[Senate Hearing 115-158]
[From the U.S. Government Publishing Office]
S. Hrg. 115-158
COMBATING MONEY LAUNDERING AND OTHER FORMS OF ILLICIT FINANCE:
OPPORTUNITIES TO REFORM AND STRENGTHEN BANK SECRECY ACT ENFORCEMENT
=======================================================================
HEARING
before the
COMMITTEE ON
BANKING,HOUSING,AND URBAN AFFAIRS
UNITED STATES SENATE
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
ON
EXAMINING THE ISSUES UNDERLYING THE MODERNIZATION OF SYSTEMS DESIGNED
TO COMBAT MONEY LAUNDERING, TERRORIST FINANCING, CORRUPTION, WEAPONS
PROLIFERATION, SANCTIONS EVASION, AND OTHER THREATS
__________
JANUARY 9, 2018
__________
Printed for the use of the Committee on Banking, Housing, and Urban
Affairs
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available at: http://www.govinfo.gov/
______
U.S. GOVERNMENT PUBLISHING OFFICE
28-675 PDF WASHINGTON : 2018
COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS
MIKE CRAPO, Idaho, Chairman
RICHARD C. SHELBY, Alabama SHERROD BROWN, Ohio
BOB CORKER, Tennessee JACK REED, Rhode Island
PATRICK J. TOOMEY, Pennsylvania ROBERT MENENDEZ, New Jersey
DEAN HELLER, Nevada JON TESTER, Montana
TIM SCOTT, South Carolina MARK R. WARNER, Virginia
BEN SASSE, Nebraska ELIZABETH WARREN, Massachusetts
TOM COTTON, Arkansas HEIDI HEITKAMP, North Dakota
MIKE ROUNDS, South Dakota JOE DONNELLY, Indiana
DAVID PERDUE, Georgia BRIAN SCHATZ, Hawaii
THOM TILLIS, North Carolina CHRIS VAN HOLLEN, Maryland
JOHN KENNEDY, Louisiana CATHERINE CORTEZ MASTO, Nevada
JERRY MORAN, Kansas DOUG JONES, Alabama
Gregg Richard, Staff Director
Mark Powden, Democratic Staff Director
Elad Roisman, Chief Counsel
John O'Hara, Chief Counsel for National Security Policy
Sierra Robinson, Professional Staff Member
Elisha Tuku, Democratic Chief Counsel
Colin McGinnis, Democratic Policy Director
Dawn Ratliff, Chief Clerk
Cameron Ricker, Deputy Clerk
James Guiliano, Hearing Clerk
Shelvin Simmons, IT Director
Jim Crowell, Editor
(ii)
C O N T E N T S
----------
TUESDAY, JANUARY 9, 2018
Page
Opening statement of Chairman Crapo.............................. 1
Opening statements, comments, or prepared statements of:
Senator Brown................................................ 2
WITNESSES
Greg Baer, President, The Clearing House Association............. 4
Prepared statement........................................... 29
Responses to written questions of:
Senator Brown............................................ 58
Senator Sasse............................................ 62
Senator Tillis........................................... 70
Senator Warner........................................... 75
Senator Cortez Masto..................................... 79
Dennis M. Lormel, President and Chief Executive Officer, DML
Associates, LLC, and Former Chief, FBI Financial Crimes Program 5
Prepared statement........................................... 35
Responses to written questions of:
Senator Brown............................................ 86
Senator Sasse............................................ 87
Senator Tillis........................................... 96
Senator Warner........................................... 100
Senator Cortez Masto..................................... 105
Heather A. Lowe, Legal Counsel and Director of Government
Affairs, Global Financial Integrity............................ 7
Prepared statement........................................... 46
Responses to written questions of:
Senator Brown............................................ 111
Senator Sasse............................................ 117
Senator Tillis........................................... 124
Senator Warner........................................... 130
Senator Cortez Masto..................................... 134
Additional Material Supplied for the Record
Countering International Money Laundering........................ 145
Letter submitted by the FACT Coalition........................... 174
Statement submitted by the Independent Community Bankers of
America........................................................ 176
Letter submitted by the Credit Union National Association........ 178
(iii)
COMBATING MONEY LAUNDERING AND OTHER FORMS OF ILLICIT FINANCE:
OPPORTUNITIES TO REFORM AND STRENGTHEN BANK SECRECY ACT ENFORCEMENT
----------
TUESDAY, JANUARY 9, 2018
U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.
The Committee met at 10:04 a.m., in room SD-538, Dirksen
Senate Office Building, Hon. Mike Crapo, Chairman of the
Committee, presiding.
OPENING STATEMENT OF CHAIRMAN MIKE CRAPO
Chairman Crapo. This hearing will come to order.
Today's hearing is the first of two currently planned
hearings to explore the difficult issues underlying modernizing
a decades-old system designed to combat money laundering,
terrorist financing, corruption, weapons proliferation,
sanctions evasion, and a host of other threats.
Our Nation's financial industry has long worked on the
front lines of preserving the integrity of the United States
and international financial systems and in partnership with our
Government since at least when the Bank Secrecy Act was first
enacted, in 1970, and the phrase ``anti-money laundering''--or
AML--was coined a few years later.
From its tax and narcotics beginnings, the BSA, its
regulations, and other supporting laws have evolved into a mass
of counter-threat-finance regulatory requirements designed to
focus the industry's attention on an ever-expanding set of
domestic and foreign threats to the Nation.
These threats were brought to the forefront of Americans'
hearts and minds and have only increased after the terrorist
attacks of September 11, 2001, and, in response, the enactment
of the PATRIOT Act.
The threats against our Nation, our people, and our
financial system are real. Everyone sees these threats. One
only needs to turn on a TV or read an article about corruption,
drugs, or a terrorist attack and wonder about the money that
had to be involved to make it happen or the profits that came
as a result.
Illicit money enables bad people to do the worst of things
in this world. Where does it come from? Where does it go? And
who has it now? These questions will always need to be asked
and answered.
In fact, these questions are being answered, whether they
always know it or not, by an entire industry of technical and
financial professionals dedicated to managing the day-to-day
BSA and other threat finance compliance requirements of our
financial institutions.
They do the hard work of monitoring hundreds of millions of
financial transactions and producing millions of reports so
that law enforcement and security professionals can do their
jobs of managing an increasingly complex domestic and
international threat picture.
But a lot has changed in this nearly 50 years that have
passed since the BSA was enacted. Certainly the sophistication,
types, and numbers of threats have increased. The regulations
that focus the financial industry's attention on suspicious
activities have also increased. So, too, have the resources
that are expended and paid by industry and Government alike to
maintain a constant vigilance over threats to the financial
system.
It is incumbent on this Committee to then ensure that all
of this work and the resources involved result in a ``high
degree of usefulness'' in protecting this Nation, as intended
by the BSA itself.
I welcome each of our witnesses today whose individual
expertise in financial regulation, law enforcement, and
financial transparency together will help inform the Committee
of potential ways to sharpen the focus, sustainability, and
enforcement of a modernized, more efficient U.S. counter-
threat-finance architecture.
Getting this right saves lives. Period.
This is a bipartisan issue.
This is both an American and a global issue.
I look forward to working with Senator Brown and all
Members of the Committee to see that the needs of the
stakeholders in this important work are critically examined and
addressed in order to modernize a system that benefits so many,
at home and abroad.
Senator Brown.
OPENING STATEMENT OF SENATOR SHERROD BROWN
Senator Brown. Thank you, Mr. Chairman, for this important
hearing, the first of two this month in which the Committee
will look at ideas for strengthening and reforming our laws to
combat money laundering and illicit financial transactions.
Some of the world's largest banks and their foreign
partners have run afoul of these laws. In some cases they had
inadequate anti-money laundering oversight and compliance
regimes. Other banks willfully and persistently violated U.S.
bank secrecy, sanctions, and anti-corruption laws.
In fact, the GAO concluded last year that from 2009 to 2015
about $12 billion was collected in fines and penalties and
forfeitures from financial institutions for violations of the
Bank Secrecy Act, the Foreign Corrupt Practices Act, and U.S.
sanctions requirements.
These laws are all tools that aid the Federal Government in
detecting and disrupting and inhibiting financial crimes,
terrorist financing, bribery, and corruption.
During that same period, Federal agencies assessed more
than $5 billion specifically for Bank Secrecy Act violations.
When one widens the lens and reaches back to 2005, that number
grows larger, much larger.
Many of these banks violated U.S. anti-money laundering and
sanctions laws by knowingly facilitating financial transactions
for rogue jurisdictions like Burma and Iran and Sudan and Libya
and Syria.
Some conducted transactions with individuals or entities
affiliated with terrorist organizations and drug cartels in
violation of U.S. law. Many violated the law for several years.
And in some cases, foreign affiliates of banks operating in the
U.S. were working actively to circumvent the compliance systems
of their own banks.
These are not victimless crimes. For example, money
laundering on behalf of drug cartels has a direct line to the
opioid epidemic in my State, where more die of opioid overdoses
than any State in the country. These drug cartels have a direct
line to the opioid epidemic in Ohio, where Sinaloa cartel
actors have been active in robbing so many families of sisters
and husbands and parents and children.
These types of violations should concern those who argue we
should loosen laws or regulations or oversight in this area.
These laws have been critical in protecting the integrity of
our financial system.
That said, we should assess whether there are ways to
responsibly update and strengthen the anti-money laundering
framework, including through new measures to require beneficial
ownership information when companies are formed in the U.S.
Right now the U.S. has the dubious distinction of being a haven
for anonymous shell companies. That needs to end so that law
enforcement can stanch the flow of money into illegal activity.
Broadening information sharing may make sense, but
important questions about privacy protections, of course, must
be answered. We should focus on sharpening suspicious activity
reporting and bolstering efforts by law enforcement to give
banks guidance on what to look for, instead of substantially
raising currency reporting thresholds.
There are many tough questions for the Committee to
consider on these issues. I welcome our distinguished
witnesses, and I look forward to the comments of the panel.
Thanks, Mr. Chairman.
Chairman Crapo. Thank you very much, Senator Brown.
We appreciate our witnesses' being with us today, and I
want to remind the witnesses that we have asked that you each
keep your initial presentation to 5 minutes so that we can have
time for our questions and answers; also, to remind the
Senators that they should keep their questions to a 5-minute
period.
Our witnesses today are Mr. Greg Baer, president of The
Clearing House Association; Mr. Dennis Lormel, president and
CEO of DML Associates and a former Chief of the FBI Financial
Crimes Program; and Ms. Heather Lowe, the legal counsel and
director of Government affairs of Global Financial Integrity.
Again, we appreciate all of you being with us today, and,
Mr. Baer, you may proceed.
STATEMENT OF GREG BAER, PRESIDENT, THE CLEARING HOUSE
ASSOCIATION
Mr. Baer. Thank you. Chairman Crapo, Ranking Member Brown,
and Members of the Committee, I appreciate the chance to
testify before you today.
Over the past year, the Clearing House has convened off-
the-record symposia on the AML/CFT system and produced a
comprehensive report. We included a wide range of stakeholders
from banking, data science, diplomacy, and global development.
We emphasized law enforcement input, which included former
senior officials at Treasury's Office of Terrorism and
Financial Intelligence, former FinCEN Directors, the former
Chief of the AML Unit at the SDNY, and numerous former
officials from Justice, DEA, IRS, Customs, and Scotland Yard.
The consensus, reflected in our report, is that our current
AML/CFT system is extraordinarily inefficient, outdated, and
driven by perverse incentives.
Collectively, U.S. financial firms act as an intelligence-
gathering agency for law enforcement and national security,
employing thousands of people and spending billions of dollars.
That collective agency currently yields much extremely valuable
intelligence, but a fraction of what a modernized, properly
targeted regime could achieve.
An effective approach to AML/CFT should be risk-based,
devoting the greatest majority of resources to the most
dangerous activity. Unfortunately, banks have been pushed away
from risk-based approaches because their performance is graded
not by law enforcement or national security officials but,
rather, by bank examiners, who do not track how the
intelligence is actually used. Instead, those auditors focus on
what they know: policies, procedures, and quantifiable
metrics--for example, the number of computer alerts generated.
So, for example, if a bank were to start a financial
intelligence unit focused on the opioid crisis, it would likely
receive no examination credit for that activity. It would
receive blame if a diversion of resources caused it to fail to
file a SAR in another area.
What gets measured gets done, and providing valuable
intelligence to law enforcement or national security does not
get measured. According to bank analysis, there is little to no
governmental analysis. For the average SAR filing, there is a
less than 10 percent chance that any law enforcement follow-up
will occur. For certain categories of SARs--structuring,
insider abuse, and here insider abuse includes teller crimes--
the yield is close to 0 percent, and those SARs--insider abuse
and structuring--now represent a majority of the SARs filed.
Furthermore, banks know that the fastest way to get in
regulatory trouble is failure to file a SAR that an examiner
subsequently determined should have been filed. Therefore, they
reportedly spend more time documenting decisions not to file
SARs, papering the file, than they do following up on the SARs
they do file. In other words, they focus on the noise, not on
the signal.
To file SARs, in practice, almost all banks hire one of a
handful of vendors who construct rules for generating alerts--
for example, three cash deposits between $5,000 and $10,000 in
a 3-week period, or a wire transfer over $1,000 to a high-risk
country, say Mexico. These crude rules generate numerous
alerts, and bank investigators must then decide whether to
clear the alert or file a SAR. And examiners will criticize
thresholds that do not generate a large number of alerts. Of
course, it is widely understood that sophisticated criminals
know these rules, as the software is for sale and widely
distributed, and its rules do not change much over time.
Consider then the potential for revolutionary change that
artificial intelligence and other concepts therefore present.
AI does not search for previously identified typologies but,
rather, mines data to detect anomalies. It gets progressively
smarter, it would not be easily evaded, and it changes as
criminal behavior changes.
The current system is not modernizing, however, because
there has been no indication from the regulatory agencies or
others that dollars can be shifted from the existing, rules-
based system to a better one--in other words, that firms will
be rewarded, not punished, for innovation.
Perverse incentives also explain a push for banks to
eliminate clients in countries or industries that could end up
creating political risk, so-called derisking. A recent report
in The Economist notes, ``Derisking chokes off financial flows
that parts of the global economy depend on. It undermines
development goals such as boosting financial inclusion and
strengthening fragile States. And it drives some transactions
into informal channels, meaning that regulators become less
able to spot suspicious deals. The blame for the damage that
derisking causes lies mainly with policymakers and regulators,
who overreacted to past money-laundering scandals.''
The cause of derisking is clear: Regulators require banks
to deem certain accounts ``high risk'' based on factors such as
line of business or country of origin. The cost of maintaining
that account thereby rises exponentially as the bank must
conduct an independent investigation of each such client, and
that does not even include the risk of fines in the event the
client actually does something wrong. The safest alternative is
always to derisk, that is, fire the client.
Last, one important change to the current system that
requires new legislation is ending the use of shell companies
with anonymous ownership. The Clearing House strongly urges
Congress to adopt such legislation promptly and is pleased to
see bipartisan support for it.
I hope this testimony has been helpful, and I look forward
to your questions.
Chairman Crapo. Thank you, Mr. Baer.
Mr. Lormel.
STATEMENT OF DENNIS M. LORMEL, PRESIDENT AND CHIEF EXECUTIVE
OFFICER, DML ASSOCIATES, LLC, AND FORMER CHIEF, FBI FINANCIAL
CRIMES PROGRAM
Mr. Lormel. Thank you, Chairman, and thank you guys for
holding this hearing. I think this is really an important
topic. And to your point in your opening statement, when you
talked about saving lives, when I was in the FBI, we actually
were able to help save lives based on Bank Secrecy Act
information and investigations that we conducted.
I have given you a statement for the record, and I am just
going to highlight some points on that, and I will look forward
to questions afterward and for the discussion. I certainly
appreciated Greg's testimony. And as I said, I was in law
enforcement, and I have been doing this for 45 years, and in
law enforcement I was the direct beneficiary of suspicious
activity reports in particular. And I agree that we have a lot
of inefficiencies in the system, and they need to be improved,
and this is a great starting point. And I believe that the
Clearing House report is a good starting point for discussion.
I also think that we need to have a more robust discussion
on this, and I would encourage you to include law enforcement
more actively in that dialogue, and particularly when we get
into SARs, and I will close out my testimony on SARs when we
get to that.
I really applaud what you guys did in having the
symposiums, and I was not involved in that at all. And one of
the things that concerned me was the level of actual
participation law enforcement was involved, and I know you
mentioned some people that you had spoken to, and certainly
that is very helpful. But I spoke, after you issued the report,
to current executives in law enforcement, people that sat in
the chairs I sat in, and in other chairs in other agencies, and
they were not involved in the dialogue. And I think it is
really important that going forward that those voices are
heard, particularly if you get into the situation where you
look at suspicious activity reports and you determine--or
currency transaction reports, and you consider changing the
reporting thresholds. I think particularly in today's world and
environment, where we talk about, you know, the threat of
homegrown violent extremists in particular, currency
transaction reports will factor into those types of
investigations. And I am sure the FBI can provide statistics on
that type of thing.
One of the things that I like to do is visualize the flow
of funds, and as Mr. Baer pointed out, there are a lot of
inefficiencies in the current system, and we really need to
look at it and bring those up to date. But from the vantage
point where I came from, the information that flows--so law
enforcement is the back-end beneficiary of suspicious activity
reports and other BSA reports. Financial institutions are
really the front-end monitors when it comes to that type of
information, and so they provide that information and it flows
to law enforcement. And the basic flow, the basic system, and
the information that comes to law enforcement on a regular
basis is good information. The problem is that as you add
filters on top of that--and the regulatory filters is what I am
talking about--the more regulatory filters and the more
convoluted the flow of information from banks to law
enforcement, that is where we run into the inefficiencies and
the system being flawed. And that, in my view, is where we need
to focus our attention going forward in terms of improving the
system.
And then on the subject of SARs, as I said, I was the
direct beneficiary of SARs in law enforcement, and one of the
things that I would encourage you to look at, if you get into
the SARs, is the law enforcement constituents. For instance, I
datamined quite a bit at the program level at FBI headquarters.
We had the ability to do datamining and a lot of broad
analytical work that was very helpful. If you talk to people
who work with SARs at the street agent level, at the levels of
the SAR Review Teams--every U.S. Attorney's Office has a SAR
Review Team. They still manually review SARs. So you are going
to get two different perspectives on the use of SARs. From
where I sat, more was better because we were able to use a lot
more information and use it against other data sets. To the SAR
Review Teams out in the streets, they have to physically look
at every SAR, they are going to say less is better. So I think
there is a balance there as to the quality of the SAR
information.
And then to the point, again, I was firsthand involved in
and a firsthand beneficiary of some very good, innovative
projects, and I cite one in my written testimony that JPMorgan
Chase did back in 2009, and it came out in 2011, where they
worked with Homeland Security, and they had targeted
monitoring. It was to the same points that you were making
about transaction monitoring, and this was targeted monitoring
where they specifically set up certain rule sets. And,
consequently, the hit rate in that type of proactive
investigations, they have tremendous results. They are
tremendously effective, they are very efficient, and we need to
encourage more of that type of work. And I agree that there is
not the incentive there for banks to conduct those types of
investigations. And I also believe--and I do a lot of training
with financial institutions, and I am a firm believer, and I
look at things, and I try to assess the flows, information
flows, and that is how I broke down the flow of SARs or BSA
data to law enforcement from financial institutions. And I
think that in that regard--and I will stop, sir, on this. I am
very passionate about this topic. And I believe that the more
we can do to encourage law enforcement and banks to work
together as partners and to work together in terms of being
proactive, and particularly when we were in a reactive type of
environment, the better the outcome.
Chairman Crapo. Thank you, Mr. Lormel.
Ms. Lowe.
STATEMENT OF HEATHER A. LOWE, LEGAL COUNSEL AND DIRECTOR OF
GOVERNMENT AFFAIRS, GLOBAL FINANCIAL INTEGRITY
Ms. Lowe. Thank you, Chairman Crapo, Ranking Member Brown,
and Members of the Committee, for the opportunity to testify
before you today on this very important topic. I hope that my
contributions to today's hearing will help you take measured
and informed decisions that are in the public's interest with
respect to the U.S.'s anti-money laundering regime.
So my written testimony, of course, is much more lengthy
and more detailed, and I hope that you have a chance to read
through that. There are additional points in that testimony
that I will not be making verbally today.
So some of the key points that I did make in my testimony
are, first, that money laundering and the technology that can
help us combat it are both evolving. And in light of this, it
is appropriate to consider whether changes to our regulatory
structure should be made.
Equally, however, it is critical that Congress balance and
carefully weigh the potential benefits against the potential
negative ramifications before making decisions in this area.
Number two, as you have seen, money-laundering enforcement
tends to be through identification of regulatory infractions as
opposed to criminal money-laundering cases. The burden of proof
is lower. It is far less costly for the Government to pursue
regulatory infractions than pursuing criminal money-laundering
charges, and yet it still has a very dissuasive effect. Despite
this, the hallmarks of serious criminal money laundering are
really there in those cases, in those regulatory cases. As a
result, decreasing the ability to enforce using the regulatory
approach may have serious, negative repercussions on compliance
and, ultimately, allow a lot of criminal access to the U.S.
banking system.
Number three, it is critical that information about the
natural person(s) who own and control companies--otherwise
known as ``the beneficial owners''--is finally collected either
by the States or by the Federal Government and that it be made
available to law enforcement and to banks at the very least.
Companies with hidden ownership are the number one problem in
the anti-money laundering world, and the U.S. cannot continue
to allow our failure to act to put the U.S. financial system
and the global financial system at risk.
Number four, I strongly oppose one of the Clearing House's
proposals, and that is transferring responsibility for setting
AML priorities for individual banks from those banks to FinCEN.
Banks are best placed to understand their own business, their
own systems, the risks that their own client base presents, and
what is inherent therein, and to create the systems that work
best in their own business models to combat that money-
laundering risk. FinCEN and other regulators should review
those assessments, but they cannot be responsible for carrying
them out. They do not have the information they need to do so.
The Clearing House recommends greater information sharing
among banks and with Governments in a number of ways, and we do
really support that. It is a really significant impediment to
AML enforcement around the world that this information sharing
is not happening. However, it really does need to be done with
some appropriate safeguards, especially where it may result in
somebody being denied banking services. Say a bank in Hong Kong
denies services for whatever reason, sends that information to
the U.S., and U.S. banks deny services, that person may not be
able to get a bank account anywhere, and there may be a good
reason for that, which is fine; but they also need an
opportunity to disprove whatever information has been collected
on them and give them access if they do have legitimate
business.
Number six, transferring raw banking data from banks to
FinCEN to analyze, with the appropriate privacy safeguards, is
not actually a bad idea either. However, it really is essential
that we do not absolve banks of the responsibility to carry out
their own analysis as well, which they have the ability to
review within the context of the additional client information
that they are holding and because they are the gatekeepers to
the financial system. The Federal Government cannot do that
alone.
Number seven, some types of entities and persons should be
required to have AML programs in place that currently do not,
such as those involved in real estate, lawyers, and others. The
banking sector cannot and should not carry the responsibility
alone, especially where these persons act as a proxy to open
the door to the financial system for criminals and their money.
And, finally, I just wanted to end with an overall concept,
that money-laundering and sanctions violation cases over the
past few years really relate to willful, knowing, and very
egregious violations of U.S. laws and regulations that have
resulted in U.S. and foreign banks granting access to the
financial system for hundreds of millions of dollars in funds
supporting genocide and funds supporting major, violent South
American drug cartels, and many other violations. These fines
that have resulted from these cases have been seen by the
banking industry as heavy, so banks have begun to take AML
regulations that have been in place for many years much more
seriously. I would, therefore, remind Members of Congress that
the regulatory burden here has not actually really been
increasing. The threat of being found out is what has actually
been increasing.
Thank you very much.
Chairman Crapo. Thank you very much, Ms. Lowe.
Before I go to my questions, I would like to ask unanimous
consent to enter into the record two letters--or a letter and a
statement from industry: one from the Credit Union National
Association and another from the Independent Community Bankers
of America. Without objection, so ordered.
My first question, Mr. Baer, is for you. There has been
considerable discussion of the need for improved information
sharing between financial institutions and regulators and among
the financial institutions themselves. How is information
sharing accomplished under the current regime?
Mr. Baer. Sure. Thank you, Mr. Chairman. Right now, under
Section 314(b) of the USA PATRIOT Act, information sharing is
allowed among firms with regard to two types of offenses: one
is terrorist activity, and the other is anti-money laundering.
The definition of anti-money laundering can be a little complex
because that can include some of the predicate offenses. But
there does seem to be room, and not a lot of room, to draw a
principal distinction between anti-money laundering and a lot
of other Federal crimes to expand the categories of offense for
which, you know, information sharing is permitted.
It has multiple benefits. It certainly allows banks to
better identify who the true criminals are. It also, in an
underrated way, allows banks to identify people who are not
criminals. So one bank may be looking at only one piece of the
puzzle and see something that looks suspicious and speak to
another bank and realize, no, in the broader context, that is
actually OK.
So it makes the whole system more efficient both in terms
of finding bad guys and not finding good guys.
Chairman Crapo. So I was going to ask how we could improve
that, but I think you just described it, right? Yes, Ms. Lowe,
would you like to comment on that?
Ms. Lowe. Sure. I would like just to add some little more
of a context to this.
Chairman Crapo. Turn your mic on.
Ms. Lowe. Oh, sorry. It has a green light.
Just to add a little international context and a little
historical context to this particular area, back in 2012, the
Financial Action Task Force, which is the international anti-
money laundering standard-setting body, was going to update its
recommendations, and one of the proposals that they made was
that banks be required to share information across borders in
this way. And, basically, everyone agreed that that was a
really good idea and really important back in 2012, but
realized it could not actually be included in the
recommendations because, in particular, the EU's privacy laws
would actually prevent that information sharing from happening.
Since 2012, those privacy rules in the EU have actually only
strengthened.
So in looking in this area, if you are looking to make
revisions here, something you also need to be looking at are
the EU privacy laws as well as the U.S. privacy laws to see,
you know, does anything need to change in there, and we may
need to be doing international--work across the ocean to really
move that forward, because we cannot really do it alone. We can
allow it within the U.S., but abroad is going to be much more
difficult.
Chairman Crapo. Well, thank you, Ms. Lowe. That perspective
is helpful.
Mr. Lormel, you mentioned yourself the Clearing House
report that was put out and indicated that you feel we need
some more law enforcement engagement on that. With regard to
the report itself, it characterizes the current AML/CFT regime
as outdated and in need of redesign to increase the efficiency
and effectiveness of it. Are there parts of that report that
you agree with? And if so, which are the most critical parts of
it that you see?
Mr. Lormel. Well, I do agree with parts of the report for
sure, and I believe that the comments about the system being
antiquated is--they are good comments, and I think that we
really need to look at the regulatory framework, and I think
where they pointed out in the report that the regulators--they
have a different perspective, and that is why when I wrote my
statement, I talked on the importance of perspectives and
understanding perspective. And, quite frankly, if you look at
law enforcement and financial institutions and you put them in
a triangle, where you have got the financial institutions here,
law enforcement and regulators, you will have hard lines
between the regulators and law enforcement, and there is a
broken line between law enforcement and the regulators. And so
I think a lot of the dialogue belongs--should belong there and
bringing it--but what we need to do is we need to encourage--
and that is the other thing I agreed with in the statement. I
am a firm believer in innovation. I think our system is very--
it is inherently reactive, and the more we can do to use
financial intelligence information from a proactive
perspective, the better. So where they encourage innovative and
incentivizing innovation, I think that is important.
In my statement I wrote about a bank--and I am not really
at liberty to talk about it other than the fact that it is
similar to what I described with the JPMorgan Chase thing. And
if you talk to those bankers and they were going to be
forthright about it, what they would tell you is that there is
no incentive and that the regulators really do not encourage
them to do that. And I think that is where I agree and where I
think the building block going forward is how do we promote
innovation.
