminal 
organizations or domestic criminal organizations. Either way, 
they would operate locally, regionally, and/or globally. Again, 
financial institutions serve as facilitation tools or detection 
mechanisms. Here, one of my principal concerns is the nexus 
between transnational criminal organizations and terrorist 
groups. I refer to this as the problem of convergence and 
diversification. Criminal and terrorist groups converge to act 
together in criminal activity or to share the same supply 
chains and channels for shipping illicit goods and for human 
smuggling and trafficking. As these hybrid operations mature, 
they diversify into more seemingly legitimate activity. This is 
where public-private partnerships become more important and 
meaningful.

Q.4. Can you walk me through a typical case, either as an agent 
or as a field manager, where you used financial intelligence, 
such as suspicious activity reports, to catch these sort of 
criminals?

A.4. Senator, thank you for this question because it goes to 
the heart of my January 9th written and oral testimony. Every 
day, law enforcement uses BSA data, either in the form of SARs, 
CTRs, 8300s, or other BSA data, to predicate or enhance 
criminal investigations. I just attended the West Coast AML 
Forum annual conference in San Francisco (May 2-4, 2018). Three 
separate law enforcement case studies were presented that were 
built on SARs, CTRs, 8300s, and other BSA data. One case 
revolved around Ponzi schemes, one around Asian Organized 
Crime, and one around dark web internet sites selling illicit 
goods, including synthetic opioids. They were very compelling 
presentations demonstrating the importance of building evidence 
around BSA data. In addition to those presentations, I gave a 
presentation on terrorist financing and stated that the FBI 
relies extensively on SARs and CTRs for terrorist financing 
investigations.
    To more directly answer your question, as a hypothetical, 
as a law enforcement agent I receive a SAR about an investment 
fraud. I would run the subject name(s) and collateral 
identifying data through the SAR database and through my 
agency's investigative indices. I may or may not get additional 
hits. However, if it's an investment fraud, it most likely will 
have multiple victims, perhaps through multiple financial 
institutions. I would contact the financial institution(s) 
filing the SAR(s) and request the SAR decision documentation. I 
would attempt to establish predicating information to open a 
case to present to a prosecutor. I would get grand jury 
subpoenas for bank account records and begin my investigation 
to ``follow the money.'' As I proceed, it is likely I'll 
identify CTRs and additional SARs. Through bank account 
analysis, I'll likely identify other bank and credit card 
accounts and continue to build my links to co-conspirators. I'd 
continue to build financial evidence along with other evidence 
to include audio and video recordings, surveillance, interviews 
and other investigative steps to build my case. Often times an 
investigation as I'm describing could lead to an opportunity to 
establish an undercover operation where the undercovers provide 
money laundering services to the bad guys. I would continue to 
build my case to obtain an indictment and sustain a 
prosecution. At every step in the process, financial record and 
BSA data will be essential elements of the case.
    I used SAR and CTR information in terrorist financing 
following 9/11 for purposes of developing strategic 
intelligence about current and emerging trends. We established 
a datamining initiative where we used SAR and CTR information 
with other buckets of information to develop said strategic 
intelligence. I believe that capability is more robust today 
than in the 2001-2003 timeframe.
    In training presentations I give regarding SARs, I have a 
flow chart about the lifecycle of a SAR. I would be happy to 
provide it to you and to provide a demonstration or 
explanation.

Q.5. At the FBI, what percentage of the time would you estimate 
that unique leads are generated from AML tools, such as 
suspicious activity reports and currency transaction reports?

A.5. I cannot give you a definitive answer of the current 
status of how SAR and CTR data is used at the FBI today. When I 
was Chief of the Terrorist Financing Operations Section (TFOS), 
following its formation and through 2003, we checked for and/or 
used SAR and CTR data extensively. One of the processes we 
established was that all terrorism cases had a financial sub-
file and that SAR and CTR checks were made. Between December 
2000 and 9/11, while I was Chief of the Financial Crimes 
Section, we had an analyst checking the SAR database on a daily 
basis to find SARs we could take actionable steps with. We also 
had a pilot program regarding money laundering and running 
through the SAR database for SARs we could predicate 
investigations with and refer out to field offices. I 
participate in bank working group outreach meeting that TFOS 
has with financial institutions a few times a year. TFOS 
leaders discuss how SARs are used for their investigative 
targeting in terrorism cases. Although I cannot provide 
information about how other divisions within the FBI use SARs 
and CTRs, my sense is they are widely used. The FBI has a cadre 
of forensic accountants that work throughout the criminal and 
counterterrorism programs. My expectation is they regularly 
rely on BSA data in their financial investigations.

Q.6. What should our risk tolerance be for the fact that the 
U.S. financial system facilitates crimes like human 
trafficking? Should we strive to have zero incidence of money 
laundering in our financial system?

A.6. The Bank Secrecy Act specifically states that financial 
institutions have AML programs that are ``reasonably designed'' 
to identify and report suspicious activity. With the volume of 
transactions that take place on a daily basis it is impossible 
to identify all suspicious activity. Having a reasonably 
designed program is the appropriate standard. In a perfect 
world, we could consider a zero tolerance for money laundering 
standard. However, in the real world, that is an impossible 
standard. We should always strive to improve transaction 
monitoring and rely more on innovation to improve the detection 
versus facilitation capabilities. In my view, ensuring that 
financial institutions develop and maintain ``reasonably 
designed'' AML standards is appropriate.

Q.7. I'd like to understand better how technological innovation 
is transforming the fight against money laundering and how 
Government policy can help or hurt these efforts.
    In the health care context, I hear about how researchers 
have used machine learning and artificial intelligence to 
identify diseases and predict when they will occur, using data 
points that humans would have never put together. How have 
financial institutions or law enforcement officials been able 
to use of similar techniques to identify money laundering and 
how much more progress can be made in this front?

A.7. I believe we need to embrace technology and use 
technological advances to better monitor for suspicious 
activity and to support criminal investigations. In the last 
few years, technology has been greatly enhances. We should be 
exploiting technology as much as we can to enhance monitoring 
and investigative capabilities. We need to ensure the legal and 
regulatory framework is in place to support technology. We must 
also ensure that individual privacy rights are not abused. I'm 
not a technology expert. I would encourage the Committee to 
hold hearings and briefings with technology experts and privacy 
rights advocates to determine what technologies can be 
exploited in a legal framework.
    I would also note, that no matter how advanced machine 
learning and artificial intelligence become, we will always 
need humans to conduct investigations and to make the decisions 
on filing SARs and other BSA decisions.

Q.8. Outside of AI and machine learning, how can recent FinTech 
innovations such as blockchain fight money laundering?

A.8. As I noted above, I am not an IT expert. However, FinTech 
needs to be included in the discussion about improving the 
effectiveness and efficiency of AML reporting requirements. I 
believe blockchain is only going to gain momentum and become 
more mainstream. We need to take a step back and better 
understand blockchain and accountability regarding blockchain 
and other emerging technology. I honestly believe, in listening 
to experts familiar with blockchain, that blockchain can be a 
tool to fight money laundering.

Q.9. What regulatory requirement or requirements--if any--most 
hinders the adoption of technological innovations?

A.9. As I noted above, I am not an IT expert. I'm not sure if 
it's a regulatory problem as much as a cost consideration. 
Regardless of cost considerations, the problem is not 
regulations. Rather it is the regulators and the lack of 
clarity and leadership by regulators concerning regulatory 
expectations. My sense is financial institutions are concerned 
about potential regulatory consequences they may face for 
enhancing technology. There is concern that if new innovations 
will result in criticism that the older technology will be 
criticized for not having picked up the same level of alerts 
causing them to have to look back for potential suspicious 
activity perceived to be missed. At the ACAMS AML Conference 
held in Hollywood, Florida, from April 9-11, 2018, during a 
regulator panel, one regulator advised that if financial 
institutions upgraded their transaction monitoring system, they 
should run the two systems in parallel for a period of time to 
ensure that if one system generates more alerts, the other is 
assessed to see if it missed alerts. That's a cause for concern 
for two reasons, cost and perceived regulatory action against 
the financial institution. This is a deterrent and not an 
incentive to enhance technology.

Q.10. How much does bitcoin, blockchain, and other 
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering 
in traditional banks? How can law enforcement officials best 
stop this newer form of money laundering?

A.10. As bitcoin, blockchain, and other cryptocurrency continue 
to emerge and gain popularity and usage, it will grow as a 
money laundering challenge. The initial reaction to bitcoin, 
blockchain, and other cryptocurrency, and its attractiveness to 
money launderers and criminals was its perceived anonymity. 
Experts have demonstrated that is not true and that they can 
identify people engaging in bitcoin and other cryptocurrency 
transactions. This is a money laundering deterrent. However, 
the more bitcoin and other cryptocurrencies are used, and the 
more they can be used in cash like manners, the more prevalent 
the money laundering challenge will become. Part of the problem 
is the extent to which the dark net can be used and the level 
of anonymity that bad guys can develop and exploit.

Q.11. I'd like to discuss Suspicious Activity Reports (SARs). 
Today, around 2 million SARs are filed each year. While every 
SAR used to be read by law enforcement officials, that is no 
longer the case today. Financial institutions often complain 
that they rarely, if ever, receive feedback from law 
enforcement officials on the utility of any particular 
suspicious activity report that they file. This lack of 
feedback loops increases the burdens on financial institutions, 
who continue to file SARs that are of little utility to law 
enforcement officials. It also prevents financial institutions 
from developing better analytical tools to more precisely 
discern between the signal and the noise.
    What percentage of SARs are actually read by someone in law 
enforcement?

A.11. First, to the statement above, the number of SARs read by 
law enforcement and feedback regarding SARs are two separate 
issues and should not be compared with each other or considered 
a metric for whether law enforcement reviews SARs.
    I cannot give a precise percentage for how many SARs are 
reviewed by law enforcement but based on my experience I 
confidently believe a very high percentage of SARs, if not all 
SARs, are reviewed in some fashion. At a macro level, a program 
level or for strategic purposes the FBI, IRS, and FinCEN 
possess analytics and/or datamining initiatives that scrub all 
SAR data. At the grassroots or field office level SARs that 
fall into the grassroots or field office jurisdictions 
throughout the U.S. are reviewed. I believe that most, if not 
all, SARs receive at least a cursory manual review. I think 
there are 94 U.S. Attorney's Offices (USAOs) in the U.S. Each 
USAO has at least one SAR review team. SAR review teams are 
composed of agents from Federal law enforcement agencies in 
each jurisdiction, most prominently IRS and FBI agents and/or 
analysts. In addition, field office personnel or State and 
local law enforcement review certain SARs independent of the 
SAR review teams. As an example, the Manhattan District 
Attorney's Office has a SAR review team. I'm confident that 
most, if not all, SARs are reviewed by law enforcement.

Q.12. How often do financial institutions receive feedback from 
law enforcement officials as to the utility of their SAR 
filing?

A.12. Feedback from law enforcement to financial institutions 
regarding the value of SARs is problematic. I have frequently 
heard the same complaint from financial institutions. As noted 
above, the lack of feedback does not mean SARs were not 
reviewed or that SARs did not predicate and/or enhance law 
enforcement investigations. In response to the frustration on 
the part of financial institutions about the lack of SAR 
feedback, I always make it a point when I provide training to 
AML professionals to discuss how important SARs are to law 
enforcement. I also include in my presentations a flow chart I 
developed regarding the lifecycle of a SAR. As I mentioned in 
an earlier response to one of your questions, I'd be happy to 
provide the flow chart to you.
    When I was the Chief of TFOS in the FBI, I frequently met 
with then FinCEN Director James Sloan. We often spoke about 
developing a consistent feedback mechanism for financial 
institutions but were unable to develop an adequate mechanism 
to do so. There are a number of inherent impediments to 
establishing a feedback mechanism. Such include the nature of 
criminal investigations. From the point a SAR is filed to the 
point a case is concluded, it could be a period of one or more 
years. If a case is a Grand Jury investigation, information 
cannot be disclosed by law enforcement. Law enforcement lacks 
the resources to consistently provide feedback. There are 
always new cases to move forward with and investigators don't 
have time to provide feedback. Impediments aside, they are no 
excuse for not providing feedback. I believe a feedback 
mechanism should be developed and implemented through FinCEN 
initiated by law enforcement. I concur with your comment that a 
SAR feedback mechanism would improve the quality of SAR 
submissions. I also believe that a SAR feedback would improve 
the morale of AML professionals who are involved in the SAR 
process. They would have a greater sense of accomplishment and 
satisfaction that their work contributes to law enforcement 
successes. Make no mistake; SARs play a significant role in 
investigations.

Q.13. While some have proposed reducing the number of SARs and 
CRT filings because they are often superfluous and are never 
read, others argue that this poses risks, because investigating 
minor infractions may still lead to significant law enforcement 
successes. How should policymakers resolve this conflict?

A.13. Having been the direct beneficiary of SARs and having 
used SARs at the program or macro level for strategic analysis, 
I'm a strong proponent that more SARs and CTRs are better. 
Agents who manually review SARs at the grassroots level would 
probably opine that less is better. In any event, a disparate 
SAR that may not have a high financial loss from a consumer 
fraud or elderly fraud may likely be identifiable with similar 
SARs. When those SARs are aggregated, what was an insignificant 
fraud could escalate into a massive fraud case. I think policy 
makers should take a serious look at this issue. There are 
merits to both arguments. My opinion is there is more merit to 
not reducing the number of SARs filed, especially by increasing 
SAR thresholds. I am definitely staunchly against that 
alternative.

Q.14. How could regulators (1) set up better feedback loops 
between financial institutions and law enforcement officials 
that could help financial institutions better identify money 
laundering; and (2) empower financial institutions to act upon 
their improved ability to distinguish between useful and 
superfluous reports, including by filing fewer unnecessary 
SARs, without fearing regulatory consequences for doing so?

A.14. I do not believe regulators should have a role in SAR 
feedback or to have a voice in what a useful SAR is. Regulators 
have no authority over law enforcement, are not law enforcement 
and represent an impediment to law enforcement in the SAR 
process in certain regards. SARs are intended to assist law 
enforcement not the regulators. One criticism I have about 
regulators regarding SARs is that in a number of instances, 
financial institutions write SARs geared to what the regulators 
want versus what law enforcement wants. This is 
counterproductive. Where regulators can assist in the SAR 
process during their examinations is to identify situations 
where financial institutions do not file SARs or do not file 
adequate SARs. In my experience, the failure to file SARs or to 
adequately file SARs is the biggest breakdown in an AML 
program. This is where the regulators should be focused 
regarding SARs.

Q.15. Would a better feedback loop system exist if financial 
institutions employed more people with security clearances? If 
so, what, if anything, can the Federal Government do to 
facilitate this?

A.15. I have long been an advocate that select financial 
institution AML professionals be granted security clearances. 
In fact, I was interviewed many times by the 9/11 Commission. I 
strongly recommended to them they recommend that security 
clearances be granted to select financial institution 
personnel. Unfortunately, the 9/11 Commission did not concur. 
Despite that, I firmly believe security clearances would be 
beneficial and are warranted.
    Security clearances have been given to select AML personnel 
on a limited basis through TFOS at the FBI for terrorist 
financing collaboration.
    I do not believe that security clearances would improve the 
feedback issue. However, it would improve the ability of the 
Government to provide financial institutions with classified 
information.

Q.16. Often, financial institutions will derisk by refusing to 
serve customers that could be involved in illegal activity. As 
financial institutions start to share more information with 
each other, this practice could become more prominent and 
potential criminals could more frequently lose access to the 
United States' financial system altogether.
    Are there instances in which derisking is actually 
unhelpful for law enforcement purposes, because it drives these 
criminals underground and makes it more difficult to track 
them?

A.16. Law enforcement would prefer that financial institutions 
do not derisk. Exiting relationships is a hindrance to law 
enforcement. It makes it more challenging for law enforcement 
to follow the money and to develop prosecutable cases reliant 
on financial evidence. There are times when law enforcement 
learns that financial institutions are going to exit an account 
relationship and law enforcement requests the financial 
institution maintain the banking relationship. In such 
instances, law enforcement will provide the financial 
institution with a keep open letter. Financial institutions 
often derisk and/or exit high risk relationships due to concern 
of adverse regulatory actions by their regulators.

Q.17. At the moment, do the regulators that evaluate and 
enforce financial institutions compliance with our Federal 
money laundering take this into account?

A.17. Regulators do not take this into account, which is a 
problem. Either real or perceived, financial institutions 
derisk because they are concerned that the regulators will take 
an enforcement action against the financial institution for the 
level of high risk they accept. This is where the regulators 
lack leadership and clarity with financial institutions. I've 
heard regulators asked to provide guidance respond that it is 
up to the financial institution to identify the appropriate 
level of risk they can manage. In many such high risk 
situations financial institutions believe it's better to exit 
the customer relationship and not face real or perceived 
regulatory action.

Q.18. Are there promising ways to increase cooperation between 
financial institutions, regulators, and law enforcement 
officials, so that financial institutions can make a more 
informed decision about when and how to derisk?

A.18. If financial institutions, regulators, and law 
enforcement could establish sustainable communications and take 
the time to understand each other's perspectives, a better 
sense of collaboration could be established and a middle ground 
acceptable to each other could be established. If you placed 
financial institutions, the regulators and law enforcement in a 
triangle and places financial institutions at the top and 
regulators and law enforcement at the bottom side points, there 
would be hard lines from the financial institutions to the 
regulators and law enforcement. Unfortunately, the line between 
the regulators and law enforcement would be a broken line. The 
hard lines are lines of communication. The broken line is a 
lack of communication. The point is the level of communications 
between the regulators and law enforcing is not good. This 
leaves financial institutions in direct communications with the 
regulators and law enforcement, which have conflicting 
interests.

Q.19. Would financial institutions need to hire more employees 
with a top security clearance and/or a law enforcement 
background for this coordination to be effective?