Chairman Crapo. Thank you very much. My time has expired.
Senator Brown.
Senator Brown. Thanks, Mr. Chairman. Before I start, I
would like to ask unanimous consent to include a letter and
other documents from the FACT Coalition into the record and
that the record remain open for 5 days for any other documents
that Senators might have.
Chairman Crapo. Without objection.
Senator Brown. Mr. Lormel, thank you for your service at
the FBI, and thank you for serving as Chief of the Financial
Crimes Program. Let me start with you. Give us a sense of how
you think law enforcement can better respond to the traditional
criticism from banks that it too seldom shares targeted
information that is useful to banks in assessing customer
risks.
Mr. Lormel. Yes, sir. I think that law enforcement, really
we need to put a feedback mechanism or we need to do more to
encourage feedback in working with financial institutions, and
I believe that in a lot of instances--and I certainly, when I
was in law enforcement, was guilty of this to a degree. Again,
it goes to a matter of perspective and almost wearing blinders
that I am trying to develop my law enforcement case and in
doing that I did not look or I did not consider enough the
position of the banks and trying to determine how I could
better share information with banks.
One of the things I put in my statement, for instance, on
the subject of terrorist finance is the fact that--and I am
sorry, sir, I may be drifting from your question. But I think
it is important that we put mechanisms in place to provide
security clearances to people in banks where we could share
classified information and other intelligence information back
that they can run into their systems and use for transaction
monitoring. If you think about it, the financial institutions
are the repository. They have got the financial intelligence,
and how do we provide them with more information, and maybe it
is the----
Senator Brown. Is there any evidence--sorry to interrupt.
Is there any evidence that that is happening or that there is a
mechanism, an effort to make that happen other than your saying
you would like that to happen?
Mr. Lormel. Which, the security clearances?
Senator Brown. Yeah. Well, the security clearances and then
the sharing back of information.
Mr. Lormel. Yes, there are initiatives. There are one-off
initiatives at different agencies. For instance, I started the
Terrorist Financing Operations Section at the FBI. TFOS
continues to have working groups with a number of the financial
institutions. They have major financial institutions they deal
with. And to the extent they can permissible, they share
information. We were involved with the SWIFT project, for
instance, and the sharing of information among agencies and
sanitizing some of that information and being able to share
that back to the extent you can with the banks. I do not think
we do it as consistently as we can.
Senator Brown. Thank you.
Ms. Lowe, you have done a lot of work for the Global
Financial Integrity on transparency internationally and in the
U.S. with FATF and otherwise including beneficial ownership
legislation. Describe for the Committee how you think we should
be thinking about new beneficial ownership requirements. For
example, what are the key elements in the definition that you
think are critical?
Ms. Lowe. Sure. So key elements of the definition--and the
definition is critical to any legislation. I think we have a
problem actually with the current customer due diligence rule
that was adopted for banks where the definition is actually not
sufficient. It does not meet international requirements. The
FATF and the IMF have both said the same, so important to note
that that is something we should probably look at. But for
beneficial ownership, you want to know the direct or indirect
persons who own or control a company or who have control by
other means. And there is a recent Kazakh case which involved
control by other means. It is a very difficult thing to
determine, but you need to be asking the questions to figure
out where it exists. So those are really important elements.
I think that the U.S. Treasury has been pushing the idea
that one should be able to simply list a senior manager of a
company as the beneficial owner. That is not a beneficial owner
by any international definition or anybody's idea of who is a
beneficial owner of a company. It is the person at the top of
the chain or people at the top of the chain who own or control
the company.
The other thing that I think the U.S. Treasury has been
pushing is the concept that if a company does not have anybody
who owns more than 25 percent of that company directly or
indirectly at the top, then there is nobody with enough
beneficial ownership to actually be listed. So, therefore, if
you have or create five people to own 20 percent of a business,
you would get away with not listing anybody as your beneficial
owner, which is really not acceptable. It is incredibly easy to
get around.
I would note that the SEC accepts a 5-percent threshold
because they do require beneficial ownership of information for
SEC-regulated entities. And, actually, in the FATCA
legislation, Congress put that threshold at 10 percent.
Treasury, when it actually implemented, implemented at 25
percent. So I would note that difference as well.
Senator Brown. Why would that be? Why would Treasury
implement it that way?
Ms. Lowe. You would have to ask Treasury. I think they
think it is easier to comply with. I think it----
Senator Brown. Which is kind of not the point.
Ms. Lowe. Right, which is kind of not the point to my mind.
But I would suggest you ask Treasury that question.
Senator Brown. Thank you.
Chairman Crapo. Senator Rounds.
Senator Rounds. Thank you, Mr. Chairman.
I am just curious. The United Kingdom recently established
a body known as the ``Joint Money Laundering and Intelligence
Task Force'' that brings together financial institutions, law
enforcement, and trade associations to discuss AML risks and
how Government and private industry can work better together.
Can you discuss the efficacy of the U.K.'s task force and
whether or not there is anything that we can learn from the
British system? It kind of comes back down to either a
coordinated effort where you eliminate some of the dotted lines
and so forth. But I am just curious if any of you have had any
contact with or if you are familiar with that system and how
that compares with ours. Yes, sir?
Mr. Baer. Yes, Senator, actually we have met with them a
couple of times, and, actually, they attended our symposia. We
think it is a very good model. It is not an entire anti-money
laundering system, but it is the sort of thing you would take
for granted that, of course, you would have, you know, law
enforcement, intelligence, senior bank folks sit down on a
regular basis and basically work cases together. It is the type
of informal, now through JMLIT formalized information sharing
that we very much support, and it is done in a very thoughtful
way there.
Now, that is not a replacement for the broader AML/CFT
regime or OFAC or any of the other things. So I would not
describe it as a substitute for the current regime, but it is
certainly a very useful component potentially of a U.S. regime,
and we would very much support a similar endeavor here.
Mr. Lormel. I certainly agree with that, and some of the
training I conduct, I have trained with the former head of
terrorist financing for Scotland Yard, and he was an original
member of JMLIT, and he really emphasizes the importance of
that sharing, and to bring the banks and the intelligence
community and law enforcement together under that Government
umbrella is a phenomenal thing. And I would really hope we can
build on that model and try to replicate it to the extent we
can.
Ms. Lowe. And just to add on there, the original country
that actually did this was Australia under what they called
``Project Wickenby''. So that is also something to take a look
at.
Something that the U.K. is doing very well is this concept
of the FinTech Sandbox, so within this area. They are creating
a system--they have created a system where a financial
institution can come to them and say, ``We would like to try
this new technology. We know it is not something that is OK
under the regulations at present. Can you take a look at it?
Let us know what you think, let us know if we can try it out.
And then we will give you feedback on how it is going and you
can review.'' And then over time, the Government can then
approve that technology for the larger industry.
So that I think is a really good process that they have put
in place that we should be looking at as a model at this point.
Senator Rounds. Thank you.
I am just curious, with regard to SARs and the reporting
requirements right now, there is one process in which the
regulatory processes are set up so that you define, and clearly
everybody knows what they are with regard to the reporting
requirements for the different monetary transactions that
occur. Bad guys know what they are as well, and so you have,
first of all, a system set in place today that everybody knows
what the rules are, and the real challenge for those that wish
to move resources around is how do we appropriately get around
those SARs or the reporting requirements.
Can you talk to me a little bit about our focus on the
compliance side of making sure that the financial institutions
are appropriately reporting the transactions that are occurring
that are suspicious in nature versus our ability using existing
resources or the need for new resources to go after the unique
ways in which the bad guys can get around those reporting
requirements?
Mr. Baer. Sure. It is a great question, Senator. It really
gets to sort of the heart of the matter here.
Right now banks are, as I noted, using sort of a rules-
based system developed by a set of vendors who are common to
all, and those rules are rather crude. They overgenerate
alerts. They require huge investigative resources to basically
clear away the chaff and whichever is left, the wheat. And that
is a fantastically sort of complex and time-consuming and not
terribly productive endeavor.
It is also an endeavor that they have to undertake with
regard to offenses that no Federal prosecutor would ever
prosecute. So our estimate is that approximately 40 percent of
SARs filed are structuring, that is, multiple cash deposits
that add up to 10 percent--$10,000, but could just as easily in
most cases are just simply a small business that does a lot of
cash. But that--and the yield on those SARs is close to 0
percent, and yet they are 40 percent of the SARs filed, maybe
more.
The same thing with insider abuse where you fire a call
center employee for misstating his or her time sheets or fire a
teller because the till is short. Those are not crimes that are
going to be prosecuted, but that is where the SAR resources are
going. Right now the largest focus of the AML system is filing
sales practices SARs on low-level employees, unfortunately.
So it gets to what I think Dennis was talking about, which
is, yeah, we can--and I think what the Ranking Member was
talking about, we could say, law enforcement could say let us
prioritize opioids, let us prioritize human trafficking, let us
prioritize other things. That is what any rational intelligence
community would do, any rational law enforcement or national
security organization would do. And you can tell the banks
that. But the banks are in no way absolved by the bank
examiners of having to file those SARs on teller abuse. So they
cannot shift the resources out of that to the more serious
crimes to more innovative and thoughtful artificial
intelligence and other means of catching bad guys. They are
sort of stuck in the mud in an old rules-based system that does
not work very well.
Senator Rounds. Thank you.
Chairman Crapo. Senator Reed.
Mr. Lormel. If I can just add one comment, sir, just on
that.
Chairman Crapo. Briefly.
Mr. Lormel. I believe, though, that--I mean, and I agree
with that statement. But at the same token, we still see a good
number of SARs that come through that are very meaningful and
they continue to come through. So there is a fine balance here
that we really have to try to achieve.
Senator Rounds. Thank you, Mr. Chairman.
Chairman Crapo. Senator Reed.
Senator Reed. Well, thank you very much, Mr. Chairman. Let
me thank all the witnesses for their excellent testimony. I
have reviewed it, and I particularly thank you, Mr. Lormel, for
your service in the FBI. Thank you, sir.
One of the issues that has been raised in your testimony
and in your written statements is beneficial ownership and
shell companies, and one of the disturbing things, we are
getting the reputation around the world as a place to go if you
want to hide money, and we used to think, at least when I was
younger, that that was un-American, that, you know, it was
these little exotic lands overseas, et cetera.
So beginning with Mr. Baer, given the context that most of
this is a function of State law because unless you are publicly
traded company, the SEC does not have a lot to do--few
exceptions, but not a lot to do. So how do we get our arms
around this when there is a new industry for attracting
questionable money because of beneficial ownership rules and
limited or shell companies?
Mr. Baer. Right. It just really gets down to what is the
need to form a company with anonymous ownership in the United
States, and the United States, as I think some have noted, is a
magnet for this because we and I think Kenya are the two worst
in the world on this.
There is certainly a legitimate desire, I believe, that you
may not want the whole world to know who owns your company.
Everybody uses the example of, you know, when the Disney
Corporation was buying up half of Orlando, they did not want to
have to pay exorbitant rates for the last piece of land. And
there may be valid privacy reasons where you do not want people
to know who owns your company. But we cannot think of any valid
reason you would not want law enforcement to know who owns your
company, or if there is a bank that, pursuant to Federal law,
is required to know who owns your company, well, they should
get to peek behind and see who that is as well.
So, you know, I think as Heather noted, there are difficult
issues around how to define beneficial ownership. We actually
support the FinCEN final customer due diligence rule on that.
But there are certainly other ways to look at that. But I think
the general notion that you should not be able to have a
company with anonymous ownership from law enforcement and banks
who are required to know who owns you is a pretty simple
concept, and I think that is why it has gotten good bipartisan
support.
Senator Reed. Just a follow-up, and then I will go to Mr.
Lormel. One, you could either do it through changes of State
law requiring the acknowledgment of real ownership, or you
could do it through the banking laws in terms of banking
relationships, even deposits that the entity would have to
disclose who was, so we have a Federal avenue if we have to
deal with this.
Mr. Baer. Yes, Senator, I think a couple of alternatives
have been proposed. One is just to have the States do it when
you file your articles of incorporation, you file your
ownership.
Senator Reed. Right.
Mr. Baer. Some have suggested that--and I do not know if
that is right or not--that might be a burden on the States or
they may choose not to do that, so the alternative has been----
Senator Reed. Well, I think there are about 45 States at
least that require that.
Mr. Baer. Yes. So for those, I think at least one of the
bills I have seen has the sort of fail-safe that if the State
does not want to do it, FinCEN can gather that information and
hold it the way it holds a lot of confidential information
currently. I think others have suggested the IRS. I think
FinCEN is probably the right place if the State does not want
to do it.
Senator Reed. I only have about 2 minutes, but, Mr. Lormel,
your comments? You are a law enforcement officer.
Mr. Lormel. Well, certainly having been in law enforcement,
I dealt with the challenge of trying to identify beneficial
ownership. That was always a challenge, and it was always
problematic. And in today's world, when we need to get things
more urgently, that is problematic. I look at this and I look
at the good-case scenario in a sense, and I agree with Greg
that FinCEN may be the better alternative. I am a believer
going back that the information should be collected at the
States at the point of incorporation. To me, that makes the
most sense. And trying to make that uniform I am sure would be
a bit of a challenge.
Alternatively, FinCEN would be, I think, a good
alternative. The IRS is not a good alternative in the sense
that that information for me as an FBI agent, when I was an FBI
agent, I would have to get a court order, or I would not have
access to that information. So it is not relevant then for my
investigative purposes. So the FinCEN alternative would be a
decent alternative.
Senator Reed. Thank you.
Ma'am, your final comments?
Ms. Lowe. Sure. You know, I am happy with States collecting
it. I am happy with FinCEN collecting it. I would note, you
know, one of the things people raise is the privacy issue.
First of all, on the Disney example, I would point out that you
have two parties in that; you have Disney and you have a
farmer. And that money--I am sorry, that land is worth whatever
they can get for it, right? You have two parties in a
transaction. One party should not have more information than
the other party has. That is not good economics. So there is
that.
I would say that we are talking about making information on
beneficial ownership available to law enforcement and to the
banks, which is fine, and I think it is where we need to go
next. But I would note that the entire European Union, 28
countries have now decided to make beneficial ownership
information on companies public information, and that is
despite their very, very strong, you know, individual privacy
laws that are in place. Other countries around the world are
doing the same. Afghanistan is working to make public
registration of beneficial ownership information. Ghana is
doing that. Nigeria is doing that. And we are just grappling
with can we give it to FinCEN. So a little context there.
Senator Reed. Thank you very much.
Thank you, Mr. Chairman.
Chairman Crapo. Thank you.
Senator Tillis.
Senator Tillis. Thank you, Mr. Chairman. Thank you all for
being here.
Mr. Baer, in your written testimony there was a footnote
that I found very striking in terms of the regulatory burden
and whether or not we are putting our resources to their best
use. It is on page 6. It says, ``The over 800 employees in
Global Financial Crimes Compliance at Bank of America is
greater than the combined authorized full-time employees in
Treasury's Office of Terrorism and Financial Intelligence and
the Financial Crimes Enforcement Network.'' And that does not
include other bank employees in anti-money laundering, economic
sanctions compliance, business operations, and technology.
It seems like if you see that with a large bank of the
scale of Bank of America, which happens to be down in my neck
of the woods, I wonder what the small banks and medium banks
are doing in terms of the regulatory burden on them. Are we
spending that money for its best purposes? Are we spending that
money on innovative concepts that could be worked back into the
financial--to a broader benefit for the financial services
industry? So I know that a part of what I think we have to do
is go back and look at the practices that seem like they add
cost and not value, either as they are currently implemented
or--can you give me some sense, if you were to go through and
just do it quick, when we come into committees like this, we
tend to have a ``Solve World Hunger'' sort of scope to our
discussion. And if we were just going to cook a good meal and
make some progress, what sorts of quick hits, immediate obvious
things that there seems to be consensus on but no action in
terms of congressional action? And I would open that up to
anybody, starting with Mr. Baer.
Mr. Baer. Sure. Thank you, Senator. And I would just say we
highlight those numbers--I mean, not to complain about the cost
but just to emphasize how important it is that those resources
are being misallocated.
Senator Tillis. Well, I think it is very important for that
purpose.
Mr. Baer. Right, because, again, you are talking about a
very large intelligence community that has been created under
the PATRIOT Act and the BSA, and so it actually really matters
whether they are well led and they are incentivized to do the
right things, and the stakes are very high. So it is not, ``Oh,
we do not want to spend the money anymore.'' It is, ``We are
spending it on the wrong things.''
And I should note, you know, I testified last year with a
community banker who had, I think it was, a $100 million bank
with three branches. He had seven AML compliance officers and
four lending officers. AML was 15 percent of the budget of his
bank. So this is not just a problem for large banks. It is a
very large problem for small banks. He also described how he
was pressured to dramatically increase the number of high-risk
customers they designated and on which they had to do more and
more investigations. I actually wrote down the number. His
system, they generate 7,100 alerts a year and file 15 SARs. And
they do not even know if any of those SARs are of any use.
So I think I am sort of dodging your question, which is
what is the easy----
Senator Tillis. But how do we use some of those metrics,
some of those outcomes to be instructive to what we should
first start looking at to improve the system? Look, I am not
against money laundering--I think it is a bad thing. What I
want to do is make sure as much lead can be put on the target
as possible, and right now it does not--it seems like we are
shooting a lot, but not necessarily hitting the target near as
much as we could, and it is costing us a lot of money.
So, again, I want to move--we are going to submit several
questions for the record. This is an area that is very
important to me and of personal interest, but if we are going
to do the best that we can, let us say harden our domestic
banking system, we obviously have a lot of international
depositors, and we do a good job here, and we do not have
strong global cooperation, we do not work through some of the
privacy differences between the EU, what have we done except
move the snakes somewhere--I mean, what we are trying to do
here is not limit our portfolio of banking clients. We are
trying to identify bad actors and take their money away. And so
what sort of global initiatives are really leading us down that
path to say, OK, everything is great here, but the money is
still flowing through other international banking entities? Ms.
Lowe, I would be happy to have you answer that one and give me
the secret sauce.
Ms. Lowe. Well, organizations like mine are working
internationally on these issues, so, you know----
Senator Tillis. Yeah, but what progress are we making?
Ms. Lowe. You know, I think actually we are making quite a
lot of progress. In a lot of the world, the FATF
recommendations, the sort of framework, if you will, of what we
consider to be an anti-money laundering regime, has only
recently in the past 2 or 3 years been put in place in many,
many different countries. And so, you know, as it goes, you put
laws in place, and then you give some time for the industry to
get used to them, to understand how to implement them, et
cetera, and then you start enforcing, et cetera. So in many
parts of the world, this is still very nascent, but the regime
and the framework is in place.
The U.S. FinCEN is our financial intelligence unit, or FIU,
and we are part of what is called the ``Egmont Group'', which
is the network of financial intelligence units around the world
that have methods and ways of sharing information among
financial intelligence units or between financial intelligence
units. And right now there are over 135 Egmont FIUs, which
tells you that we are making progress.
I spent a lot of time in Africa last year actually meeting
with heads of FIUs, and, you know, it is actually inspiring to
have those meetings because these are people that really want
to make a difference and they are trying.
Senator Tillis. I am going to submit several questions for
the record.
Ms. Lowe. Sure.
Senator Tillis. But I would also like you to come back and
just think about as I would do when I go in any organization,
what are the things that we should clearly be making consensus
on--or making progress on? Because there is consensus, you just
need action.
Ms. Lowe. There is no question on the beneficial ownership.
Absolutely no question there.
Senator Tillis. So we will look forward to your feedback so
that we can work with the Chair and the Committee.
Ms. Lowe. Sure. No problem.
Senator Tillis. Thank you.
Chairman Crapo. Senator Cortez Masto.
Senator Cortez Masto. Thank you. Thank you all for this
discussion. Mr. Chairman and Ranking Member, I appreciate the
conversation. And let me follow up with what my colleague
Senator Tillis has just been talking about. I agree. I think
there has to be some balance absolutely on this. I hear from
Nevada, from the gaming industry, the same thing that I am
hearing from the banking industry, some of the concerns. They
are absolutely open to looking at how we address the security
necessary to attack money laundering, but at the same time
streamlining some of the forms, making sure they want to be
cooperative with Government, and so I am really curious about
how we find this balance now.
The first question I have is you have been talking about--
and let me just focus on the law enforcement piece of this--
this risk-based approach. And I am curious, Ms. Lowe, is this
something that you would support and how would you identify
what this looks like?
Ms. Lowe. The risk-based approach is actually fundamental
to the entire international anti-money laundering regime. It is
not a question for me of how does this look. It actually
exists. It is a framework, and it has a look, right? A casino,
for example, or a bank looks at what are its financial products
or what is its business line. Who are its clientele, and what
risks do they pose? What countries am I bringing money to and
from? And what risks does that pose based on whether or not
those are high or low risk for money laundering, et cetera? And
they create a profile. A casino will do this, a bank will do
this. And then they will craft their anti-money laundering
regime to reflect what they consider to be their highest risks,
OK? So that is the basics and the basis of the risk-based
analysis.
I think a lot of the concern that you are hearing is that
when examiners are going in, they are not really open to that
risk base that the financial institution has put in place. They
are looking at checking their boxes that are on their forms.
Senator Cortez Masto. When you say the examiners, that is
the Federal Government, the regulatory oversight.
Ms. Lowe. Yes.
Senator Cortez Masto. They are coming, and they are not
recognizing----
Ms. Lowe. Right. I understand that that is the concern, and
I think Greg can probably tell you a little bit more about
that. But as far as the risk-based approach goes, I absolutely
100 percent support that. I think it is incredibly important,
actually, in order to actually address the problem.
Senator Cortez Masto. And that is something the industry is
actually doing now, Mr. Baer.
Ms. Lowe. Yes.
Senator Cortez Masto. Is that right?
Mr. Lormel. If I can add a comment to that.
Senator Cortez Masto. Please.
Mr. Lormel. Yes, it is one of the fundamentals in an AML
program to have a risk-based approach, and fundamentally and
the way conceptually it is supposed to work then is you
identify that risk and to what Greg has been complaining about
or pointing out is the inefficiency. And what has happened is
that the regulators now have put the banks in a position where
they are not necessarily going after that risk or putting
metrics in place or procedures in place to deal with that high
risk, but they are more into the check-box mentality. And I
have done a lot of training, and I was on the quarter point and
monitor team for Western Union, and one of the problems they
had--and they used that as an example--was their investigative
process was such that it was really a check-the-box mentality,
and we had to break them from that and say, you know, you need
to go out and you have got to have an investigative mind-set.
And it is a similar thing when you come over to the banks, and
I think that is where I talked earlier about law enforcement
being that beneficiary and the banks being the monitor, is the
process from getting information from the bank to law
enforcement has become so convoluted, and it gets detoured
because of the regulatory concern or the perceived concerns.
Senator Cortez Masto. And so can you address your targeted
monitoring? How do you--is that the same thing or is it
something different?
Mr. Lormel. OK. Well, it is similar in the sense that all
financial institutions conduct transaction monitoring, and they
will have vendors or whatever are involved in that. And they
have a baseline monitoring system, and they identify and they
alert to certain rules, because you establish the rules and you
alert them, and that is where one of the problems we have is
there are too many false positives in the system. So if you are
going to do targeted monitoring--and I will use the human
smuggling or the human trafficking. We understand these are the
scenarios that we know that smugglers are going to follow, and
this is where, to the question earlier from Mr. Reed about how
we can help, is to provide the financial institutions, the
compliance people, with those scenarios, and for them then to
build into their systems targeted monitoring where you are
specifically on top of your regular transaction monitoring, you
have a targeted monitoring for a specific crime problem, you
know, and I would like to see us carry that over to terrorist
financing if we can--I think the area of human smuggling, you
have got more defined and identifiable patterns of activity so
that it is more workable there.
Senator Cortez Masto. Right. And I know my time is up, and
thank you, Mr. Chair, but this is something, I agree, the
technology gives us the ability now to be targeted to also
focus on the risk-based, and we do need law enforcement at the
table when we are having this conversation. So I appreciate the
dialogue today. Thank you all.
Chairman Crapo. Thank you.
Senator Warren.
Senator Warren. Thank you, Mr. Chairman, and thank you all
for being here today.
Money laundering is a massive problem. The United Nations
estimates that between 2 and 5 percent of global GDP--that is
about $800 billion to $2 trillion--is laundered through the
international banking system every single year. That money
funds terrorists. It funds human traffickers. It funds crime
syndicates. So everything we can do to try to crack down on
that is good, and that is what we should be doing.
But it seems to me we need to rethink a lot of our money-
laundering laws, some of which, as you noted, were written back
in the 1970s and are badly out of date, because that makes it
hard for law enforcement that is trying to stop money
laundering and bad for financial institutions that are trying
to comply with these laws.
So my colleagues have probed some areas, but I want to ask
about some other areas where we might be able to update our
rules and help both law enforcement and financial institutions.
So let me start with reporting requirements.
Mr. Baer, I have heard from a lot of community banks and
credit unions that anti-money laundering reporting requirements
are a big part of their overall compliance costs, so let us
probe that a bit. They have pointed out that the threshold that
triggers a currency transaction report to the Treasury
Department has been at $10,000 since 1972. So let me ask, do
you support raising that number?
Mr. Baer. Thank you, Senator. I think here--I mean,
obviously, our organization is slightly larger, somewhat larger
banks. I think for them that number is not as big a burden in
the sense that they have the capability to file whatever the
number is. Those systems are built, and it is at least a clear
rule. You know the number, right?
Senator Warren. Right.
Mr. Baer. The larger problem for them has been questions
like: How do you decide whether it is $10,000? If you own with
someone else a company and you make a cash deposit, the company
makes a cash deposit, and the other owner makes a cash deposit,
do you add all those up? So those are the tougher issues. But
certainly for community banks, I agree with you it is a large
burden.
Senator Warren. OK, that it is large burden. All right. And
we should at least talk about where the number should
appropriately be set. But community banks also, when they come
in and talk, and other small financial institutions, often
mention the costs associated with filing the suspicious
activity reports with the Treasury Department. You know, the
banks are filing more and more of these reports every year. I
note that there was a 50-percent increase in filings just from
2012 to 2017 over this 5-year period. At the same time, the
banks are submitting this information through a reporting
process that, as I understand it, makes it actually harder for
law enforcement to use.
So, Mr. Baer, let me ask, the Clearing House has proposed
letting banks directly share data with the Treasury Department
with proper guardrails to protect customers' privacy. This
sounds like it would make it easier for the banks, but can you
say a word about how it would impact Treasury's ability to
catch criminals that are laundering money?
Mr. Baer. Yes, Senator. I think it would have both those
effects. A lot of times what law enforcement really wants is
just the underlying data. They do not need a carefully
calibrated paragraph written by a bank compliance officer about
that information. So with regard to certain types of
activities, it would certainly be much more efficient to
avoid--you know, you have the alert, and then you have to
conduct an investigation to decide whether to file a SAR, and
you have to document why you did not file a SAR if you decide
not to file a SAR, and that is a massive resource drain. And it
would be much simpler just to file the data with law
enforcement and let them datamine it to the heart's content.
Senator Warren. OK.
Mr. Baer. And that would be a very efficient----
Senator Warren. So I hope we keep digging into this because
we might be able to reduce costs for the banks and at the same
time help law enforcement do this more efficiently.
I have got two more questions I want to hit, if I can very
quickly. Another one is anonymous shell corporations that make
money laundering easier. You know, there are a variety of
proposals out there to deal with the so-called beneficial
ownership legislation at the Federal level that would require
companies to disclose their owners. Just setting aside the
details, which we could go into for a long time, can I just
ask, do all of you support the idea in principle? Can I just
have an on-the-record yes?
Ms. Lowe. Yes.
Mr. Lormel. Yes.
Mr. Baer. Yes.
Senator Warren. Good. OK. So we have got three yeses on
that, Mr. Chairman. I support this as well.