A.19. The issue of security clearances is not related to the 
issue of derisking. They are separate issues. I think it would 
be extremely beneficial if financial institutions hire more 
employees from law enforcement or the intelligence community 
who have security clearances. This would enable law enforcement 
to share classified information with financial institutions 
they would not have otherwise been able to share. Financial 
institutions derisk in order to avoid real or perceived 
regulatory actions like enforcement actions.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
                     FROM DENNIS M. LORMEL

Q.1. How can we leverage technology to make the process 
simultaneously less onerous on banks while enhancing the 
outcomes of catching illegal behavior? Are there regulatory and 
legislative barriers to getting that down?

A.1. We should definitely seek to leverage and embrace 
technology to enhance transaction monitoring and to be more 
innovative. I believe the barriers to this are two pronged. 
First is cost considerations for financial institutions. The 
second is real or perceived regulatory expectations. Financial 
institutions are concerned about adverse regulatory action if 
they enhance technology. In questions from Senator Sasse I 
received a similar question. The answer I provided Senator 
Sasse is set forth below:
    As I noted above, I am not an IT expert. I'm not sure if 
it's a regulatory problem as much as a cost consideration. 
Regardless of cost considerations, the problem is not 
regulations. Rather it is the regulators and the lack of 
clarity and leadership by regulators concerning regulatory 
expectations. My sense is financial institutions are concerned 
about potential regulatory consequences they may face for 
enhancing technology. There is concern that if new innovations 
will result in criticism that the older technology will be 
criticized for not having picked up the same level of alerts 
causing them to have to look back for potential suspicious 
activity perceived to be missed. At the ACAMS AML Conference 
held in Hollywood, Florida, from April 9-11, 2018, during a 
regulator panel, one regulator advised that if financial 
institutions upgraded their transaction monitoring system, they 
should run the two systems in parallel for a period of time to 
ensure one if one system generates more alerts, the other is 
assessed to see if it missed alerts. That's a cause for concern 
for two reasons, cost and perceived regulatory action against 
the financial institution. This is a deterrent and not an 
incentive to enhance technology.

Q.2. Financial institutions often complain that FinCEN, law 
enforcement officials, and prudential regulators do not tell 
them whether their BSA filings serve a useful purpose, or how 
the reports they submit are being used--and that the filings go 
into a black hole. Can you shed some light on the filings that 
you make or have used and what could be done to improve this 
process?

A.2. SARs are extremely important and make significant 
contributions to law enforcement investigations. Lack of 
feedback is a problem. The perception by financial institutions 
that SARs fall into a black hole is a misperception. SARs do 
not fall into a black hole. Financial institutions have a right 
to be frustrated about the lack of SAR feedback. In terms of 
developing a consistent feedback mechanisms, this is not an 
issue for the regulators. It is an issue for FinCEN and law 
enforcement, mostly law enforcement. Law enforcement is the end 
user of SARs and the beneficiary of SAR information. Senator 
Sasse asked a similar question. Below is the answer I furnished 
him, which is relevant to your question.
    Feedback from law enforcement to financial institutions 
regarding the value of SARs is problematic. I have frequently 
heard the same complaint from financial institutions. As noted 
above, the lack of feedback does not mean SARs were not 
reviewed or that SARs did not predicate and/or enhance law 
enforcement investigations. In response to the frustration on 
the part of financial institutions about the lack of SAR 
feedback, I always make it a point when I provide training to 
AML professionals about how important SARs are. I also include 
in my presentations a flow chart I developed regarding the 
lifecycle of a SAR. As I mentioned in an earlier response to 
one of your questions, I'd be happy to provide the flow chart 
to you.
    When I was the Chief of TFOS in the FBI, I frequently met 
with then FinCEN Director James Sloan. We often spoke about 
developing a consistent feedback mechanism for financial 
institutions but were unable to develop an adequate mechanism 
to do so. There are a number of inherent impediments to 
establishing a feedback mechanism. Such include the nature of 
criminal investigations. From the point a SAR is filed to the 
point a case is concluded, it could be a period of one or more 
years. If a case is a Grand Jury investigation, information 
cannot be disclosed by law enforcement. Law enforcement lacks 
the resources to consistently provide feedback. There are 
always new cases to move forward with and investigators don't 
have time to provide feedback. Impediments aside, they are no 
excuse for not providing feedback. I believe a feedback 
mechanism should be developed and implemented through FinCEN 
initiated by law enforcement. I concur with your comment that a 
SAR feedback mechanism would improve the quality of SAR 
submissions. I also believe that a SAR feedback would improve 
the morale of AML professionals who are involved in the SAR 
process. They would have a greater sense of accomplishment and 
satisfaction that their work contributes to law enforcement 
successes. Make no mistake; SARs play a significant role in 
investigations.

Q.3. Another compliance challenge often cited by banks is that 
they feel pressured by bank examiners and law enforcement 
authorities to exit certain business lines or cease offering 
certain services to customers viewed as presenting particular 
money-laundering vulnerabilities, i.e., severing corresponding 
banking relationships with foreign institutions in certain 
geographic areas, and also ending money services businesses 
(MSBs, i.e., check cashing, money transmitters, currency 
exchange outlets, etc.)
    As banks reevaluate their business relationships with MSBs 
in light of what they may view as a hostile regulatory 
landscape, what can we do to change this type of behavior/is 
this a prevalent problem in the industry?

A.3. Senator, let me answer the second part of your question 
first. The issue is a significant prevalent issue in the 
industry. The term referred to for exiting high risk 
relationships by financial institutions is ``derisking''. The 
problem here is with the regulators. Either real or perceived, 
financial institutions believe they will face regulatory 
enforcement actions if they continue to bank high risk 
customers. This is where I believe regulators lack leadership 
and clarity. They do not provide guidance to financial 
institutions about banking high risk customers. I have heard 
regulators at conference state it is not their responsibility 
to provide such guidance but it's the responsibility of the 
financial institution to determine the level of risk they can 
manage. This lack of guidance leads to financial institutions 
exiting high risk customer relationships.

Q.4. It is my understanding that there are times when law 
enforcement and the bank regulators work at cross purposes. 
That is, law enforcement might want a bank to continue banking 
an individual or company that they are following and building a 
case against but the bank regulators, whose incentives are to 
not be embarrassed by their regulated entities, force the banks 
to ``derisk'' or close those accounts. Is that actually the 
case?

A.4. Unfortunately, this is the case. As noted in my response 
to your previous question, either real or perceived, financial 
institutions derisk out of fear of regulatory enforcement 
actions. The regulators do not provide financial institutions 
with leadership or clarity about maintaining high risk 
relationships. Consequently, financial institutions exit these 
relationships. Regulators state that they do not want derisking 
but they want inclusion. The problem is they do not provide the 
guidance about banking high risk customers.
    Law enforcement would prefer the account relations not be 
exited, especially in cases of ongoing investigations. Below is 
the response to a similar question that I provided to Senator 
Sasse.
    Law enforcement would prefer that financial institutions do 
not derisk. Exiting relationships is a hindrance to law 
enforcement. It makes it more challenging for law enforcement 
to follow the money and to develop prosecutable cases reliant 
on financial evidence. There are times when law enforcement 
learns that financial institutions are going to exit an account 
relationship and law enforcement requests the financial 
institution maintain the banking relationship. In such 
instances, law enforcement will provide the financial 
institution with a keep open letter. Financial institutions 
often derisk and/or exit high risk relationships due to concern 
of adverse regulatory actions by their regulators.

Q.5. In terms of AML, we know that the success of AML is 
centric around whether or not the predicate crime of money 
laundering has been reduced, but we only really know how 
pervasive money laundering is on a reactive basis, i.e., when 
someone/some entity is caught. To that end, do you believe the 
advent/popularity of cryptocurrencies could affect the capture 
of money laundering/could it affect AML? Do enforcement 
authorities have the technological capabilities to work with 
private industry to capture mal-actors?

A.5. The challenge of identifying money laundering is that it 
is an inherently reactive process. The evolution of 
cryptocurrency presents new challenges for financial 
institutions. This is certainly one area where public-private 
sector partnerships could better address the emerging 
challenges of cryptocurrency. I responded to a similar question 
from Senator Sasse. Below is the response I provided him with.
    As bitcoin, blockchain, and other cryptocurrency continue 
to emerge and gain popularity and useage, it will grow as a 
money laundering challenge. The initial reaction to bitcoin, 
blockchain, and other cryptocurrency, and its attractiveness to 
money launderers and criminals was its perceived anonymity. 
Experts have demonstrated that is not true and that they can 
identify people engaging in bitcoin and other cryptocurrency 
transactions. This is a money laundering deterrent. However, 
the more bitcoin and other cryptocurrencies are used, and the 
more they can be used in cash like manners, the more prevalent 
the money laundering challenge will become. Part of the problem 
is the extent to which the dark net can be used and the level 
of anonymity that bad guys can develop and exploit.

Q.6. In your opinion, do you think that the overall AML regime 
has been effective? Additionally, what do you see as the best 
way to ensure future effectiveness?

A.6. As I stated in my written and oral testimony at the 
Committee hearing on January 9th, the flow of BSA information 
from financial institutions to law enforcement is invaluable. 
In this regard the AML regime is effective. The system is 
flawed when you overlay regulatory requirements. The system 
could be more effective and efficient. I encourage the 
Committee to assess the perspectives of all stakeholders in the 
process, especially law enforcement and financial institutions 
who I consider the two primary stakeholders. BSA information is 
intended to assist law enforcement. Financial institutions are 
the repository for financial intelligence and serve as the 
filter for identifying and reporting suspicious activity. I 
believe there are three primary factors that Congress should 
consider:

  1.  How to incentivize financial institutions to enhance 
        technology and be innovative. In addition to cost 
        factors, this will require dealing with the real or 
        perceived regulatory expectations financial 
        institutions are concerned about regarding upgrading 
        technology. Financial institutions are concerned about 
        potential adversarial regulatory consequences.

  2.  How to make transaction monitoring and the SAR process 
        more effective and efficient. The key is to improve the 
        percentage of SARs that are meaningful and are used to 
        predicate and/or enhance law enforcement 
        investigations.

  3.  How to establish a consistent and meaningful feedback 
        mechanism from law enforcement to financial 
        institutions regarding the value of SARs. This would be 
        one factor that would contribute to improving the 
        effectiveness and efficiency of the SAR process.

Q.7. Is it to have Treasury be the lead to:

  1.  Define with other stakeholders specific and clear 
        national priorities of the regime; and

  2.  Determine, working with other stakeholders, clear and 
        measurable objectives of the regime in light of those 
        priorities. Should Treasury or someone else have to 
        report those measurements against the objectives back 
        to Congress?

A.7. This is a difficult question that requires considerable 
assessment by numerous stakeholders with varying perspectives. 
On one hand, I concur that from a practical point of view, one 
department or stakeholder should be the lead to establish 
specific and clear national priorities and set clear and 
measurable objectives that are reported back to Congress. My 
problem is that Federal departments and agencies within those 
departments have vastly different responsibilities and 
mandates. Therefore, could one department objectively determine 
the overall priorities for the intergovernmental community? For 
example, the Treasury Department is primarily responsible for 
sanctions and enforcement. Whereas, the Department of Justice 
(DOJ) and Homeland Security are responsible for law 
enforcement. From a practical standpoint, it would be prudent 
to designate Treasury to be responsible. However, without equal 
input, my concern would be that DOJ and Homeland Security law 
enforcement perspective and priorities might not be accurately 
stated and/or prioritized. In addition, are their other 
stakeholders who should be included in the reporting process 
such as the CIA and Department of Defense (DOD)? The CIA and 
DOD are both engaged in threat and/or terrorist financing. 
Having co-responsibility might be an acceptable alternative. 
However, that would be a challenge for efficiency. Perhaps 
Treasury, DOJ, Homeland Security, and other Government 
stakeholders should be responsible to submit similar reports to 
more specifically define their priorities, objectives and 
measurable.
    Regardless of who is designated with reporting 
responsibility, I believe it would be prudent to have a 
reporting mechanism to Congress.
    This idea may have come from the Clearinghouse report, 
dated February 2017, titled ``A New Paradigm: Redesigning the 
U.S. AML/CTF Framework to Protect National Security and Aid Law 
Enforcement''. I was not involved in the Clearing House 
assessment process. However, my concern is the principal 
participants possessed more of a Treasury perspective 
(sanctions and enforcement) verses a law enforcement 
perspective. I understand the working group included former law 
enforcement officials. However, in reading the Clearing House 
report, my concern is law enforcement interests were not 
adequately considered. As noted in my written and oral 
testimony on January 9th, I contacted then current law 
enforcement executive in positions like I held in the FBI, and 
none were included in the discussions. I believe the Clearing 
House report sets a good framework for improving BSA reporting. 
However, law enforcement should have greater engagement in the 
assessment process.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
                     FROM DENNIS M. LORMEL

Q.1. What are the costs and benefits of having bank examiners 
assess bank compliance with the Bank Secrecy Act's (BSA) 
requirements instead of having anti-money laundering (AML) and 
combating the financing of terrorism (CFT) experts at the 
Financial Crimes Enforcement Network (FinCEN) examine bank 
compliance programs?

A.1. I do not believe it is practical to have FinCEN perform 
the bank examinations/program reviews as currently done by the 
regulatory agencies. First and foremost, FinCEN does not have 
the capacity to handle such demands. They lack the required 
resources. FinCEN resources do not have the same level of 
examination training or experience that regulatory agencies 
possess. I believe it is imperative that FinCENs primary 
responsibility continue to be to collect BSA reporting 
information and to serve as the conduit between financial 
institutions and law enforcement. FinCEN should continue to be 
involved in regulatory actions on a case specific basis and in 
conjunction with the regulators. FinCEN should continue to 
provide regulatory guidance to financial institutions. FinCEN 
should also continue to conduct the analytical work they 
perform in support of law enforcement.

Q.2. Is there a way to maintain a top-shelf effective AML/CFT 
policy while maintaining a commitment to increase access to 
financial products for the underbanked and immigrants who rely 
on remittance services?

A.2. I'm a proponent for inclusion of the underbanked and 
immigrants who rely on remittance services. I conduct AML, 
terrorist financing, and fraud training on a regular basis. I 
also write articles published in industry publications, such as 
ACAMS Today magazine. In these forums, I frequently state that 
illegal money remitters represent one of the most significant 
vulnerabilities to the U.S. financial system. Part of the 
problem is that some illegal money remitters and underbanked 
customers have been derisked. Derisking is a significant 
problem. Much of the problem regarding illegal money remittance 
is that different ethnic communities, especially with the 
underbanked and immigrants prefer to use illegal money 
remitters to transmit funds back to family members in their 
countries of origin.
    One of the solutions to the issue of derisking is for 
regulators to provide leadership and clarity to financial 
institutions about regulatory expectations. Another solution 
for the issue if illegal money remittance is for FinCEN, law 
enforcement, and financial institutions to establish a 
partnership and working group to address the issue of illegal 
money remittance operations.

Q.3. I'm interested in the ways in which technology can aid AML 
compliance efforts. What are some of the innovative 
technologies that you've seen that hold some promise for either 
the Government or the private sector?

A.3. I'm not an IT expert. However, I believe that financial 
institutions should embrace technology. In doing so, they 
should also demand transparency with new technology driven 
product offerings. Regarding transaction monitoring, financial 
institutions should be considering technology enhancements 
through artificial intelligence and FinTech capabilities.

Q.4. What are the barriers to either the Government or the 
private sector adopting these technologies?

A.4. In my opinion, the barriers to Government are primarily 
cost related. The barriers also include Government bureaucracy. 
The barriers to the private sector, specifically to financial 
institutions, are cost and real or perceived regulatory 
expectations. I was asked similar questions by your colleagues 
Senators Sasse and Tillis. Below are my responses to their 
questions.

  1.  We should definitely seek to leverage and embrace 
        technology to enhance transaction monitoring and to be 
        more innovative. I believe the barrios to this are two 
        pronged. First is cost considerations for financial 
        institutions. The second is real or perceived 
        regulatory expectations. Financial institutions are 
        concerned about adverse regulatory action if they 
        enhance technology. In questions from Senator Sasse I 
        received a similar question. The answer I provided 
        Senator Sasse is set forth below:

  2.  As I noted above, I am not an IT expert. I'm not sure if 
        it's a regulatory problem as much as a cost 
        consideration. Regardless of cost considerations, the 
        problem is not regulations. Rather it is the regulators 
        and the lack of clarity and leadership by regulators 
        concerning regulatory expectations. My sense is 
        financial institutions are concerned about potential 
        regulatory consequences they may face for enhancing 
        technology. There is concern that if new innovations 
        will result in criticism that the older technology will 
        be criticized for not having picked up the same level 
        of alerts causing them to have to look back for 
        potential suspicious activity perceived to be missed. 
        At the ACAMS AML Conference held in Hollywood, Florida, 
        from April 9-11, 2018, during a regulator panel, one 
        regulator advised that if financial institutions 
        upgraded their transaction monitoring system, they 
        should run the two systems in parallel for a period of 
        time to ensure one if one system generates more alerts, 
        the other is assessed to see if it missed alerts.

    That's a cause for concern for two reasons, cost and 
perceived regulatory action against the financial institution. 
This is a deterrent and not an incentive to enhance technology.

Q.5. What can we be doing as legislators to ensure that we 
promote technological innovation in this sector?

A.5. Technology innovation is important. If I was a legislator, 
I would consider what I could do to incentivize financial 
institutions to embrace technology. One thing I would assess is 
how to encourage regulators to take a leadership role and to 
provide financial institutions with guidance and clarity to 
change the real or perceived concern by financial institutions 
that there could be adverse regulatory enforcement actions for 
enhancing technology as addressed in the response to the prior 
question.

Q.6. The regulatory definition of ``financial institution'' has 
been expanded several times over the years, both by FinCEN 
rulemaking and by legislation by Congress.
    Should the definition of financial institutions be expanded 
to include other sectors? If so, which sectors?