Let me ask one more question. Ms. Lowe, in your estimation,
if we did that, if we revealed the beneficial ownership, would
that increase or decrease the costs of anti-money laundering
compliance for small financial institutions?
Ms. Lowe. It should certainly decrease it. If they have
access to that information as a place to start their customer
due diligence, you know, a lot of people equate customer due
diligence and just beneficial ownership, and that is not
correct. You also need to know the source and use of the funds
coming in for that account and many other things. But that is
the start. And if a bank has someplace to start, I think it
really reduces their costs significantly.
Senator Warren. Good. And I take it that both of you would
agree with that.
I just want to say I introduced a bill with Senator Rubio
to increase oversight of money laundering used by human-
trafficking networks, and I was very glad when we were able to
adopt that at the Committee and get it into the language on the
North Korea sanctions bill. But we need to do a lot more with
our money-laundering laws, and I think we can make some changes
to reporting requirements and beneficial ownership disclosure
that would make life easier both for law enforcement and for
our smaller banks. And I look forward to working with the
Committee to be able to do exactly that.
Thank you, Mr. Chairman.
Chairman Crapo. Thank you.
Senator Schatz.
Senator Schatz. Thank you, Mr. Chairman.
I want to ask a question about AI. I think, you know, in
challenging spaces, especially challenging spaces that include
data, there is a tendency to think of this as sort of a magical
solution where you just sort of throw big data, throw AI at the
problem, and I want to get your sense--in the intelligence
community, there is a conversation about the sort of
overabundance of data and the overreliance on data points and
an underutilization of human intelligence and instincts. And I
am wondering what you think about the balance between utilizing
new data analytics, big data AI in terms of fighting money
laundering, but also how do we balance that with the fact that
we probably still need human beings who have instincts, who
have experience? I think we should move in this direction. I
just think we should not overcorrect and abandon the sort of
institutional knowledge of people. I will start with Mr. Baer.
Mr. Baer. Senator, I think that was very well put. I think
those, like us, who believe there is great potential here do
not believe that you would eliminate the human element. Really
what you would use the AI for is--we have talked a lot about
alert SAR filing. So you would use AI in order to generate
fewer alerts but much smarter alerts, and you would then still
need to have an investigator come in and decide whether or not
that was truly a suspicious activity that needed to be reported
to law enforcement.
The true great advantage of the AI approach, though, is you
get rid of what we have discussed earlier, which is a rules-
based approach. If X, then alert. If Y, then alert. But there
is a whole other alphabet that you are not even looking at. And
what AI is able to do is look for anomalies. So instead of
typologies, it is anomalies. And it gets smarter and smarter
and it learns.
So particularly in the world we would hope to get to is
where, you know, banks could share that information. A friend
of mine uses the example of a food truck, which is a great way
to launder money, but it is also a great way to feed people in
D.C. So one bank may only have three food truck clients, so
they do not know what is anomalous. But if that bank could
share information with a bank that has 300 food truck clients
say in San Francisco, that bank would get smarter.
Senator Schatz. And isn't that the Square model, on the
private sector side, isn't that what Square does? They just
sort of presumptively give you the device, and then if you look
different than the thousands of other florists or food trucks,
then you get scrutiny as opposed to sort of preapproval?
Mr. Baer. I think it is a very similar approach.
Senator Schatz. Mr. Lormel.
Mr. Lormel. I agree. I think we definitely need to keep
human intelligence in the mix. It is very important. And
certainly you hit the word of ``instincts,'' and, again, I do a
lot of training, and I always talk about trusting your
instincts, because even with the best technology, you need to
rely on human experience. And I think that is important. But I
also think we need to leverage newer technologies to improve
our efficiencies and certainly our capabilities. And I will
look at it from the law enforcement perspective. The more that
we could use analytical tools, certainly the better and the
more sharply we can focus our attention, and I think the more
timely we can act.
Senator Schatz. Ms. Lowe.
Ms. Lowe. I do not think I have anything to add as far as
the AI element of it, but just to go back to some of the things
that were being discussed a little earlier. So a bank is
concerned that they are spending too much time filing SARs
about structuring transactions under a $10,000 threshold. I
understand that. But if they do not do that, then law
enforcement does not see that that same client is doing that at
six different banks, right? And all of a sudden, what would
have been, well, a problem but probably something that would
not be investigated if it was only at that one bank will be
investigated if it is at six different banks, right? So I think
we need to also bear that in mind when we are talking about
what do we file SARs on and what don't we.
Senator Schatz. One final question. I will start with you,
Ms. Lowe. It appears to me that I do not think we are going to
settle the sort of technical aspect of these questions and
these system improvements, process improvements, and rule
changes and all the rest of it. And so I know Senator Tillis
mentioned the U.K. model, the working group. There has been
some discussion about a sort of FinTech, FinCEN Sandbox. I am
wondering what you think about establishing a public-private
either task force or working group to kind of work the
technical details, because as much wisdom as is possessed on
this dais, I am not sure we can settle this in statutory law or
that that is where this belongs. So I am just wondering, very
quickly, if you like the idea of some sort of working group in
statute.
Ms. Lowe. Sure, I think that that is an important thing, I
think at least for a limited time period. I do not think it
would have to go on forever. I would note, though, that the
people that are really innovating in the FinTech area are
actually mainly Nordic. So a lot of the companies are based in
Sweden and Denmark and Norway, and not actually in the U.S. So
I would be concerned about limiting it just to sort of U.S.
involvement. I think you actually need to be looking further.
Senator Schatz. Fair enough. But, listen, in the Defense
Department, you have the Defense Policy Advisory Board. You can
have sort of standing committees without authority to actually
establish policy, but who are highly influential and can help
agencies to iterate. Do either of you have anything to add on
this as my time runs out?
Mr. Lormel. Well, just if I may, in terms of a working
group, the Association of Certified Anti-Money Laundering
Specialists has a FinTech working group that is exploring some
of these issues now.
Mr. Baer. I guess maybe I will end with a discouraging
note.
Senator Schatz. Thanks.
[Laughter.]
Mr. Baer. To what I was saying earlier, I mean, I think
before this can really be realized, there are a lot of great
vendors out there with great AI approaches and other types of
approaches, but there really is a break on the system in the
sense that there is no sense from the bank regulatory agencies
that banks are going to be allowed to shift from the old rules-
based system where they file thousands and thousands of SARs to
a new smarter system. And so what you are effectively telling
them is you have to double your budget. You are not going to
get any----
Senator Schatz. You have got to do both.
Mr. Baer. Yeah. And so somebody in charge--and that is
really our core recommendation for all this. Somebody has got
to step up and say, ``I am in charge, and we want you to stop
filing SARs where the yield is effectively 0 percent for law
enforcement and start filing higher''----
Senator Schatz. Got it. Thank you.
Chairman Crapo. Senator Warner.
Senator Warner. Thank you, Mr. Chairman, and I appreciate
you having this. This is something I need to learn more about,
and we have got a lot of intersection with it on the
Intelligence Committee side. And I was really disappointed when
Senator Schatz came in and jumped the line again, but he
actually asked really good questions.
[Laughter.]
Senator Schatz. You seem so surprised.
Senator Warner. I know.
One, I am glad to see the consensus around beneficial
ownership and the need for new rules. I thought I was also
hearing, similar to what Mr. Baer has said, that, you know, we
need to move from this rules-based approach to a more
collaborative approach, and actually perhaps with some of the
smaller institutions shift some of the--shift more of the data
to some central point and allow that to be analyzed.
Ms. Lowe, I think earlier on didn't you push back on that
and felt that--I thought you made some comments that you
thought this responsibility ought to stay with the bank
examiners. Could you explain, if I heard it right?
Ms. Lowe. Sure. I actually think it is important to shift
that information, you know, to, for example, FinCEN because I
think they need to be looking at that intelligence across
different banks. What are they seeing as far as trends? Where
do you have certain--again, you will have clients that have
accounts at many different banks in order to not raise
suspicion, for example. So I think that that is a really
important shift, and I think it is important that FinCEN do
that.
But what is also important is the banks not be absolved of
their responsibility of doing their own analysis as well
because they have so much more information about the client
and, you know, the risks that that client may pose and what
they should expect----
Senator Warner. But how would you get at the problem of the
$100 million bank that has got seven AML individuals and only
four lenders? There has got to be some way we can move this
from the rules-based, check-the-box approach.
Ms. Lowe. Right, and I think that that has a lot to do with
the examinations. I go back to the examinations. And, you know,
it is more work for the regulators to actually accept that they
cannot do a one-size-fits-all, check-the-box approach when you
have an entirely risk-based system. And so that shift needs to
happen, and it will be a big one.
Senator Warner. Let me move to two other areas, if I can. I
may ask for an extra minute since I waited so long.
One, we are seeing all the problems with the existing
system and how we need to change and modernize machine learning
and AI. I also see that back in August of 2015, FinCEN talked
about extending this type of anti-money laundering activities
toward registered investment advisers, and then back in 2017
there was some motion, some need to look at bringing real
estate into the fold as well.
As these proposals around registered investment advisers,
around real estate move forward, are they being moved forward
with kind of more modern forward thinking? Or how can we avoid,
if we were to take in these two industries, simply going back
to a check-the-box type approach? If I could get each of you to
quickly address that.
Mr. Baer. Actually, I am glad you mentioned real estate
because I think one of the major reasons to support beneficial
ownership legislation is most of these companies do not
establish bank accounts so it is not really that much about the
banks. What they do is they put real estate in, or jewelry or
art or whatever. So there is clearly a need to expand the scope
of potential money laundering. You know, cryptocurrencies right
now----
Senator Warner. That is what I was going to come to next.
Mr. Baer. ----is certainly going to be an area of great
concern, and there are a lot of other financial institution
types that are not necessarily subject to the customer due
diligence rule, or if they are subject to it, are not examined
for it. So there clearly is a sense that a lot of this is being
pushed out of the largest banks and the banks that are best
able to detect bad behavior to places where it is a little
less----
Senator Warner. And how do we get that right? Having seen a
great deal of Russian activity in terms of using real estate,
wearing my other hats, how do we get that right? What is the
regime that we ought to be looking at? Since, clearly, I would
think that the real estate industry and the financial
investment advisory industry would say, oh, my gosh, look at
the burden this has put on us on the banking side, we want
nothing about that. Who is doing the best thinking, Ms. Lowe,
on real estate and investment advisers?
Ms. Lowe. So on the real estate end of things, FinCEN has
had geographic targeting orders in place in Florida,
California, Texas, and New York in specific counties to have
title insurers--which are part of that industry, right?--
determine the beneficial owners of any entity that is
purchasing high-value real estate and then provide that
information to FinCEN.
FinCEN found that they had crossover where 30 percent of
the beneficial owners identified by those title companies,
title insurance companies, had SARs filed on them already by
banks. So it tells you just the sort of saturation of what we
are talking about here.
Apart from investment advisers, there is a list of what are
called ``designated nonfinancial businesses and professions,''
or DNFBPs, that FinCEN has identified as sort of nonbanks that
play a role in access to the financial system and should have
money-laundering regimes in place that essentially require
them----
Senator Warner. But are those industries fighting back
against--I would think they do not----
Ms. Lowe. Many of them are, yes.
Senator Warner. Let me also, since my time has expired,
have you also address--and, Mr. Baer, you raised this. You
know, we are seeing how we try to move from a rules-based
system to a more collaborative system, but, you know, we are
about to be overwhelmed with bitcoin and other kind of
cryptocurrencies. How are we preparing--how is the system
preparing for this whole new movement? And I would love to hear
briefly from each of you? With that, I----
Mr. Baer. I think we are all looking at each other on that
one. I will admit to a certain amount of bank myopia. Actually,
I do not know how this system is preparing for
cryptocurrencies. I am not sure there is a way to prepare.
Ms. Lowe. I can say----
Mr. Baer. Go ahead.
Ms. Lowe. So FinCEN--I am sorry, not FinCEN. FATF has
actually been looking at this quite closely. The last two
private sector meetings that I attended, there were breakout
sessions specifically on this and how do we regulate in this
area. You know, FinCEN has done some regulation, and we are the
first country to actually have put some regulation with respect
to cryptocurrencies in one part of the transaction. And I think
that that is a good discussion to have with FinCEN about how
effective that has been. I really could not tell you. I think,
again, I would discuss that with FinCEN.
There have been moves to make the cryptocurrencies or the
technology, et cetera, actually more anonymous. The biggest
problem with it is that you are talking about movement of funds
in a very anonymous way.
So the underlying technology of blockchain has a lot of
different potential positive uses, and because it is a closed
system, that does not allow you to go back and amend something.
So you can only amend going forward, and you have to sort of
explain why you are doing that, right?
So a lot of financial institutions are adopting the
underlying technology of blockchain for various applications,
and I think that that would actually be a really good hearing
to have to understand the difference between what is the
cryptocurrencies and dangers posed versus the technology, the
underlying technology itself, and, you know, how do we draw the
line and how do we regulate in a way that allows that
technology to be used in a really positive way--I think it can
be really used in a positive way in anticorruption as well--
versus the dangers of the anonymity of the actual currencies
that are traded using that technology.
Senator Warner. I would hope, Mr. Chairman, that we could
take a look at this and maybe get ahead of it rather than
chasing the issue after the fact.
Chairman Crapo. Definitely, and we should.
Well, that concludes our questioning. I want to thank our
witnesses again for coming. Both your written and your oral
testimony has been very helpful. As you can see, there is a lot
of very serious interest in this issue on this Committee, and
we will be working to try to find a way to improve and
strengthen and make our approach to this more efficient, both
in terms of the burden that is carried by those who engage in
our anti-money laundering efforts and in terms of the results
that we get in terms of achieving the objectives.
I have a couple of quick announcements. For those Senators
who want to ask questions following the hearing, those will be
due by January 16th, Tuesday. And to the witnesses, you will
probably get some follow-on questions. I ask you to respond to
them very promptly.
With that, the hearing is adjourned. Thank you.
[Whereupon, at 11:25 a.m., the hearing was adjourned.]
[Prepared statements, responses to written questions, and
additional material supplied for the record follow:]
PREPARED STATEMENT OF GREG BAER
President, The Clearing House Association
January 9, 2018
Chairman Crapo, Ranking Member Brown, and Members of the Committee,
my name is Greg Baer and I am the President of the Clearing House
Association and General Counsel of the Clearing House Payments Company.
Established in 1853 and owned by 25 large commercial banks, we are the
oldest banking payments company in the United States, and our
Association is a nonpartisan advocacy organization dedicated to
contributing quality research, analysis and data to the public policy
debate.
The Clearing House is grateful that the Senate Banking Committee is
holding this hearing to review our Nation's anti-money laundering and
countering the financing of terrorism (AML/CFT) regime.
Introduction
Our AML/CFT system is broken. It is extraordinarily inefficient,
outdated, and driven by perverse incentives. A core problem is that
today's regime is geared towards compliance expectations that bear
little relationship to the actual goal of preventing or detecting
financial crime, and fail to consider collateral consequences for
national security, global development, and financial inclusion.
Fundamental change is required to make this system an effective law
enforcement and national security tool, and reduce its collateral
damage.
The U.S. AML/CFT regulatory regime, circa 2017, is a system in
which banks have been deputized to act as quasi law-enforcement
agencies and where the largest firms collectively spend billions of
dollars each year, amounting to an annual budget somewhere between that
of the ATF and the FBI. \1\ One large bank may employ more individuals
dedicated to BSA/AML/OFAC compliance than the combined staffs of
Treasury's Office of Terrorism and Financial Intelligence, OFAC, and
FinCEN. However, in talking to senior executives at banks large and
small, their primary concern is not how much they spend, but how much
they waste. And that waste derives from a series of perverse incentives
embedded in the current system.
---------------------------------------------------------------------------
\1\ See PwC Global Anti-Money Laundering available at http://
www.pwc.com/gx/en/services/advisory/consulting/forensics/economic-
crime-survey/anti-money-laundering.html (``According to new figures
from WealthInsight, global spending on AML compliance is set to grow to
more than $8 billion by 2017''); FBI FY2017 Budget Request at a Glance
available at https://www.justice.gov/jmd/file/822286/download; ATF
FY2017 Budget Request at a Glance available at https://www.justice.gov/
jmd/file/822101/download.
---------------------------------------------------------------------------
As an analogy, think of the collective resources of the banks as a
law enforcement agency where officers are evaluated solely based on the
number of tickets they write and arrests they make, with no
consideration of the seriousness of the underlying crimes or whether
those arrests lead to convictions. Imagine further that suspension or
firing is most likely in the event that a ticket is not written or an
arrest not made, or if a resulting report is not filed in a timely
manner.
To appreciate how misdirected the system has become, it's helpful
to first consider what kind of incentives should be at its heart. From
a public policy perspective, any rational approach to AML/CFT would be
risk-based, devoting the greatest majority of resources to the most
dangerous financial crimes and illicit activity. For example, law
enforcement and national security officials would prefer that banks
allocate significant resources to so-called financial intelligence
units (FIUs)--basically, in-house think tanks devoted to finding
innovative ways to detect and prevent serious criminal misconduct or
terrorist financing--or to following up on high-value suspicious
activity reports; or SARs.
Unfortunately, our AML/CFT regulatory system is focused elsewhere.
Large banks have been pushed away from risk-based approaches, because
their performance is not graded by law enforcement or national security
officials, but rather by bank examiners, who do not know of or consider
their successes. \2\ Instead, those examiners focus on what they know
and control: policies, procedures, and quantifiable metrics--for
example, the number of computer alerts generated, the number of SARs
filed, and the number of compliance employees hired. This means that a
firm can have a program that is technically compliant, but is not
effective at identifying suspicious activity, or is producing adverse
collateral consequences. The converse is also true (and frequently true
in practice).
---------------------------------------------------------------------------
\2\ See article by Bob Werner and Sabreen Dogar, ``Strengthening
the Risk-Based Approach'', in TCH Q3 2016 Banking Perspectives issue;
available at: https://www.theclearinghouse.org/research/banking-
perspectives/2016/2016-q3-banking-perspectives/strengthening-the-rba.
---------------------------------------------------------------------------
As a result, we have banks filing SARs that are in less than 10
percent of cases followed up on in any way. For certain categories of
SARs, the yield is close to 0 percent. Meanwhile, given the draconian
consequences of missteps and prohibitively high cost of compliance,
banks are exiting regions or businesses categorized by regulators as
high risk.
Specific Problems With the Status Quo
Background. The BSA/AML regime is primarily codified in the Bank
Secrecy Act (BSA), enacted in 1970 and amended periodically since then.
The Act requires financial institutions to keep certain records and
make certain reports to the Government, including reports on cash
transactions greater than $10,000. In the 1990s, the law was amended to
require financial institutions to detect and report their customers'
``suspicious'' transactions. Finally, in 2001, the USA PATRIOT Act
amended the BSA and imposed additional requirements on financial
institutions to, among other things, verify and record information
relating to the identity of their customers; and conduct enhanced due
diligence on correspondent banks, private banking clients and foreign
senior political figures.
Congress granted authority to implement the BSA to the Secretary of
the Treasury, thereby designating an agency with both financial and law
enforcement expertise as its administrator. \3\ The Secretary in turn
delegated most of these functions to FinCEN. The Secretary was also
given authority to examine financial institutions for BSA compliance,
which Treasury then delegated to various regulators according to
institution type. \4\ This has resulted in a regime where banking
agency examiners, with their safety-and-soundness focus, evaluate the
BSA/AML policies, procedures, and processes at the institutions they
supervise, while Treasury and law enforcement officials use the
information supplied by financial institutions to mitigate domestic and
international illicit finance threats. \5\
---------------------------------------------------------------------------
\3\ See 31 U.S.C. 5318(a)(2) and (h)(2). As recently as 2014, the
Secretary delegated that authority to FinCEN. See Treasury Order 108-01
(July 1, 2014).
\4\ See 31 CFR �1010.810(b).
\5\ As in other areas, regulators have imposed requirements
through guidance or manuals that are not published for comment, and can
conflict with valid FinCEN rules. See TCH letter to the Federal banking
agencies, ``Appropriate Implementation of FinCEN's Customer Due
Diligence Rule'', (December 14, 2017); available at https://
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
%2020171214_TCH_Letter_CDD_Rule_Implementation.pdf. See also The
Clearing House Letter to FinCEN, Re: RIN 1506-AB15--Advance Notice of
Proposed Rulemaking on Customer Due Diligence Requirements for
Financial Institutions (June 11, 2012); available at https://
www.theclearinghouse.org/-/media/files/association%20documents%202/
20120611%20tch%20comments%20on%20customer%20due%20diligence.pdf.
---------------------------------------------------------------------------
SAR Filings. A key obligation of banks under the current BSA
reporting regime--and the key area of focus by bank examiners--is the
filing of SARs. The current SAR reporting regime went into effect in
April 1996 as a way for banks to provide leads to law enforcement. The
process typically begins with an alert generated by a bank's monitoring
system, with a SAR filed in the event that investigation determines
that the activity is suspicious. For example, negative media reports on
an existing bank customer could trigger an alert, prompt an
investigation by a bank compliance department, and result in a SAR
filing.
In the current regulatory and enforcement climate, bank compliance
officers have powerful incentives to trigger as many alerts and file as
many SARs as possible, because those metrics demonstrate a quantifiable
culture of compliance. (There appears to be no case of a bank being
sanctioned for filing spurious SARs.) And even where no grounds for a
SAR filing are found, financial institutions can also spend a
significant amount of time documenting, for review by their examiners,
why they closed an alert without filing a SAR.
What gets measured gets done, and providing valuable intelligence
to law enforcement or national security agencies does not get measured;
writing policies and procedures and filing SARs does. So, almost two
million SARs are filed per year. \6\ Worse yet, SAR filing rules and
metrics fail to consider the relative severity of the offense. SAR
dollar thresholds have not changed in 21 years, and there is no dollar
threshold for so-called insider abuse (say, a teller stealing a small
amount of money). \7\ No Federal law enforcement agency would ever
prosecute the large and growing majority of offenses to which SAR
filings relate, and this is one reason the ``yield'' on SARs is
generally reported to be well under 10 percent, and close to 0 percent
for many types of SARs.
---------------------------------------------------------------------------
\6\ See ``SAR Stats'', available at https://www.fincen.gov/fcn/
Reports/SARStats. The total number of SARs filed in 2017 was 1,867,269.
\7\ See 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Board of
Governors of the Federal Reserve System) (Federal Reserve) 12 CFR 353
(Federal Deposit Insurance Corporation) (FDIC) 12 CFR 748 (National
Credit Union Administration) (NCUA) 12 CFR 21.11 and 12 CFR 163.180
(Office of the Comptroller of the Currency) (OCC) and 31 CFR 1020.320
(FinCEN) for Federal SAR regulations. The SAR requirement became
effective April 1, 1996, and dollar thresholds have not been raised
since.
---------------------------------------------------------------------------
In practice, almost all banks hire one of a handful of vendors who
construct rules for generating alerts: for example, three cash deposits
between $5,000 and $10,000 in a 3-week period, or a wire transfer over
$1,000 to a high-risk country (Mexico, for example). These crude rules
generate numerous alerts, and bank investigators must then clear the
alert or file a SAR. And examiners will be critical if the thresholds
for a given bank are set at a level that does not generate a large
number of alerts; so, in the event that a $1,000 threshold is not
generating many alerts, the bank may be told to lower the threshold to
$250, or even $0. Of course, it is widely understood that sophisticated
criminals know these rules, as the software is for sale and widely
distributed, and its rules do not change much over time.
Consider the potential for revolutionary change that artificial
intelligence therefore presents. AI does not search for typologies but
rather mines data to detect anomalies. It gets progressively smarter;
it would not be easily evaded; and different banks with different
profiles would end up producing different outcomes. The current system
is not progressing from typology to anomaly, however, because there has
been no signal whatsoever from the regulatory agencies that dollars can
be shifted from the existing, rules-based system to a better one.
To be clear, this is not a criticism of bank examiners, but rather
of the role the current system forces them to play. From a political
and personal risk perspective, they are in a no-win situation. On the
one hand, they are excluded when the bank they examine is pursuing real
cases with law enforcement, national security or intelligence community
officials, and therefore receive no credit when those cases are
successful. But if something goes wrong--if a corrupt official or
organization turns out to be a client of the bank they examine--the
examiner faces blame. Thus, from an examiner and banking agency
perspective, the only possible safe harbor is to demand more policies
and procedures, ensure that a lot of alerts are generated and SARs
filed, and encourage the bank to investigate exhaustively any client
deemed high risk. While all other aspects of banking--for example,
credit risk management--have risk appetites and tolerances, for AML/
CFT, there is none. And because banks know that the easiest way to get
in trouble is to fail to file a SAR when examiners subsequently
determine they should have, they probably spend more time documenting
decisions not to file SARs--papering the file--than they do following
up on SARs they do file. In other words, they are incentivized to
follow the noise, not the signal.
Enforcement trends have only served to exacerbate the impact of the
perverse incentives underlying our system; AML/CFT-related fines on
U.S. banks have increased exponentially over the past 5 years.
Certainly, there have been some egregious cases where enforcement
action was warranted, but many enforcement actions taken involve no
actual money laundering. Rather, they are based on a banking agency
finding that an insufficient number of alerts were being generated by
bank systems or that not enough SARs were filed. But the primary
problem with this enforcement history is not the size and number of
fines that are imposed periodically, but rather how those fines and
accompanying consent orders incentivize financial firms to allocate
their AML/CFT resources. Such orders uniformly result in the hiring of
more compliance personnel, the retention of consultants, the drafting
of more policies and procedures, and the direct involvement of the
board of directors, with resources reallocated to those functions, and
away from more proactive ones.
Derisking. Nowhere is this set of perverse incentives more clear
than in the push for banks to eliminate clients in countries or
industries that could end up creating political risk to examining
agencies. A recent set of articles in The Economist details the
unfortunate consequences that the misalignment in AML/CFT expectations
and standards has created as financial institutions have worked to
balance fear of enforcement and supervisory expectations with the AML
compliance costs of maintaining a global business. As the writers note,
``[d]erisking chokes off financial flows that parts of the global
economy depend on. It undermines development goals such as boosting
financial inclusion and strengthening fragile States. And it drives
some transactions into informal channels, meaning that regulators
become less able to spot suspicious deals. The blame for the damage
that derisking causes lies mainly with policymakers and regulators, who
overreacted to past money-laundering scandals.'' \8\
---------------------------------------------------------------------------
\8\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too
Risk-Averse'', The Economist, July 6, 2017, available at https://
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See
also ``A Crackdown on Financial Crime Means Global Banks Are
Derisking'', The Economist, July 8, 2017, available at https://
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
The causes of derisking are clear: the systems, processes, and
people required to manage examiner expectations for clients deemed to
be of ``higher risk'', are extremely costly. For example, a bank may
prepare a lengthy report on a customer only to be criticized for not
further documenting the grounds on which it decided to retain the
customer. Institutions are therefore required to make difficult
decisions, because it is often times too expensive to build out this
infrastructure to support higher risk accounts. And this does not even
include the risk of massive fines and reputational damage in the event
a customer designated high-risk actually commits a criminal act.
Similarly, domestically, banks of all sizes report that customer
due diligence (CDD) requirements have dramatically increased the cost
of opening new accounts, and now represent a majority of those costs.
Of course, disproportionate and heightened account opening requirements
make low-dollar accounts for low- to moderate-income people much more
difficult to offer and price. While the connection is not immediately
apparent, AML/CFT expense now is clearly an obstacle to banking the
unbanked, and a reason that check cashers and other forms of high-cost,
unregulated finance continue to prosper. The problem, of course, is
that bank examiners and Federal prosecutors seeking record fines do not
internalize those costs. And those in the Government who do internalize
those costs play no role in examining the performance of financial
institutions.