A.6. The one sector that comes to mind where the definition of 
``financial institution'' might be included is the real estate 
sector. As addressed in Geographic Targeting Orders (GTOs), 
issued by FinCEN to require U.S. title insurance companies to 
identify the natural persons behind shell companies used to pay 
``all cash'' for high-end residential real estate in six major 
metropolitan areas, money laundering through real estate is a 
significant problem. Certainly, where focus was placed on this 
specific money laundering problem, the GTOs were warranted. But 
the problem of money laundering through real estate is much 
broader. There are a number of real estate schemes to include 
criminal property flipping that have had a detrimental economic 
impact on many U.S. cities.
    I believe that to answer how broadly the real estate sector 
should be regulated as a financial institution requires 
considerable assessment. Stakeholders should include FinCEN, 
real estate professionals and experts, financial institutions, 
law enforcement, and academics who have researched money 
laundering in the real estate sector. As an example, the 
Terrorism, Transnational Crime and Corruption Center (TraCCC) 
at George Mason University (GMU), held a daylong conference at 
GMU's Schar School of Policy and Government to learn about 
money laundering through the real estate sector. The forum was 
held on March 23, 2018. Speakers included experts from the real 
estate sector, law enforcement banks, Government, associations, 
nongovernment organizations, and academia. I served as a 
moderator for a panel addressing new approaches to countering 
money laundering in real estate in the U.S. A draft report has 
been circulated to conference speakers and organizers. The 
report is in the process of being finalized. If you are 
interested, I'd be happy to provide a copy of the report after 
it's published.

Q.7. Could these changes be made via FinCEN rulemaking or 
should legislation be passed?

A.7. I believe both FinCEN rulemaking and legislation are 
warranted. I believe that the GTO's issued by FinCEN are an 
outstanding example of FinCEN rulemaking. However, the long-
term solution is legislation. Congress should consider 
establishing a working group to assess how best to craft 
legislation to address the broader risks of money laundering 
through real estate.

Q.8. In August 2017, FinCEN issued an advisory encouraging real 
estate brokers to share information with them that could be 
helpful in AML efforts, while noting they are not required to 
do so under current law.
    How do we increase information sharing between real estate 
brokers and FinCEN?

A.8. Meaningful information sharing between real estate brokers 
and FinCEN is more likely to be accomplished through rulemaking 
and legislative requirements. An alternative that could result 
in voluntary information is to promote awareness through 
outreach, particularly in the real estate sector, about the 
risk and consequences of money laundering through real estate.

Q.9. Geographic Targeting Orders (GTOs), which impose 
additional record keeping and reporting requirements on 
domestic financial institutions or nonfinancial trades or 
businesses in a specific geographic area for transactions 
involving certain amounts of United States currency or monetary 
instruments, have been deployed since 2016 to target high-end 
real estate sectors in major metropolitan areas by requiring 
U.S. title insurance companies to identify the natural persons 
behind shell companies used to pay ``all cash'' for high-end 
residential real estate.
    Are GTOs an effective tool or would regulation be a 
preferable way to cover the real estate sector?

A.9. I applaud the GTOs. They are a good step forward in 
addressing the money laundering issues in real estate. The 
GTO's focus on one significant money laundering problem. I 
believe this has had the intended impact and that is why the 
GTOs were extended in 2017. As noted in the response to the 
prior question, I believe the long-term solution is regulations 
that are broader than the one issue addressed in the GTOs. 
Regulations need to address a broader range of money laundering 
risks in the real estate sector.

Q.10. Cryptocurrency exchanges are money services businesses 
supervised by State regulators and subject to Federal AML and 
CFT laws.
    Should FinCEN play an enhanced role in assessing the 
compliance of cryptocurrency exchanges, or are State regulators 
sufficiently equipped to handle compliance monitoring?

A.10. I will address this question first at the State level and 
then at the Federal level. Overall, State regulators do a good 
job at enforcing State regulatory compliance requirements. 
However, there is no uniformity among States about regulatory 
requirements. Regulatory requirements vary from State to State. 
My sense is New York probably has the most stringent State 
requirements. At the Federal Government level, we need to 
assess the roles and perspectives Government agency 
stakeholders have with respect to cryptocurrency exchanges. For 
instance, FinCEN issued guidance to cryptocurrency exchanges in 
2013. Since cryptocurrency exchanges are MSBs, they would be 
subject to Federal review by the IRS, who examines MSBs from a 
Federal regulatory perspective. In addition, the Securities and 
Exchange Commission (SEC) and the Commodities Futures Trading 
Commission (CFTC) each have interests. In some situations, the 
SEC could consider the trade of cryptocurrency securities 
transactions. In some situations, the CFTC could consider 
virtual currency as a commodity.
    The question of should FinCEN play an enhanced role in 
assessing the compliance of cryptocurrency exchanges should be 
assessed along with the roles of the IRS, SEC, and CFTC. One 
question is, does FinCEN have the capacity, in terms of 
resources, to take on enhanced responsibilities. FinCEN should 
certainly provide continued guidance and rulemaking. In terms 
of supervision, IRS should continue to have examination 
responsibility. The problem here is the same question as I 
posed for FinCEN. Does the IRS possess adequate resources to 
address regulatory examination requirements?

Q.11. What additional tools could we give regulators and law 
enforcement?

A.11. The tools that regulators and law enforcement need to 
address the AML challenges posed by cryptocurrency begin with 
budget enhancements. From the regulators side, enhanced 
resources are needed in terms of personnel and equipment to 
perform an adequate level of regulatory examinations. Whether 
it's the IRS or FinCEN, resource enhancements are needed. Law 
enforcement is less pressed for resource enhancements, although 
the need for resource enhancements should be assessed. 
Regulators and law enforcement could use budget enhancements to 
address the training requirements necessary to gain and 
maintain the skill sets required to address the evolving 
challenges posed by cryptocurrencies.

Q.12. How prevalent is money laundering in cryptocurrency 
markets?

A.12. I cannot speak definitively about how prevalent money 
laundering is in cryptocurrency markets. However, like with all 
types of financial institutions, there is a risk for money 
laundering. Like financial institutions, cryptocurrency markets 
serve as a facilitation tool or a detection mechanism. Our 
challenge is to make cryptocurrency markets more of a detection 
mechanism.
    The common belief that cryptocurrencies can be anonymous 
makes cryptocurrency more attractive to money laundering. Law 
enforcement has begun to state that cryptocurrencies are not as 
anonymous as thought and that they can trace transactions and 
those transacting in cryptocurrency. The more law enforcement 
proves this fact by making arrests, getting convictions, and 
seizing illicit assets, the greater the deterrent there will be 
for money laundering through cryptocurrency. That said, the 
more cryptocurrency transactions become cash like transactions, 
the greater the likelihood for money laundering. AML 
transaction monitoring is inherently reactive, which poses a 
significant challenge for those fighting money laundering. 
Cryptocurrency is an evolving space. AML technology must evolve 
along with cryptocurrency technology.
                                ------                                


               RESPONSES TO WRITTEN QUESTIONS OF
           SENATOR CORTEZ MASTO FROM DENNIS M. LORMEL

Q.1. Gaming and tourism are some of Nevada's top industries. In 
the State of Nevada, our gaming operators employ thousands of 
hard working Nevadans, and the industry as a whole domestically 
supports 1.7 million jobs across 40 States. Qualified casinos, 
like financial institutions, are also subject to Banking 
Secrecy Act requirements. Organizations within Nevada have 
suggested that gaming operators would welcome a review of BSA 
requirements, which they find to be burdensome. They look 
forward to this Committee's thoughtful, bipartisan, review of 
BSA requirements that takes into account the security 
imperative for robust anti-money laundering efforts, as well as 
the impact those requirements have on all industries. For 
example, the Suspicious Activity Report (SAR) ($5,000) and the 
Currency Transaction Report (CTR) ($10,000) levels were set 
years ago. Some have recommended increasing these to correspond 
with inflation. Others believe that would be too high but do 
support a higher amount than currently,

A.1. I would like to comment here that I am not in favor of 
raising the SAR or CTR reporting thresholds. In today's world, 
where it takes small amounts of funds to commit a terrorist 
act, we need the thresholds where they are. Most financial 
institutions will tell you the reporting thresholds do not 
cause extra burden to them.

Q.2. One of the top priorities of the gaming industry is to 
remove the requirement for a detailed factual narrative for 
structuring in the suspicious activity forms. What do you think 
of this recommendation?

A.2. I was the direct beneficiary of SARs when I was an FBI 
agent, especially following the terrorist attacks of 9/11. I 
formed and ran the Terrorist Financing Operations Section 
(TFOS). Following 9/11, we began a datamining project and 
included SAR narratives and SAR identifying information like 
addresses, phone numbers, and other collateral information. 
From a macro or program level, I liked the narrative 
information for all SARs to include structuring. That said, 
SARs are a subjective topic. If you speak to law enforcement 
agents at the field or grass roots level, especially those who 
physically review SARs, they would likely agree that 
structuring narratives are cumbersome and not necessary. There 
is no easy solution to the SAR narrative question.

Q.3. Do you have specific recommendations regarding how the 
gaming industry can benefit from greater communication with 
Government agencies and law enforcement? Is there something the 
Federal Government can do to share information with casinos and 
others filing SARs about broad benefits that may occur because 
of some of the 58,000 SAR forms filed by gaming firms.

A.3. I am a huge proponent for public and private partnerships 
and collaboration. When I ran the Financial Crimes Section at 
the FBI prior to 9/11, I had frequent conversation with the 
then Director of FinCEN, James Sloan about developing a 
feedback mechanism for financial institutions regarding SARs. 
There were numerous inherent impediments to establishing a 
feedback mechanism. That should not be an excuse. FinCEN and 
law enforcement should revisit this issue and determine how to 
more consistently provide feedback to financial institutions, 
including Casinos.

Q.4. Would the creation of a Qualitative Feedback Mechanism 
help reduce money laundering and terrorist financing? Should 
the Secretary of the Treasury establish a mechanism to 
communicate anti-money laundering (AML) and countering 
terrorism financing (CTF) priorities to financial institutions, 
gaming establishments, and Federal financial regulators? Could 
such a mechanism provide qualitative feedback on information 
shared by financial institutions with the Department of 
Treasury, including CTRs and SARs? Please describe the pros and 
cons of such a system.

A.4. As mentioned in the answer above, I am a firm believer in 
the benefits of a feedback mechanism regarding SARs. I would 
welcome a feedback mechanism. I do believe that would improve 
the identification of money laundering and terrorist financing. 
From an intangible standpoint, a consistent feedback mechanism 
would greatly improve the morale and motivation of the AML 
professionals involved in the SAR process. There is a constant 
sense that SARs go into a black hole. That is not true. SARs 
are extremely valuable. If AML professionals received 
consistent feedback, there would be more interest in filing 
better quality SARs that would improve the investigative 
process and lead to more prosecutions and disruptions.
    I do not like the idea of Treasury providing money 
laundering and terrorist financing priorities to financial 
institutions because their issues are with sanctioning and 
enforcement actions and not law enforcement. Non-Treasury law 
enforcement agencies, such as the FBI have primary criminal and 
intelligence for terrorism and many criminal violations. I'm 
not comfortable with Treasury setting priorities for matters 
they have limited or no jurisdiction over. If Treasury acted as 
a bridge with law enforcement then perhaps it would be 
workable.

Q.5. The Office of the Comptroller of the Currency mentioned in 
its 2018 Banking Operating Plan that financial institutions 
should not inadvertently impair financial inclusion. But, as of 
September 2017, the OCC has not identified any specific issues 
they plan to address. We know that derisking has become an 
epidemic across many communities and industries, such as 
communities along the Southwest border, humanitarian 
organizations aiding Nations wracked with violence, and 
remittances providers that serve fragile Nations like Somalia.
    What type of guidance could the OCC, FinCEN, FDIC, and the 
Federal Reserve provide to help banks meet the banking needs of 
legitimate consumers and businesses that are at risk of losing 
access--or have already lost access?

A.5. Inclusion or derisking is a sensitive issue. Although the 
regulators preach inclusion and the harm of derisking, they do 
not adequately provide the needed guidance to financial 
institutions. In my view and what I have observed in working 
groups that discuss this issue and in other forums, the 
regulators do not demonstrate any leadership or clarity in 
providing direction. Regulators will state that it is up to 
banks to determine the level of risk they can manage and offer 
no guidance about regulatory expectations. Consequently, that 
lack of guidance causes financial institutions to be more risk 
averse and exit relationships for fear that the regulators 
would take a negative view and some action against the 
institution for banking high risk customers. Regulators should 
take a leadership role and provide clear guidance about 
regulatory expectations beyond stating that financial 
institutions need to identify and manage their risk.

Q.6. Last year, the Countering Iran's Destabilizing Activities 
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it 
required the Treasury Department to publish a study by May 1, 
2018, on two issues:
    Somali Remittances: The law required the U.S. Department of 
Treasury to study if banking regulators should establish a 
pilot program to provide technical assistance to depository 
institutions and credit unions that wish to provide account 
services to money services businesses serving individuals in 
Somalia. Such a pilot program could be a model for improving 
the ability of U.S. residents to make legitimate funds 
transfers through easily monitored channels while preserving 
strict compliance with BSA.
    Sharing State Banking Exams: The law also required Treasury 
to report on the efficacy of money services businesses being 
allowed to share certain State exam information with depository 
institutions and credit unions to increase their access to the 
banking system.
    Have you or your organization been involved with these 
Treasury studies?

A.6. I have not been engaged in the Treasury studies. I am in 
favor of such pilot programs

Q.7. What advice did you give--or would you give--on the pilot 
studies?

A.7. Somalia is a high risk country for terrorism. That said, 
the stories of bulk cash being carried to Somalia from the U.S. 
because MSBs are not banked and NGOs are forced to currier 
money is extremely problematic. To expand on my answer above 
about regulatory agencies not taking or demonstrating a 
leadership role, this would be a great opportunity for that to 
change. I would recommend Treasury and the regulators take a 
leadership role in working with financial institutions to bank 
MSBs in the Somali region and to what extent the depository 
institutions should have a risk tolerance for. Part of the lack 
of leadership on the part of the regulators results in a lack 
of clarity with banks in terms of the level of risk they should 
take on and the perceived regulatory response to financial 
institutions considering taking on such risk. This is where 
leadership and clarity would be helpful in formulating more 
realistic risk tolerance thresholds and would lead to less 
derisking.
    I like the idea of MSBs being able to share certain State 
exam information with depository institutions and credit 
unions. In most instances, it would provide information that 
should lead to establishing or maintaining a banking 
relationship.

Q.8. In 2016, William and Margaret Frederick were moving from 
Ohio to Las Vegas. Unfortunately, it is alleged that the title 
company they used in Columbus, Ohio, fell for an email scam and 
wired the $216,000 profit from their home sale to a hacker, not 
to the Fredericks. William is 83 and Margaret is 75 and as of 
October, they were still trying to get their money back. While 
the Fredericks' tale is now a court case to determine who was 
responsible for the fraudulent information, we know that the 
Fredericks' experience is ``very typical'' of scams that divert 
an estimated $400 million a year from title companies into 
bogus accounts.
    Please describe the responsibilities of financial firms to 
avoid these frauds?

A.8. These situations are devastating to the victims, 
especially elderly victims like the Fredericks. I wish there 
was a simple recourse for the Frederick's but there is not. The 
financial institutions involved in the transaction do not owe 
the Fredericks or the title company a fiduciary duty. The 
financial institution has a responsibility to have a reasonably 
designed AML program. What that means is the program is 
reasonably designed to identify and report suspicious activity 
to FinCEN. Your question does not give much context about the 
banking relationships involved in this case. The Frederick's 
recourse should be with the title company who fell for the 
phishing/email scam. It's likely the escrow company did not 
have adequate controls. There are, unfortunately, to many cases 
like this. They usually wind up in civil law suits.
    Depending on the case specifics, it is not likely the bank 
would be found negligent or responsible. Again, the culpability 
is likely to lie with the escrow company. The bank would not be 
responsible for the escrow company's falling victim to the 
scammers.

Q.9. What penalties should be assessed and by which agencies 
when financial firms enable theft?

A.9. In the event that the financial institution did not have a 
reasonably designed AML program to identify suspicious 
activity, the bank failed to file SARs or to adequately file 
SARs than the bank should face an enforcement action by their 
regulators and/or FinCEN. If it was a one off fraud, and the 
bank had a reasonably designed program it is unlikely they 
would be held culpable. Invariably, many of these cases wind up 
with civil law suits filed against the bank. In at least some 
such cases, the bank will opt to settle the law suit and avoid 
trial to avert adverse publicity and reputational damage.

Q.10. What is the role for the Consumer Financial Protection 
Bureau to ensure financial firms protect their customers' money 
and information?

A.10. The CFPB is intended to help consumers protect their 
assets from fraud. I'm not sure of the role the CFPB would play 
in a scenario involving the Fredericks. If the escrow company 
was negligent and lacked adequate internal controls, they 
should be held culpable for the loss. I'm not a lawyer so I 
cannot speak to the legal ramifications. Again, I'm not sure of 
what the CFPB could or should do.

Q.11. In 2014, FinCEN issued an advisory with human trafficking 
red flags, to aid financial institutions in detecting and 
reporting suspicious activity that may be facilitating human 
trafficking or human smuggling.
    To what extent do you assess that financial institutions 
are currently utilizing these red flags, in order to better 
assess whether their banks are being used for to finance human 
trafficking? If institutions are not widely utilizing the red 
flags, what actions is FinCEN taking to encourage them to do 
so?