To put some numbers to the issue, one AML director recently
testified that his firm employs 800 individuals worldwide fully
dedicated to AML/CFT compliance, detection and investigation work, as
well as economic sanctions compliance. \9\ Today, a little over half of
these people are dedicated to finding customers or activity that is
suspicious. The remainder--and the vast majority of employees dedicated
to these efforts in the business and operations teams that support the
firm's AML program--are devoted to perfecting policies and procedures;
conducting quality assurance over data and processes; documenting,
explaining and governing decisions taken relating to their compliance
program; and managing the testing, auditing, and examinations of their
program and systems.
---------------------------------------------------------------------------
\9\ This number does not include other employees dedicated to
anti-money laundering or economic sanctions compliance in Bank of
America's lines of businesses, operations or technology teams. The over
800 employees in Global Financial Crimes Compliance at Bank of America
is greater than the combined authorized full-time employees in
Treasury's Office of Terrorism and Financial Intelligence (TFI) and the
Financial Crimes Enforcement Network (FinCEN).
---------------------------------------------------------------------------
The Great Opportunity Being Lost
This lack of focus on the goals of the system is especially
disheartening in an age in which emerging technology has the potential
to make the AML/CFT regime dramatically more effective and efficient.
One of the most pressing needs in enhancing the U.S. regime is to
enable financial institutions to innovate their anti-money laundering
programs and coordinate that innovation with their peers. As noted
above, artificial intelligence (AI) and machine learning could
revolutionize this area, and banks continue to discuss various concepts
for greater sharing of information. When the SAR requirement (and its
predecessor the criminal referral form) was first implemented,
relatively few reports were filed, and each SAR was read by someone in
law enforcement. Now, with banks and other financial institutions
employing tens of thousands of people and using computer monitoring to
flag potentially suspicious activity, almost two million SARs are filed
per year. \10\ Law enforcement generally reads SARs only if they are
specifically flagged by the institution, or if a word search identifies
it as relevant to an existing investigation.
---------------------------------------------------------------------------
\10\ SAR Stats, supra n. 6.
---------------------------------------------------------------------------
Thus, the role of a SAR in law enforcement has changed completely,
which is not necessarily a bad development. Because so much more data
is available, there is extraordinary potential for the use of AI and
machine learning to improve the system, as previously described. But
there are obstacles. AI strategies require feedback loops, which do not
exist in the current system. In addition, there are barriers to cross-
border information sharing of suspicious activity for global financial
institutions. \11\ As noted above, resources are trapped elsewhere and
several AML executives have reported that efforts to construct novel
approaches to detecting illegal behavior have resulted in examiner
criticism. Examiners have now also begun applying to bank AML models
the same model risk governance rules they adopted for capital
measurement, even though models are much more dynamic and have no
financial reporting consequence; as a result, it now takes months, as
opposed to weeks, to change an AML model to capture new behaviors,
which serves as a major disincentive to innovation. \12\
---------------------------------------------------------------------------
\11\ See TCH and FSR letter to the Treasury on its ``Review of
Regulations'', (``2017 Joint Trades Letter to Treasury on Review of
Regulations'') July 31, 2017, available at https://
www.theclearinghouse.org/sitecore/content/tch/home/issues/articles/
2017/07/
20170731%20tch%20and%20fsr%20comment%20on%20fincen%20and%20ofac%20regula
tions.
\12\ Id.
---------------------------------------------------------------------------
In sum, banks will be reluctant to invest in systems unless someone
in the Government can tell them that such systems will meet the banking
examiners' expectations, and can replace old, outdated methods--in
other words, that they will be rewarded, not punished, for innovation.
Until then, we have a database created for one purpose and being used
for another.
To get a sense of the potential for improvement, note that one bank
has publicly reported that it receives follow-up requests from law
enforcement on approximately 7 percent of the SARs it files, which is
consistent with other reports we have received. More importantly, for
some categories of SARs--structuring, insider abuse--that number is far
lower, approaching 0 percent. But no one can afford to stop filing SARs
in any category, because examination focuses on the SAR that was not
filed, not the quality or importance of the SAR that was filed.
Furthermore, in resolving this issue, we also must deal with the
``last piece of the puzzle'' problem. Law enforcement will report
anecdotally that it sometimes finds a low-dollar SAR of use as part of
a larger investigation--not as a lead but as the last piece in a large
puzzle. However, it is important to consider the opportunity cost of
that SAR--the resources necessary to produce it, and whether those
resources, if allocated elsewhere, would produce the first piece in a
more important puzzle. As an analogy, if law enforcement rigorously
enforced jaywalking rules, it would occasionally capture a wanted
fugitive, but no one would consider that a good use of finite law
enforcement resources. Again, a core problem with the current regime is
that there is an absence of leadership making choices like these.
The Beginning of a Solution
In early 2017, TCH issued a report offering recommendations on
redesigning the U.S. AML/CFT regime to make it more effective and
efficient. This report reflects input from a wide range of
stakeholders, including foreign policy, development and technology
experts. \13\
---------------------------------------------------------------------------
\13\ See The Clearing House, ``A New Paradigm: Redesigning the
U.S. AML/CFT Framework To Protect National Security and Aid Law
Enforcement'', (TCH AML/CFT Report) (February 2017), available at
https://www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/
2017/20170216_TCH_Report_AML_CFT_Framework_Redesign.pdf. See also TCH
press release ``The Clearing House Publishes New Anti-Money Laundering
Report'', (February 16, 2017), available at https://
www.theclearinghouse.org/press-room/in-the-news/
29170216%20tch%20aml%20cft%20report.
---------------------------------------------------------------------------
The most important recommendation in the report is for the
Department of the Treasury to accept--or, better yet, claim--
responsibility for the system. That includes convening on a regular
basis the end users of SAR data--law enforcement, national security and
others affected by the AML/CFT regime including the State Department--
and setting goals and priorities for the system. Treasury is uniquely
positioned to balance the sometimes conflicting interests relating to
national security, the transparency and efficacy of the global
financial system, the provision of highly valuable information to
regulatory, tax and law enforcement authorities, financial privacy,
financial inclusion, and international development.
Such a process has a clear precedent. The National Security
Strategy (NSS) is a document prepared periodically by the National
Security Council (NSC) for submission to Congress which outlines the
major national security concerns of the United States and how the
Administration plans to deal with them. The strategy is developed by
the NSC through an iterative, interagency process to help resolve
internal differences in foreign policy/national security agendas and
effectively communicate priorities to a number of different audiences.
There's also the National Intelligence Priorities Framework (NIPF),
which is used to establish national priorities for the intelligence
community. \14\ We believe that measurable outcomes or goals should be
clearly and specifically defined for each component of our Nation's
AML/CFT regime (including the anti-money laundering programs in
financial institutions), and then agreed upon ways to measure the
achievement of those outcomes or goals should be set and reported. From
these outcomes or goals, priorities should be set regularly for the
AML/CFT regime and promptly revisited when new risks emerge. We believe
this is the best way to build a regime that is ultimately effective in
achieving the desired outcome of a robust and dynamic national AML/CFT
regime that can efficiently and quickly adapt to address new and
emerging risks. For financial institutions, we believe that such an
exercise would change the focus from technical compliance with
regulations or guidance, to building anti-money laundering programs
that achieve the clearly articulated desired and measurable outcomes or
goals of the regime. And we believe that setting measurable outcomes or
goals, and then tracking progress to the achievement of these goals, is
the best way to build anti-money laundering programs and a national
AML/CFT regime that are both effective and efficient.
---------------------------------------------------------------------------
\14\ See Intelligence Community Directive Number 204--``Roles and
Responsibility for the National Intelligence Priorities Framework'',
(September 13, 2007); available at https://www.dni.gov/files/documents/
ICD/ICD_204.pdf.
---------------------------------------------------------------------------
Reform must also recognize that of the roughly one million SARs
filed annually by depository institutions (banks and credit unions),
approximately half are filed by only four banks. Whereas a small to
mid-sized bank might file a handful of SARs per year, the largest banks
file roughly one SAR per minute. These are the same banks that are
internationally active, and therefore present almost all of the most
difficult policy questions with respect to derisking. Certainly, reform
is warranted for smaller firms, where the cost of filing that handful
of SARs is wildly disproportionate to its benefit. But if the goal is
to catch dangerous criminals, identify terrorist activity, and reduce
collateral damage to U.S. interests abroad, FinCEN need focus its
examination energy on only a very few firms. This creates an
extraordinary opportunity.
We estimate that an examination team of only 25-30 people at FinCEN
could replicate the existing work of the Federal banking agencies and
the IRS (for the largest MSBs) at the largest, most internationally
active institutions. More importantly, a dedicated FinCEN exam team for
this small subset of large institutions could receive appropriate
security clearances, meet regularly with end users and other affected
parties, receive training in big data and work with other experts in
Government. They in turn would be supervised by Treasury officials with
law enforcement, national security, and diplomatic perspectives on what
is needed from an AML/CFT program--not bank examiners with no
experience in any of those disciplines. And when FinCEN turned to
writing rules in this area, it would do so informed by its experience
in the field. It would see the whole battlefield, and promote
innovative and imaginative conduct that advanced law enforcement and
national security interests, rather than auditable processes and box
checking.
Remarkably, this arrangement is exactly what Congress intended and
authorized. In the Bank Secrecy Act, Congress granted FinCEN, not the
banking agencies, authority to examine for compliance. However, over 20
years ago, FinCEN delegated its supervisory authority to the Federal
banking agencies, while retaining enforcement authority. At the time
the delegation was made, FinCEN's decision was logical, even
inevitable. The agency had few resources, and insufficient knowledge of
the banking system. Furthermore, the Nation had over 10,000 banks, and
those banks were more alike than different. \15\ Restrictions on
interstate banking meant that there were no truly national banks, and
U.S. banks generally were not internationally active. As a result,
there was no real basis by which FinCEN could have distinguished among
banks. Given the choice between supervising 10,000 banks or none, it
logically chose none, effectively sub-contracting its statutory duties
in this area to the banking agencies. \16\
---------------------------------------------------------------------------
\15\ See ``Commercial Banks in the U.S., Economic Research of the
Federal Reserve Bank of St. Louis'' available at https://
fred.stlouisfed.org/series/USNUM.
\16\ In addition, in 1986, Congress granted the Federal banking
agencies authority to prescribe regulations requiring banks to comply
with the Bank Secrecy Act, and examine for such compliance. See 31 CFR
�1010.810. As the rule notes ``[o]verall authority for enforcement and
compliance, including coordination and direction of procedures and
activities of all other agencies exercising delegated authority under
this chapter, is delegated to the Director, FinCEN.'' Id. �1010.810(a).
See also 12 U.S.C. �1818(s).
---------------------------------------------------------------------------
Importantly, the benefits of a FinCEN examination function would
extend well beyond the handful of banks it examined. Priorities set and
knowledge learned could be transferred to regulators for the remaining
financial institutions. And innovation started at the largest firms,
with encouragement from FinCEN, would inevitably benefit smaller firms.
The result of FinCEN assuming some supervisory authority would be a
massive cultural change, as the focus shifted to the real-world
effectiveness of each institution's AML/CFT program, rather than the
number of SARs filed or number of policies written. That change would
start with those banks under sole FinCEN supervision, but would
eventually spread to all institutions.
(In that regard, I testified last year alongside a community banker
who reported that his three-branch bank has four lending officers--and
six AML compliance officers. \17\ While my testimony has focused on
challenges faced by the largest banks, the AML/CFT regime is no more
rational when imposed on the smallest.)
---------------------------------------------------------------------------
\17\ See Testimony of Lloyd DeVaux before the House Financial
Services Committee Subcommittee on Financial Institutions and Consumer
Credit, June 28, 2017, available at https://
financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-ldevaux-
20170628.pdf.
---------------------------------------------------------------------------
Relatedly, TCH recommends that Treasury undertake a review of the
BSA/AML reporting regime to ensure information of a high degree of
utility is reported to law enforcement as well as encourage the
exchange of AML/CFT information between the Government and the private
sector as well as between and among financial institutions. We applaud
FinCEN's recently announced ``Exchange'' program which aims to
strengthen public-private sector AML/CFT information sharing by
convening regular briefings between FinCEN, law enforcement and
institutions. Such sharing not only makes financial institutions'
programs more effective and efficient, it assists in focusing their
resources on important matters.
Finally, one important change to the current system that requires
new legislation is ending the use of shell companies with anonymous
ownership. Here, the United States trails the rest of the world, and
has been criticized by the Financial Action Task Force for being a
shelter for criminals or kleptocrats seeking to launder money by
adopting the corporate form and cloaking their ownership. \18\ There
may be valid reasons why corporate owners would want to keep their
ownership secret from the broader public; however, it is difficult to
imagine a valid reason why corporate owners would want to keep their
ownership secret from the State incorporating them, law enforcement,
and a financial institution that is legally obligated to determine that
ownership in the exercise of its BSA/AML obligations. The Clearing
House strongly urges Congress to adopt such legislation promptly, and
is pleased to see bicameral, bipartisan support for it.
---------------------------------------------------------------------------
\18\ See FATF Anti-money laundering and counterterrorist financing
measures, Mutual Evaluation of the United States (December 2016) at 18
available at http://www.fatf-gafi.org/media/fatf/documents/reports/
mer4/MER-United-States-2016.
---------------------------------------------------------------------------
In conclusion, I thank you for inviting me today and focusing
Congressional attention on such an important topic. I look forward to
your questions.
______
PREPARED STATEMENT OF DENNIS M. LORMEL
President and Chief Executive Officer, DML Associates, LLC, and Former
Chief, FBI Financial Crimes Program
January 9, 2018
Good morning Chairman Crapo, Ranking Member Brown, and
distinguished Members of the Committee. Thank you for the opportunity
to testify before you today. My name is Dennis M. Lormel. I have been
engaged in the fight against money laundering, financial crimes,
terrorist financing and other forms of illicit finance for 45 years. I
served in the U.S. Government for 31 years, 28 of which I served as a
Special Agent in the Federal Bureau of Investigation (FBI). I amassed
extensive investigative experience in complex and labor intensive
financial investigations as a street agent, first line supervisor,
middle manager, and senior executive. In 2000, I was promoted to Chief
of the Financial Crimes Section, in the FBI's Criminal Division.
Following the terrorist attacks of September 11, 2001, I formulated,
established and led the Terrorist Financing Operations Section (TFOS)
within the FBI's Counterterrorism Division. During my FBI career, I was
the direct beneficiary of Bank Secrecy Act (BSA) data to include
currency transaction reports (CTRs) and suspicious activity reports
(SARs). I experienced firsthand the value BSA data brought to
investigations. This was especially true after 9/11. One of our
important initiatives was a datamining project which included SAR
reporting. For the past 14 years, I have been a consultant, primarily
working in the financial services industry, in the anti-money
laundering (AML), terrorist financing and financial crimes prevention
community. In this capacity, I have worked with private sector clients
to improve the effectiveness and efficiency of BSA reporting.
My Government investigative and private sector consulting
experience has provided me a unique opportunity to understand and
appreciate two very distinct perspectives regarding the BSA. Two of the
principal stakeholders of the BSA are law enforcement and financial
institutions. Putting this in the context of the flow and utilization
of financial information, law enforcement is the back end user and
beneficiary of BSA data. Financial institutions serve as the front end
repository and custodian of financial intelligence. Financial
institutions also serve the critical function of being the monitor for
identifying and reporting suspicious activity and other BSA data to law
enforcement. Simply put, law enforcement uses BSA data to predicate or
enhance investigations from a tactical standpoint. Law enforcement also
uses BSA data for strategic purposes. From a simplistic standpoint, the
flow of BSA data that is continuously filtered to law enforcement is
invaluable. When you layer the complexities of regulatory compliance
requirements over the monitoring and filtering process financial
institutions must follow, the effectiveness and efficiency of BSA
reporting from the front end monitor to the back end beneficiary,
becomes flawed.
My point is that the BSA system is not broken. The system is
fraught with many inefficiencies but it works. Law enforcement
consistently receives valuable intelligence from BSA data. The
challenge is that the BSA system can and should be much more effective
and efficient. In this context, I applaud the Committee for dedicating
the time to assess the effectiveness and efficiency of BSA enforcement
and considering reform measures to strengthen BSA reporting
requirements.
I'd like to take the opportunity to commend the Clearing House for
having issued their report in February 2017 ``A New Paradigm:
Redesigning the U.S. AML/CTF Framework to Protect National Security and
Aid Law Enforcement''. I believe the report is a good point of
reference to initiate discussion for reform consideration. I laud the
Clearing House for recognizing the importance of including all
stakeholders in the discussion. I was not involved in the two
symposiums held to formulate the report. One concern I have about the
report is the actual extent to which law enforcement was included as a
contributing stakeholder. In my view, law enforcement is the most
important stakeholder because the BSA was intended to assist law
enforcement. When the report was issued, I contacted then current law
enforcement executives in positions like I held and none were included
in the deliberations. I encourage the Committee to include a variety of
active and former law enforcement executives in your ongoing dialogue
and efforts to strengthen the BSA.
The BSA was passed in 1970 with the legislative purpose of
generating reports and records that would assist law enforcement in
following the money and developing prosecutable criminal cases. Since
passage of the BSA, additional legislation has periodically been
enacted to enhance regulations. Most notably, passage of the USA
PATRIOT Act established a host of new measures to prevent, detect, and
prosecute those involved in money laundering and terrorist financing.
Going forward, deliberations to enhance the BSA should focus on
systemic vulnerabilities, evolving technology, emerging trends and
opportunities to leverage public and private partnerships and
information sharing with an eye on continuing to enhance law
enforcements investigative ability.
As noted in the introduction of the BSA, ``the implementing
regulations under the BSA were originally intended to aid
investigations into an array of criminal activities, from income tax
evasion to money laundering. In recent years, the reports and records
prescribed by the BSA have also been utilized as tools for
investigating individuals suspected of engaging in illegal drug and
terrorist financing activities. Law enforcement agencies have found
CTRs to be extremely valuable in tracking the huge amounts of cash
generated by individuals and entities for illicit purposes. SARs, used
by financial institutions to report identified or suspected illicit or
unusual activities are likewise extremely valuable to law enforcement
agencies''. This statement is a true reflection of BSA reporting.
However, there is a troubling back story about perceived regulatory
expectations that have resulted in systemic inefficiencies.
Regardless of the extent or effectiveness of BSA regulations,
criminals and terrorists must use the financial system to raise, move,
store and spend money in order to sustain their illicit operations and
enterprises. The reality is that no matter how robust an anti-money
laundering (AML) program is, it cannot detect all suspicious activity.
The BSA standard is that financial institutions maintain AML programs
that are reasonably designed to detect and report suspicious activity.
One of the regulatory challenges confronting financial institutions
today is the question: What constitutes a reasonably designed AML
program? Regulatory expectations, either real or perceived, have caused
financial institutions to lose sight of the purpose of BSA reporting
and have consequently led to many of the systemic inefficiencies of BSA
reporting.
In using the financial system, criminals and terrorists are
confronted with distinct contrasts. On one hand, the financial system
serves as a facilitation tool enabling bad actors to have continuous
access to funding. On the other hand, the financial system serves as a
detection mechanism. Illicit funds can be identified and interdicted
through monitoring and investigation. Financing is the lifeblood of
criminal and terrorist organizations. At the same time, financing is
one of their major vulnerabilities. At the basic core level of the
front end and back end data process flow, BSA reporting works and is
more apt to serve as the intended detection mechanism. The more
convoluted and distracting the regulatory process becomes, the greater
the likelihood that the financial system serves as a facilitation tool
for criminals and terrorists.
There are a number of vulnerabilities or high risk areas in the
financial system that criminals and terrorists exploit. I categorize
them as criminal activity and facilitation tools bad actors use to
exploit their ill-gotten gains derived from their criminal activity.
The biggest crime problems we encounter include fraud and money
laundering. Most criminal activity, other than select violent crimes,
includes elements of fraud and money laundering. Drug trafficking,
human trafficking, corruption, and other crimes contain elements of
fraud and require money laundering. Some of the more significant
facilitation tools include wire transfers, correspondent banking, shell
companies (beneficial ownership), illegal money remitters (informal
value transfer systems), non-Government organizations, credit and debit
cards, and electronic mechanisms. In my experience, one of the biggest
areas of vulnerability in the financial system is identifying illegal
money remitters.
One facilitation tool that consistently garners Congressional
attention is the issue of beneficial ownership. Year after year,
potential bills are introduced regarding beneficial ownership. I
strongly encourage the Committee to consider beneficial ownership
legislation as an enhancement to the BSA. Throughout my law enforcement
career, I dealt with the challenge of shell companies and identifying
true beneficial owners. Based on my experience, I believe beneficial
ownership should be required by Secretaries of States, at the point of
incorporation. On May 11, 2016, the Financial Crimes Enforcement
Network (FinCEN) issued Customer Due Diligence Requirements for
Financial Institutions (the COD Rule). The rule strengthens existing
customer due diligence (CDD) requirements and requires banks to
identify and verify the beneficial owners of legal entity customers.
Financial institutions are in the process of implementing COD
requirements. If identification of beneficial ownership were required
at point of incorporation, the burden on financial institutions would
be lessened.
Regarding the BSA, it is important that all stakeholders be engaged
in the discussion and deliberation to improve the effectiveness and
efficiency of BSA reporting and enforcement. More importantly, all
stakeholders should be involved in breaking down real or perceived
regulatory impediments. In each of our areas of responsibility, all BSA
stakeholders should strive to exploit the financial vulnerability of
criminals and terrorists by ensuring the financial system serves as a
detection mechanism disrupting illicit funding flows. Although the BSA
system works, it is flawed and lacks the effectiveness and efficiency
it was intended to achieve.
The starting point toward improving the effectiveness and
efficiency of BSA reporting is to improve the current system through
building meaningful and sustainable public and private sector
partnerships beginning with BSA stakeholders, including the financial
services industry, regulators, policy makers, sanctioning authorities,
intelligence experts, law enforcement, legislatures and other
stakeholders. We need to start by improving the efficiencies of our
current system by breaking down impediments. We then need to determine
what enhancements to regulations should be considered.
Building meaningful and sustainable partnerships begins with
understanding perspectives. Each stakeholder partner possesses a
perspective based on their professional responsibilities and
experience. Each of our perspectives will be somewhat unique.
Understanding and blending the perspectives of our partners will enable
us to establish a middle ground to improve or build efficiencies upon.
As this process evolves, we can leverage the capabilities and capacity
of our partners. This type of evolution sets the stage for developing
innovative ideas and proactive measures.
One of the inherent disadvantages we have in our financial system
and AML environment is that we are reactive. Criminals and terrorists
have the advantage of being proactive. Our ability to add innovative
ideas and proactive measures to an otherwise reactive system can
achieve impactful investigative results. In fact, there have been
recurring innovative and proactive law enforcement investigations. I
speak from firsthand experience when I talk about developing proactive
techniques. I can point to specific proactive law enforcement
initiatives following 9/11 that were the direct result of innovative
public and private sector partnerships. My emphasis here is we can be
innovative within the current framework. We can also improve the
current landscape through enhancements to encourage and/or incentivize
innovation. For example, financial institutions conduct baseline
transaction monitoring to alert to anomalies that can lead to
identification of suspicious activity. By developing rule sets and
scenarios that are targeted to specific transactions or financial
activity, we are more likely to identify specific or targeted
suspicious activity regarding specific crime problems such as human
trafficking. Financial institutions are reluctant to employ targeted
monitoring initiatives because of concern for the potential regulatory
expectations or other perceived impediments such innovative thinking
could incur.
Included as an attachment to my testimony is an article I wrote in
2011 for publication by the Association of Certified Anti-Money
Laundering Specialists (ACAMS) titled ``Perspectives. Partnerships and
Innovation''. As an example of innovative and proactive targeted
monitoring, the article details the public and private partnership of a
special AML investigative team at JPMorgan Chase (JPMC) in 2009, with
Homeland Security Investigations (HSI), Immigration and Customs
Enforcement (ICE). I provide extensive training to the financial
services industry regarding AML, terrorist financing, fraud,
investigations, suspicious activity reporting and related topics. I
frequently site the JPMC and ICE collaboration as one of the best
models for partnerships and innovation. One of the accomplishments of
this collaboration was the effective and efficient use of BSA data
based on targeted monitoring against human trafficking. The attached
article also provides a sense of leveraging perspective and, the
regulatory and collateral challenges financial institutions face by
endeavoring to be innovative.
As an extension of public and private partnerships, we should
consider how to improve information sharing. The PATRIOT Act provided
us with information sharing vehicles such as Section 314(a) where
financial institutions can share financial information with law
enforcement and Section 314(b) where financial institutions can share
information with each other. Efforts should be made to enhance Section
314 information sharing in the current environment. In addition, any
proposed enhancements to the BSA should consider additional information
sharing mechanisms. The more we can do to enhance information sharing,
the more meaningful information will be for law enforcement and the
more detrimental to criminals and terrorists. During their plenary
session in June 2017, the Financial Action Task Force (FATF) stressed
the importance of information sharing to effectively address terrorist
financing. I have always been a huge proponent of information sharing
to the extent legally allowable.
One of the most productive examples of public and private sector
partnership, and information sharing, is the Joint Money Laundering
Intelligence Task Force (JMLIT) in the United Kingdom (U.K.). JMLIT was
formed by the Government National Crimes Agency (NCA) in partnership
with the financial sector to combat high end money laundering. JMLIT
was established as a business-as-usual function in May 2016. It has
been developed with partners in Government, the British Bankers
Association, law enforcement and more than 40 major U.K. and
international banks. I'm hopeful that the U.S. can assess and work
through information sharing and privacy concerns in order to replicate
the U.K. JMLIT model.
With respect to terrorist financing, any legislative enhancement to
the BSA should consider facilitating obtaining security clearances for
select financial institution personnel. In most instances, law
enforcement is precluded from sharing classified information with
financial institutions. If financial institutions had select personnel
with a security clearance and they could gain access to select
classified information, they would be able to either search for
specific financial information or establish targeted monitoring
initiatives to identify specific financial intelligence that would be
meaningful to classified or otherwise sensitive counterterrorism
investigations.
Throughout my career, I have worked closely with financial
institution AML and fraud compliance professionals. I have the utmost
respect for their dedication and commitment to protecting the integrity
of their financial institutions and for identifying the misuse of the
financial system by bad actors. Next to my former law enforcement
colleagues, I hold my friends in AML and fraud compliance in the
highest regard. It is important to note that the BSA shortcomings we
face are systemic problems caused by multiple factors and not by groups
of individuals. One of the positive trends evolving within financial
institutions, in part, founded on the dedication factor of AML
professionals that I complimented, is the formation of financial
intelligence units and/or special investigations teams established to
deal with terrorist financing and emergency response situations such as
the Panama Papers, the FIFA scandal and human trafficking. In addition
to developing proactive mechanisms, like targeted monitoring, these
teams have developed ``urgently'' reactive capabilities to respond to
terrorist and emergency situations requiring immediate response. As I
mentioned earlier, AML programs are inherently reactive. One of the
best reactive mechanisms we possess is negative news reporting. For
example, when terrorist incidents like the attacks in New York in
October and December 2017 occurred, as soon as the names of the
perpetrators are announced, these special investigations teams
immediately run the perpetrator names through their systems and should
they identify accounts or transactional activity involving those
individuals, they immediately contact law enforcement.
Like the JPMC and ICE human trafficking targeted monitoring program
I mentioned, I'm aware of a major bank that has formed a special
investigative team to similarly search for human trafficking that could
be related to a forthcoming major sporting event. I' m not at liberty
to further identify the financial institution or circumstances.
However, it is important to note that financial institutions and law
enforcement do participate in targeted monitoring projects and when
they are able to do so, BSA data flows from the front end monitor (a
financial institution) to the back end beneficiary (law enforcement) in
a timely and, effective and efficient manner.
I encourage all financial institutions to establish special
investigations or critical incident response teams. I teach and view
these teams analogous to law enforcement Special Weapons and Tactics
(SWAT) teams. SWAT officers receive regular intensive training to deal
with dangerous emergency response situations. Most SWAT officers have
other primary law enforcement assignments, and SWAT is a collateral
duty. Financial institution SWAT or critical incident response or
special investigations teams should also receive special training for
dealing with emergency response and targeted proactive investigative
situations. Regardless of the size of a financial institution, all
financial institutions should establish special investigative teams to
identify and report targeted suspicious activity. Whether the team is a
unit or one investigator, all financial institutions should develop
emergency response capabilities.
In my training programs regarding money laundering, fraud and
terrorist financing, I stress the importance of situational awareness.
Situational awareness is being aware of and responsible for your
physical surroundings regarding your personal safety and security. If
you see something, say something. The same principles apply to money
laundering, fraud and terrorist financing. You need to be situationally
aware of and understand the flow of funds for illicit purposes. Much
the same, we all need to be situationally aware of the vulnerabilities
to the financial system and ensure the BSA is as effective and
efficient as it can be.
The most important BSA report is a SAR. In most instances, the
biggest regulatory compliance breakdown resulting in some sort of
enforcement or regulatory action is the failure to file SARs or to
adequately file SARs. I cannot underscore enough that law enforcement
is the direct beneficiary of SARs. Regardless of systemic
inefficiencies, law enforcement consistently benefits from SAR filings.
SARs are used tactically to predicate and/or enhance criminal
investigations. SARs are also used strategically for analytical
purposes. When attempting to measure effectiveness and efficiency of
SAR filing, we cannot solely rely on the percentage of SARs filed
versus the number of SARs used to predicate or enhance an
investigation. We must also factor in how SARs are used strategically
for trend analysis and analytical purposes. Finding accurate metrics to
determine the effectiveness and efficiency of SAR filing is extremely
difficult.
When I was in law enforcement, I used SARs for both strategic and
tactical purposes. When I was Chief of TFOS at the FBI, we established
a financial intelligence unit. I wanted to know on a recurring basis
what were the emerging threat trends, as well as emerging crime
problems. SARs were one of the data sets we used for such trend
analysis. We also used SARs for tactical purposes in furtherance of
investigations. We used financial intelligence, some of which was
derived from BSA data, to include SARs and CTRs, for tactical proactive
investigations and for tactical reactive or more traditional ``books
and records'' ``follow the money'' investigations. We used datamining
technology for both strategic and tactical initiatives. I believe that
the FBI continues to use BSA data for strategic and tactical
investigative purposes.
I developed a flow chart I use for training purposes describing the
``lifecycle'' of a SAR. It tracks a SAR from the point of origin when
it's filed with FinCEN through both regulatory and law enforcement
review and investigative tracks. During their lifecycle, some SARs go
directly to support investigations and some remain in the SAR database.
A number of SARs that go into the SAR database will be used to support
investigations at later times. Regardless of whether SARs are used to
support investigations, they will be used in datamining initiatives to
develop trend analysis or other strategic analyses.
Following my retirement from the FBI and as I have gained more of a
financial institution perspective, based on my experience as a
consultant, I have become more sensitive to the perceived lack of
feedback to financial institutions from FinCEN and law enforcement
regarding the value of SARs and how SARs should be written to get law
enforcements attention. FinCEN has done a good job of discussing the
value of SARs in their SAR Activity Review publications. In recent
years, FinCEN has recognized financial institution personnel as the
front end provider and law enforcement agents as the back end consumer
for outstanding investigations involving BSA data.
When I was Chief of Financial Crimes, and subsequently TFOS, I had
frequent meetings with Jim Sloan. During that time period, Mr. Sloan
was Director of FinCEN. We often discussed developing a SAR feedback
mechanism from law enforcement through FinCEN to financial
institutions. There were many impediments that existed at the time,
much as they continue to exist today, that precluded us from developing
a consistent feedback mechanism. Some impediments include the ongoing
nature and secrecy of Federal grand jury investigations, the time lapse
from when a SAR was filed and an investigation completed, resource
constraints and other factors. Feedback regarding SARs warrants further
consideration. This is an area where the Committee should consider
dialogue with FinCEN and senior law enforcement executives.
The law enforcement utilization of SARs, as I have described how I
used SARs as an FBI executive, was more at a program level than at the
grass roots investigations level. At the program level there is a
greater use of datamining and advanced analytics. At the grass roots
field level, SARs are dealt with more in the form of individual manual
reviews where each SAR is physically reviewed. For example, every U.S.
Attorney's Office has a SAR review team. Even though the SAR review
teams use excel spreadsheets and other analytics, they review SARs by
hand. The reason this is important for the Committee is at the program
level, I was more inclined to want to see more SARs filed. For our
datamining purpose, more was better. At the grass roots level, SAR
review teams would prefer to see less numbers of SARs filed. In this
context, less is better. As a field agent and middle manager, I
reviewed SARs manually, and I understand the grass roots perspective as
well as the program perspective. Therefore, it is incumbent that as the
Committee proceeds, you speak to a variety of law enforcement
stakeholders to gain the best context available.
One final issue where law enforcement should be the primary
stakeholder to potential legislation is the issue of CTR and SAR
reporting thresholds. Since SARs were first implemented, the reporting
thresholds have been the same. Periodically, banking associations and
financial institutions have recommended that reporting thresholds be
adjusted to account for inflation. I strongly believe that CTR and SAR
reporting thresholds should remain as they are. Law enforcement would
lose valuable financial intelligence if thresholds are raised. This is
especially true for terrorist financing, where our primary threat is
from homegrown violent extremists. My sense is that when we identify
homegrown violent extremists and financial institutions run their
names, a high percentage of them will have transactional activity
involving CTRs.
As I've stated, at the core level, the flow of BSA data from the
front end provider (financial institutions) to the back end consumer
(law enforcement) is good. When financial institutions can be proactive
and more targeted in their monitoring and reporting, the BSA data they
provide is more effective and efficient. When the data flow becomes
convoluted and more constrained, the system becomes more flawed and
ineffective and inefficient.
Thank you again for affording me the opportunity to testify today.
I look forward to responding to any questions you have.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
______
PREPARED STATEMENT OF HEATHER A. LOWE
Legal Counsel and Director of Government Affairs, Global Financial
Integrity
January 9, 2018
Thank you for the opportunity to testify before you today on the
subject of Combating Money Laundering and Other Forms of Illicit
Finance and the Opportunities to Reform and Strengthen BSA Enforcement.
I hope that my contributions to today's hearing will help you take
measured and informed decisions that are in the public's interest with
respect to the U.S.'s anti-money laundering (AML) regime as set forth
in the Bank Secrecy Act (BSA).
Money laundering is a vast subject and there are many different
facets that it would be worthwhile for this Committee to examine. I
will discuss some of those areas in my testimony today but, as I am
sure you will discover as we delve deeper into the topic, there may be
a great deal more that you wish to explore moving forward. I am happy
to assist to the extent that I can.
In my testimony, I will provide information and opinions regarding
the following: Trends in compliance, Suspicious Activity Reports
(SARs), Know Your Customer (KYC)/Customer Due Diligence (CDD), and the
balance of activity and obligations between the Financial Crimes
Enforcement Network (FinCEN) and the private sector. Some of my remarks
will directly address recent proposals by The Clearing House in their
publication ``A New Paradigm: Redesigning the U.S. AML/CFT Framework to
Protect National Security and Aid Law Enforcement'', as I am sure that
you are giving consideration to those proposals. (CFT refers to
countering the financing of terrorism.)
Some of the key points that I will be making in my testimony are:
1. Money laundering and the technology that can help us combat it
are both evolving and, in light of this, it is appropriate to
consider whether changes to our regulatory structure should be
made. Equally, however, it is critical that Congress consider
and carefully weigh the potential benefits against potential
negative ramifications before making decisions in this area.
2. Enforcement against money laundering is primarily through
identification of regulatory infractions as opposed to through
criminal charges of actual money laundering. This may be
because it is much easier to find evidence of regulatory
infractions, the burden of proof is lower, and it is far less
costly for the Government than pursuing a criminal money
laundering charge, and there is a clear dissuasive effect.
Despite this, when we look at the cases where enforcement was
merely through identification of deficiencies of AML systems
and filing requirements, the hallmarks of serious criminal
money laundering are there in the cases. As a result,
decreasing the ability to enforce using the regulatory approach
may have serious, negative repercussions on compliance and,
ultimately, criminal access to the U.S. banking system.
3. It is critical that information about the natural person(s) who
own or control companies (the beneficial owners) is finally
collected by either the State or Federal Government and is made
available to law enforcement and to financial institutions.
Companies with unknown or hidden ownership are the number one
problem in the AML world and the U.S. cannot continue to allow
our failure to act to put the U.S. and global financial system
at risk.
4. I would strongly caution against transferring responsibility for
setting AML priorities for individual banks from those banks to
FinCEN. Banks are best placed to understand their business and
their systems and the money laundering risks inherent therein,
and create the systems that work best in their business models
to combat money laundering. FinCEN and/or other regulators
should review those assessments but cannot be responsible for
carrying them out.
5. The Clearing House recommends greater information sharing among
banks and with the Government in a number of ways. While we
generally support greater sharing of information in the AML
area, it must be done with appropriate privacy safeguards.
Where it may result in a person being denied banking services
at all, there must be a system for redress for people to be
able to restore that access if they can demonstrate that they
are involved in legitimate activity.
6. Transferring raw banking data from banks to FinCEN to analyze
(with appropriate privacy safeguards) is not a bad idea.
However, it is essential that we do not absolve banks of the
responsibility to carry out their own analysis as well, which
they have the ability to review within the context of the
additional client information that they have, because they are
the gatekeepers to the financial system. The Federal Government
cannot do this alone.
7. AML compliance and reporting is undertaken by a wide range of
entities and persons, going far beyond the banking sector. Any
proposed changes should consider the implications for all of
these types of entities and persons.
8. Some types of entities and persons should be required to have AML
programs in place that currently do not, such as those involved
in real estate closings, lawyers, and others. The banking
sector cannot and should not carry this responsibility alone,
especially where these persons act as a proxy to open the door
to the financial system for criminals and their money.
9. Suspicious Activity Reports are meant to be just that, reports of
``suspicious'' activity. Requiring bank employees to determine
if activity is in fact illegal before filing a SAR would be
counterproductive for a number of reasons, including increasing
the burden on bankers who would consequently have to make a
new, legal determination.
10. Congress should request from the various regulators data
regarding formal and informal enforcement actions pertaining to
AML/BSA violations and deficiencies so that they are able to
independently asses the appropriateness of the enforcement
regime currently in place.
11. Both small banks and large banks have been the subject of major
money laundering cases.
12. Money laundering and sanctions violation cases over the past few
years relate to willful, knowing, and egregious violations of
U.S. laws and regulations that have resulted in U.S. and
foreign banks granting access to hundreds of millions of
dollars in funds supporting genocide and funds supporting
major, violent South American drug cartels into our system, to
name a few examples. The fines that have resulted from these
cases have been seen by the banking industry as heavy and so
banks have begun to take AML regulations that have been in
place for many years more seriously as the possibility and
repercussions of enforcement have increased. I would therefore
remind Members of Congress that the regulatory ``burden'' has
not actually been increasing, the threat of being found out is
what has actually increased.
Preface: Who Has AML Compliance Responsibilities?
One thing to keep in mind for the purposes of AML is that the term
``financial institution'' (FI) is defined very broadly and encompasses
a much wider range of types of entities than most people realize. Being
classified as a financial institution means that an entity must
generally have some sort of AML compliance in place, with the main
types of FIs \1\ being required to have an AML compliance program,
conduct customer due diligence and know your customer checks, monitor
accounts, and file suspicious activity reports and currency transaction
reports. I have included the definition of ``financial institutions''
at the end of this testimony for information. Today you have before you
representatives from three banking associations, but it is important to
consider that any changes to the AML/CFT regime will affect a much
wider range of entities and persons, such as currency exchanges,
casinos, dealers in precious metals, stones or jewels, pawn brokers,
and insurance companies, which you should also factor into your
decision making.
---------------------------------------------------------------------------
\1\ This includes insured banks, commercial banks, agencies or
branches of a foreign bank in the U.S., credit unions, savings
associations, corporations acting under section 25A of the Federal
Reserve Act 12 U.S.C. 611, trust companies, securities broker-dealers,
futures commission merchants (FCMs), introducing brokers in commodities
(IBs), and mutual funds. FATF Mutual Evaluation Report of the United
States, December 2016, available at http://www.fatf-gafi.org/media/
fatf/documents/reports/mer4/MER-United-States-2016.pdf.
---------------------------------------------------------------------------
There are also a few persons that ought to have U.S. AML
obligations but currently do not. Although banks serve as an immediate
gateway into the U.S. financial system and must therefore bear
significant responsibility for preventing criminals and other
wrongdoers from finding safe haven here, they shouldn't bear that
responsibility alone. Other actors that handle large sums of money,
such as persons involved in real estate transactions, escrow agents,
investment advisors, lawyers, corporate service providers, and
accountants must also take responsibility for knowing with whom they
are doing business and guard against their services being used to
launder dirty money. Excluding these nonbank sectors renders the U.S.
financial system vulnerable to serious, ongoing money laundering
threats as shown by multiple media reports about how, for example,
anonymous ownership of high-value real estate facilitates money
laundering, \2\ a 60 Minutes segment showing how lawyers facilitate
money laundering by corrupt foreign Government officials, \3\ and of
course the Panama Papers which disclosed how corporate formation agents
and lawyers help wrongdoers hide and launder criminal proceeds.
---------------------------------------------------------------------------
\2\ See, e.g., The New York Times series ``Towers of Secrecy''
available at https://www.nytimes.com/news-event/shell-company-towers-
of-secrecy-real-estate.
\3\ Can be accessed at http://www.cbsnews.com/news/anonymous-inc-
60-minutes-steve-kroft-investigation/.
---------------------------------------------------------------------------
Technically, persons involved in real estate closings are already
classified as FIs per the definition established by the USA PATRIOT Act
in 2001, but they were given a ``temporary exemption'' (which had no
sunset clause) from AML compliance requirements in 2002. Despite
Treasury conducting a comment period with respect to AML compliance in
the real estate sector in 2003, they have not removed that temporary
exemption. Congress should consider doing so.
Addressing the money laundering risks posed by these nonbank
sectors and actors would finally bring us in line with international
anti-money laundering standards--agreed to by the U.S., as a leading
member of the Financial Action Task Force (FATF), the international
anti-money laundering standard-setting body. In FATF parlance, most of
these persons are referred to as ``Designated Non-Financial Businesses
and Professions''. Members of FATF, including the U.S., are supposed to
require most of these persons to have AML compliance programs, and many
of its member countries have already done so.
I. Trends in Compliance
A. Understanding Regulatory Enforcement Data
As you know, the money laundering realm is governed by statutes
which both criminalize the act of laundering money \4\ and impose civil
and criminal penalties for the failure of a financial institution to
have an effective AML program. \5\ Under Federal law, the type, nature,
and scope of a financial institution's AML systems and controls depend
upon the institution's risk profile, which differs significantly for
banks that, for example, serve a local, rural community versus a global
institution that operates in high-risk foreign environments. A
financial institution's risk profile depends upon its assessment of the
types of risks it faces, which are a function of where it operates,
what products and services it offers, and what clients it takes on,
among other variables.
---------------------------------------------------------------------------
\4\ 18 U.S.C. ��1956-1957.
\5\ The Currency and Foreign Transactions Reporting Act of 1970,
31 U.S.C. �5311 et seq. (regulations at 31 CFR Ch. X).
---------------------------------------------------------------------------
Developing accurate risk assessments and AML compliance regimes is
therefore an art and not a science, and requires a great deal of
judgment. It is the job of the regulators to determine if a financial
institution has gotten it right--whether the FI's risk assessment is
comprehensive and reasonable, whether its AML systems and controls are
appropriately responsive to those risks, and whether those systems and
controls are effective. The examination reports that result from
regulators' reviews are highly confidential and exempt from public
records requests, \6\ although this Committee has the authority to
review those examination reports should it want to review their content
and reasonableness. \7\
---------------------------------------------------------------------------
\6\ Exemption of examination reports from public availability. See
12 CFR �261.14 (Federal Reserve Board); 12 CFR �309.5(g)(8) (FDIC); 12
CFR �4.12(b)(8) (OCC).
\7\ Prohibition on banks disclosing information from their
examination reports. See 12 CFR �261.20(g), 12 CFR �261.2(c)(1)
(Federal Reserve Board); 12 CFR �350.9 (FDIC); 12 CFR �18.9 (OCC).
---------------------------------------------------------------------------
My organization was hired by a third party in 2015 to undertake a
confidential study of AML enforcement in the U.S. and the U.K. between
2001 and 2015. That study was carried out by myself and our Policy
Counsel Elizabeth Confalone. I have permission to share some of our
observations from that report with you today, but unfortunately I am
unable to share the entire report.
One of our primary observations was that, apart from the rather
small number of publicly available deferred prosecution agreements
(DPAs) and nonprosecution agreements (NPAs) that financial institutions
have entered into with respect to AML-related activity, it is extremely
difficult to determine the number and nature of the formal and informal
enforcement actions taken by regulators in response to BSA/AML
deficiencies because (i) very little information about informal actions
is available to Congress or the public, (ii) information about formal
actions is not in a machine-readable format--meaning that one must open
and read every file to know what the infraction(s) was, and (iii)
``actions'' taken by regulators do not always indicate misconduct--an
``action'' for the FDIC terminating deposit insurance for a banking
unit whose deposits were transferred to another bank within the group
is lumped together with an ``action'' for the systemic violation of
U.S. sanctions laws.
A second observation was that, based upon a review of the
enforcement actions that could be identified as related to AML
deficiencies, the Federal Government rarely charged a financial
institution with the criminal offense of money laundering, favoring
instead a finding that the institution had violated Federal
requirements to have an effective AML program and report suspicious
activity to law enforcement. This was the approach even when the
hallmarks of criminal money laundering seemed clearly present in the
cases. This may be because it is easier to prove deficiencies in AML
compliance than it is to meet the criminal standard of proof for money
laundering. In light of this, it is important to carefully consider
how, for example, shifting responsibility for AML risk analysis for FIs
and aggregate data analysis from the private sector to FinCEN (as has
been proposed in different ways by The Clearing House) could hamper the
Government's use of civil enforcement actions to combat money
laundering, which uses far less time and fewer Government resources
than criminal prosecution would entail, with important dissuasive
results.
B. What Does an Overview of Selected Enforcement Tell Us?
The best source of data on AML/BSA-specific enforcement actions
providing sufficient detail for adequate analysis are (i)
nonprosecution agreements (NPAs) and deferred-prosecution agreements
(DPAs), and (ii) FinCEN data. My organization, Global Financial
Integrity, reviewed those data sets in order to conduct a more detailed
analysis of AML/BSA-specific violations and trends in enforcement. I
will discuss each of these in turn.
FinCEN Enforcement Actions
Unlike bank regulatory agencies that tend to be more concerned with
ensuring the general health and stability of our financial system,
FinCEN's specific mission is to ``safeguard the financial system from
illicit use and combat money laundering and promote national
security.'' \8\ As a result, FinCEN's enforcement actions relate solely
to issues involving money laundering and illicit finance.
---------------------------------------------------------------------------
\8\ Financial Crimes Enforcement Network, Mission Statement,
available at http://www.fincen.gov/about_fincen/wwd/mission.html.
---------------------------------------------------------------------------
Given the available data, we analyzed 61 separate actions \9\
against 52 different banks. \10\ There were 26 American banks subject
to FinCEN actions, and 26 foreign banks and U.S. branches and offices
of foreign banks that were subject to FinCEN actions. Each case
involved multiple failings over a period of years, making
categorization of the violations challenging.
---------------------------------------------------------------------------
\9\ Technically, the DPAs and NPAs are ``cases'' and the FinCEN
notices are ``actions,'' however for ease of reference we will use the
term ``actions'' here.
\10\ In a few instances there was both a FinCEN action, as well as
a DPA or NPA relating to the same bank activity, and we have counted
those as one case each because they cover the same bank activity.
---------------------------------------------------------------------------
Within the FinCEN actions, the most common thread was a failure to
file suspicious activity reports, however the violations were usually
accompanied by a large range of other AML system violations such as a
failure to carry out customer due diligence, failure to verify the
source and use of funds, failure to identify red flag activity, failure
to have an adequate AML program, failure to have enough compliance
staff, and failure to train staff, among other deficiencies.
Among the full body of 61 cases, 13 of the actions included
problems relating to money service businesses (MSBs) (mainly foreign)
and the processing of the cash and monetary instruments by those MSBs,
including issues with the identification and risk-rating of MSB
clients. Ten of the actions involved problems with the management of
foreign correspondent accounts and the processing of the cash and
monetary instruments for correspondent accounts, including the
identification and risk-rating of the clients. Several banks had
violations relating to their failure to file required currency
transaction reports, and there were a hodge-podge of other specific
violations as well, such as fraud and problematic trade finance
activity. Five of the actions involved banks that had foreign
Politically Exposed Person (PEP) clients, some coupled with failures to
carry out adequate customer due diligence on those PEPs, to verify the
source and use of funds, or monitor the client accounts appropriately.
The FinCEN actions contained damning details illustrating the
banks' failures, but were always drafted to focus on the civil law
violations as opposed to the activity that might, in fact, be criminal.
For example, The Foster Bank, based in Chicago, was sanctioned by
FinCEN for violations relating to having an ineffective money
laundering program in place. Illustrating the types of activity that
Foster's AML deficiencies permitted to occur, the FinCEN action states:
For example, from April 1999 through August 2002, one customer
who operated a sportswear business purchased approximately
$674,390 in cashier's checks, all individually purchased below
the $3,000 Bank Secrecy Act record-keeping threshold for
monetary instrument transactions. Concurrently, from April 1999
through August 2002, the same customer engaged in a pattern of
structured transactions involving over $6,199,616 in cash
deposits in amounts under $10,000 per deposit. Ultimately, in
December 2002, the Bank discovered that this customer had
conducted nearly $10 million in cash transactions between April
1999 and November 2002.
Another Foster customer routinely made cash deposits in the
amounts of $9,900 up to four times daily. The Bank retained no
documentation in its file to support a legitimate business
reason for these deposits.
Other customers engaged in large aggregate cash transactions,
totaling an average of $300,000 to $600,000 per month, at least
some of which appeared to be designed to avoid currency
transaction reporting. Foster did not have documentation
supporting the legitimacy of the customers' banking activities
and failed to file timely suspicious activity reports for these
customers. \11\
---------------------------------------------------------------------------
\11\ FinCEN, ``Assessment of Civil Money Penalty Against the
Foster Bank'', Case No. 2006-8, at 5, http://www.fincen.gov/news_room/
ea/files/foster.pdf.
This description indicates that that these customers were engaging
in activities that were likely illegal, given the lengths that they
went to in order to the avoid money laundering reporting requirement
that deposits of $10,000 or more be reported to FinCEN on a Currency
Transaction Report (CTR). The FinCEN action is concerned with Foster's
failure to identify these avoidance techniques, but we can find no
corresponding case in Illinois where the bank is actually charged with
the criminal act of laundering money for its clients. At the time we
conducted this research, we did not find any records relating to
prosecution of persons in Illinois who used the accounts at Foster
Bank, although a case against an individual might not mention the
bank's name. Therefore, while this case has multiple hallmarks of money
laundering activity, there was no prosecution for the laundering that
we could find. Further, we were unable to find evidence that these
clients' activities were even investigated by Illinois State or Federal
authorities.
Having reviewed the FinCEN actions, we are under the impression
that the vast majority of the sanctioned banks knew or should have
known (as is the standard) that their services were being used to
launder proceeds of some sort of illegal activity (although they may
not have known precisely what kind of illegal activity), and that some
of the banks may have either been established for that specific
purpose, or the banks' business was somehow taken over by those
clients. This misconduct is most evident in the cases relating to small
banks, where in several cases the clients that were engaging in
activity that should have raised red flags and caused the banks to file
SARs were a large percentage of the small bank's business.
For example, North Dade Community Development Federal Credit Union
was a nonprofit community development bank based in North Dade County,
Florida, with $4.1 million in assets. As a community development bank,
its clients were supposed to be limited to people who live, work or
worship in the North Dade County area. North Dade had only one branch
and only five employees. Despite its small, local focus, North Dade was
servicing multiple money service businesses that were located outside
of its geographic field of membership and that were engaging in high-
risk activities. For example, records showed ``(1) deposits in excess
of $14 million in U.S. cash that was physically imported into the
United States on behalf of nearly 40 Mexican currency exchangers, and
(2) hundreds of millions of dollars in wire transfers to foreign bank
accounts of MSBs located in Mexico and Israel.'' \12\ It is difficult
to believe that the bank's five staff members were unaware of the
likelihood that the bank was being used to launder money via their MSB
clients, and it is wholly possible that the bank was either established
to carry out illegal activity or was overtaken by criminal clientele.
---------------------------------------------------------------------------
\12\ FinCEN, ``In the Matter of North Dade Community Development
Federal Credit Union'', Number 2014-07, at 7, 8, 9, Nov. 25, 2014
(hereinafter, ``FinCEN North Dade Enforcement Action''), http://
www.fincen.gov/news_room/ea/files/NorthDade_Assessment.pdf.
---------------------------------------------------------------------------
DPAs and NPAs
We also reviewed deferred prosecution agreement and nonprosecution
agreements (DPAs and NPAs) related to BSA/AML violations, which we drew
from the University of Virginia School of Law's Federal Organizational
Prosecution Agreements collection. \13\ As you know, NPAs and DPAs
represent a step beyond agency enforcement actions. They represent
settlements of criminal and civil cases brought by the Government
against corporations where the corporation generally admits to certain
facts, agrees to take certain remedial measures, and often pays a fine
in exchange for the Government deferring or discharging the
prosecution. In the case of NPAs, the matter is settled once the
Government has signed the agreement. In the case of DPAs, the
Government has the option of renewing the prosecution if the company
does not implement the required remedial measures or continues to
otherwise act unlawfully.
---------------------------------------------------------------------------
\13\ Brandon L. Garrett and Jon Ashley, ``Federal Organizational
Prosecution Agreements'', University of Virginia School of Law, at
http://lib.law.virginia.edu/Garrett/prosecution_agreements/.
---------------------------------------------------------------------------
The DPAs and NPAs we reviewed settled actual cases against banks
brought by the U.S. Department of Justice. We reviewed 36 DPAs and NPAs
involving banks. Eleven of those did not involve AML/BSA-related
infractions. Eight of the agreements related to sanctions-busting
violations, where the banks were stripping wires of key information,
re-routing the wires, or taking other actions to evade U.S. sanctions
laws. Fourteen cases involved money laundering violations, ten of which
were also the subject of FinCEN actions, and therefore included in the
analysis above. Only four banks were the subject of money laundering-
related DPAs/NPAs that did not have a corresponding FinCEN action. Five
of the cases were against large, international banks for aiding and
abetting large-scale tax evasion by Americans. Several cases were
included in the count of both the sanction violations and money-
laundering categories because their conduct and the terms of their
agreements included both types of violations.
Several of the money laundering cases involved funds being moved
from developing or middle income countries into the U.S. via money
service businesses or correspondent banking activities. The majority of
the countries involved were South or Central American (mainly focusing
on the Black Market Peso Exchange) or Middle Eastern. One case involved
a bank in Nigeria and one case involved Russian banks. The countries
that arise in these cases are not surprising in light of the American
political priorities of fighting drug crime and terrorist financing.
Some Useful Perspective
Lastly in this section, I'd like to remind Members of the Committee
that although the headline-grabbing figures relating to BSA/AML
enforcement for FIs' may seem large, they pale in comparison to some of
the egregious, willful violations taking place. Two examples:
HSBC USA was fined a mere $1.9 billion in 2012 for:
Failing to have required money laundering controls applied
to over $200 trillion in wire transfers it received over a 3-
year period (that's about 3x global GDP),
Of which $670 billion came from Mexico, which it had
classified as a low risk country for money laundering although
the U.S. Department of State and many, many others classify it
as high risk, and
Of which $881 million was determined to be proceeds of
drug trafficking by the Mexican Sinaloa Cartel and the
Columbian Norte de Valle Cartel.