A.11. Human trafficking is a heinous crime problem. I believe 
that AML professionals are dedicated professionals and are very 
concerned about human trafficking. I cannot speak definitively 
as to how widely financial institutions use the FinCEN red 
flags regarding human trafficking or to the extent FinCEN 
provides guidance regarding human trafficking. However, I do 
believe many financial institutions use human trafficking and 
smuggling red flags from multiple sources. There is other red 
flag guidance that financial institutions use that comes from 
FATF, Homeland Security Investigations, the FBI and other 
viable sources. It should be noted that the Polaris Project has 
written a great reference guide about human slavery 
(trafficking), titled ``Typologies of Modern Slavery''. In 
addition, human trafficking is widely discussed at industry 
training conferences. Training is one of the core pillars of an 
AML program. Human smuggling typologies and warning signs are 
frequent topics.
    The Association of Certified Anti-Money Laundering 
Specialists (ACAMS) has made human smuggling a long time 
priority. They started a working group in 2010 with a group of 
major banks and Homeland Security Investigations. Bank analysts 
and Homeland Security Investigations analysts developed 
patterns of activity or typologies consistent with human 
smuggling. JPMorgan Chase had a team of special investigators 
who conducted targeted transaction monitoring and identified 
potential suspicious activity. ACAMS gave JPMorgan Chase and 
Homeland Security a special award in recognition of their 
outstanding collaboration. Another outstanding example of 
public-private sector partnerships occurred in January 2018, in 
the run up to the Super Bowl. The ACAMS Minneapolis Chapter 
held a half-day long learning event focused entirely on human 
slavery/trafficking. I was proud to be the first speaker. U.S. 
Bank, Homeland Security Investigations, and the U.S. Attorney's 
Office in Minneapolis collaborated to develop typologies to 
identify human sex trafficking specifically related to travel 
for the Super Bowl. These types of initiatives have a great 
impact on crime problems like human trafficking. I must give a 
cautionary comment that this type of initiative is not as easy 
as it sounds. It can be costly; there are regulatory concerns 
and other impediments that must be overcome. The September 
issue of ACAMS Today magazine had a detailed article about the 
Minneapolis learning event. I would be happy to provide a copy 
of ACAMS Today if you'd like one.

Q.12. What are the pros and cons of reducing or eliminating the 
standards requiring SARs filing for insider abuse (i.e., 
employee misconduct)?

A.12. I do not believe there are any pros to reducing or 
eliminating SAR filing for insider abuse. If the insider abuse 
would be considered suspicious activity, SARs should be filed. 
Insider abuse can be devastating to financial institutions and 
should be dealt with harshly. It's one thing if insiders 
embezzle or defraud their employer. It's another issue when 
insiders facilitate external fraud schemes. That can be more 
devastating to the financial institution, as well as to 
outsiders exposed to the fraud or other crime problem.

Q.13. The common expectation is that any financial institution 
subjected to a cyberattack would be in touch with law 
enforcement about whether or not it's required to file an SAR. 
What are the pros and cons of eliminating SAR filing 
requirement for cyberattacks against financial institutions?

A.13. As I mentioned responding to an earlier question, I do 
not see any pros for eliminating SAR filing requirements 
regarding cyberattacks. There are only cons. That is unless the 
cyberattack has no financial lead value. I believe that most if 
not all cyberattacks have a financial component to them. 
Therefore, it is incumbent that SARs be filed to ensure the 
financial considerations receive adequate attention from 
financial experienced investigators. More importantly, FinCEN 
has a cyberteam that assesses and addresses cyber SARs. I 
believe that not all cyberthreats, where SARs are generated, 
are reported to law enforcement other than through the SAR 
filing. Also, when cyberthreats are reported to cyber 
investigators, I'm not sure that the follow up cyber 
investigation has a financial component as it would if SARs 
were filed.

Q.14. Gaming and tourism are some of Nevada's top industries. 
In the State of Nevada, our gaming operators employ thousands 
of hard working Nevadans, and the industry as a whole 
domestically supports 1.7 million jobs across 40 States. 
Qualified casinos, like financial institutions, are also 
subject to Banking Secrecy Act requirements. Organizations 
within Nevada have suggested that gaming operators would 
welcome a review of BSA requirements, which they find to be 
burdensome. They look forward to this Committee's thoughtful, 
bipartisan review of BSA requirements that takes into account 
the security imperative for robust anti-money laundering 
efforts, as well as the impact those requirements have on all 
industries. The Suspicious Activity Report (SAR) ($5,000) and 
the Currency Transaction Report (CTR) ($10,000) levels were set 
years ago. Some have recommended increasing these to correspond 
with inflation. Others believe that would be too high but do 
support a higher amount than currently,
    From a law enforcement perspective, are there risks to 
raising the amounts? Is it possible that having CTRs at higher 
levels could result in more fraud and terrorist financing? If 
the amounts were raised, to what amount do you recommend?

A.14. I am a firm believer that the SAR and CTR thresholds 
should not be raised. This would be detrimental to law 
enforcement, especially considering the threat of homegrown 
violent extremists. Homegrown violent extremists would be more 
likely to transact in amounts below the $5,000 and $10,000 
threshold levels. As the Chief of the Financial Crimes Section 
and founder of the Terrorist Financing Operations Section 
(TFOS) at the FBI, I was the direct beneficiary of SAR and CTR 
data. I saw firsthand how information below the threshold 
levels was used in investigations. I believe in 2004 or 2005, 
my successor as Chief of TFOS, Michael Morehart, testified 
about not raising the thresholds before a Congressional 
Committee. Subsequent to that, GAO conducted a review of the 
threshold issue and concured that law enforcement benefited 
from SAR and CTR information at the current thresholds. My 
apology for not being more specific about the hearing or report 
date. At this point in time, I do not recall the specifics and 
in deference to time in completing my response to questions, I 
was unable to conduct the necessary research.
    I also believe that most financial institutions would state 
that the current thresholds do not cause them any greater work 
than they would if the thresholds were raised. This topic comes 
up at industry conferences and financial institution 
representatives have stated this regularly.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
                      FROM HEATHER A. LOWE

Q.1. Information Sharing Among Banks--While you have generally 
supported increased information sharing between banks and the 
U.S. Government, and among banks, you also have sounded an 
alarm about the importance of appropriate privacy safeguards 
around bank-bank information sharing, particularly where an 
individual's access to financial services may be at risk if 
negative but inaccurate information on them gets into the 
system, as with inaccurate credit reporting.
    Can you describe the types of safeguards you think would be 
important if we were to consider clarifying or expanding this 
authority? In particular, should we consider implementing a 
system of redress or information correction for such 
individuals, and if so how would you configure such new 
protections, and how would you envision that process actually 
working?

A.1. The general rule around information sharing among banks 
should be that data is anonymized before being shared. This is 
consistent with the Clearing House's recommendations. Instances 
where an individual's personal and/or account information can 
be shared among banks should be very clearly circumscribed. A 
system of redress should be established for individuals to 
review and rectify incorrect information that may be forming 
the basis of banks' decisions to deny an individual banking 
services, as is the case with credit information.
    When the banks ask for permission to share information, 
they are asking for that permission not just among banks in the 
U.S., but globally. As such, rules circumscribing the sharing 
of individuals' personal and account information and processes 
for redress should be crafted in conjunction with other major 
financial centers. FinCEN (the U.S.'s financial intelligence 
center) could initiate and lead this process through its 
membership in the Egmont Group, the umbrella organization for 
more than 135 financial intelligence centers around the world.

Q.2. Bank Derisking/Remittances--Your testimony emphasized the 
importance of Know Your Customer procedures for banks. But in 
recent years many financial institutions have opted to shed 
accounts of customers with personal or commercial links to 
parts of the world where it can be difficult to ascertain the 
final recipient of a financial transaction--an especially 
important concern to Somali communities in Ohio, for example. 
Whether we are talking about family remittances, or funds 
transfers for humanitarian purposes, this derisking has 
presented hurdles to effort to get resources to some of the 
most at-risk populations on Earth. And customers who lose 
accounts or are unable to move money through the regulated 
financial system are often forced to use less transparent, safe 
and regulated channels, undermining AML/CFT goals. The 
Financial Action Task Force (FATF) has recently suggested 
making inappropriate derisking a priority.
    From your perspective, what steps can be taken as part of 
BSA modernization to address the derisking problem and provide 
relief to both banks and their customers? How specifically can 
we better balance KYC obligations with the need to facilitate 
the flow of remittances, and the legitimate work of charities 
and humanitarian organizations, abroad?

A.2. My organization focuses on the movement of illicit money 
out of developing countries the effect of that financial flow 
for development, and not financial flows into developing 
countries, so we have not focused a great deal on the 
remittances and nonprofit issues. Nonprofit organizations like 
the Charity and Security Network, Oxfam, and the Center for 
Global Development, and intergovernmental organizations such as 
the World Bank, the IMF, the OECD and others have been doing a 
great deal more research in this area and I would recommend 
speaking with them for more developed and far-reaching 
recommendations.
    Having said that, there are three somewhat different 
problems in the derisking area with root causes that are not 
all AML-related, and I think that is a really important point 
here. One is that banks that are no longer willing to provide 
banking services to money service businesses (MSBs) that are 
the primary movers of remittances. Second is banks choosing not 
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a 
combination of both these first and second categories.) Third, 
is the problem of banks choosing not to provide banking 
services for charities/nonprofits. These are related issues, 
but not the same issues. Something to bear in mind as well is 
that the World Bank has found that the cost of transmitting 
remittances has actually decreased over the past several years, 
suggesting that some of the problems in the sector may really 
be location specific, such as with Somalia, as opposed to being 
as widespread as discussion on this topic might suggest.
    In 2012 and the following 2 years, FATF Recommendations and 
related guidance were published relating to risks posed by 
nonprofits and risks posed by MSBs. That guidance suggested 
that those entire sectors were particularly vulnerable to money 
laundering with no nuance, which resulted in banks categorizing 
them all as high risk, regardless of the nature of those 
businesses, the strength of their compliance programs, their 
clientele, or other risk assessment factors. The general 
refrain from banks was that it was too costly to do proper AML 
vetting on all these ``high risk'' entities. Banks also said 
they were pulling out of high risk areas because of an increase 
in fines and penalties, but very few fines/penalties have been 
levied related to servicing MSB or nonprofit clients, which 
begs the question of whether this reaction was simply 
disproportionate or driven by other motives, such as an excuse 
to get out of these relatively low-margin lines of business.
    For example, Barclays in the U.K. caused a bit of a crisis 
when it closed the accounts of the vast majority of the money 
service businesses it serviced. But it held on to MSBs with 
assets of $10m or more. However, the significant MSB money 
laundering case on record actually relates to Western Union, 
one of the world's largest and well-capitalized MSBs. Barclays' 
decision to jettison smaller MSB accounts was made not in 
relation to actual enforcement trends, how good their MSB 
clients' compliance programs were, or other risks relating to 
the individual MSB's business or other relevant factors, it was 
made on whether the bank wanted to keep that capitalization or 
not and bother to continue servicing smaller accounts where its 
margin was smaller and getting smaller because of compliance 
costs. It would be interesting to find out pre-2012 margins on 
these business lines versus post-2012 margins so that Congress 
has a frame of reference for what a bank consider an 
unacceptable margin in these business lines.
    And that raises an important point in all of this that is 
very often missed. There has been huge bank consolidation 
leading to behemoth banks that do not consider providing 
services to smaller account holders to be worth the cost. (In 
our experience, smaller, local banks rarely provide adequate 
international transfer services and did not do so prior to AML 
regulation.) We see that every day as banking fees for people 
who have little savings climb while those who have sizable 
accounts have no fees at all. Banks are doing everything they 
can to increase their profit margins with little regard to the 
effect on the average account holder. That's today's business 
model, and bank decisions regarding MSB and nonprofit account 
holders are driven in large part by this model. Furthermore, 
the Center for Global Development put out a report on derisking 
in 2015. In that report, they noted that some banks have 
``derisked'' and then beefed up their own money transmitter 
services, suggesting a possible move to undermine competition 
and seize the market themselves.
    So there are problems, some of which are not actually AML 
related, but the following are some measures that can be taken 
in the AML sphere to help in this area:

    Better nuanced Recommendations and guidance from 
        FATF and regulators is needed.

      In October 2014, FATF spoke out against blanket 
        derisking and said that FIs should derisk only on a 
        case by case basis. FinCEN, the FDIC, and the OCC 
        followed that up asking banks to come to the regulators 
        if they felt pressure to terminate an MSB relationship. 
        Other regulators have followed.

      Unfortunately it seems that there is no hard data 
        to be able to measure what has happened in the market 
        since.

      After an outcry from the global nonprofit 
        community, FATF revised its guidance with respect to 
        the problematic Recommendation 8, but I think it still 
        needs further revision and U.S. Treasury could use its 
        influence to make that happen. Please contact Kay 
        Guinane at the Charity and Security Network for further 
        information ([email protected]).

    Banks should have access to information from FinCEN 
        about whether an MSB has been the subject of formal 
        warnings/cease and desists which are not public 
        information, so that they can better judge the strength 
        of an MSB's compliance program and its weaknesses.

    Create a low-cost certification scheme for smaller 
        MSBs. Such a scheme would create benchmarks for MSB 
        compliance programs, similar to what has been done in 
        the development of an ISO standard for anticorruption 
        compliance. This could perhaps be subsidized by a fund 
        the big banks pay into for the smaller MSBs.

    One element of compliance cost is identifying the 
        true owners and controllers of MSBs and charities, as 
        well as the remitters themselves. Transparency about 
        who owns and controls companies would be a real help 
        with that.

    National ID schemes for individuals around the 
        world are also important. India leading the way in 
        effectively doing this in rural populations living in 
        poverty--the hardest to reach and often recipients of 
        remittances. While it may seem to be outside of 
        Congress' remit, USAID has financially supported these 
        initiatives in the past and Congress could prioritize 
        funding to USAID to continue and/or increase this work.

Q.3. Scope of AML Reporting--In recent House testimony, you 
noted that AML compliance and reporting is undertaken by a wide 
range of entities and persons beyond the banking sector. You 
also made clear that there are entities and persons not 
currently regulated or required to have AML programs in place, 
that really ought to if the system is to be comprehensive.
    Can you give us a sense of the scope of entities and 
persons you think we ought to have in mind, beyond the banking 
sector, when contemplating an update to our current anti-money 
laundering framework and its underlying authorities?

A.3. FATF has identified several of what it calls Designated 
Non-Financial Businesses and Professions, or DNFPB's, as 
businesses and professions that are susceptible for, or can be 
used to play a part in, money laundering. The idea is that 
these businesses and professions should identify who they are 
doing business with, in some cases carry out some customer due 
diligence, and file suspicious activity reports if they think a 
transaction is suspicious.
    The U.S. already requires some DNFBPs to have those AML 
programs, such as casinos and dealers in precious metals and 
stones. Treasury regulations originally also included others, 
including travel agents, those involved in real estate 
closings, and car, plane, and boat dealers, among others, but 
then Treasury gave them a ``temporary'' exemption from the 
requirements with no sunset for that exemption which has now 
been in place for many years. Still others never made it on any 
list, and those four are lawyers, accountants, corporate 
service providers, and escrow agents. For these four, AML 
programs would really be about knowing with whom you are doing 
business and not permitting practitioners in these businesses 
and professions to be able to have plausible deniability that 
they didn't have reason to know or suspect that they were 
providing services that might be laundering dirty money.
    While there are clearly several businesses and professions 
missing from U.S. regulation, I would focus on five of them: 
lawyers, those involved in real estate closings, corporate 
service providers, escrow agents, and accountants.
    Lawyers: Of course criminals need and use legal services. A 
60 Minutes piece that aired last year featured undercover 
footage from an organization called Global Witness, showing 
just how easy it is to walk into a law firm in New York and get 
a lawyer to easily suggest ways in which structures could be 
created to spend money that is clearly the proceeds of 
corruption to buy real estate, planes, etc. One attorney even 
suggested running the dirty money through the lawyer's client 
account to clean it. It was a real eye-opener. In 2010, the 
American Bar Association published what I would characterize as 
sound Voluntary Good Practices Guidance for Lawyers to Detect 
and Combat Money Laundering and Terrorist Financing, but I 
encourage you to ask every lawyer you know if they have 
implemented it. It is unlikely that they have even heard of it. 
This voluntary guidance is simply not enough.
    Escrow Agents: Senate Permanent Subcommittee on 
Investigations' 2010 report Keeping Foreign Corruption Out of 
the United States: Four Case Histories tells the story of how 
one escrow agent, McAfee & Taft, refused to provide escrow 
services to Teodorin Obiang, the corrupt, playboy son of the 
long time dictator of the impoverished Nation of Equatorial 
Guinea, because the anti-money laundering policy they had 
voluntarily put in place prescribed that they do so. Another 
escrow agent without an AML program happily took that money.
    Corporate Service Providers: The Panama Papers showed just 
how entangled corporate service providers like Mossack Fonseca 
can be in facilitating money laundering, corruption, and tax 
evasion. The book Global Shell Games details research by a team 
of American and Australian academics into just how easy it is 
to create an anonymous company to engage in terror finance or 
corruption in different countries around the world through 
corporate service providers. They found that the easiest 
country in which to do so was the United States. One email 
response to the researchers' inquiry from a corporate service 
provider in Florida was, ``[Y]our started purpose could well be 
a front for funding terrorism, and who the f---- would get 
involved in that? Seriously, if you wanted a functioning and 
useful Florida corporation you'd need someone here to put their 
name on it, set up bank accounts, etc. I wouldn't even consider 
doing that for less that 5k a month, and I doubt you are going 
to find any suckers that will do it for less, if at all. If you 
are working with less than serious money, don't waste anybody's 
time here. Using a f------ google account also shows you are 
just a f------ poser and loser. If you have a serious proposal, 
write it up and we will consider it. Your previous message and 
this one are meaningless crap. Get a clue. Just how stupid do 
you think we are?''
    Those Involved in Real Estate: With respect to real estate, 
since July 2016, FinCEN has had geographic targeting orders in 
place in various counties in New York, Florida, Texas, and 
California, requiring title insurance companies to collect 
beneficial ownership information for those entities buying high 
value real estate with cash. They found that about 30 percent 
of the beneficial owners identified by the title companies 
already had SARs filed on them by other financial institutions. 
That's nearly one third. Exposes like The New York Times' 
``Towers of Secrecy'' show just how easy it is for people to 
hide behind anonymous companies and buy real estate with 
proceeds of crime and corruption. It is central to the 2017 
indictment of Paul Manafort and Richard Gates as well.

Q.4. Cryptocurrencies--As the use of cryptocurrencies continues 
to evolve and to spread, questions have been raised about the 
abuse of such virtual currency for money laundering and other 
illicit purposes.
    Can you please comment on the current exploitation of 
virtual currency for illicit finance purposes, as well as the 
potential for blockchain technology to short-circuit our 
current AML regulatory and enforcement frameworks? In your 
opinion, what tools should the U.S. Government be developing, 
now, to head off this threat?

A.4. I am not sufficiently informed to provide a detailed 
response to this question, but recommend that you contact the 
following people to develop a greater understanding of the 
threats and opportunities posed by both cryptocurrencies 
(referred to as ``virtual currencies'' in international 
regulatory parlance) and the blockchain technology that 
underpins them, but also has much wider applications.
    Yaya Fanusie, Director of Analysis, Center on Sanctions and 
Illicit Finance ([email protected]); Tom Robinson, COO 
and Cofounder, Elliptic ([email protected]); Jamie Smith, Global 
Chief Communications Officer, The Bitfury Group 
([email protected]).
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
                      FROM HEATHER A. LOWE

Q.1. This hearing discussed the importance of increasing 
information sharing between financial institutions and with law 
enforcement officials.
    What--if any--are the privacy risks with facilitating the 
sharing of such information?
    What are the best ways to mitigate such privacy concerns?
    Increased information sharing between financial 
institutions could make it easier for individuals to be 
completely cut out of the United States' financial system. How 
should wrongly targeted individuals be able to challenge their 
designation?
    What should our risk tolerance be for the fact that the 
U.S. financial system facilitates crimes like human 
trafficking? Should we strive to have zero incidence of money 
laundering in our financial system?

A.1. There are three types of privacy risks that I would 
identify here--the information security risk, the risk of 
personal information being sold or otherwise transmitted by 
financial institutions for reasons other than communicating 
risk of criminal activity, and the ``cut out'' risk. I do not 
have the right expertise to effectively address the information 
security risk, and recommend that you speak with cybersecurity 
experts focusing on the financial sector and to FinCEN/law 
enforcement regarding their cybersecurity protections (and 
protections on the BSA database), as those will be the two 
types of entities between which this information would be 
passed and collected.
    Regarding the risk of information being sold or otherwise 
transmitted for purposes other than detection of criminal 
activity, the laws and regulations around what type of 
information can be transmitted, to whom, and how and how long 
it should be retained should be very clearly defined in 
legislation/regulation.
    The risk that someone could be incorrectly identified as a 
bad actor and cut out of the global financial system is 
certainly a risk here. It is a common complaint associated with 
being added to the OFAC's Specially Designated Nationals and 
Blocked Persons (SDN) list. Another complaint about the SDN 
list is that sometimes people do not know why they have been 
placed on the SDN list and there is no procedure for 
challenging the designation. In that case, there is one body 
making those designations. In a world of financial institution 
information sharing, those decisions would be just as opaque, 
could have been made by any financial institution, and there is 
even less redress because a financial institution is never 
under an obligation to open an account for someone.
    Ultimately, we are also talking about information sharing 
that is global and repercussions that are global, so I don't 
think the U.S. will be able to create a redress system alone. I 
think a redress system would probably need to involve FinCEN, 
however, because of the confidential nature of the information 
involved. FinCEN is the U.S.'s Financial Intelligence Unit, or 
FIU. Most other countries with any sort of AML monitoring that 
might end up denying someone access also have an FIU. Those 
FIUs are, with some exceptions, members of a body called the 
Egmont group, which has rules and methods for information 
sharing among Egmont FIUs. There are over 135 FIU members of 
Egmont at present. The U.S. could spearhead the creation of a 
redress process in this area that involved the Egmont FIUs, or 
a review panel housed within that secretariat the was, perhaps, 
funded by bank contribution.
    In terms of expectations with respect to money laundering, 
at my organization, Global Financial Integrity, we always speak 
in terms of curtailing the problem. We understand that it can 
never be entirely prevented. However, I caution against using 
terms like ``tolerance.'' There is no acceptable level of known 
money laundering that should be tolerated. We need to have 
reasonable expectations with respect to how much money 
laundering can be detected by financial institutions that have 
well-crafted and executed AML compliance programs in place, and 
we need reasonable expectations as to what a well-crafted and 
executed AML program is. Congress is currently in the dark with 
respect to independently verifiable information about the 
nonpublic citations financial institutions are currently 
receiving for compliance program failures and whether they are 
reasonable. Congress has only the complaints of industry 
representatives themselves, many of whom resent AML compliance 
and reporting requirements writ large and have every incentive 
to overstate the problem. The massive fines levied on banks in 
recent years have been the result of knowing, willful, and 
egregious violations of laws and regulations in the AML area in 
order to turn a blind eye to money laundering their clearly 
knew about in order to increase profits. There should be zero 
tolerance for that.

Q.2. I'd like to understand better how technological innovation 
is transforming the fight against money laundering and how 
Government policy can help or hurt these efforts.
    In the health care context, I hear about how researchers 
have used machine learning and artificial intelligence to 
identify diseases and predict when they will occur, using data 
points that humans would have never put together. How have 
financial institutions or law enforcement officials been able 
to use of similar techniques to identify money laundering and 
how much more progress can be made in this front?
    Outside of AI and machine learning, how can recent FinTech 
innovations such as blockchain fight money laundering?
    What regulatory requirement or requirements--if any--most 
hinders the adoption of technological innovations?
    How much does bitcoin, blockchain, and other 
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering 
in traditional banks? How can law enforcement officials best 
stop this newer form of money laundering?

A.2. With respect to the first bulleted question, there is a 
very wide world of financial analytics in use to identify money 
laundering and expertise to create the algorithms used in these 
processes. I am not an expert in analytics, unfortunately, but 
there is an entire industry of people who can provide a helpful 
response to this question, although they may not be able to 
answer this broad of a question in written form.
    With respect to the remaining bullet points, the most 
significant block to adopting new technologies is, I believe, a 
concern that regulators will not recognize the use of a new 
technology as a positive development in examinations. I 
therefore support the creation of a technological ``sandbox'', 
as has been proposed by The Clearing House and has been 
implemented in the U.K. It is important to note that the U.K. 
structure appears to have some specific safeguards to protect 
consumers which they consider to be an integral part of their 
system. U.K. regulators presented their approach at a recent 
FATF industry consultation meeting I attended. They stressed 
the importance of ensuring that consumers were protected at all 
times as innovative approaches were being tested, and the U.S. 
should do the same. In the House of Representatives, Members 
are discussing legislative language that does not require any 
of the safeguards present in the U.K. system, potentially 
giving financial institutions an unlimited safe harbor for the 
use of any new technology with no Government oversight. This is 
a significant danger because if a financial institution spends 
the money to integrate new technology that, it turns out, isn't 
as effective as alternative methods, they would have no 
incentive to change their approach. They would incur some 
unwelcome cost for doing so and they'd have the security of an 
unlimited safe harbor, so there would be no incentive to act.
    Connecting this in with blockchain technology, there is 
certainly work being done in this area. You may wish to reach 
out to Tom Robinson, COO and Cofounder, Elliptic 
([email protected]). Elliptic is a company that finds ways to 
identify the ``anonymous'' digital currency traders to help 
with customer due diligence problems associated with digital 
currencies.
    Mr. Robinson recently coauthored a paper entitled ``Bitcoin 
Laundering: An Analysis of Illicit Flows Into Digital Currency 
Services'' with the Foundation for Defense of Democracy's Yaya 
Fanusie, a long-time expert on illicit and terror finance who 
has been researching the linkages between terror finance and 
digital currency. I would recommend reaching out to Mr. Fanusie 
to further explore this area. Yaya Fanusie, Director of 
Analysis, Center on Sanctions and Illicit Finance 
([email protected]).

Q.3. I'd like to discuss Suspicious Activity Reports (SARs). 
Today, around 2 million SARs are filed each year. While every 
SAR used to be read by law enforcement officials, that is no 
longer the case today. Financial institutions often complain 
that they rarely, if ever, receive feedback from law 
enforcement officials on the utility of any particular 
suspicious activity report that they file. This lack of 
feedback loops increases the burdens on financial institutions, 
who continue to file SARs that are of little utility to law 
enforcement officials. It also prevents financial institutions 
from developing better analytical tools to more precisely 
discern between the signal and the noise.
    What percentage of SARs are actually read by someone in law 
enforcement?

A.3. I am not aware of credible estimates. This question will 
need to be answered by FinCEN.

Q.4. How often do financial institutions receive feedback from 
law enforcement officials as to the utility of their SAR 
filing?

A.4. Such feedback is rare. While law enforcement cannot and 
should not share information about an ongoing investigation, at 
the very least they could be collecting statistics about the 
number of SARs/CTRs from a given financial institution that 
they followed up on in some way. Where a SAR from a financial 
institution (or many SARs from several institutions, which is 
more likely) helped law enforcement bring a strong case, it 
could be worthwhile to positively identify the banks that 
helped the case in this way once the case is resolved. Positive 
reinforcement is important. I once highlighted a seminal case 
regarding tax evasion and money laundering at an international 
AML conference in Florida. A very excited compliance officer 
from the U.S. Virgin Islands approached me after presentation--
she had been the person to file the SAR that resulted in the 
case and she had never known what had happened to it. She was 
thrilled that her actions had made a difference, and remembered 
the SAR because the activity seemed so odd to her at the time. 
I believe that we would have a much more robust AML defense 
system in the U.S. if more bankers and compliance officers were 
given such opportunities to feel like their actions really made 
a difference. Therefore, I am in favor of initiatives like 
FinCEN Exchange, announced in December, to enhance information 
sharing with Financial Institutions. However FinCEN needs to 
make this a meaningful program in its execution if it is to 
have any impact.

Q.5. While some have proposed reducing the number of SARs and 
CRT filings because they are often superfluous and are never 
read, others argue that this poses risks, because investigating 
minor infractions may still lead to significant law enforcement 
successes. How should policymakers resolve this conflict?

A.5. The driving force behind this complaint from industry is 
the amount of resources spent on drafting SARs, including 
preparatory investigation time. CTR filings are automatically 
generated when more than $10,000 is deposited, so should be 
discussed separately if there really are valid concerns there. 
One source of tension in this area appears to be that law 
enforcement wants SARs to include as much information as 
possible, in as standard a format as possible, and that their 
demands for greater detail and specificity have grown over 
time. This has obviously developed over time as law enforcement 
has identified what information is most useful to them and the 
presentation that is most useful--specificity that the 
financial institutions have actually asked for over time. 
However, financial institution employees may not have the 
desired level of detail that law enforcement would like--that 
is simply a reality of money laundering cases which often 
involve hidden conduct and individuals. The SAR instructions 
properly allow filers to indicate on the form that the 
information is ``unknown''; that option should be honored by 
law enforcement rather than trying to require bank employees to 
become detectives uncovering illegal conduct.

Q.6. How could regulators (1) set up better feedback loops 
between financial institutions and law enforcement officials 
that could help financial institutions better identify money 
laundering; and (2) empower financial institutions to act upon 
their improved ability to distinguish between useful and 
superfluous reports, including by filing fewer unnecessary 
SARs, without fearing regulatory consequences for doing so?

A.6. I believe my answer is subsumed in the responses above.

Q.7. Would a better feedback loop system exist if financial 
institutions employed more people with security clearances? If 
so, what, if anything, can the Federal Government do to 
facilitate this?

A.7. I do not have an opinion on this question.

Q.8. Often, financial institutions will derisk by refusing to 
serve customers that could be involved in illegal activity. As 
financial institutions start to share more information with 
each other, this practice could become more prominent and 
potential criminals could more frequently lose access to the 
United States' financial system altogether.
    Are there instances in which derisking is actually 
unhelpful for law enforcement purposes, because it drives these 
criminals underground and makes it more difficult to track 
them?
    At the moment, do the regulators that evaluate and enforce 
financial institutions compliance with our Federal money 
laundering take this into account?
    Are there promising ways to increase cooperation between 
financial institutions, regulators, and law enforcement 
officials, so that financial institutions can make a more 
informed decision about when and how to derisk?
    Would financial institutions need to hire more employees 
with a top security clearance and/or a law enforcement 
background for this coordination to be effective?

A.8. My organization focuses on the movement of illicit money 
out of developing countries the effect of that financial flow 
for development, and not financial flows into developing 
countries, so we have not focused a great deal on the 
remittances and nonprofit issues. Nonprofit organizations like 
the Charity and Security Network, Oxfam, and the Center for 
Global Development, and intergovernmental organizations such as 
the World Bank, the IMF, the OECD and others have been doing a 
great deal more research in this area and I would recommend 
speaking with them for more developed and far-reaching 
recommendations.
    Having said that, there are three somewhat different 
problems in the derisking area with root causes that are not 
all AML-related, and I think that is a really important point 
here. One is that banks that are no longer willing to provide 
banking services to money service businesses (MSBs) that are 
the primary movers of remittances. Second is banks choosing not 
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a 
combination of both these first and second categories.) Third, 
is the problem of banks choosing not to provide banking 
services for charities/nonprofits. These are related issues, 
but not the same issues. Something to bear in mind as well is 
that the World Bank has found that the cost of transmitting 
remittances has actually decreased over the past several years, 
suggesting that some of the problems in the sector may really 
be location specific, such as with Somalia, as opposed to being 
as widespread as discussion on this topic might suggest.
    In 2012 and the following 2 years, FATF Recommendations and 
related guidance were published relating to risks posed by 
nonprofits and risks posed by MSBs. That guidance suggested 
that those entire sectors were particularly vulnerable to money 
laundering with no nuance, which resulted in banks categorizing 
them all as high risk, regardless of the nature of those 
businesses, the strength of their compliance programs, their 
clientele, or other risk assessment factors. The general 
refrain from banks was that it was too costly to do proper AML 
vetting on all these ``high risk'' entities. Banks also said 
they were pulling out of high risk areas because of an increase 
in fines and penalties, but very few fines/penalties have been 
levied related to servicing MSB or nonprofit clients, which 
begs the question of whether this reaction was simply 
disproportionate or driven by other motives, such as an excuse 
to get out of these relatively low-margin lines of business.
    For example, Barclays in the U.K. caused a bit of a crisis 
when it closed the accounts of the vast majority of the money 
service businesses it serviced. But it held on to MSBs with 
assets of $10m or more. However, the significant MSB money 
laundering case on record actually relates to Western Union, 
one of the world's largest and well-capitalized MSBs. Barclays' 
decision to jettison smaller MSB accounts was made not in 
relation to actual enforcement trends, how good their MSB 
clients' compliance programs were, or other risks relating to 
the individual MSB's business or other relevant factors, it was 
made on whether the bank wanted to keep that capitalization or 
not and bother to continue servicing smaller accounts where its 
margin was smaller and getting smaller because of compliance 
costs. It would be interesting to find out pre-2012 margins on 
these business lines versus post-2012 margins so that Congress 
has a frame of reference for what a bank consider an 
unacceptable margin in these business lines.
    And that raises an important point in all of this that is 
very often missed. There has been huge bank consolidation 
leading to behemoth banks that do not consider providing 
services to smaller account holders to be worth the cost. (In 
our experience, smaller, local banks rarely provide adequate 
international transfer services and did not do so prior to AML 
regulation.) We see that every day as banking fees for people 
who have little savings climb while those who have sizable 
accounts have no fees at all. Banks are doing everything they 
can to increase their profit margins with little regard to the 
effect on the average account holder. That's today's business 
model, and bank decisions regarding MSB and nonprofit account 
holders are driven in large part by this model. Furthermore, 
the Center for Global Development put out a report on derisking 
in 2015. In that report, they noted that some banks have 
``derisked'' and then beefed up their own money transmitter 
services, suggesting a possible move to undermine competition 
and seize the market themselves.
    So there are problems, some of which are not actually AML 
related, but the following are some measures that can be taken 
in the AML sphere to help in this area:

    Better nuanced Recommendations and guidance from 
        FATF and regulators is needed.

      In October 2014, FATF spoke out against blanket 
        derisking and said that FIs should derisk only on a 
        case by case basis. FinCEN, the FDIC, and the OCC 
        followed that up asking banks to come to the regulators 
        if they felt pressure to terminate an MSB relationship. 
        Other regulators have followed.

      Unfortunately it seems that there is no hard data 
        to be able to measure what has happened in the market 
        since.

      After an outcry from the global nonprofit 
        community, FATF revised its guidance with respect to 
        the problematic Recommendation 8, but I think it still 
        needs further revision and U.S. Treasury could use its 
        influence to make that happen. Please contact Kay 
        Guinane at the Charity and Security Network for further 
        information ([email protected]).

    Banks should have access to information from FinCEN 
        about whether an MSB has been the subject of formal 
        warnings/cease and desists which are not public 
        information, so that they can better judge the strength 
        of an MSB's compliance program and its weaknesses.

    Create a low-cost certification scheme for smaller 
        MSBs. Such a scheme would create benchmarks for MSB 
        compliance programs, similar to what has been done in 
        the development of an ISO standard for anticorruption 
        compliance. This could perhaps be subsidized by a fund 
        the big banks pay into for the smaller MSBs.

    One element of compliance cost is identifying the 
        true owners and controllers of MSBs and charities, as 
        well as the remitters themselves. Transparency about 
        who owns and controls companies would be a real help 
        with that.

    National ID schemes for individuals around the 
        world are also important. India leading the way in 
        effectively doing this in rural populations living in 
        poverty--the hardest to reach and often recipients of 
        remittances. While it may seem to be outside of 
        Congress' remit, USAID has financially supported these 
        initiatives in the past and Congress could prioritize 
        funding to USAID to continue and/or increase this work.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
                      FROM HEATHER A. LOWE

Q.1. How can we leverage technology to make the process 
simultaneously less onerous on banks while enhancing the 
outcomes of catching illegal behavior? Are there regulatory and 
legislative barriers to getting that down?
    Financial institutions often complain that FinCEN, law 
enforcement officials, and prudential regulators do not tell 
them whether their BSA filings serve a useful purpose, or how 
the reports they submit are being used--and that the filings go 
into a black hole. Can you shed some light on the filings that 
you make or have used and what could be done to improve this 
process?