Bear in mind that we have no idea what other percentage of
that $200 trillion was dirty money flowing through HSBC USA
because the AML controls were turned off.
Failing to have the required money laundering controls in
place with respect to the purchase of $9.4 billion in cash from
its Mexican subsidiary.
Processing wire transfers with inadequate information that
were the result of other HSBC subsidiaries' efforts to ensure
that U.S. dollar transactions from sanctioned countries like
Iran and Libya were cleared in the U.S.
BNP Paribas, France's largest bank, was fined $8.9 billion in 2014
for:
Processing over $190 billion in transactions through its
New York office for clients in the sanctioned countries of
Sudan, Iran, and Cuba,
at one point providing over half of the banking services
in use by the Sudanese Government, enabling this Government,
sanctioned by the U.S. for perpetrating genocide, to process
its oil money (denominated in dollars) and continue to purchase
the weapons it needed and pay its soldiers to continue to
engage in mass-murder, and
knowingly providing banking services in U.S. dollars for
people subject to individual and specific sanctions.
C. Conclusion of Analysis and Recommendation
Our analysis of the AML enforcement data showed that small banks,
even local banks, can be and are used to move illicit funds in the same
way that large, international banks are used. In addition, our analysis
of the DPAs, NPAs, and FinCEN actions establishes that banks of all
sizes knowingly and intentionally facilitate the movement of illicit
funds. In none of the cases reviewed does it appear that the bank was
unwittingly involved in the movement of illicit money, many of which
appeared to have been the subject of previous regulatory warnings. SAR
filing violations were a factor in almost every single one of these
cases, but they were far from the most serious violations.
Due to the limitations on access to data, our analysis is
incomplete. Additional analysis should be undertaken prior to making
major alterations to the existing U.S. AML regime. We therefore
recommend that the Members of the Committee undertake a more in-depth
review of the AML enforcement data prior to making any policy changes.
This review could include requesting each regulator to identify which
of their formal and informal enforcement actions over the last 10 years
relate to AML/BSA or sanctions violations and to include information in
the searchable/sortable data fields indicating the type of infraction
involved and the laws or regulations that were violated. In addition,
we recommend that the Committee obtain the documents related to a
sample of the formal and informal enforcement actions taken by each
agency to get a better sense of the misconduct involved and the quality
of enforcement actions taken. Finally, it would be ideal if all the
regulators adopted the same fields and display format on their website.
This will allow for more effective and efficient Congressional
oversight moving forward, and make it easier for FIs to search the data
to identify evolving criminal methods and trends.
II. Suspicious Activity Reports (SARs)
The Nature of SARs. Suspicious Activity Reports (SARs) are an
important part of the BSA/AML framework, but the nature of SAR filing
has changed over time and could be reviewed. It is important for the
Committee to understand that SARs were intended to be just that,
reports of suspicion of criminal activity. They are not called illegal
activity reports, because FI employees are not required to determine if
the activity they are seeing is actually illegal. Instead, FI employees
are supposed to file reports where they see something out of the
ordinary and simply have a suspicion that there is a problem. Requiring
bank employees to go further and make a determination that an activity
is actually illegal would be an unrealistic and unwarranted
expectation. There is no ``bright line'' test for when a SAR should be
filed because that is contrary to the intended nature of a SAR.
The Clearing House has nevertheless proposed that further guidance
be provided by FinCEN to ``relieve financial institutions of the need
to file SARs on activity that is merely suspicious without an
indication that such activity is illicit.'' That recommendation would
fundamentally change the nature of SAR reports and would actually make
bank employees' tasks much more difficult and risky. After all, it
clearly requires a greater amount of effort and legal analysis to
determine whether an activity is, in fact, illicit rather than merely
suspicious.
One source of tension in this area appears to be that law
enforcement wants SARs to include as much information as possible, in
as standard a format as possible, and that their demands for greater
detail and specificity have grown over time. FI employees may not have
the desired level of detail that law enforcement would like, but that
is simply a reality of money laundering cases which often involve
hidden conduct and individuals. The SAR instructions properly allow FI
employees to indicate on the form that the information is ``unknown'';
that option should be honored by law enforcement rather than trying to
require FI employees to become detectives uncovering illegal conduct.
The Sharing of SARs. The Clearing House has proposed that new
regulations allow FIs to share SAR information among foreign affiliates
and branches. GFI supports this recommendation; its importance was made
clear in the HSBC case. A related issue, however, is what actions FI's
affiliates and branches are required or permitted to take in response
to receiving this information. I understand that there have been cases
where a person's accounts have been closed by a bank because it
received information that another bank identified the person as
suspicious, making it difficult for that person to establish banking
relationships elsewhere. If FIs are permitted to close accounts based
upon suspicions communicated to them by other banks, Congress should
ensure that there is some mechanism for appeal or redress for
individuals wishing to establish their bona fides. Such closure of
accounts may also serve to ``tip off'' the account holder that they are
the subject of a SAR, contrary to the SAR confidentiality requirements.
Integrating New Technology. I am in favor of exploring the ways in
which today's (and tomorrow's) technology can be used to innovate in
the AML compliance sphere and believe that the Government should be
supporting such innovation (usually referred to as ``FinTech'').
Northern Europe seems to be leading in this space, and it would be
helpful to create a better environment for such innovation in the U.S.
I therefore support the creation of a technological ``sandbox'', as has
been proposed by The Clearing House and has been implemented in the
U.K. The U.K. structure appears to have some specific safeguards to
protect consumers, however, which they consider to be an integral part
of their system. I have not had an in-depth look at the U.K. program,
however regulators presented it at a recent FATF industry consultation
meeting I attended. They stressed the importance of ensuring that
consumers were protected at all times as innovative approaches were
being tested, and the U.S. should do the same. It is important to note
that, in the House of Representatives, Members are discussing
legislative language that does not require any of the safeguards
present in the U.K. system, potentially giving FIs an unlimited safe
harbor for the use of any new technology with no Government oversight.
This is a significant danger because if an FI spends the money to
integrate new technology that, it turns out, isn't as effective as
alternative methods, they would have no incentive to change their
approach. They would incur some unwelcome cost for doing so and they'd
have the security of an unlimited safe harbor, so there would be no
incentive to act.
III. Know Your Customer (KYC)/Customer Due Diligence (CDD)
As part of their customer due diligence, or CDD, procedures, FIs
are supposed to know their customers by engaging in Know Your Customer,
or KYC, procedures. In banking terms, knowing your customer is more
than just knowing who the owners or controllers of the company are
(known as ``beneficial ownership'' information), it is also
understanding how that legal or natural person will be using the
account so that the account can be appropriately monitored for possible
money laundering activity. Establishing the expected normal use of the
account is imperative if the FI is to effectively monitor for
suspicious activity going forward. Moreover, characteristics of the
beneficial owner of the account (such as nationality/residence, whether
a politically exposed person (PEP), etc.), the type of business using
the account, whether that business is cash intensive, and many other
factors all contribute to an account's risk profile, and that risk
profile determines what type and level of monitoring the account will
be subject to.
Beneficial Ownership Information. Knowledge of the beneficial
owner(s) of a company holding an account is a critical question in KYC,
however. Therefore, one Clearing House proposal that GFI wholeheartedly
supports is its proposal that information about the beneficial owners
of U.S. companies--the actual individuals who own or control those
companies--should be collected at the time that companies are
incorporated in the U.S. and that this information should be made
available to law enforcement and financial institutions. This is an
issue that has been gaining visibility and urgency on a global level.
This is because anonymous companies, or companies with hidden owners,
are the most frequently used vehicle for money laundering. That's why
identifying who owns or controls a company is a fundamental step
necessary to combat the problem.
In response to the global movement towards greater corporate
ownership transparency, in May 2016, the U.S. Treasury Department
adopted a regulation which more explicitly requires banks to obtain
beneficial ownership information beginning in May 2018. Unfortunately,
that regulation includes some significant loopholes and so has not been
deemed compliant with international AML standards in the most recent
evaluation of the U.S. AML system by the IMF. Hopefully, Treasury will
be making improving that regulation a priority in order to bring the
U.S. into compliance with international AML standards and ensure that
true beneficial ownership information is being collected.
But whether or not the U.S. improves its regulation, U.S. banks
that operate in other countries are already subject to strong corporate
transparency standards that are only getting stronger. As a result, the
multinational banks that belong to The Clearing House want beneficial
ownership information for U.S.-formed entities to be collected by
either those who incorporate the companies or by an appropriate
Government entity so that they can use the information as a key data
point in their customer due diligence process. While we do not support
banks being allowed to rely exclusively on this information in their
customer due diligence procedures, the information could and should be
an extremely helpful starting point in the ``know your customer''
process and as a tool to verify information supplied by the client.
Accordingly, we strongly support The Clearing House beneficial
ownership proposal, which is soon to be the subject of bipartisan
legislation in the House and Senate.
I wanted to note that in discussions of relevant legislative text
in the House of Representatives, some Members have been pushing the
idea that law enforcement should only have access to information about
the beneficial owners of companies if they can produce a summons or
subpoena, while at the same time not discussing any limitations on
availability of the information to the banks. As a fundamental
principle, U.S. law enforcement should have free access to beneficial
ownership information because it is critical information they have been
requesting for years, as evidenced by their many letters of support for
beneficial ownership bills introduced over the past 10 years. We should
not, under any circumstances, have a situation in which the banks have
easy access to this information and our law enforcement does not. I
would also note that last month, the European Union adopted legislation
which requires all 28 EU Member States to create registers of
beneficial ownership information and for that information to be made
available to the public, including law enforcement and financial
institutions. The U.K. already has such a public registry in place, and
countries such at Ghana, the Ukraine, Afghanistan, Kenya, and Nigeria
are all actively working on putting the same in place. At this point,
free access by law enforcement and banks must be seen as a minimum
standard.
IV. The Balance of Activity and Obligations Between FinCEN and the
Private Sector
The Clearing House has proposed that (i) for the large
multinational FIs, all enforcement power should be consolidated within
FinCEN, (ii) data collection and analysis should be shifted from the
private sector to FinCEN, and (iii) for the large multinational FIs,
FinCEN/Treasury should establish priorities for each FI on an annual
basis, review progress with each FI every 3 months, and oversee any
examination of an FI. I'll address each in turn.
Consolidation of AML Enforcement Power. While the proposal to
consolidate AML enforcement power in FinCEN has surface appeal, it
would also be at odds with a major principle in Federal law regulating
FIs. Federal law now authorizes different functional regulators to
regulate different FI activities in order to make use of their
specialized expertise. For example, the SEC is given primacy over
securities activities at FIs because it understands the securities
markets and their inherent risks. Similarly, the Commodity Futures
Exchange Commission oversees AML issues affecting commodity trading,
and State insurance regulators examine AML issues affecting FI
insurance activities, again because each regulator is expert in their
own field. If AML enforcement power were instead consolidated in
FinCEN, the sector-specific AML experts now working at the individual
regulators would have to be transferred to FinCEN, swelling its ranks
and reach. There are strengths and weaknesses to continuing the current
disaggregated AML oversight system versus concentrating AML oversight
at FinCEN, and the issues and tradeoffs would need to be carefully
thought through.
Data Collection and Analysis Transferral to FinCEN. The suggestion
that FinCEN be given access to bulk data transfers from FIs to enable
it to analyze AML trends and patterns across institutions is another
potentially useful idea. But questions about the effectiveness and cost
of this proposal include whether FinCEN currently has the technological
capability and personnel needed to perform that type of data analysis
or whether it would need to be built, which could be a significant
expense. In addition, charging FinCEN with industrywide data collection
and analysis should not be seen as a way for banks to absolve
themselves of their AML obligations. The banks would retain their
position as the primary gateway into the U.S. financial system, so the
first level of responsibility to safeguard the system against money
laundering abuses must remain with the individual banks who open their
accounts to individuals and entities around the world.
Requiring FinCEN To Establish AML Priorities. The third proposal,
to essentially charge FinCEN with establishing annual AML priorities
for every large multinational bank and monitoring every bank's progress
every 3 months, is extremely ill-advised. The FI understands its own
business and products better than anyone else. It is therefore best-
placed to determine what its AML risks are and how best to address
those risks within the systems that it has created. We support the idea
of an FI working with FinCEN/Treasury to discuss those risks in the
context of national and global trends observed by FinCEN, and whether
adjustments might be made as a result, however. In addition, reviewing
each FI's progress in AML every 3 months seems like far too short a
time frame to observe how an FI is progressing in this respect,
however, and entirely impractical from a Government resource allocation
perspective.
Creates Bigger Government. Overall, it is critical that the
Committee understand that changes of the magnitude suggested by The
Clearing House would require a significant appropriation from the
Federal budget to pay for, among other things, a very large staff
increase and procedural and technological improvements at FinCEN. In
addition, many new regulations would have to be drafted to give effect
to these changes. The result would be a much bigger Government agency
and a bigger FinCEN impact on AML activities. Careful analysis is
needed to determine whether the benefits of each of these changes would
outweigh the costs.
V. Conclusion
In conclusion, positive changes can be made to the AML regulatory
structure, but they must be made carefully, with good data, and only
after thinking through as many of the potential ramifications as
possible.
Unfortunately for the banking community, many of the high profile,
incredibly egregious cases that involve the biggest banks in the world
have eroded public trust that banks will indeed act in a manner that is
law-abiding and actively try to turn away proceeds of crime. Even many
bankers lack faith in their institutions. The Members of this Committee
may find a 2015 study by the University of Notre Dame and the law firm
of Labaton Sucharow, entitled ``The Street, the Bull, and the Crisis'',
to be of interest. The researchers surveyed more than 1,200 U.S. and
U.K.-based financial services professionals to examine views on
workplace ethics, the nexus between principles and profits, the state
of industry leadership and confidence in financial regulators. As the
report states, ``The answers are not pretty. Despite the headline-
making consequences of corporate misconduct, our survey reveals that
attitudes toward corruption within the industry have not changed for
the better.'' \14\
---------------------------------------------------------------------------
\14\ ``The Street, the Bull, and the Crisis'' is available at
https://www.secwhistlebloweradvocate.com/pdf/Labaton-2015-Survey-
report_12.pdf.
---------------------------------------------------------------------------
Some of the banks that have been the subject of these high-profile,
egregious cases are members of The Clearing House, whose proposals for
regulatory change are before this Committee. That does not necessarily
mean that the proposed changes are unwarranted, but it is the
responsibility of Congress to make informed decisions about the extent
to which each of these proposals is also in the public interest.
Deregulation for the sake of deregulation in the AML area is most
certainly not in the public's interest. Making it easier for banks,
knowingly or unknowingly, to take in greater inflows of drug money, the
proceeds of human trafficking, the ill-gotten gains of foreign
dictators, and terror financiers is not in the best interest of anyone.
Thank you for the opportunity to share my views on such an
important topic.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
FROM GREG BAER
Q.1. Shifting BSA Oversight Back to FinCEN--One Clearing House
recommendation is to have FinCEN's BSA oversight authority over
large banks--originally delegated to Federal banking agencies
over 20 years ago--returned to FinCEN. But it seems clear
FinCEN does not have the bandwidth to make such a radical
change.
Can you describe your organization's effort to assess what
this change would require, in terms of additional Federal
funding and personnel, or new assessments on big banks? Why
should we redo wholesale a system that has been working
reasonably well, and put in place the kind of centralized
examination teams you suggest, when examiners have expertise
and experience with these large entities, and have been doing
this job successfully for many years?
A.1. While it would be a significant undertaking for FinCEN to
examine all financial institutions subject to the BSA, we
instead recommend that FinCEN retake exam authority for large
international financial institutions that present complex
cross-border issues and file a majority of SARs. We estimate
that an examination team of only 25-30 people at FinCEN could
replicate the existing work of the Federal banking agencies and
the IRS (for the largest MSBs) at these institutions. More
importantly, a dedicated FinCEN exam team for this small subset
of large institutions could receive appropriate security
clearances, meet regularly with law enforcement and other end
users, receive training in big data analytics and work with
other experts in Government. They, in turn, would be supervised
by Treasury officials with law enforcement, national security,
and diplomatic perspectives on what is needed from an AML/CFT
program--not bank examiners who frequently bring no experience
in any of those disciplines. Furthermore, when FinCEN turned to
writing rules in this area, it would do so informed by its
experience in the field. It would see the whole field, and
promote innovative and imaginative conduct that advanced law
enforcement and national security interests, rather than
auditable processes and box checking. Funding such an exam team
could be accomplished many ways, including: (i) assessing
financial institutions for examinations costs; \1\ or (ii)
establishing a centralized team funded pro rata by each of the
affected agencies but reporting directly and solely to the
FinCEN Director.
---------------------------------------------------------------------------
\1\ Existing statutory authority appears to allow for such an
assessment and affected institutions should see a corresponding
reduction in the assessment they currently pay to prudential regulators
for supervision of this function. The Independent Offices Appropriation
Act provides general authority for a Government agency to assess user
fees or charges by administrative regulation, based on the value of the
service to the recipient. See 31 U.S.C. �9701. OMB Circular No A-25
provides further guidance regarding ``user fees'' (``A user charge . .
. will be assessed against each identifiable recipient for special
benefits derived from Federal activities beyond those received by the
general public.''). See OMB Circular No. A-25 Revised.
---------------------------------------------------------------------------
This recommendation aims to address one of the fundamental
drivers of the inefficiency in the U.S. AML/CFT regime--the
fact that the end users of the information generated by banks
(e.g., law enforcement and national security officials) have no
say in how banks allocate their resources and provide financial
intelligence to them. Therefore, examiners do not have insight
into the utility of the material provided by banks, law
enforcement AML/CFT priorities, or the degree to which banks
can innovate their compliance programs in order to provide
better leads to law enforcement. Instead they focus on
auditable policies, procedures, and metrics.
From a political and personal risk perspective, examiners
are in a no-win situation. On the one hand, they are excluded
when the bank they examine is pursuing real cases with law
enforcement, national security or intelligence community
officials, and therefore receive no credit when those cases are
successful. But if something goes wrong--if a corrupt official
or organization turns out to be a client of the bank they
examine--the examiner faces blame. Thus, from an examiner and
banking agency perspective, the only possible safe harbor is to
demand more policies and procedures, ensure that a lot of
alerts are generated and SARs filed, and encourage the bank to
investigate exhaustively any client deemed high risk. Given
that banks have been complying with AML/CFT requirements for
decades, examiners are also fairly comfortable with the current
technological and programmatic aspects of the regime, so rather
than encourage institutions to make innovative programmatic
changes to detect high-risk financial crimes, the examiner
focuses on auditing processes like the number of computer
alerts generated, SARs filed and compliance employees hired. As
a result, banks of all sizes generate a lot of SARs that are of
little to no use to law enforcement.
Importantly, the benefits of a FinCEN examination function
would extend well beyond the handful of banks it examined.
Priorities set and knowledge learned could be transferred to
regulators for the remaining financial institutions. And
innovation started at the largest firms, with encouragement
from FinCEN, would inevitably benefit smaller firms. The result
of FinCEN assuming some supervisory authority would be a
massive cultural change, as the focus of exams shifted to the
real-world effectiveness of each institution's AML/CFT program,
rather than the number of SARs filed or number of policies
written. That change would start with those banks under sole
FinCEN supervision, but would eventually spread to all
institutions.
Q.2. Protecting Information Shared Among Banks--With any
increase in information sharing between financial institutions
beyond that allowed under current law would come an increased
responsibility for those institutions to protect consumer and
commercial data.
What additional steps are needed to ensure that expanding
information sharing among banks doesn't put customers at
greater risk of data theft, or of unjustified exclusion from
the financial system because of inaccurate information being
shared? Should we consider a more formal redress mechanism for
persons debanked as a result of increased information sharing?
Has the Clearing House surveyed its members to assess, over the
last 5 years or so, how many 314b inquiries were made, and how
many responded to, by member banks? If not, could you do such
an informal survey and provide to the Committee that data?
A.2. Financial institutions work very hard to ensure that their
customers can conduct their financial transactions in a safe
and secure manner, while protecting their privacy. U.S. banks
are subject to a host of regulatory and other requirements and
devote substantial time and investment to safeguarding customer
data--and have every incentive to do so. We believe that
greater information sharing is fully consistent with the
important privacy risks of bank customers. If a customer has an
account at multiple banks, each of those banks is already
monitoring those accounts for suspicious activity. Allowing a
bank that believes that it has detected suspicious activity to
consult the other relevant banks would allow it to develop a
more complete picture of the customer's financial activity, and
in many cases would result in a SAR not being filed. (For
example, one bank might see suspicious wire transfers to
another country, while a second bank might explain that it
banks a company owned by that customer in that country, so the
transfers are entirely appropriate.) Of course, in some cases,
a more complete picture might confirm initial suspicions, and
lead to a higher quality SAR filing.
We do not believe there should be concerns about
information sharing on SARs leading to customers becoming
unbanked. Sharing would only occur if there was already cause
for suspicion, and would occur only among those banks that
currently share the customer. Even in the event that all those
banks, as a result of the sharing, decide to close the
customer's accounts, this fact will not be disclosed to other
banks or to the public. Thus, this case is not akin to credit
reporting, where a customer's experience with one bank affects
his or her credit score, and thereby the ability to obtain
credit from any bank.
In order to be covered by the 314(b) safe harbor, financial
institutions or an association of financial institutions must
comply with a number of requirements, including: (i) annually
registering with FinCEN and providing a point of contact for
requests; (ii) taking reasonable steps to verify that the
recipient institution is also registered with FinCEN; and (iii)
ensuring that the information shared is adequately protected,
secure and confidential. \2\ In particular, FinCEN's 314(b)
regulation states that institutions who share under this
program are to ``maintain adequate procedures to protect the
security and confidentiality of such information . . . [which]
shall be deemed satisfied to the extent that a financial
institution applies to such information procedures that the
institution has established to satisfy the requirements of
section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801), and
applicable regulations issued thereunder, with regard to the
protection of its customers' nonpublic personal information.''
\3\ As a general matter, FinCEN notes that sharing under 314(b)
must only be done to ``[i]dentify[] and, where appropriate,
report[] on activities that may involve terrorist financing or
money laundering; [d]etermine[] whether to establish or
maintain an account, or to engage in a transaction; or
[a]ssist[] in compliance with anti-money laundering
requirements.'' \4\
---------------------------------------------------------------------------
\2\ See FinCEN ``Section 314(b) Fact Sheet'', (314(b) Fact Sheet)
November 2016, available at www.fincen.gov/sites/default/files/shared/
314bfactsheet.pdf.
\3\ See 31 CFR 1010.540(b)(4)(ii).
\4\ See 314(b) Fact Sheet, supra n. 2.
---------------------------------------------------------------------------
While it would be difficult to provide you with data on the
frequency of requests and responses as requests carry varying
degrees of urgency and significance--some are critical and
merit an institution's immediate attention while others are
more routine and can function as alerts--we note that FinCEN
guidance suggests that financial institutions reference 314(b)
in SAR narratives when it has assisted institutions in
determining whether information is suspicious, so the agency
may be able to provide you with a comprehensive assessment of
the relative effectiveness of the program. Relatedly, our
members have been told anecdotally by law enforcement that
their investigative work, using 314(b) and other tools, has
resulted in the production of highly useful information. \5\
---------------------------------------------------------------------------
\5\ See Testimony of William J. Fox before the U.S. House
Financial Services Subcommittees on Financial Institutions and Consumer
Credit and Terrorism and Illicit Finance, November 29, 2017, available
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
Finally, when dealing with financial inclusion concerns, we
note that the present regulatory framework lends itself to
overly conservative evaluations of risk. This is why TCH
recommends that Treasury lead the regime as it is uniquely
positioned to balance the sometimes conflicting interests
relating to national security, the transparency and efficacy of
the global financial system, the provision of highly valuable
information to regulatory, tax and law enforcement authorities,
financial privacy, financial inclusion, and international
development.
Q.3. SAR Filings--You noted in your testimony that currently
the largest number of SARs being filed against banks are for
insider threats and abuses such as deceptive and fraudulent
sales practices, and seemed to suggest that was inappropriately
high. But I note that in cases like Wells Fargo, which has
recently been forced to pay out hundreds of millions in fines,
penalties, and a class action settlement, the filing of SARs is
often a useful tool to identify such patterns of misconduct
among employees, and throughout a bank and its branches.
Are there specific types of insider threats, deceptive or
fraudulent practices, or other types of illicit conduct that
you think should NOT be subject to SAR filings?
A.3. We are aware of no case, including Wells Fargo, where SAR
filings served as a ``useful tool to identify . . . patterns of
misconduct among employees, and throughout a bank and its
branches.'' Rather, our strong presumption is that SAR filings
with respect to minor offenses in small dollar amounts are
rarely if ever investigated by law enforcement. We do not know
but strongly suspect that any post hoc SAR filings made by
Wells Fargo have not resulted in any prosecution of employees
subject to those filings, and that law enforcement, if it were
interested in prosecuting or interviewing those employees, did
not require a SAR filing to identify them. Again, this is only
speculation, so we would strongly urge the Committee to ask
FinCEN for data on the yield on SARs filed on insider abuse,
and for examples of where such filings initiated or advanced a
prosecution.
None of this is to minimize the importance of enforcing the
law against banks and their employees. We do question strongly
whether resources deployed to filing SARs on insider abuse
could be better deployed to innovative approaches to detecting
more serious crimes. As a general matter, the current BSA/AML
reporting regime should be reviewed and the investigation and
reporting of activity of limited law enforcement or national
security consequence should be deprioritized, while increasing
law enforcement feedback, to allow financial institutions to
re-allocate resources to higher value AML/CFT efforts. This
effort corresponds with the statutory purpose of the BSA, which
is to provide the Government with AML/CFT information that is
of a ``high degree of usefulness.'' \6\
---------------------------------------------------------------------------
\6\ See 31 U.S.C. �5311, which states that ``[i]t is the purpose
of this subchapter [the BSA] to require certain reports or records
where they have a high degree of usefulness in criminal, tax, or
regulatory investigations or proceedings, or in the conduct of
intelligence or counterintelligence activities, including analysis, to
protect against international terrorism.'' Note that the last clause
was added by the USA PATRIOT Act in 2001.
---------------------------------------------------------------------------
TCH believes that the SAR regime should be modernized
through the tailoring of various requirements and facilitation
of the submission of raw data from financial institutions to
law enforcement. This could be done in part by (i) providing
guidance further clarifying that a SAR is not required simply
because a transaction appears to have no economic, business, or
lawful purpose; (ii) eliminating requirements to file SARs when
there are single instances of structuring activity and under
the 90-day continuing activity review requirements; (iii)
reducing the number of fields deemed ``critical'' and
``optional'' to SAR and CTR filings, as each one imposes
associated regulatory expectations and burdens with varying
benefits; and (iv) reviewing, revising or retracting as
necessary all existing SAR guidance to ensure it aligns with
the priorities of law enforcement and the regime more broadly
and clearly communicates expectations to institutions. CTR
expectations should also be streamlined as, when coupled with
the SAR regime, many may be of low law enforcement or national
security value. \7\
---------------------------------------------------------------------------
\7\ See The Clearing House, ``Re: Request for Comments Regarding
Suspicious Activity Report and Currency Transaction Report
Requirements'', (April 10, 2018), available at
www.theclearinghouse.org/-/media/tch/documents/tch-weekly/2018/
20180410_tch_comment_letter_to_fincen_on_sar_and_ctr_requirements.pdf.