A.1. While law enforcement cannot and should not share 
information about an ongoing investigation, at the very least 
they could be collecting statistics about the number of SARs/
CTRs from a given financial institution that they followed up 
on in some way. Where a SAR from a financial institution (or 
many SARs from several institutions, which is more likely) 
helped law enforcement bring a strong case, it could be 
worthwhile to positively identify the banks that helped the 
case in this way once the case is resolved. Positive 
reinforcement is important. I once highlighted a seminal case 
regarding tax evasion and money laundering at an international 
AML conference in Florida. A very excited compliance officer 
from the U.S. Virgin Islands approached me after presentation--
she had been the person to file the SAR that resulted in the 
case and she had never known what had happened to it. She was 
thrilled that her actions had made a difference, and remembered 
the SAR because the activity seemed so odd to her at the time. 
I believe that we would have a much more robust AML defense 
system in the U.S. if more bankers and compliance officers were 
given such opportunities to feel like their actions really made 
a difference. Therefore, I am in favor of initiatives like 
FinCEN Exchange, announced in December, to enhance information 
sharing with Financial Institutions. However FinCEN needs to 
make this a meaningful program in its execution if it is to 
have any impact.

Q.2. Another compliance challenge often cited by banks is that 
they feel pressured by bank examiners and law enforcement 
authorities to exit certain business lines or cease offering 
certain services to customers viewed as presenting particular 
money-laundering vulnerabilities, i.e., severing corresponding 
banking relationships with foreign institutions in certain 
geographic areas, and also ending money services businesses 
(MSBs, i.e., check cashing, money transmitters, currency 
exchange outlets, etc.)
    As banks reevaluate their business relationships with MSBs 
in light of what they may view as a hostile regulatory 
landscape, what can we do to change this type of behavior/is 
this a prevalent problem in the industry?

A.2. My organization focuses on the movement of illicit money 
out of developing countries the effect of that financial flow 
for development, and not financial flows into developing 
countries, so we have not focused a great deal on the 
remittances and nonprofit issues. Nonprofit organizations like 
the Charity and Security Network, Oxfam, and the Center for 
Global Development, and intergovernmental organizations such as 
the World Bank, the IMF, the OECD and others have been doing a 
great deal more research in this area and I would recommend 
speaking with them for more developed and far-reaching 
recommendations.
    Having said that, there are three somewhat different 
problems in the derisking area with root causes that are not 
all AML-related, and I think that is a really important point 
here. One is that banks that are no longer willing to provide 
banking services to money service businesses (MSBs) that are 
the primary movers of remittances. Second is banks choosing not 
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a 
combination of both these first and second categories.) Third, 
is the problem of banks choosing not to provide banking 
services for charities/nonprofits. These are related issues, 
but not the same issues. Something to bear in mind as well is 
that the World Bank has found that the cost of transmitting 
remittances has actually decreased over the past several years, 
suggesting that some of the problems in the sector may really 
be location specific, such as with Somalia, as opposed to being 
as widespread as discussion on this topic might suggest.
    In 2012 and the following 2 years, FATF Recommendations and 
related guidance were published relating to risks posed by 
nonprofits and risks posed by MSBs. That guidance suggested 
that those entire sectors were particularly vulnerable to money 
laundering with no nuance, which resulted in banks categorizing 
them all as high risk, regardless of the nature of those 
businesses, the strength of their compliance programs, their 
clientele, or other risk assessment factors. The general 
refrain from banks was that it was too costly to do proper AML 
vetting on all these ``high risk'' entities. Banks also said 
they were pulling out of high risk areas because of an increase 
in fines and penalties, but very few fines/penalties have been 
levied related to servicing MSB or nonprofit clients, which 
begs the question of whether this reaction was simply 
disproportionate or driven by other motives, such as an excuse 
to get out of these relatively low-margin lines of business.
    For example, Barclays in the U.K. caused a bit of a crisis 
when it closed the accounts of the vast majority of the money 
service businesses it serviced. But it held on to MSBs with 
assets of $10m or more. However, the significant MSB money 
laundering case on record actually relates to Western Union, 
one of the world's largest and well-capitalized MSBs. Barclays' 
decision to jettison smaller MSB accounts was made not in 
relation to actual enforcement trends, how good their MSB 
clients' compliance programs were, or other risks relating to 
the individual MSB's business or other relevant factors, it was 
made on whether the bank wanted to keep that capitalization or 
not and bother to continue servicing smaller accounts where its 
margin was smaller and getting smaller because of compliance 
costs. It would be interesting to find out pre-2012 margins on 
these business lines versus post-2012 margins so that Congress 
has a frame of reference for what a bank consider an 
unacceptable margin in these business lines.
    And that raises an important point in all of this that is 
very often missed. There has been huge bank consolidation 
leading to behemoth banks that do not consider providing 
services to smaller account holders to be worth the cost. (In 
our experience, smaller, local banks rarely provide adequate 
international transfer services and did not do so prior to AML 
regulation.) We see that every day as banking fees for people 
who have little savings climb while those who have sizable 
accounts have no fees at all. Banks are doing everything they 
can to increase their profit margins with little regard to the 
effect on the average account holder. That's today's business 
model, and bank decisions regarding MSB and nonprofit account 
holders are driven in large part by this model. Furthermore, 
the Center for Global Development put out a report on derisking 
in 2015. In that report, they noted that some banks have 
``derisked'' and then beefed up their own money transmitter 
services, suggesting a possible move to undermine competition 
and seize the market themselves.
    So there are problems, some of which are not actually AML 
related, but the following are some measures that can be taken 
in the AML sphere to help in this area:

    Better nuanced Recommendations and guidance from 
        FATF and regulators is needed.

      In October 2014, FATF spoke out against blanket 
        derisking and said that FIs should derisk only on a 
        case by case basis. FinCEN, the FDIC, and the OCC 
        followed that up asking banks to come to the regulators 
        if they felt pressure to terminate an MSB relationship. 
        Other regulators have followed.

      Unfortunately it seems that there is no hard data 
        to be able to measure what has happened in the market 
        since.

      After an outcry from the global nonprofit 
        community, FATF revised its guidance with respect to 
        the problematic Recommendation 8, but I think it still 
        needs further revision and U.S. Treasury could use its 
        influence to make that happen. Please contact Kay 
        Guinane at the Charity and Security Network for further 
        information ([email protected]).

    Banks should have access to information from FinCEN 
        about whether an MSB has been the subject of formal 
        warnings/cease and desists which are not public 
        information, so that they can better judge the strength 
        of an MSB's compliance program and its weaknesses.

    Create a low-cost certification scheme for smaller 
        MSBs. Such a scheme would create benchmarks for MSB 
        compliance programs, similar to what has been done in 
        the development of an ISO standard for anticorruption 
        compliance. This could perhaps be subsidized by a fund 
        the big banks pay into for the smaller MSBs.

    One element of compliance cost is identifying the 
        true owners and controllers of MSBs and charities, as 
        well as the remitters themselves. Transparency about 
        who owns and controls companies would be a real help 
        with that.

    National ID schemes for individuals around the 
        world are also important. India leading the way in 
        effectively doing this in rural populations living in 
        poverty--the hardest to reach and often recipients of 
        remittances. While it may seem to be outside of 
        Congress' remit, USAID has financially supported these 
        initiatives in the past and Congress could prioritize 
        funding to USAID to continue and/or increase this work.

Q.3. It is my understanding that there are times when law 
enforcement and the bank regulators work at cross purposes. 
That is, law enforcement might want a bank to continue banking 
an individual or company that they are following and building a 
case against but the bank regulators, whose incentives are to 
not be embarrassed by their regulated entities, force the banks 
to ``derisk'' or close those accounts. Is that actually the 
case?

A.3. There is no reputational risk associated with continuing 
to bank a customer when instructed to do so by law enforcement. 
A bank will not be sanctioned by examiners for doing so. The 
information will not be made public. This seems a spurious 
complaint if it is being made by industry.

Q.4. In terms of AML, we know that the success of AML is 
centric around whether or not the predicate crime of money 
laundering has been reduced, but we only really know how 
pervasive money laundering is on a reactive basis, i.e., when 
someone/some entity is caught.
    To that end, do you believe the advent/popularity of 
cryptocurrencies could affect the capture of money laundering/
could it affect AML? Do enforcement authorities have the 
technological capabilities to work with private industry to 
capture mal-actors?

A.4. NOTE: Your introduction suggests some confusion with 
respect to money laundering (i.e., reference to ``whether or 
not the predicate crime of money laundering has been 
reduced''). It is critical to understand that money laundering 
is a crime in and of itself and is not a predicate offense. The 
crime is thought by many to be the crime of laundering/
disguising/accepting the funds of some underlying crime that 
generated money, otherwise known as a predicate offense or, in 
U.S. statutory terms, a specified unlawful activity (SUA). That 
is correct, but it is not complete. A person can be convicted 
of money laundering if they believed they were accepting/
disguising the proceeds of an SUA and took steps to do so. That 
means that even if nobody has been convicted of the underlying 
crime that is the SUA, a person can be convicted of laundering 
the related funds. However, in almost every ``money 
laundering'' case you have heard of, the banks were not charged 
with actual criminal money laundering. They were charged with 
violations of provisions of the Bank Secrecy Act requiring 
financial institutions to have in place measures to detect when 
someone is trying to use the institution to launder money and 
preventative measures that detect if anyone inside the 
institution is allowing money to be laundered by the 
institution.
    The advent and popularity of digital currencies are an 
emerging threat in the money laundering field because much of 
our AML policies depend on a financial institution carrying out 
``due diligence'' and ``know your customer'' checks. That is 
why accounts opened by companies with hidden beneficial 
ownership are such a problem. One of the biggest challenges 
with digital currencies is also the fact that the transactions 
are essentially conducted anonymously. For more information, I 
recommend that you contact Tom Robinson, COO and Cofounder, 
Elliptic ([email protected]). Elliptic is a company that finds 
ways to identify the ``anonymous'' digital currency traders to 
help with customer due diligence problems associated with 
digital currencies.
    Mr. Robinson recently coauthored a paper entitled ``Bitcoin 
Laundering: An Analysis of Illicit Flows Into Digital Currency 
Services'' with the Foundation for Defense of Democracy's Yaya 
Fanusie, a long-time expert on illicit and terror finance who 
has been researching the linkages between terror finance and 
digital currency. I would recommend reaching out to Mr. Fanusie 
to further explore this area. Yaya Fanusie, Director of 
Analysis, Center on Sanctions and Illicit Finance 
([email protected]).

Q.5. In your opinion, do you think that the overall AML regime 
has been effective? Additionally, what do you see as the best 
way to ensure future effectiveness?
    Is it to have Treasury be the lead to:
    1. Define with other stakeholders specific and clear 
national priorities of the regime; and
    2. Determine, working with other stakeholders, clear and 
measurable objectives of the regime in light of those 
priorities. Should Treasury or someone else have to report 
those measurements against the objectives back to Congress?

A.5. My organization has estimated that just 11 types of 
transnational crime generate a total proceeds of between $1.6 
and $2.2 trillion annually. There are many, many more types of 
crime that generate proceeds in this world. Most of that money 
must be laundered in some way. As noted above, there is very 
little prosecution for large-scale criminal money laundering, 
even when it seems from charging documents that criminal money 
laundering (which includes an intent standard) was taking 
place. In addition, individuals are not being prosecuted and 
jailed for their actions in the cases that we see, which would 
be a significant deterrent to money laundering. That may be 
changing, however, as I note in a recent piece that I wrote 
about the Rabobank case. So I would say that we are not 
prosecuting criminal money laundering and that is a problem.
    What you are asking, however, is really whether the 
regulatory regime that is in place to detect money laundering 
and prevent banks from engaging in it has been effective. There 
is no way to determine this through data because hard data (not 
extrapolated estimates) of the amount of money laundered in the 
world do not and cannot exist by their very nature. What I can 
say is that the AML compliance violation cases that we have 
seen over the past few years (HSBC, Wachovia, Citigroup, BNP 
Paribas, Rabobank, etc.) tell us that many large international 
bank were either paying lip service to complying with the legal 
requirements or were actively subverting the measures up until 
about 2010. I have no reason to believe that these cases are 
not indicative of an industrywide approach because banks had 
absolutely no incentive to comply with laws which would 
ultimately require them to turn away clients and money that 
they had previously banked very willingly. The question at this 
point is whether, now that there has been some significant 
enforcement of AML compliance laws, banks are actually 
complying with those laws and regulations and if they are 
turning away business/closing accounts where there is 
significant indication of money laundering.
    The crescendo of complaints by the industry about the 
``rising cost'' of compliance indicates that this is the case. 
I have ``rising cost'' in quotations because we are talking 
about the cost of complying with laws that have been in place 
for many, many years now, so this is neither a new cost nor one 
that could not have been anticipated, and should be estimated 
in terms of costs that should have been incurred and spread 
over that lengthy time period. The other indication that the 
regime is now having an effect is the industry's 
disproportionate measures in what has come to be called 
``derisking'' entire client categories and/or business with 
certain countries. Some of that activity may be due to a 
serious concern by the bank about managing the risks associated 
with a certain business, but research has indicated that some 
banks may be jettisoning some types of business in order to 
freeze out competition for those services and then offering 
those services themselves (such as in the money transmission 
area).
    In some cases, I think certain actions are being taken in 
order to try to force deregulation, such as when Bank of 
America, a major provider of banking services to foreign 
embassies in the U.S., sent a letter to its embassy clients 
that it was going close their accounts and cease to provide 
banking services to them only one week before closing their 
accounts. The action seemed clearly designed to create a 
diplomatic crisis for the U.S. Government, to be blamed on U.S. 
AML regulation. If Bank of America's concern was really AML 
related, they should have worked with FinCEN and law 
enforcement to identify accounts, individuals and activities of 
concern and, after doing so, closed the accounts in accordance 
with a process that was agreed with the Government. If the 
decision was that they simply did not want to service what they 
perceived as a high-risk client but they hadn't actually 
observed money laundering red flags associated with the 
accounts, they should have provided the embassies with adequate 
notice, giving them time to find an alternative service 
provider and to migrate their accounts. Instead, they chose to 
create an unnecessary and unwarranted diplomatic crisis which 
should have had the effect of undermining their credibility in 
speaking out with AML regulatory concerns. It certainly 
undermined their credibility with me.
    Giving FinCEN total responsibility for establishing annual 
AML priorities for banks and monitoring every bank's progress 
every 3 months, as was recommended by the Clearing House, is 
extremely ill-advised. A financial institution understands its 
own business and products better than anyone else. It is 
therefore best-placed to determine what its AML risks are and 
how best to address those risks within the systems that it has 
created. We support the idea of a financial institution working 
with FinCEN/Treasury to discuss those risks in the context of 
national and global trends observed by FinCEN, and whether 
adjustments might be made as a result, however. In addition, 
reviewing each financial institution's progress in AML every 3 
months seems like far too short a time frame to observe how an 
FI is progressing in this respect, however, and entirely 
impractical from a Government resource allocation perspective.
    On a related note the suggestion that FinCEN be given 
access to bulk data transfers from financial institutions to 
enable it to analyze AML trends and patterns across 
institutions is another potentially useful idea. But questions 
about the effectiveness and cost of this proposal include 
whether FinCEN currently has the technological capability and 
personnel needed to perform that type of data analysis or 
whether it would need to be built, which could be a significant 
expense. In addition, charging FinCEN with industrywide data 
collection and analysis should not be seen as a way for banks 
to absolve themselves of their AML obligations. The banks would 
retain their position as the primary gateway into the U.S. 
financial system, so the first level of responsibility to 
safeguard the system against money-laundering abuses must 
remain with the individual banks who open their accounts to 
individuals and entities around the world.
                                ------                                


        RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
                      FROM HEATHER A. LOWE

Q.1. What are the costs and benefits of having bank examiners 
assess bank compliance with the Bank Secrecy Act's (BSA) 
requirements instead of having anti-money laundering (AML) and 
combating the financing of terrorism (CFT) experts at the 
Financial Crimes Enforcement Network (FinCEN) examine bank 
compliance programs?

A.1. I am not sure it will make much of a difference. 
Currently, you have examiners sitting at the Securities and 
Exchange Commission, the Commodities Futures Trading Commission 
and other specialized agencies who have specific AML/CFT 
training. When they have AML/CFT enforcement questions, they 
liaise with FinCEN as needed. If you had those people instead 
within FinCEN, they have easy access to FinCEN personnel but 
would have to reach out to the other agencies for sector-
specific guidance. Would bringing all of the examiners into 
FinCEN result in a more coherent approach to examination? 
Unlikely, unless specific changes were made to the examination 
procedures and incentives for examiners. However, I can also 
imagine that should there be more coherence in examination 
procedure across industries, it would give rise to the problem 
that examinations are not nuanced enough and therefore not even 
addressing issues specific to a given industry where AML/CFT 
risks may be significant. I can imagine that industry 
complaints about that would surge. No company will ever be 
happy with the way they are examined, so it is most important 
to work with industry to identify real problems which result in 
ineffective or inadequate AML oversight and with law 
enforcement to identify areas where the resources being 
expended by industry seem disproportionate to the value of 
information gleaned from their efforts, and not just industry 
complaints.

Q.2. Is there a way to maintain a top-shelf effective AML/CFT 
policy while maintaining a commitment to increase access to 
financial products for the underbanked and immigrants who rely 
on remittance services?
    I'm interested in the ways in which technology can aid AML 
compliance efforts. What are some of the innovative 
technologies that you've seen that hold some promise for either 
the Government or the private sector?
    What are the barriers to either the Government or the 
private sector adopting these technologies?
    What can we be doing as legislators to ensure that we 
promote technological innovation in this sector?