---------------------------------------------------------------------------
To get a sense of the potential for improvement, note that
one bank has publicly reported that it receives follow-up
requests from law enforcement on approximately 7 percent of the
SARs it files, which is consistent with other reports we have
received. More importantly, for some categories of SARs--
structuring, insider abuse--that number is far lower,
approaching 0 percent. However, no one can afford to stop
filing SARs in any category because examiners focus on the SAR
that was not filed, not the quality or importance of the SAR
that was filed. A core problem with the current regime is that
there is an absence of leadership making choices like these--
therefore we also recommend that Treasury set priorities for
the AML/CFT regime and allow financial institutions to deploy
their resources in support of those priorities.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
FROM GREG BAER
Q.1. Our current money laundering regulatory regime evaluates
financial institutions based on how they meet process-based
metrics such as the filing of suspicious activity reports. As
this hearing discussed, the drawback to this is that financial
institutions end up focusing on meeting these metrics instead
of developing innovations that will better catch the bad guys.
One proposed way to encourage innovation that focuses on
results is to find ways to allow financial institutions to
experiment with new anti-money laundering technologies without
facing regulatory liability. For example, some have proposed a
no-action letter system which would allow financial
institutions to gain guidance from FinCEN and other regulators
about the legality of proposed actions. How would such a system
function and how could it encourage innovation? Would FinCEN
need legislative authorization to implement a no-action letter
process, either to issue no-action letters themselves or to
have the authority to exempt financial institutions from any
particular reporting requirements?
A.1. TCH supports efforts to institute a no-action letter like
process that resembles the Securities and Exchange
Commission's. \1\ While rulemaking and the issuance of guidance
are cumbersome processes that do not always promote innovation
or dialogue with the industry, a no-action letter system could
be more effective. It would allow individual financial
institutions to ask particular questions about actions they
plan to take, thereby spurring innovation; provide quick
answers, thereby nurturing innovation; and increase the flow of
information from industry to FinCEN. As with other areas of
reform, Congressional efforts to encourage the establishment of
a no-action letter process for Bank Secrecy Act-related issues
would be helpful. \2\ We note that the Bank Secrecy Act grants
Treasury broad interpretive authority including to ``prescribe
an appropriate exemption from a requirement under this
subchapter and regulations prescribed under this subchapter.''
\3\
---------------------------------------------------------------------------
\1\ See The Clearing House, ``A New Paradigm: Redesigning the U.S.
AML/CFT Framework To Protect National Security and Aid Law
Enforcement'', (TCH AML/CFT Report), February 2017, available at
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
\2\ While legislative authorization would be helpful, we note that
the Securities and Exchange Commission's no-action letter regime
appears to be established under broad authorities. See Nagy, Donna M.,
``Judicial Reliance on Regulatory Interpretations in SEC No-Action
Letters: Current Problems and a Proposed Framework'', Cornell Law
Review, Vol. 83: 921, p. 931 which says ``[i]n addition to rulemaking
and adjudicatory powers of statutory origin, the SEC possesses inherent
power to issue interpretations of the Federal securities laws and the
SEC rules it has promulgated thereunder. This authority to make
interpretive statements derives from Congress's charge to the SEC to
administer and enforce the Federal securities laws.'' Available at
www.lawschool.cornell.edu/research/cornell-law-review/upload/Nagy.pdf.
\3\ See 31 U.S.C. �5318(a)(7).
---------------------------------------------------------------------------
More broadly, a cultural change is necessary in how banks
are examined for compliance, and assessed for potential
enforcement action. The current focus of examination is
reviewing a sample of alerts and attempting to demonstrate that
a SAR should have been filed in some of those cases. There is
little to no focus on the value of the SARs the bank filed.
There is little to no contact between examiners and the law
enforcement and national security officials who use those SARs.
We believe that any assessment of a firm's AML/CFT program
should include all that information, and that any examination
criticisms (in the form of Matters Requiring Attention) or
formal enforcement action should come only after a holistic
review of the program, and not perceived compliance lapses in a
particular area, particularly where there was no attempt to
actually assist (as opposed to failure to detect) money
laundering. We have proposed achieving that result for the
largest, internationally active banks--which file the majority
of SARs and present global derisking issues--by having FinCEN
reclaim the examination authority that Congress assigned it,
rather than continuing to delegate it. For other banks, we
believe FinCEN needs to set priorities and assist in reviewing
the value of a firm's program.
Q.2. What should our risk tolerance be for the fact that the
U.S. financial system facilitates crimes like human
trafficking? Should we strive to have zero incidence of money
laundering in our financial system?
A.2. Financial institutions around the globe are proactively
working among themselves and with the public sector to disrupt
human trafficking networks. In a 2016 Financial Times op-ed,
Standard Chartered's Group General Counsel discussed the need
for enhanced public-private sector sharing, noting that
presentations from NGOs and Government agencies ``have improved
banks' ability to detect potentially [human trafficking]
related financial transactions. In turn, they have helped law
enforcement disrupt trafficking networks.'' \4\ Such movements
are also underway in the United States. \5\
---------------------------------------------------------------------------
\4\ See Financial Times op-ed by David Fein, ``How To Beat the
Money Launderers: Banks Must Work With Governments To Combat This
Scourge'', November 22, 2016, available at www.ft.com/content/569c2e26-
adb9-11e6-ba7d-76378e4fef24.
\5\ See TCH Banking Perspectives article by Juan C. Zarate and
Chip Poncy, ``Designing a New AML System'', Q3 2016, available at
www.theclearinghouse.org/research/banking-perspectives/2016/2016-q3-
banking-perspectives/a-new-aml-system.
---------------------------------------------------------------------------
However, a core problem with the current regime is that it
does not prioritize the allocation of financial institution
resources to generate leads that are of a ``high degree of
usefulness'' as required by the BSA. \6\ Therefore, TCH
recommends that Treasury set AML/CFT priorities for the regime
to assist financial institutions as they work to fulfill their
statutorily mandated reporting obligations--including for
potential human trafficking. \7\ Furthermore, we encourage the
development and improvement of public-private sector AML/CFT
information sharing partnerships. The authorized and
appropriate sharing of information between the Government and
the private sector as well as the sharing of information
between and among financial institutions is critical to efforts
to address illicit finance. We note that the USA Patriot Act's
Section 314(b) private sector information sharing provisions
have reportedly been useful in addressing human trafficking and
other crimes. \8\
---------------------------------------------------------------------------
\6\ See 31 U.S.C. �5311, which states that ``[i]t is the purpose
of this subchapter [the BSA] to require certain reports or records
where they have a high degree of usefulness in criminal, tax, or
regulatory investigations or proceedings, or in the conduct of
intelligence or counterintelligence activities, including analysis, to
protect against international terrorism.'' Note that the last clause
was added by the USA PATRIOT Act in 2001.
\7\ We note that the U.K.'s Joint Money Laundering Intelligence
Taskforce (JMLIT) has established the following operational priorities
for its public-private sector information sharing partnership: (i)
understanding and disrupting the funding flows linked to bribery and
corruption; (ii) understanding and disrupting trade based money
laundering; (iii) understanding and disrupting the funding flows linked
to organized immigration crime, human trafficking and modern slavery;
(iv) understanding and disrupting money laundering through capital
markets; and (v) understanding key terrorist financing methodologies.
See JMLIT website at www.nationalcrimeagency.gov.uk/about-us/what-we-
do/economic-crime/joint-money-laundering-intelligence-taskforce-jmlit.
\8\ See Testimony of William J. Fox before the U.S. House
Financial Services Subcommittees on Financial Institutions and Consumer
Credit and Terrorism and Illicit Finance, November 29, 2017, available
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
Q.3. I'd like to understand better how technological innovation
is transforming the fight against money laundering and how
Government policy can help or hurt these efforts.
In the health care context, I hear about how researchers
have used machine learning and artificial intelligence to
identify diseases and predict when they will occur, using data
points that humans would have never put together. How have
financial institutions or law enforcement officials been able
to use of similar techniques to identify money laundering and
how much more progress can be made in this front?
Outside of AI and machine learning, how can recent FinTech
innovations such as blockchain fight money laundering?
What regulatory requirement or requirements--if any--most
hinders the adoption of technological innovations?
A.3. Financial institutions are in the early stages of
exploring various ways to apply technological innovations to
AML/CFT efforts. In particular, artificial intelligence has the
potential to improve the way that banks identify suspicious
activity. AI does not search for typologies but rather mines
data to detect anomalies. It gets progressively smarter; it
won't be easily evaded; and different banks with different
profiles would end up producing different outcomes.
Our banks report that they are working to pilot AI
solutions in this area, yet the experts that they need to work
on these initiatives are instead required to validate their
current programmatic processes to examiners. \9\ Financial
institutions need to be able to innovate their AML programs and
coordinate that innovation with their peers. Yet, the most
consequential impediment to innovation is the current
regulatory structure as examiners focus on auditing banks'
policies, processes, and metrics versus encouraging financial
institutions to shift their resources to developing innovative
methods of detecting financial crime.
---------------------------------------------------------------------------
\9\ Id.
---------------------------------------------------------------------------
Furthermore, some firms have expressed concerns that if
they adopt new and more effective methods, and actually
identify more illicit activity, they will be sanctioned by the
banking agencies for failing to detect that conduct earlier. It
is a reflection of the current dysfunction that this is an
actual concern.
This is why TCH believes that Treasury should take a more
prominent role in coordinating AML/CFT policy and examinations
across the Government and conduct a robust and inclusive annual
or biennial process to establish AML/CFT priorities and provide
an overarching purpose for the regime. Furthermore, we believe
that FinCEN should retake exam authority for multinational,
complex financial institutions. A dedicated FinCEN exam team
for this small subset of large institutions could receive
appropriate security clearances, meet regularly with law
enforcement and other end users, receive training in big data
analytics and work with other experts in Government. They, in
turn, would be supervised by Treasury officials with law
enforcement, national security, and diplomatic perspectives on
what is needed from an AML/CFT program. This change would
promote innovative and imaginative conduct that advanced law
enforcement and national security interests, rather than
auditable processes and box checking. Importantly, the benefits
of a FinCEN examination function would extend well beyond the
handful of banks it examined. Priorities set and knowledge
learned could be transferred to regulators for the remaining
financial institutions. And innovation started at the largest
firms, with encouragement from FinCEN, would inevitably benefit
smaller firms. The result of FinCEN assuming some supervisory
authority would be a massive cultural change, as the focus of
exams shifted to the real-world effectiveness of each
institution's AML/CFT program, rather than the number of SARs
filed or number of policies written. That change would start
with those banks under sole FinCEN supervision, but would
eventually spread to all institutions.
Q.4. How much does bitcoin, blockchain, and other
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering
in traditional banks? How can law enforcement officials best
stop this newer form of money laundering?
A.4. As a general matter, customers are using various tools to
conduct transactions around the globe with bank and nonbank
financial institutions. In 2013, FinCEN issued guidance
indicating that a cryptocurrency ``administrator or exchanger
is an MSB under FinCEN's regulations, specifically, a money
transmitter, unless a limitation to or exemption from the
definition applies to the person.'' \10\ We also note that in
the past few years, FinCEN has levied enforcement actions
against cryptocurrency exchangers. While TCH is not privy to
data on the extent of money laundering within virtual
currencies, we note that others are beginning to look into this
issue. \11\
---------------------------------------------------------------------------
\10\ See FIN-2013-G001 ``Application of FinCEN's Regulations to
Persons Administering, Exchanging, or Using Virtual Currencies'', March
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
\11\ For example, in January 2018, Yaya J. Fanusie and Tom
Robinson published a memorandum on ``Bitcoin Laundering: An Analysis of
Illicit Flows Into Digital Currency Services''. Available at:
www.defend democracy.org/content/uploads/documents/
MEMO_Bitcoin_Laundering.pdf.
---------------------------------------------------------------------------
Any review of the BSA/AML regime and its effectiveness
should investigate the changing ways in which customers
interact with financial institutions and ensure that statutory
authorities are adequately tailored to address the evolving
nature of illicit finance threats.
Q.5. I'd like to discuss Suspicious Activity Reports (SARs).
Today, around 2 million SARs are filed each year. While every
SAR used to be read by law enforcement officials, that is no
longer the case today. Financial institutions often complain
that they rarely, if ever, receive feedback from law
enforcement officials on the utility of any particular
suspicious activity report that they file. This lack of
feedback loops increases the burdens on financial institutions,
who continue to file SARs that are of little utility to law
enforcement officials. It also prevents financial institutions
from developing better analytical tools to more precisely
discern between the signal and the noise.
What percentage of SARs are actually read by someone in law
enforcement?
How often do financial institutions receive feedback from
law enforcement officials as to the utility of their SAR
filing?
While some have proposed reducing the number of SARs and
CRT filings because they are often superfluous and are never
read, others argue that this poses risks, because investigating
minor infractions may still lead to significant law enforcement
successes. How should policymakers resolve this conflict?
A.5. TCH members report that they receive follow-up requests
for additional information from law enforcement on their SAR
filings in less than 10 percent of cases. For certain
categories of SARs, the number of requests is close to 0
percent. It should be noted that a follow-up request does not
mean that the SAR led to an arrest or conviction; it means only
that someone in law enforcement wanted to learn more about the
case. Our understanding is that FinCEN does not routinely
research how SARs are used and what their yield is. Obviously,
a more modern system would be more data-driven.
While law enforcement is best placed to provide data on how
many reports are read, we note that they are generally used by
FinCEN and law enforcement for data searches and mining. While
one BSA report may be the ``last piece of the puzzle,'' it's
important to consider the resources deployed for the production
of that report and whether they would be better spent if
redirected to produce the first piece in a more important
puzzle. As an analogy, if law enforcement rigorously enforced
jaywalking rules, it would occasionally capture a wanted
fugitive, but no one would consider that a good use of finite
law enforcement resources. Again, a core problem with the
current regime is that there is an absence of leadership making
choices like these.
This is why TCH recommends that Treasury lead the regime by
coordinating AML/CFT policy and examinations across the
Government and conduct a robust and inclusive annual or
biennial process to establish AML/CFT priorities that would
form the basis for the deployment of financial institution
resources. Relatedly, Treasury should undertake a review of
BSA/AML reporting requirements to ensure information of a high
degree of utility is reported to law enforcement, which
conforms with financial institutions' obligations under the
BSA. \12\
---------------------------------------------------------------------------
\12\ See 31 U.S.C. �5311, which states that ``[i]t is the purpose
of this subchapter [the BSA] to require certain reports or records
where they have a high degree of usefulness in criminal, tax, or
regulatory investigations or proceedings, or in the conduct of
intelligence or counterintelligence activities, including analysis, to
protect against international terrorism.'' Note that the last clause
was added by the USA PATRIOT Act in 2001.
Q.6. How could regulators (1) set up better feedback loops
between financial institutions and law enforcement officials
that could help financial institutions better identify money
laundering; and (2) empower financial institutions to act upon
their improved ability to distinguish between useful and
superfluous reports, including by filing fewer unnecessary
SARs, without fearing regulatory consequences for doing so?
Would a better feedback loop system exist if financial
institutions employed more people with security clearances? If
so, what, if anything, can the Federal Government do to
facilitate this?
A.6. There are substantial benefits to developing additional
pathways, both formally and informally, for AML/CFT information
sharing between various stakeholders in the public and private
sector. Granting law enforcement and national security
authorities opportunities to provide general feedback on the
reports filed, and incorporating this feedback into supervisory
evaluations of firms' compliance, could assist financial
institutions in targeting their resources to efforts that
provide information that is of the greatest use in preventing
illicit financing. We note that under the current regime, many
large financial institutions operate financial intelligence
units (FIUs) that employ former law enforcement or national
security officials, yet still receive little to no useful
feedback.
It would also be helpful if a pathway for sharing
information was established to allow financial institutions to
efficiently share raw data with law enforcement, under a safe
harbor, and with reforms made to current reporting
requirements. The current regime is built on individual,
bilateral reporting mechanisms grounded in the analog
technology of the 1980s, rather than the more interconnected
and technologically advanced world of the 21st century. \13\
Therefore, providing such data in bulk would modernize the
current regime and allow institutions to provide law
enforcement with information in a timelier manner. Furthermore,
it would allow law enforcement, using big data analytics, to
effectively have access to and sift through large quantities of
data more efficiently.
---------------------------------------------------------------------------
\13\ See The Clearing House, ``A New Paradigm: Redesigning the
U.S. AML/CFT Framework To Protect National Security and Aid Law
Enforcement'', (TCH AML/CFT Report), February 2017, available at
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
Further coordination and information sharing between and
among public sector authorities is critical to establishing
AML/CFT priorities and providing an overarching purpose for the
regime. In order to empower institutions to deploy resources to
high-value activities, TCH recommends that Treasury take a more
prominent role in coordinating AML/CFT policy and examinations
across the Government and conduct a robust and inclusive annual
or biennial process to establish AML/CFT priorities, which
could form the basis of financial institution examinations.
This is particularly important in the U.S. where law
enforcement, national security, and financial institution
oversight responsibilities are dispersed among multiple
agencies. This stands in contrast to other approaches (e.g.,
the U.K.'s Joint Money Laundering and Intelligence Task Force
(JMLIT)) that better address barriers to information sharing by
bringing together relevant actors to share information as well
as allowing financial institutions to follow-up on SAR
activity, thereby potentially improving the effectiveness of
financial institution reporting mechanisms. However, as alluded
to above, with any public-private sector dialogue, and more
generally, we believe that national authorities should speak
with one voice when providing feedback as well as disseminating
red flags, threats, and typologies to the private sector as
disparate voices create confusion.
Q.7. Often, financial institutions will derisk by refusing to
serve customers that could be involved in illegal activity. As
financial institutions start to share more information with
each other, this practice could become more prominent and
potential criminals could more frequently lose access to the
United States' financial system altogether.
Are there instances in which derisking is actually
unhelpful for law enforcement purposes, because it drives these
criminals underground and makes it more difficult to track
them?
At the moment, do the regulators that evaluate and enforce
financial institutions compliance with our Federal money
laundering take this into account?
Are there promising ways to increase cooperation between
financial institutions, regulators, and law enforcement
officials, so that financial institutions can make a more
informed decision about when and how to derisk?
Would financial institutions need to hire more employees
with a top security clearance and/or a law enforcement
background for this coordination to be effective?
A.7. The current derisking trend is in part a reaction to
Government and supervisory characterizations of correspondent
banking as a high risk business and the evolving standards
within the domestic and international community. \14\ The
causes are clear--the systems, processes, and people required
to manage examiner expectations for clients deemed to be of
``higher risk'', are extremely costly. For example, a bank may
prepare a lengthy report on a customer only to be criticized
for not further documenting the grounds on which it decided to
retain the customer. For certain regions or businesses it is
often times too expensive to build out this infrastructure to
support higher risk accounts. And this does not even include
the risk of massive fines and reputational damage in the event
a customer designated high-risk actually commits a criminal
act.
---------------------------------------------------------------------------
\14\ See ``The Great Unbanking: Swingeing Fines Have Made Banks
Too Risk-Averse'', The Economist, July 6, 2017, available at
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See
also ``A Crackdown on Financial Crime Means Global Banks Are
Derisking'', The Economist, July 8, 2017, available at
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
As discussed previously, TCH believes that Treasury should
take a more prominent role in coordinating AML/CFT policy and
examinations for the regime. That includes convening on a
regular basis the end users of BSA data--law enforcement,
national security, and others affected by the AML/CFT regime
including the State Department--and setting goals and
priorities for the system. Treasury is uniquely positioned to
balance the sometimes conflicting interests relating to
national security, the transparency and efficacy of the global
financial system, the provision of highly valuable information
to regulatory, tax and law enforcement authorities, financial
privacy, financial inclusion, and international development.
In addition, and as discussed above, TCH believes that
greater information sharing will assist in further clarifying
whether a customers' activity is, in fact, suspicious.
Presently the USA PATRIOT Act grants various statutory
authorities, under Sections 314(a) and 314(b) to allow for
public-private and private-private sector sharing. While
security clearances and additional staff may be helpful, we
note that large financial institutions employ hundreds of staff
members, some of whom are former law enforcement officials, to
assist with compliance efforts yet it's the ``check-the-box''
nature of the compliance regime that prevents them from
utilizing these resources for more proactive AML/CFT efforts.
\15\
---------------------------------------------------------------------------
\15\ See Testimony of William J. Fox before the U.S. House
Financial Services Subcommittees on Financial Institutions and Consumer
Credit and Terrorism and Illicit Finance, November 29, 2017, available
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
FROM GREG BAER
Q.1. How can we leverage technology to make the process
simultaneously less onerous on banks while enhancing the
outcomes of catching illegal behavior? Are there regulatory and
legislative barriers to getting that down?
A.1. Allowing financial institutions to innovate their AML
programs is key to enhancing their ability to identify
suspicious activity. The biggest barrier to innovation is the
current exam paradigm. As one bank recently testified, from
2010-11 they were able to innovate the way in which they used
technology to identify potentially suspicious activity.
However, since then, they have found innovation difficult as
regulatory guidance has been inappropriately applied to their
programs and examiners have in turn rigorously enforced this
guidance, thereby delaying the implementation of programmatic
changes that used to take weeks to 9 months or a year. \1\
Under the current AML/CFT regime, examiners focus on auditing
banks' policies, processes, and metrics versus encouraging
financial institutions to shift their resources to developing
innovative and effective methods of detecting financial crime.
---------------------------------------------------------------------------
\1\ See Testimony of William J. Fox before the U.S. House
Financial Services Subcommittees on Financial Institutions and Consumer
Credit and Terrorism and Illicit Finance, November 29, 2017, available
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
---------------------------------------------------------------------------
This is why TCH believes that Treasury should take a more
prominent role in coordinating AML/CFT policy and examinations
across the Government and conduct a robust and inclusive annual
or biennial process to establish AML/CFT priorities and provide
an overarching purpose for the regime. Furthermore, we believe
that FinCEN should retake exam authority for multinational,
complex financial institutions. A dedicated FinCEN exam team
for this small subset of large institutions could receive
appropriate security clearances, meet regularly with law
enforcement and other end users, receive training in big data
analytics and work with other experts in Government. They, in
turn, would be supervised by Treasury officials with law
enforcement, national security, and diplomatic perspectives on
what is needed from an AML/CFT program. This change would
promote innovative and imaginative conduct that advanced law
enforcement and national security interests, rather than
auditable processes and box checking. Importantly, the benefits
of a FinCEN examination function would extend well beyond the
handful of banks it examined. Priorities set and knowledge
learned could be transferred to regulators for the remaining
financial institutions. And innovation started at the largest
firms, with encouragement from FinCEN, would inevitably benefit
smaller firms. The result of FinCEN assuming some supervisory
authority would be a massive cultural change, as the focus of
exams shifted to the real-world effectiveness of each
institution's AML/CFT program, rather than the number of SARs
filed or number of policies written. That change would start
with those banks under sole FinCEN supervision, but would
eventually spread to all institutions.
Q.2. Financial institutions often complain that FinCEN, law
enforcement officials, and prudential regulators do not tell
them whether their BSA filings serve a useful purpose, or how
the reports they submit are being used--and that the filings go
into a black hole. Can you shed some light on the filings that
you make or have used and what could be done to improve this
process?
A.2. TCH members report that they receive follow-up requests
for additional information from law enforcement on their SAR
filings in less than 10 percent of cases. For certain
categories of SARs, the number of requests is close to 0
percent. It should be noted that a follow-up request does not
mean that the SAR led to an arrest or conviction; it means only
that someone in law enforcement wanted to learn more about the
case. Our understanding is that FinCEN does not routinely
research how SARs are used and what their yield is. Obviously,
a more modern system would be more data-driven.
TCH believes that the SAR regime and BSA filing
requirements generally, should be modernized through the
tailoring of various requirements and facilitation of the
submission of raw data from financial institutions to law
enforcement. The current regime is built on individual,
bilateral reporting mechanisms grounded in the analog
technology of the 1980s, rather than the more interconnected
and technologically advanced world of the 21st century. \2\
Therefore, providing such data in bulk would modernize the
current regime and allow institutions to provide law
enforcement with information in a timelier manner. Furthermore,
it would allow law enforcement, using big data analytics, to
effectively have access to and sift through large quantities of
data more efficiently.
---------------------------------------------------------------------------
\2\ See The Clearing House, ``A New Paradigm: Redesigning the U.S.
AML/CFT Framework To Protect National Security and Aid Law
Enforcement'', (TCH AML/CFT Report), February 2017, available at
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
Furthermore, additional pathways for AML/CFT information
sharing between various stakeholders in the public and private
sector should be developed. Granting law enforcement and
national security authorities opportunities to provide general
feedback on the reports filed, and incorporating this feedback
into supervisory evaluations of firms' compliance, could assist
financial institutions in targeting their resources to efforts
that provide information that is of the greatest use in
preventing illicit financing.
Further coordination and information sharing between and
among public sector authorities is critical to establishing
AML/CFT priorities and providing an overarching purpose for the
regime. In order to empower institutions to deploy resources to
high-value activities, TCH recommends that Treasury take a more
prominent role in coordinating AML/CFT policy and examinations
across the Government and conduct a robust and inclusive annual
or biennial process to establish AML/CFT priorities, which
could form the basis of financial institution examinations.
This is particularly important in the U.S. where law
enforcement, national security, and financial institution
oversight responsibilities are dispersed among multiple
agencies. This stands in contrast to other approaches (e.g.,
the U.K.'s Joint Money Laundering and Intelligence Task Force
(JMLIT)) that better address barriers to information sharing by
bringing together relevant actors to share information as well
as allowing financial institutions to follow-up on SAR
activity, thereby potentially improving the effectiveness of
financial institution reporting mechanisms. However, with any
public-private sector dialogue, and more generally, we believe
that national authorities should speak with one voice when
providing feedback as well as disseminating red flags, threats,
and typologies to the private sector as disparate voices create
confusion.
Q.3. Another compliance challenge often cited by banks is that
they feel pressured by bank examiners and law enforcement
authorities to exit certain business lines or cease offering
certain services to customers viewed as presenting particular
money-laundering vulnerabilities, i.e., severing corresponding
banking relationships with foreign institutions in certain
geographic areas, and also ending money services businesses
(MSBs, i.e., check cashing, money transmitters, currency
exchange outlets, etc.)
As banks reevaluate their business relationships with MSBs
in light of what they may view as a hostile regulatory
landscape, what can we do to change this type of behavior/is
this a prevalent problem in the industry?
It is my understanding that there are times when law
enforcement and the bank regulators work at cross purposes.
That is, law enforcement might want a bank to continue banking
an individual or company that they are following and building a
case against but the bank regulators, whose incentives are to
not be embarrassed by their regulated entities, force the banks
to ``derisk'' or close those accounts. Is that actually the
case?
A.3. We do not have hard data on this question. With respect to
specific customers, we have heard of cases where law
enforcement asked a bank to keep an account open, and the bank
agreed; we have also heard of cases where banks felt that the
regulatory risk was too high, and declined. At a broader level,
with respect to certain lines of business or regions, we do not
believe there are cases where banks have agreed to remain
engaged at law enforcement or other governmental request. For
example, it has been reported that the State Department
expressed considerable concern at the decision by banks to
derisk foreign embassies in the United States, but the banks
involved could not get sufficient assurance that the banking
agencies would not sanction them if something went wrong, so
closed or refused to open those accounts.
Q.4. In terms of AML, we know that the success of AML is
centric around whether or not the predicate crime of money
laundering has been reduced, but we only really know how
pervasive money laundering is on a reactive basis, i.e., when
someone/some entity is caught. To that end, do you believe the
advent/popularity of cryptocurrencies could affect the capture
of money laundering/could it affect AML? Do enforcement
authorities have the technological capabilities to work with
private industry to capture mal-actors?