A.2. The most significant block to adopting new technologies 
is, I believe, a concern that regulators will not recognize the 
use of a new technology as a positive development in 
examinations. I therefore support the creation of a 
technological ``sandbox'', as has been proposed by The Clearing 
House and has been implemented in the U.K. It is important to 
note that the U.K. structure appears to have some specific 
safeguards to protect consumers which they consider to be an 
integral part of their system. U.K. regulators presented their 
approach at a recent FATF industry consultation meeting I 
attended. They stressed the importance of ensuring that 
consumers were protected at all times as innovative approaches 
were being tested, and the U.S. should do the same. In the 
House of Representatives, members are discussing legislative 
language that does not require any of the safeguards present in 
the U.K. system, potentially giving financial institutions an 
unlimited safe harbor for the use of any new technology with no 
Government oversight. This is a significant danger because if a 
financial institution spends the money to integrate new 
technology that, it turns out, isn't as effective as 
alternative methods, they would have no incentive to change 
their approach. They would incur some unwelcome cost for doing 
so and they'd have the security of an unlimited safe harbor, so 
there would be no incentive to act.

Q.3. The regulatory definition of ``financial institution'' has 
been expanded several times over the years, both by FinCEN 
rulemaking and by legislation by Congress.
    Should the definition of financial institutions be expanded 
to include other sectors? If so, which sectors?
    Could these changes be made via FinCEN rulemaking or should 
legislation be passed?

A.3. FATF has identified several of what it calls Designated 
Non-Financial Businesses and Professions, or DNFPB's, as 
businesses and professions that are susceptible for, or can be 
used to play a part in, money laundering. The idea is that 
these businesses and professions should identify who they are 
doing business with, in some cases carry out some customer due 
diligence, and file suspicious activity reports if they think a 
transaction is suspicious.
    The U.S. already requires some DNFBPs to have those AML 
programs, such as casinos and dealers in precious metals and 
stones. Treasury regulations originally also included others, 
including travel agents, those involved in real estate 
closings, and car, plane, and boat dealers, among others, but 
then Treasury gave them a ``temporary'' exemption from the 
requirements with no sunset for that exemption which has now 
been in place for many years. Still others never made it on any 
list, and those four are lawyers, accountants, corporate 
service providers, and escrow agents. For these four, AML 
programs would really be about knowing with whom you are doing 
business and not permitting practitioners in these businesses 
and professions to be able to have plausible deniability that 
they didn't have reason to know or suspect that they were 
providing services that might be laundering dirty money.
    While there are clearly several businesses and professions 
missing from U.S. regulation, I would focus on five of them: 
lawyers, those involved in real estate closings, corporate 
service providers, escrow agents, and accountants.
    Lawyers: Of course criminals need and use legal services. A 
60 Minutes piece that aired last year featured undercover 
footage from an organization called Global Witness, showing 
just how easy it is to walk into a law firm in New York and get 
a lawyer to easily suggest ways in which structures could be 
created to spend money that is clearly the proceeds of 
corruption to buy real estate, planes, etc. One attorney even 
suggested running the dirty money through the lawyer's client 
account to clean it. It was a real eye-opener. In 2010, the 
American Bar Association published what I would characterize as 
sound Voluntary Good Practices Guidance for Lawyers to Detect 
and Combat Money Laundering and Terrorist Financing, but I 
encourage you to ask every lawyer you know if they have 
implemented it. It is unlikely that they have even heard of it. 
This voluntary guidance is simply not enough.
    Escrow Agents: Senate Permanent Subcommittee on 
Investigations' 2010 report Keeping Foreign Corruption Out of 
the United States: Four Case Histories tells the story of how 
one escrow agent, McAfee & Taft, refused to provide escrow 
services to Teodorin Obiang, the corrupt, playboy son of the 
long time dictator of the impoverished Nation of Equatorial 
Guinea, because the anti-money laundering policy they had 
voluntarily put in place prescribed that they do so. Another 
escrow agent without an AML program happily took that money.
    Corporate Service Providers: The Panama Papers showed just 
how entangled corporate service providers like Mossack Fonseca 
can be in facilitating money laundering, corruption, and tax 
evasion. The book Global Shell Games details research by a team 
of American and Australian academics into just how easy it is 
to create an anonymous company to engage in terror finance or 
corruption in different countries around the world through 
corporate service providers. They found that the easiest 
country in which to do so was the United States. One email 
response to the researchers' inquiry from a corporate service 
provider in Florida was, ``[Y]our started purpose could well be 
a front for funding terrorism, and who the f---- would get 
involved in that? Seriously, if you wanted a functioning and 
useful Florida corporation you'd need someone here to put their 
name on it, set up bank accounts, etc. I wouldn't even consider 
doing that for less that 5k a month, and I doubt you are going 
to find any suckers that will do it for less, if at all. If you 
are working with less than serious money, don't waste anybody's 
time here. Using a f------ google account also shows you are 
just a f------ poser and loser. If you have a serious proposal, 
write it up and we will consider it. Your previous message and 
this one are meaningless crap. Get a clue. Just how stupid do 
you think we are?''
    Those Involved in Real Estate: With respect to real estate, 
since July 2016, FinCEN has had geographic targeting orders in 
place in various counties in New York, Florida, Texas, and 
California, requiring title insurance companies to collect 
beneficial ownership information for those entities buying high 
value real estate with cash. They found that about 30 percent 
of the beneficial owners identified by the title companies 
already had SARs filed on them by other financial institutions. 
That's nearly one third. Exposes like The New York Times' 
``Towers of Secrecy'' show just how easy it is for people to 
hide behind anonymous companies and buy real estate with 
proceeds of crime and corruption. It is central to the 2017 
indictment of Paul Manafort and Richard Gates as well.

Q.4. In August 2017, FinCEN issued an advisory encouraging real 
estate brokers to share information with them that could be 
helpful in AML efforts, while noting they are not required to 
do so under current law.
    How do we increase information sharing between real estate 
brokers and FinCEN?

A.4. Voluntary measures will not yield the necessary results 
because it is rare for a business to voluntarily want to lose 
out on a sale or for it to be discovered that if you work with 
a particular agent they may provide information to law 
enforcement about your transcation. Any measure must be 
industrywide and required to maintain a level playing field. It 
is necessary to bring them into the definition of Financial 
Institution. Please see response to previous question.

Q.5. Geographic Targeting Orders (GTOs), which impose 
additional record keeping and reporting requirements on 
domestic financial institutions or nonfinancial trades or 
businesses in a specific geographic area for transactions 
involving certain amounts of United States currency or monetary 
instruments, have been deployed since 2016 to target high-end 
real estate sectors in major metropolitan areas by requiring 
U.S. title insurance companies to identify the natural persons 
behind shell companies used to pay ``all cash'' for high-end 
residential real estate.
    Are GTOs an effective tool or would regulation be a 
preferable way to cover the real estate sector?

A.5. GTOs are an effective tool for the purposes they were 
created--to gather intelligence for specific cases or, as in 
this case, to gather intelligence about the extent of a problem 
to inform decisions about how to move forward. They should not 
be used as a long-term measure. With respect to the Title 
Insurer GTOs, FinCEN now has the information it needs to move 
forward with a rulemaking--there is clearly a problem in the 
real estate industry.
    However, I would note that I would not focus regulation in 
the real estate sector on title insurers, but rather on real 
estate agents, who have the longest and most personal 
relationship with the buyer and are in a much better position 
to identify red flags. Furthermore, it is very easy for a cash 
buyer of real estate to avoid title insurers entirely (which 
launderers have apparently not realized yet). If I'm trying to 
launder money through real estate and I'm making an all-cash 
purchase, I don't need a mortgage and so title insurance isn't 
actually required. If I'm going to flip the property to launder 
the funds, then I'm not too worried about a challenge to title 
down the line (my buyer will get their own title insurance and 
my lack of it doesn't affect that). If I am concerned that the 
title is not clean and it will therefore be difficult to sell 
the property, I can have an attorney carry out a title search 
or I can even do it myself--the search itself is not difficult 
(I would probably need legal assistance to fix any problems I 
found however, if I didn't simply abandon that particular 
purchase). So if I were a money launderer I would simply avoid 
the title insurers and avoid the disclosures entirely.

Q.6. Cryptocurrency exchanges are money services businesses 
supervised by State regulators and subject to Federal AML and 
CFT laws.
    Should FinCEN play an enhanced role in assessing the 
compliance of cryptocurrency exchanges, or are State regulators 
sufficiently equipped to handle compliance monitoring?
    What additional tools could we give regulators and law 
enforcement?
    How prevalent is money laundering in cryptocurrency 
markets?

A.6. There is certainly work do be done in the area of digital 
currency/blockchain technology. I am far from an expert in this 
area, so I will make some recommendations for people to 
contact. Before I do, however, I would note that I was 
concerned by the Treasury representative's statement that they 
felt they had adequately regulated in the digital currency 
space by regulating the exchangers. Technology has moved on, 
and the advent of ``mixers'', which are now used to make it 
incredibly difficult for the exchangers to identify where the 
currency they are exchanging is coming from, makes that 
regulation now insufficient.
    You may wish to reach out to Tom Robinson, COO and 
Cofounder, Elliptic ([email protected]). Elliptic is a company 
that finds ways to identify the ``anonymous'' digital currency 
traders to help with customer due diligence problems associated 
with digital currencies.
    Mr. Robinson recently coauthored a paper entitled ``Bitcoin 
Laundering: An Analysis of Illicit Flows Into Digital Currency 
Services'' with the Foundation for Defense of Democracy's Yaya 
Fanusie, a long-time expert on illicit and terror finance who 
has been researching the linkages between terror finance and 
digital currency. I would recommend reaching out to Mr. Fanusie 
to further explore this area. Yaya Fanusie, Director of 
Analysis, Center on Sanctions and Illicit Finance 
([email protected]).
    Finally, Ms. Jamie Smith, Global Chief Communications 
Officer, The Bitfury Group ([email protected]), is an 
excellent resource as well.
    Both Ms. Smith and Mr. Fanusie have extensive prior 
experience working within U.S. Government agencies and 
understand political context well.
                                ------                                


               RESPONSES TO WRITTEN QUESTIONS OF
           SENATOR CORTEZ MASTO FROM HEATHER A. LOWE

Q.1. What is the most effective action a consumer can take to 
protect against identity theft if the consumer's information 
has been compromised? Please include a detailed description of 
the differences between credit freezes, credit locks, and fraud 
alerts, including how long each takes to activate and 
deactivate and the relative benefits and drawbacks of each.

A.1. Unfortunately, I am not an expert on U.S. consumer banking 
laws and cannot provide an informed response to your question.

Q.2. Many States have laws requiring credit bureaus to provide 
credit freezes. Can you describe what these laws generally 
require and discuss whether it is appropriate for Congress to 
create a Federal standard?

A.2. Unfortunately, I am not an expert on U.S. consumer banking 
laws and cannot provide an informed response to your question.

Q.3. Gaming and tourism are some of Nevada's top industries. In 
the State of Nevada, our gaming operators employ thousands of 
hard working Nevadans, and the industry as a whole domestically 
supports 1.7 million jobs across 40 States. Qualified casinos, 
like financial institutions, are also subject to Banking 
Secrecy Act requirements. Organizations within Nevada have 
suggested that gaming operators would welcome a review of BSA 
requirements, which they find to be burdensome. They look 
forward to this Committee's thoughtful, bipartisan, review of 
BSA requirements that takes into account the security 
imperative for robust anti-money laundering efforts, as well as 
the impact those requirements have on all industries. For 
example, the Suspicious Activity Report (SAR) ($5,000) and the 
Currency Transaction Report (CTR) ($10,000) levels were set 
years ago. Some have recommended increasing these to correspond 
with inflation. Others believe that would be too high but do 
support a higher amount than currently.
    One of the top priorities of the gaming industry is to 
remove the requirement for a detailed factual narrative for 
structuring in the suspicious activity forms. What do you think 
of this recommendation?
    Do you have specific recommendations regarding how the 
gaming industry can benefit from greater communication with 
Government agencies and law enforcement? Is there something the 
Federal Government can do to share information with casinos and 
others filing SARs about broad benefits that may occur because 
of some of the 58,000 SAR forms filed by gaming firms.
    Would the creation of a Qualitative Feedback Mechanism help 
reduce money laundering and terrorist financing? Should the 
Secretary of the Treasury establish a mechanism to communicate 
anti-money laundering (AML) and countering terrorism financing 
(CTF) priorities to financial institutions, gaming 
establishments, and Federal financial regulators? Could such a 
mechanism provide qualitative feedback on information shared by 
financial institutions with the Department of Treasury, 
including CTRs and SARs? Please describe the pros and cons of 
such a system.

A.3. Financial Institutions file SARs because they believe that 
activity is suspicious, and descriptions of what they saw that 
seemed suspicious is important information for law enforcement. 
SARs are subject to automated data analysis and human review, 
and the narratives provide information that may seem 
unimportant alone, but takes on greater significance when 
reviewed in light of other SARs. I would not remove the 
narrative requirement unless law enforcement takes the position 
that it is of limited value.
    Lack of feedback from the Government on what happens to 
SARs and CTRs has long been a complaint of Financial 
Institutions. I once highlighted a seminal case regarding tax 
evasion and money laundering at an international AML seminar in 
Florida. A very excited compliance officer from the U.S. Virgin 
Islands approached me after presentation--she had been the 
person to file the SAR that resulted in the case and she had 
never known what had happened to it. She was thrilled that her 
actions had made a difference. I believe that we would have a 
much more robust AML defense system in the U.S. if more bankers 
and compliance officers were given such opportunities to feel 
like their actions really made a difference. Therefore, I am in 
favor of initiatives like FinCEN Exchange, announced in 
December, to enhance information sharing with Financial 
Institutions. I would strongly recommend that the gaming 
industry engage with FinCEN quickly to ensure that this 
initiative is set up for the gaming industry in a way that 
results in practical and meaningful exchange of information 
with the Government as opposed to something less useful.
    I am wary when it comes to the Government setting AML 
priorities for the industry. It already happens to some extent, 
but I would strongly caution against actually transferring 
responsibility for setting AML priorities for individual 
Financial Institutions from those institutions to FinCEN. 
Financial Institutions are best placed to understand their 
business and their systems and the money laundering risks 
inherent therein, and create the systems that work best in 
their business models to combat money laundering. FinCEN and/or 
other regulators should review those assessments but cannot be 
responsible for carrying them out.

Q.4. The Office of the Comptroller of the Currency mentioned in 
its 2018 Banking Operating Plan that financial institutions 
should not inadvertently impair financial inclusion. But, as of 
September 2017, the OCC has not identified any specific issues 
they plan to address. We know that derisking has become an 
epidemic across many communities and industries, such as 
communities along the Southwest border, humanitarian 
organizations aiding Nations wracked with violence, and 
remittances providers that serve fragile Nations like Somalia.
    What type of guidance could the OCC, FinCEN, FDIC, and the 
Federal Reserve provide to help banks meet the banking needs of 
legitimate consumers and businesses that are at risk of losing 
access--or have already lost access?

A.4. My organization focuses on the movement of illicit money 
out of developing countries the effect of that financial flow 
for development, and not financial flows into developing 
countries, so we have not focused a great deal on the 
remittances and nonprofit issues. Nonprofit organizations like 
the Charity and Security Network, Oxfam, and the Center for 
Global Development, and intergovernmental organizations such as 
the World Bank, the IMF, the OECD and others have been doing a 
great deal more research in this area and I would recommend 
speaking with them for more developed and far-reaching 
recommendations.
    Having said that, there are three somewhat different 
problems in the derisking area with root causes that are not 
all AML-related, and I think that is a really important point 
here. One is that banks that are no longer willing to provide 
banking services to money service businesses (MSBs) that are 
the primary movers of remittances. Second is banks choosing not 
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a 
combination of both these first and second categories.) Third, 
is the problem of banks choosing not to provide banking 
services for charities/nonprofits. These are related issues, 
but not the same issues. Something to bear in mind as well is 
that the World Bank has found that the cost of transmitting 
remittances has actually decreased over the past several years, 
suggesting that some of the problems in the sector may really 
be location specific, such as with Somalia, as opposed to being 
as widespread as discussion on this topic might suggest.
    In 2012 and the following 2 years, FATF Recommendations and 
related guidance were published relating to risks posed by 
nonprofits and risks posed by MSBs. That guidance suggested 
that those entire sectors were particularly vulnerable to money 
laundering with no nuance, which resulted in banks categorizing 
them all as high risk, regardless of the nature of those 
businesses, the strength of their compliance programs, their 
clientele, or other risk assessment factors. The general 
refrain from banks was that it was too costly to do proper AML 
vetting on all these ``high risk'' entities. Banks also said 
they were pulling out of high risk areas because of an increase 
in fines and penalties, but very few fines/penalties have been 
levied related to servicing MSB or nonprofit clients, which 
begs the question of whether this reaction was simply 
disproportionate or driven by other motives, such as an excuse 
to get out of these relatively low-margin lines of business.
    For example, Barclays in the U.K. caused a bit of a crisis 
when it closed the accounts of the vast majority of the money 
service businesses it serviced. But it held on to MSBs with 
assets of $10m or more. However, the significant MSB money 
laundering case on record actually relates to Western Union, 
one of the world's largest and well-capitalized MSBs. Barclays' 
decision to jettison smaller MSB accounts was made not in 
relation to actual enforcement trends, how good their MSB 
clients' compliance programs were, or other risks relating to 
the individual MSB's business or other relevant factors, it was 
made on whether the bank wanted to keep that capitalization or 
not and bother to continue servicing smaller accounts where its 
margin was smaller and getting smaller because of compliance 
costs. It would be interesting to find out pre-2012 margins on 
these business lines versus post-2012 margins so that Congress 
has a frame of reference for what a bank consider an 
unacceptable margin in these business lines.
    And that raises an important point in all of this that is 
very often missed. There has been huge bank consolidation 
leading to behemoth banks that do not consider providing 
services to smaller account holders to be worth the cost. (In 
our experience, smaller, local banks rarely provide adequate 
international transfer services and did not do so prior to AML 
regulation.) We see that every day as banking fees for people 
who have little savings climb while those who have sizable 
accounts have no fees at all. Banks are doing everything they 
can to increase their profit margins with little regard to the 
effect on the average account holder. That's today's business 
model, and bank decisions regarding MSB and nonprofit account 
holders are driven in large part by this model. Furthermore, 
the Center for Global Development put out a report on derisking 
in 2015. In that report, they noted that some banks have 
``derisked'' and then beefed up their own money transmitter 
services, suggesting a possible move to undermine competition 
and seize the market themselves.
    So there are problems, some of which are not actually AML 
related, but the following are some measures that can be taken 
in the AML sphere to help in this area:

    Better nuanced Recommendations and guidance from 
        FATF and regulators is needed.

      In October 2014, FATF spoke out against blanket 
        derisking and said that FIs should derisk only on a 
        case by case basis. FinCEN, the FDIC, and the OCC 
        followed that up asking banks to come to the regulators 
        if they felt pressure to terminate an MSB relationship. 
        Other regulators have followed.

      Unfortunately it seems that there is no hard data 
        to be able to measure what has happened in the market 
        since.

      After an outcry from the global nonprofit 
        community, FATF revised its guidance with respect to 
        the problematic Recommendation 8, but I think it still 
        needs further revision and U.S. Treasury could use its 
        influence to make that happen. Please contact Kay 
        Guinane at the Charity and Security Network for further 
        information ([email protected]).

    Banks should have access to information from FinCEN 
        about whether an MSB has been the subject of formal 
        warnings/cease and desists which are not public 
        information, so that they can better judge the strength 
        of an MSB's compliance program and its weaknesses.

    Create a low-cost certification scheme for smaller 
        MSBs. Such a scheme would create benchmarks for MSB 
        compliance programs, similar to what has been done in 
        the development of an ISO standard for anticorruption 
        compliance. This could perhaps be subsidized by a fund 
        the big banks pay into for the smaller MSBs.

    One element of compliance cost is identifying the 
        true owners and controllers of MSBs and charities, as 
        well as the remitters themselves. Transparency about 
        who owns and controls companies would be a real help 
        with that.

    National ID schemes for individuals around the 
        world are also important. India leading the way in 
        effectively doing this in rural populations living in 
        poverty--the hardest to reach and often recipients of 
        remittances. While it may seem to be outside of 
        Congress' remit, USAID has financially supported these 
        initiatives in the past and Congress could prioritize 
        funding to USAID to continue and/or increase this work.

Q.5. Last year, the Countering Iran's Destabilizing Activities 
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it 
required the Treasury Department to publish a study by May 1, 
2018, on two issues:
    Somali Remittances: The law required the U.S. Department of 
Treasury to study if banking regulators should establish a 
pilot program to provide technical assistance to depository 
institutions and credit unions that wish to provide account 
services to money services businesses serving individuals in 
Somalia. Such a pilot program could be a model for improving 
the ability of U.S. residents to make legitimate funds 
transfers through easily monitored channels while preserving 
strict compliance with BSA.
    Sharing State Banking Exams: The law also required Treasury 
to report on the efficacy of money services businesses being 
allowed to share certain State exam information with depository 
institutions and credit unions to increase their access to the 
banking system.
    Have you or your organization been involved with these 
Treasury studies?
    What advice did you give--or would you give--on the pilot 
studies?

A.5. I have not been involved with either of these Treasury 
studies because other organizations have been leading research 
and advocacy on remittance issues. They may have been involved 
in and/or consulted on these issues. Please contact: Kay 
Guinane, Director of the Charity and Security Network 
([email protected]); Vijaya Ramachandran, Senior 
Fellow at the Center for Global Development 
([email protected]).

Q.6. In 2016, William and Margaret Frederick were moving from 
Ohio to Las Vegas. Unfortunately, it is alleged that the title 
company they used in Columbus, Ohio, fell for an email scam and 
wired the $216,000 profit from their home sale to a hacker, not 
to the Fredericks. William is 83 and Margaret is 75 and as of 
October, they were still trying to get their money back. While 
the Fredericks' tale is now a court case to determine who was 
responsible for the fraudulent information, we know that the 
Fredericks' experience is ``very typical'' of scams that divert 
an estimated $400 million a year from title companies into 
bogus accounts.
    Please describe the responsibilities of financial firms to 
avoid these frauds?
    What penalties should be assessed and by which agencies 
when financial firms enable theft?
    What is the role for the Consumer Financial Protection 
Bureau to ensure financial firms protect their customers' money 
and information?

A.6. As noted above, I am not an expert on U.S. consumer 
banking laws and cannot provide an informed response to your 
question with respect to CFPB. Your question regarding the 
title insurance company's culpability is a fact-specific 
question of criminal or tortious liability that I am unable to 
answer in this format, and does not relate to money laundering.

Q.7. In 2014, FinCEN issued an advisory with human trafficking 
red flags, to aid financial institutions in detecting and 
reporting suspicious activity that may be facilitating human 
trafficking or human smuggling.
    To what extent do you assess that financial institutions 
are currently utilizing these red flags, in order to better 
assess whether their banks are being used for to finance human 
trafficking? If institutions are not widely utilizing the red 
flags, what actions is FinCEN taking to encourage them to do 
so?

A.7. I have not seen any data pertaining to the number of SARs 
filed in relation to human trafficking or smuggling in the 
United States, so I do not have enough information to provide 
an accurate assessment. FinCEN has an online tool that can be 
used to look at the number of SARs filed with respect to 
specific activities, but unfortunately human trafficking is not 
one of the categories. However, anecdotally I can say that 
human trafficking and human smuggling are issues where I have 
seen a relatively large number of training programs offered to 
compliance personnel in recent years. It is therefore on the 
radar of compliance personnel in the U.S. at least. I would 
recommend that you reach out to FinCEN for an answer to this 
question and, if they are not currently collecting statistics 
to be able to answer this question, ask or legislate for them 
to do so. You might also reach out to Polaris for further 
discussions on the intersection between money laundering and 
human trafficking.

Q.8. What are the pros and cons of reducing or eliminating the 
standards requiring SARs filing for insider abuse (i.e., 
employee misconduct)?

A.8. I do not have a strong opinion about this issue. 
Logically, however, I think it is helpful for FinCEN to know 
the identifying information of people who have been found by 
financial institutions to be engaging in fraudulent activity or 
other malfeasance, and for the CFPB to be aware of the same if 
it involved harm to consumers, but I do not necessarily think a 
SAR is likely to be the most effective way to communicate that.

Q.9. The common expectation is that any financial institution 
subjected to a cyberattack would be in touch with law 
enforcement about whether or not it's required to file an SAR. 
What are the pros and cons of eliminating SAR filing 
requirement for cyberattacks against financial institutions?

A.9. Cyberattacks are an ever-growing threat to the financial 
services sector and, therefore, to the business and individual 
consumers with accounts at financial institutions. A great deal 
of personal information is collected and held by financial 
institutions, so they are a particular target for that reason 
as well. I think FinCEN does a good job of explaining why they 
want cyberattacks to be reported in SAR form, how they have 
used such information in the past, and what information is most 
useful for them in a SAR relating to cyberattacks in an October 
2016 Advisory. In December 2017, news broke in the U.K. that 
the U.K.'s Financial Conduct Authority had found that U.K. 
banks were significantly under-reporting the full extent of 
cyberattacks. As history has shown in a number of AML-related 
areas, it is unlikely that U.S. banks are reporting more 
rigorously. This puts not only account holders at risk, but the 
entire fabric of our financial system.

Q.10. As you know, under current regulations, FinCEN currently 
exempts a range of institutions from the requirement to 
maintain an anti-money laundering program. The list of exempted 
institutions includes ``pawnbrokers,'' ``private bankers,'' 
``seller of vehicles, including automobiles, airplanes and 
boats,'' as well persons ``involved in real estate closings and 
settlements'' among others.
    In your view, what are some of the most glaring exemptions 
on this list?
    Are there any additional categories of institution, such as 
persons involved in the art market or lawyers that should be 
required to establish minimum anti-money laundering program 
requirements?

A.10. FATF has identified several of what it calls Designated 
Non-Financial Businesses and Professions, or DNFPB's, as 
businesses and professions that are susceptible for, or can be 
used to play a part in, money laundering. The idea is that 
these businesses and professions should identify who they are 
doing business with, in some cases carry out some customer due 
diligence, and file suspicious activity reports if they think a 
transaction is suspicious.
    The U.S. already requires some DNFBPs to have those AML 
programs, such as casinos and dealers in precious metals and 
stones. Treasury regulations originally also included others, 
including travel agents, those involved in real estate 
closings, and car, plane, and boat dealers, among others, but 
then Treasury gave them a ``temporary'' exemption from the 
requirements with no sunset for that exemption which has now 
been in place for many years. Still others never made it on any 
list, and those four are lawyers, accountants, corporate 
service providers, and escrow agents. For these four, AML 
programs would really be about knowing with whom you are doing 
business and not permitting practitioners in these businesses 
and professions to be able to have plausible deniability that 
they didn't have reason to know or suspect that they were 
providing services that might be laundering dirty money.
    While there are clearly several businesses and professions 
missing from U.S. regulation, I would focus on five of them: 
lawyers, those involved in real estate closings, corporate 
service providers, escrow agents, and accountants.
    Lawyers: Of course criminals need and use legal services. A 
60 Minutes piece that aired last year featured undercover 
footage from an organization called Global Witness, showing 
just how easy it is to walk into a law firm in New York and get 
a lawyer to easily suggest ways in which structures could be 
created to spend money that is clearly the proceeds of 
corruption to buy real estate, planes, etc. One attorney even 
suggested running the dirty money through the lawyer's client 
account to clean it. It was a real eye-opener. In 2010, the 
American Bar Association published what I would characterize as 
sound Voluntary Good Practices Guidance for Lawyers to Detect 
and Combat Money Laundering and Terrorist Financing, but I 
encourage you to ask every lawyer you know if they have 
implemented it. It is unlikely that they have even heard of it. 
This voluntary guidance is simply not enough.
    Escrow Agents: Senate Permanent Subcommittee on 
Investigations' 2010 report Keeping Foreign Corruption Out of 
the United States: Four Case Histories tells the story of how 
one escrow agent, McAfee & Taft, refused to provide escrow 
services to Teodorin Obiang, the corrupt, playboy son of the 
long time dictator of the impoverished Nation of Equatorial 
Guinea, because the anti-money laundering policy they had 
voluntarily put in place prescribed that they do so. Another 
escrow agent without an AML program happily took that money.
    Corporate Service Providers: The Panama Papers showed just 
how entangled corporate service providers like Mossack Fonseca 
can be in facilitating money laundering, corruption, and tax 
evasion. The book Global Shell Games details research by a team 
of American and Australian academics into just how easy it is 
to create an anonymous company to engage in terror finance or 
corruption in different countries around the world through 
corporate service providers. They found that the easiest 
country in which to do so was the United States. One email 
response to the researchers' inquiry from a corporate service 
provider in Florida was, ``[Y]our started purpose could well be 
a front for funding terrorism, and who the f---- would get 
involved in that? Seriously, if you wanted a functioning and 
useful Florida corporation you'd need someone here to put their 
name on it, set up bank accounts, etc. I wouldn't even consider 
doing that for less that 5k a month, and I doubt you are going 
to find any suckers that will do it for less, if at all. If you 
are working with less than serious money, don't waste anybody's 
time here. Using a f------ google account also shows you are 
just a f------ poser and loser. If you have a serious proposal, 
write it up and we will consider it. Your previous message and 
this one are meaningless crap. Get a clue. Just how stupid do 
you think we are?''
    Those Involved in Real Estate: With respect to real estate, 
since July 2016, FinCEN has had geographic targeting orders in 
place in various counties in New York, Florida, Texas, and 
California, requiring title insurance companies to collect 
beneficial ownership information for those entities buying high 
value real estate with cash. They found that about 30 percent 
of the beneficial owners identified by the title companies 
already had SARs filed on them by other financial institutions. 
That's nearly one third. Exposes like The New York Times' 
``Towers of Secrecy'' show just how easy it is for people to 
hide behind anonymous companies and buy real estate with 
proceeds of crime and corruption. It is central to the 2017 
indictment of Paul Manafort and Richard Gates as well.

Q.11. In recent years we've witnessed a seemingly endless 
string of money laundering violations by some of the largest 
global banks, with Deutsche Bank being the most recent megabank 
to disregard the anti-money laundering requirements contained 
in the Bank Secrecy Act.
    Given that large megabanks continued to disregard their 
obligations under the law, what in your view should this 
Committee do to ensure compliance, particularly by the largest 
global banks?

A.11. Unfortunately for the banking community, many of the high 
profile, incredibly egregious cases that involve the biggest 
banks in the world have eroded public trust that banks will 
indeed act in a manner that is law-abiding and actively try to 
turn away proceeds of crime. Even many bankers lack faith in 
their institutions. You may find a 2015 study by the University 
of Notre Dame and the law firm of Labaton Sucharow, entitled 
``The Street, the Bull, and the Crisis'', to be of interest. 
The researchers surveyed more than 1,200 U.S. and U.K.-based 
financial services professionals to examine views on workplace 
ethics, the nexus between principles and profits, the state of 
industry leadership and confidence in financial regulators. As 
the report states, ``The answers are not pretty. Despite the 
headline-making consequences of corporate misconduct, our 
survey reveals that attitudes toward corruption within the 
industry have not changed for the better.''
    There are forms of enforcement that we have not been 
pursuing that I believe would be highly dissuasive. The first 
is prosecuting the individuals that are behind the decisions 
that are resulting in these money laundering violations. When a 
banker sees his or her colleague being prosecuted for decisions 
that bring the proceeds of crime into the bank, he or she will 
be careful not to do the same. Second, prosecution of financial 
institutions has historically been for regulatory violations of 
the BSA as opposed to the criminal act of money laundering, 
even when the hallmarks of a clear money laundering case are 
present. We need to begin to criminally prosecute these 
entities as well. Finally, when a financial institution is 
convicted of or pleads guilty to felonious behavior, it must 
trigger any cross-debarments that we have built into our legal 
system. For example, Credit Suisse should have lost its status 
as a Qualified Professional Asset Manager (QPAM) in 2014 by 
virtue of its conviction for facilitating large-scale tax 
evasion by Americans. However, as with several similar cases 
which preceded it, the Department of Labor waived Credit 
Suisse's disqualification and allowed the bank to continue to 
enjoy this ``privileged'' status under U.S. law that meant that 
the bank had to meet fewer regulatory requirements in its 
handling of U.S. pension funds--something we tend to try to 
keep felons away from for public policy reasons.

Q.12. Despite record fines, rarely have the individuals who run 
the largest global banks been held accountable for their firms' 
willful disregard of anti-money laundering and counterterrorism 
financing rules included in the Bank Secrecy Act.
    Can you discuss why we've seen such low levels of 
individual accountability for such violations? To what degree 
does the lack of clear chains of responsibility within large 
firms contribute to the lack of accountability among senior 
leaders?

A.12. The Department of Justice is the most appropriate body to 
answer this question because it is the body that has taken 
these decisions based on the evidence before it, prosecution 
guidelines, and cost/benefit analysis. However, there have 
certainly been a few cases where information made publicly 
available the Statement of Facts attached to relevant Deferred 
Prosecution Agreements, such as excerpts from emails between 
executives, strongly suggested that there was sufficient 
evidence to bring individuals to trial in certain cases, and 
yet we did not see that happen. When I have asked the DOJ about 
this, they have responded that they did not feel that they had 
sufficient evidence to move forward with prosecution.
    After receiving a fair amount of criticism about this, in 
September 2015 the DOJ released a memo outlining its intention 
to more frequently prosecute individuals. It would be 
worthwhile to ask for the DOJ for statistics around 
prosecutions of individuals before and after the publication of 
the memo. It is possible that we are seeing the first 
significant example of this approach being applied to a large 
bank money laundering case in the case of Rabobank, as I 
explain more fully in a recent blog post that was heavily 
quoted in the press. It will be important to keep an eye on 
whether individual executives are prosecuted in that case for 
the reasons outlined in the blog.

Q.13. Just as the success of the BSA is reliant on good 
behavior by individual employees of financial institutions, the 
efficacy of the BSA also depends on regulatory and supervisory 
accountability. U.S. anti-money laundering efforts in recent 
years at times failed to recognize the cumulative effect of the 
violations they cited, leading them to permit massive problems 
to occur before any serious enforcement actions were taken.
    What in your view should be done to address this problem 
and ensure that regulators are holding repeat violators of the 
Bank Secrecy Act accountable?
    To your knowledge, to what extent are Bank Secrecy Act 
deficiencies currently factored into the management aspect of 
firms' CAMELS rating?

A.13. It seems clear that any policies in place regarding 
number and nature of infractions leading to escalation in 
enforcement actions are either insufficient or not adhered to. 
Either way, this is an area that could certainly benefit from 
Congressional review. Policies on elevation/escalation need to 
be clear, proportionate, and enforced in a way that results in 
meaningful adjustments/reforms being carried out by banks when 
they have been the subject of violation notices.
    While I think the revolving door issue is a tricky one (we 
want experienced people in Government and in financial 
institutions and they should have the ability to progress their 
careers), I am concerned that there may not be sufficient 
safeguards preventing regulators from moving directly to work 
for the banks that they have been regulating. In the recent 
Rabobank case, Rabobank's OCC examiner put Rabobank under a 
Formal Agreement (requiring reform of their AML compliance 
program), and then while that Formal Agreement was still in 
place, she was hired by Rabobank as a senior executive 
overseeing compliance at the bank. According to Rabobank's Plea 
Agreement and accompanying Information, the OCC released 
Rabobank form that Formal Agreement within the year, although 
bank employees reported that nothing substantial having changed 
within the bank's compliance program in that time. Whether or 
not the executive used her close ties to the OCC to get the 
Formal Agreement dismissed, measures should be put in place to 
ensure that the revolving door does not allow this type of 
situation to arise.

              Additional Material Supplied for the Record
               COUNTERING INTERNATIONAL MONEY LAUNDERING
               
               
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
               
               
               
                  LETTER SUBMITTED BY THE FACT COALITION



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


  STATEMENT SUBMITTED BY THE INDEPENDENT COMMUNITY BANKERS OF AMERICA


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


       LETTER SUBMITTED BY THE CREDIT UNION NATIONAL ASSOCIATION



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]