A.4. As a general matter, customers are using various tools to
conduct transactions around the globe with bank and nonbank
financial institutions. In 2013, FinCEN issued guidance
indicating that a cryptocurrency ``administrator or exchanger
is an MSB under FinCEN's regulations, specifically, a money
transmitter, unless a limitation to or exemption from the
definition applies to the person.'' \3\ We also note that in
the past few years, FinCEN has levied enforcement actions
against cryptocurrency exchangers. While TCH is not privy to
data on the extent of money laundering within virtual
currencies, others are beginning to look into this issue. \4\
In addition, in a recent speech, Treasury Under Secretary for
Terrorism and Financial Intelligence Sigal Mandelker provided
an example of cryptocurrencies being used for money laundering
and terrorist financing stating that ``law enforcement
authorities recently arrested a woman in New York who used
Bitcoin to launder fraud proceeds before wiring the money to
ISIS.'' \5\
---------------------------------------------------------------------------
\3\ See FIN-2013-G001 ``Application of FinCEN's Regulations to
Persons Administering, Exchanging, or Using Virtual Currencies'', March
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
\4\ For example, in January 2018, Yaya J. Fanusie and Tom Robinson
published a memorandum on ``Bitcoin Laundering: An Analysis of Illicit
Flows Into Digital Currency Services''. Available at: www.defend
democracy.org/content/uploads/documents/MEMO_Bitcoin_Laundering.pdf.
\5\ See U.S. Department of the Treasury Under Secretary Sigal
Mandelker Speech before the Securities Industry and Financial Markets
Association Anti-Money Laundering and Financial Crimes Conference,
(Treasury Under Secretary Mandelker's 2018 SIFMA Speech), February 13,
2018, available at home.treasury.gov/news/press-release/sm0286.
---------------------------------------------------------------------------
Any review of the BSA/AML regime and its effectiveness
should investigate the changing ways in which customers
interact with financial institutions and ensure that statutory
authorities are adequately tailored to address the evolving
nature of illicit finance threats.
Q.5. In your opinion, do you think that the overall AML regime
has been effective? Additionally, what do you see as the best
way to ensure future effectiveness?
Is it to have Treasury be the lead to:
1. Define with other stakeholders specific and clear
national priorities of the regime; and
2. Determine, working with other stakeholders, clear and
measurable objectives of the regime in light of those
priorities. Should Treasury or someone else have to report
those measurements against the objectives back to Congress?
A.5. The U.S. AML/CFT regime is broken. It is extraordinarily
inefficient, outdated, and driven by perverse incentives. A
core problem is that today's regime is geared towards
compliance expectations that bear little relationship to the
actual goal of preventing or detecting financial crime, and
fail to consider collateral consequences for national security,
global development, and financial inclusion. Fundamental change
is required to make this system an effective law enforcement
and national security tool, and reduce its collateral damage.
The Department of the Treasury should reclaim
responsibility for the system. That includes convening on a
regular basis the end users of SAR data--law enforcement,
national security, and others affected by the AML/CFT regime
including the State Department--and publicly setting goals and
priorities for the system. Treasury is uniquely positioned to
balance the sometimes conflicting interests relating to
national security, the transparency and efficacy of the global
financial system, the provision of highly valuable information
to regulatory, tax, and law enforcement authorities, financial
privacy, financial inclusion, and international development.
In addition, FinCEN should retake exam authority for
multinational, complex financial institutions. Relatedly,
Treasury should review the BSA/AML reporting regime to ensure
information of a high degree of utility is reported to law
enforcement as well as encourage the exchange of AML/CFT
information between the Government and the private sector as
well as between and among financial institutions. Finally, one
important change to the current system is the passage of
legislation ending the use of shell companies with anonymous
ownership.
Q.6. Mr. Baer, does the current process of having FinCEN
delegate authority to the bank regulators work? What are the
challenges and deficiencies of the current system and how best
do we improve outcomes?
Does the current system take full advantage of
technological advancements?
How does BSA affect financial institutions of different
size, with different staff and tech resources?
A.6. Congress in the Bank Secrecy Act explicitly vested sole
regulatory, examination, and enforcement authority in the
Treasury Department, an agency with considerable financial but
also law enforcement and national security knowledge--not the
banking agencies. Congress rightly saw that this was an
altogether different mission, requiring different expertise.
However, decades ago, an understaffed and underfunded FinCEN
delegated all examination authority to the banking agencies,
and then abdicated any oversight role in how they conducted it.
The result is a system where the end users of suspicious
activity reports, or SARs--law enforcement and national
security--have little or nothing to say when a bank's
compliance is evaluated. Examiners are generally not permitted
to know which SARs are valued by the end users, and so focus on
what they do know: policies and procedures.
For example, banks know that examiners test compliance by
reviewing alerts and trying to identify cases where a SAR was
not filed but arguably should have been. Therefore, they
reportedly spend more time documenting decisions not to file
SARs than they do following up on SARs they do file. In other
words, they focus on the noise, not the signal. And they
continue to use antiquated, consultant-devised, rules-based
systems--rules known to the bad guys, by the way--rather than
innovative artificial intelligence approaches, largely because
the former are conducted under policies and procedures that
have passed muster with regulators.
Furthermore, under this regime no one sets priorities--
unlike any law enforcement or national security agency in the
world. According to bank analysis--there is little to no
governmental analysis--the great majority of SAR filings
receive no uptake from law enforcement. For certain categories
of SARs--structuring, insider abuse--the yield is close to 0
percent. And those categories now represent a majority of the
SARs filed.
BSA/AML reform would benefit institutions of all sizes. In
2017, TCH testified before the House with a community banker
who reported that his three-branch bank has four lending
officers and six AML compliance officers. While TCH represents
25 large commercial banks, the regime is no more rational for
smaller banks. \6\
---------------------------------------------------------------------------
\6\ See Testimony of Lloyd DeVaux before the House Financial
Services Committee Subcommittee on Financial Institutions and Consumer
Credit, June 28, 2017, available at financialservices.house.gov/
uploadedfiles/hhrg-115-ba15-wstate-ldevaux-20170628.pdf.
---------------------------------------------------------------------------
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
FROM GREG BAER
Q.1. What are the costs and benefits of having bank examiners
assess bank compliance with the Bank Secrecy Act's (BSA)
requirements instead of having anti-money laundering (AML) and
combating the financing of terrorism (CFT) experts at the
Financial Crimes Enforcement Network (FinCEN) examine bank
compliance programs?
A.1. As you know, Congress assigned examination authority to
the Treasury Department given its considerable financial, law
enforcement, and national security knowledge. The benefit of
delegation is clear: there are thousands of banks in the
country, and bank regulators already have examiners assigned to
them. Thus, they can efficiently add AML/CFT compliance to the
list of items for which they examine. It would be inefficient
for FinCEN to examine the vast majority of these banks, who
present few issues.
On the other hand, for the largest, multinational banks, we
believe that the equation is quite different. We estimate that
an examination team of only 25-30 people at FinCEN could
replicate the existing work of the Federal banking agencies and
the IRS (for the largest MSBs) at these institutions. More
importantly, a dedicated FinCEN exam team for this small subset
of large institutions could receive appropriate security
clearances, meet regularly with law enforcement and other end
users, receive training in big data analytics, and work with
other experts in Government. They, in turn, would be supervised
by Treasury officials with law enforcement, national security,
and diplomatic perspectives on what is needed from an AML/CFT
program--not bank examiners with no experience in any of those
disciplines. And when FinCEN turned to writing rules in this
area, it would do so informed by its experience in the field.
It would see the whole battlefield, and promote innovative and
imaginative conduct that advanced law enforcement and national
security interests, rather than auditable processes and box
checking.
Importantly, the benefits of a FinCEN examination function
would extend well beyond the handful of institutions it
examined. Priorities set and knowledge learned could be
transferred to regulators for the remaining financial
institutions. And innovation started at the largest firms, with
encouragement from FinCEN, would inevitably benefit smaller
firms. The result of FinCEN assuming some supervisory authority
would be a massive cultural change, as the focus of exams
shifted to the real-world effectiveness of each institution's
AML/CFT program, rather than the number of SARs filed or number
of policies written. That change would start with those banks
under sole FinCEN supervision, but would eventually spread to
all institutions.
Funding such an exam team could be accomplished many ways,
including (i) assessing financial institutions for examinations
costs; \1\ or (ii) establishing a centralized team funded pro
rata by each of the affected agencies but reporting directly
and solely to the FinCEN Director.
---------------------------------------------------------------------------
\1\ Existing statutory authority appears to allow for such an
assessment and affected institutions should see a corresponding
reduction in the assessment they currently pay to prudential regulators
for supervision of this function. The Independent Offices Appropriation
Act provides general authority for a Government agency to assess user
fees or charges by administrative regulation, based on the value of the
service to the recipient. See 31 U.S.C. �9701. OMB Circular No. A-25
provides further guidance regarding ``user fees'' (``A user charge . .
. will be assessed against each identifiable recipient for special
benefits derived from Federal activities beyond those received by the
general public.''). See OMB Circular No. A-25 Revised.
Q.2. Is there a way to maintain a top-shelf effective AML/CFT
policy while maintaining a commitment to increase access to
financial products for the underbanked and immigrants who rely
---------------------------------------------------------------------------
on remittance services?
A.2. With respect to remittances, the current derisking trend
is in part a reaction to Government and supervisory
characterizations of correspondent banking as a high risk
business and the evolving standards within the domestic and
international community. \2\ The causes are clear--the systems,
processes, and people required to manage examiner expectations
for clients deemed to be of ``higher risk'', are extremely
costly. While those who care about poverty or international
development might conclude that the benefits of allowing
remittances exceed the costs, in the form of potential money
laundering, banking agencies in our experience have not
undertaken such a cost-benefit analysis. Thus, they impose
documentation requirements and expectations that make certain
lines of business uneconomical.
---------------------------------------------------------------------------
\2\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too
Risk-Averse'', The Economist, July 6, 2017, available at
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See
also ``A Crackdown on Financial Crime Means Global Banks Are
Derisking'', The Economist, July 8, 2017, available at
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
We believe more research is warranted on how AML/CFT
requirements affect the unbanked. Our understanding is that AML
customer due diligence requirements are a substantial, perhaps
majority, cost of opening an account. For low-dollar deposit
accounts for lower income people, that can make the account
difficult to offer and price.
Q.3. I'm interested in the ways in which technology can aid AML
compliance efforts. What are some of the innovative
technologies that you've seen that hold some promise for either
the Government or the private sector?
What are the barriers to either the Government or the
private sector adopting these technologies?
What can we be doing as legislators to ensure that we
promote technological innovation in this sector?
A.3. Financial institutions are in the early stages of
exploring various ways to apply technological innovations to
AML/CFT efforts. In particular, artificial intelligence has the
potential to improve the way that banks identify suspicious
activity. AI does not search for typologies but rather mines
data to detect anomalies. It gets progressively smarter; it
won't be easily evaded; and different banks with different
profiles would end up producing different outcomes.
Our banks report that they are working to pilot AI
solutions in this area, yet the experts that they need to work
on these initiatives are instead required to validate their
current programmatic processes to examiners. \3\ Furthermore,
they lack feedback from the public sector on the BSA reports
that they file--such feedback would assist institutions in
tuning their systems to provide more targeted leads to law
enforcement. Financial institutions need to be able to innovate
their AML programs and coordinate that innovation with their
peers. Yet, the most consequential impediment to innovation is
the current regulatory structure as examiners focus on auditing
banks' policies, processes, and metrics versus encouraging
financial institutions to shift their resources to developing
innovative methods of detecting financial crime. Banks will be
reluctant to invest in systems unless someone in the Government
can tell them that such systems will meet the banking
examiners' expectations, and can replace old, outdated
methods--in other words, that they will be rewarded, not
punished, for innovation.
---------------------------------------------------------------------------
\3\ Id.
---------------------------------------------------------------------------
While there are instances where legislation is needed, in
many cases agencies already have existing authority to address
some of the concerns outlined during the hearing. For example,
TCH believes that Treasury should take a more prominent role in
coordinating AML/CFT policy and examinations across the
Government, a step currently within their existing authority,
to conduct a robust and inclusive annual or biennial process to
establish AML/CFT priorities, which would form the basis for
financial institution exams. Furthermore, we believe that
FinCEN should retake exam authority for multinational, complex
financial institutions, which is also within their current
authorities. A dedicated FinCEN exam team for this small subset
of large institutions could receive appropriate security
clearances, meet regularly with law enforcement and other end
users, receive training in big data analytics and work with
other experts in Government. They, in turn, would be supervised
by Treasury officials with law enforcement, national security,
and diplomatic perspectives on what is needed from an AML/CFT
program. This change would promote innovative and imaginative
conduct that advanced law enforcement and national security
interests, rather than auditable processes and box checking.
Importantly, the benefits of a FinCEN examination function
would extend well beyond the handful of institutions it
examined. Innovation started at the largest firms, with
encouragement from FinCEN, would inevitably benefit smaller
firms. The result of FinCEN assuming some supervisory authority
would be a massive cultural change, as the focus of exams
shifted to the real-world effectiveness of each institution's
AML/CFT program, rather than the number of SARs filed or number
of policies written. That change would start with those banks
under sole FinCEN supervision, but would eventually spread to
all institutions.
Q.4. The regulatory definition of ``financial institution'' has
been expanded several times over the years, both by FinCEN
rulemaking and by legislation by Congress.
Should the definition of financial institutions be expanded
to include other sectors? If so, which sectors?
Could these changes be made via FinCEN rulemaking or should
legislation be passed?
A.4. As a general matter, the BSA/AML regime should be reviewed
and its effectiveness investigated to account for the changing
ways in which customers interact with bank and nonbanks and
ensure that statutory authorities are adequately tailored to
address the evolving nature of illicit finance threats.
Such a review could be undertaken by Treasury without
Congressional action, with recommendations on further
administrative, legislative, or regulatory changes that need to
be made to improve the efficiency and effectiveness of the AML/
CFT regime.
Q.5. In August 2017, FinCEN issued an advisory encouraging real
estate brokers to share information with them that could be
helpful in AML efforts, while noting they are not required to
do so under current law.
How do we increase information sharing between real estate
brokers and FinCEN?
Geographic Targeting Orders (GTOs), which impose additional
record keeping and reporting requirements on domestic financial
institutions or nonfinancial trades or businesses in a specific
geographic area for transactions involving certain amounts of
United States currency or monetary instruments, have been
deployed since 2016 to target high-end real estate sectors in
major metropolitan areas by requiring U.S. title insurance
companies to identify the natural persons behind shell
companies used to pay ``all cash'' for high-end residential
real estate.
Are GTOs an effective tool or would regulation be a
preferable way to cover the real estate sector?
A.5. As previously mentioned the AML/CFT regime should be
reviewed and adequately tailored to address the evolving nature
of illicit finance threats, including those in the real estate
sector. There are substantial benefits to developing additional
pathways, both formally and informally, for AML/CFT information
sharing between various stakeholders in the public and private
sector.
While we are not privy to any data on the effectiveness of
FinCEN's GTO program, when discussing money laundering in the
real estate sector we would urge Congress to pass legislation
that prohibits the forming of companies with anonymous
ownership. Such companies can be used by criminals to ``mask
their identities, involvement in transactions, and origins of
their wealth, hindering law enforcement efforts to identify
individuals behind illicit activity.'' \4\
---------------------------------------------------------------------------
\4\ See FIN-2017-A003, ``Advisory to Financial Institutions and
Real Estate Firms and Professionals'', August 22, 2017, available at
www.fincen.gov/sites/default/files/advisory/2017-08-22/
Risk%20in%20Real%20
Estate%20Advisory_FINAL%20508%20Tuesday%20%28002%29.pdf.
Q.6. Cryptocurrency exchanges are money services businesses
supervised by State regulators and subject to Federal AML and
CFT laws.
Should FinCEN play an enhanced role in assessing the
compliance of cryptocurrency exchanges, or are State regulators
sufficiently equipped to handle compliance monitoring?
What additional tools could we give regulators and law
enforcement?
How prevalent is money laundering in cryptocurrency
markets?
A.6. As a general matter, we believe that Treasury should take
the lead in coordinating AML/CFT priorities and exams for all
financial institutions, including cryptocurrency exchanges.
Customers are using various tools to conduct transactions
around the globe with bank and nonbank financial institutions
and having one agency leading the regime would help coordinate
disparate regulatory and law enforcement perspectives.
In 2013, FinCEN issued guidance indicating that a
cryptocurrency ``administrator or exchanger is an MSB under
FinCEN's regulations, specifically, a money transmitter, unless
a limitation to or exemption from the definition applies to the
person.'' \5\ We also note that in the past few years, FinCEN
has levied enforcement actions against cryptocurrency
exchangers. While TCH is not privy to data on the extent of
money laundering within virtual currencies, we note that others
are beginning to look into this issue. \6\ Finally, in a recent
speech, Treasury Under Secretary for Terrorism and Financial
Intelligence Sigal Mandelker provided an example of
cryptocurrencies being used for money laundering and terrorist
financing stating that ``law enforcement authorities recently
arrested a woman in New York who used Bitcoin to launder fraud
proceeds before wiring the money to ISIS.'' \7\ As
circumstances change AML/CFT authorities and requirements
should be flexible and tailored enough to adapt to evolving
threats.
---------------------------------------------------------------------------
\5\ See FIN-2013-G001 ``Application of FinCEN's Regulations to
Persons Administering, Exchanging, or Using Virtual Currencies'', March
18, 2013, available at www.fincen.gov/sites/default/files/shared/FIN-
2013-G001.pdf.
\6\ For example, in January 2018, Yaya J. Fanusie and Tom Robinson
published a memorandum on ``Bitcoin Laundering: An Analysis of Illicit
Flows Into Digital Currency Services''. Available at:
www.defenddemocracy.org/content/uploads/documents/
MEMO_Bitcoin_Laundering.pdf.
\7\ See U.S. Department of the Treasury Under Secretary Sigal
Mandelker Speech before the Securities Industry and Financial Markets
Association Anti-Money Laundering and Financial Crimes Conference,
(Treasury Under Secretary Mandelker's 2018 SIFMA Speech), February 13,
2018, available at home.treasury.gov/news/press-release/sm0286.
---------------------------------------------------------------------------
------
RESPONSES TO WRITTEN QUESTIONS OF
SENATOR CORTEZ MASTO FROM GREG BAER
Q.1. Gaming and tourism are some of Nevada's top industries. In
the State of Nevada, our gaming operators employ thousands of
hard working Nevadans, and the industry as a whole domestically
supports 1.7 million jobs across 40 States. Qualified casinos,
like financial institutions, are also subject to Banking
Secrecy Act requirements. Organizations within Nevada have
suggested that gaming operators would welcome a review of BSA
requirements, which they find to be burdensome. They look
forward to this Committee's thoughtful, bipartisan, review of
BSA requirements that takes into account the security
imperative for robust anti-money laundering efforts, as well as
the impact those requirements have on all industries. For
example, the Suspicious Activity Report (SAR) ($5,000) and the
Currency Transaction Report (CTR) ($10,000) levels were set
years ago. Some have recommended increasing these to correspond
with inflation. Others believe that would be too high but do
support a higher amount than currently.
One of the top priorities of the gaming industry is to
remove the requirement for a detailed factual narrative for
structuring in the suspicious activity forms. What do you think
of this recommendation?
A.1. We strongly support that recommendation. We note that when
the SAR regime was implemented in the mid-1990s it was based on
the concept of providing law enforcement a narrative analytical
lead, but SARs are instead used today as a source for word
searches and datamining by FinCEN and law enforcement. This is
particularly true with respect to structuring. Our
understanding is that the yield on structuring SARs is close to
zero, as most cash transactions are entirely legitimate. Thus,
resources invested in constructing a narrative is wasted. To
the extent that datamining identifies a structuring transaction
as truly suspicious, then law enforcement can contact the bank
and obtain whatever detail is necessary.
Q.2. Do you have specific recommendations regarding how the
gaming industry can benefit from greater communication with
Government agencies and law enforcement? Is there something the
Federal Government can do to share information with casinos and
others filing SARs about broad benefits that may occur because
of some of the 58,000 SAR forms filed by gaming firms.
Would the creation of a Qualitative Feedback Mechanism help
reduce money laundering and terrorist financing? Should the
Secretary of the Treasury establish a mechanism to communicate
anti-money laundering (AML) and countering terrorism financing
(CTF) priorities to financial institutions, gaming
establishments and Federal financial regulators? Could such a
mechanism provide qualitative feedback on information shared by
financial institutions with the Department of Treasury,
including CTRs and SARs? Please describe the pros and cons of
such a system.
A.2. There are substantial benefits to developing additional
pathways, whether through a qualitative feedback mechanism or
some other structure, for improved AML/CFT information sharing
between various stakeholders in the public and private sector.
As the Financial Action Task Force recently noted ``[l]ack of
guidance and feedback by public sector authorities on
information shared by the private sector may hinder private
sector's ability to effectively monitor transactions and
provide well-developed reports to FIUs . . . [and] may also
impede or discourage information sharing between different
private sector entities, or between private and public sectors,
and vice versa, e.g., because regulatory expectations are
unclear or because there is insufficient information available
about risks.'' \1\
---------------------------------------------------------------------------
\1\ See ``FATF Guidance: Private Sector Information Sharing'',
November 2017, p.26, available at www.fatf-gafi.org/media/fatf/
documents/recommendations/Private-Sector-Information-Sharing.pdf.
---------------------------------------------------------------------------
For example, the absence of public sector feedback on SARs
in the current regime is hindering financial institutions'
ability to tune their systems to provide more targeted leads to
law enforcement. Granting law enforcement and national security
authorities opportunities to provide general feedback on the
reports filed, and incorporating this feedback into supervisory
evaluations of firms' compliance, could assist financial
institutions in targeting their resources to efforts that
provide information that is of the greatest use in preventing
illicit financing.
It would also be helpful if a pathway for sharing
information were established to allow financial institutions to
efficiently share raw data with law enforcement along with
reforms to SAR and other BSA reporting requirements. As
discussed in the TCH AML/CFT report, the current regime is
built on individual, bilateral reporting mechanisms grounded in
the analog technology of the 1980s, rather than the more
interconnected and technologically advanced world of the 21st
century. \2\ Therefore, providing such data in bulk would
modernize the current regime and allow institutions to provide
law enforcement with information in a timelier manner.
Furthermore, it would allow law enforcement, using big data
analytics, to effectively have access to and sift through large
quantities of data more efficiently.
---------------------------------------------------------------------------
\2\ See The Clearing House, ``A New Paradigm: Redesigning the U.S.
AML/CFT Framework To Protect National Security and Aid Law
Enforcement'', (TCH AML/CFT Report), February 2017, available at
www.theclearinghouse.org//media/TCH/Documents/TCH%20WEEKLY/2017/
20170216_TCH_Report_ AML_CFT_Framework_Redesign.pdf.
---------------------------------------------------------------------------
Further coordination and information sharing between and
among public sector authorities is also critical to
establishing AML/CFT priorities and providing an overarching
purpose for the regime. Therefore, TCH recommends that Treasury
take a more prominent role in coordinating AML/CFT policy and
examinations across the Government and conduct a robust and
inclusive annual or biennial process to establish AML/CFT
priorities and provide an overarching purpose for the regime.
This is particularly important in the U.S. where law
enforcement, national security, and financial institution
oversight responsibilities are dispersed among multiple
agencies. This stands in contrast to other approaches (e.g.,
the U.K.'s Joint Money Laundering and Intelligence Task Force
(JMLIT)) that better address barriers to information sharing by
bringing together relevant actors to share information as well
as allowing financial institutions to follow-up on SAR
activity, thereby potentially improving the effectiveness of
financial institution reporting mechanisms.
Q.3. The Office of the Comptroller of the Currency mentioned in
its 2018 Banking Operating Plan that financial institutions
should not inadvertently impair financial inclusion. But, as of
September 2017, the OCC has not identified any specific issues
they plan to address. We know that derisking has become an
epidemic across many communities and industries, such as
communities along the Southwest border, humanitarian
organizations aiding Nations wracked with violence, and
remittances providers that serve fragile Nations like Somalia.
What type of guidance could the OCC, FinCEN, FDIC, and the
Federal Reserve provide to help banks meet the banking needs of
legitimate consumers and businesses that are at risk of losing
access--or have already lost access?
A.3. The current derisking trend is in part a reaction to
Government and supervisory characterizations of correspondent
banking as a high risk business and the evolving standards
within the domestic and international community. \3\ The causes
are clear--the systems, processes, and people required to
manage examiner expectations for clients deemed to be ``higher
risk'' are extremely costly. For example, a bank may prepare a
lengthy report on a customer only to be criticized for not
further documenting the grounds on which it decided to retain
the customer. Institutions are therefore required to make
difficult decisions, because it is often times too expensive to
build out this infrastructure to support higher risk accounts.
And this does not even include the risk of massive fines and
reputational damage in the event a customer designated high-
risk actually commits a criminal act.
---------------------------------------------------------------------------
\3\ See ``The Great Unbanking: Swingeing Fines Have Made Banks Too
Risk-Averse'', The Economist, July 6, 2017, available at
www.economist.com/news/leaders/21724813-it-time-rethink-anti-money-
laundering-rules-swingeing-fines-have-made-banks-too-risk-averse. See
also ``A Crackdown on Financial Crime Means Global Banks Are
Derisking'', The Economist, July 8, 2017, available at
www.economist.com/news/international/21724803-charities-and-poor-
migrants-are-among-hardest-hit-crackdown-financial-crime-means.
---------------------------------------------------------------------------
Similarly, domestically, banks of all sizes report that
customer due diligence (CDD) requirements have dramatically
increased the cost of opening new accounts, and now represent a
majority of those costs. Of course, disproportionate and
heightened account opening requirements make low-dollar
accounts for low- to moderate-income people much more difficult
to offer and price. While the connection is not immediately
apparent, AML/CFT expense now is clearly an obstacle to banking
the unbanked, and a reason that check cashers and other forms
of high-cost, unregulated finance continue to prosper. The
problem, of course, is that bank examiners do not internalize
those costs. And those in the Government who do internalize
those costs play no role in examining the performance of
financial institutions.
As noted in my testimony, TCH believes that Treasury should
take a more prominent role in coordinating AML/CFT policy and
examinations for the regime. That includes convening on a
regular basis the end users of BSA data--law enforcement,
national security, and others affected by the AML/CFT regime
including the State Department--and setting goals and
priorities for the system. Treasury is uniquely positioned to
balance the sometimes conflicting interests relating to
national security, the transparency and efficacy of the global
financial system, the provision of highly valuable information
to regulatory, tax and law enforcement authorities, financial
privacy, financial inclusion, and international development.
In addition, while the AML/CFT regime is supposed to be
risk-based, particularly in the context of correspondent
banking relationships, it is instead perceived as being ``zero
miss or tolerance.'' Supervisors must reaffirm the risk-based
nature of the regime and make clear that isolated failures to
identify potentially suspicious activity should not call into
question a bank's entire BSA/AML/OFAC compliance framework.
Furthermore regulators should continue to clarify correspondent
banking and other regulatory expectations and should provide
banks with greater certainty that the banks' good-faith
application of clear regulatory guidance and expectations will
ensure that banks are found by their regulators and auditors to
be in compliance with those requirements.
Q.4. Last year, the Countering Iran's Destabilizing Activities
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it
required the Treasury Department to publish a study by May 1,
2018, on two issues:
Somali Remittances: The law required the U.S. Department of
Treasury to study if banking regulators should establish a
pilot program to provide technical assistance to depository
institutions and credit unions that wish to provide account
services to money services businesses serving individuals in
Somalia. Such a pilot program could be a model for improving
the ability of U.S. residents to make legitimate funds
transfers through easily monitored channels while preserving
strict compliance with BSA.
Sharing State Banking Exams: The law also required Treasury
to report on the efficacy of money services businesses being
allowed to share certain State exam information with depository
institutions and credit unions to increase their access to the
banking system.
Have you or your organization been involved with these
Treasury studies?
A.4. TCH has not received a request to participate in this
study.
Q.5. What advice did you give--or would you give--on the pilot
studies?
A.5. We encourage the Treasury Department to solicit input from
the industry on each of these studies to ensure that any
recommendations incorporate private sector perspectives.
Q.6. In 2016, William and Margaret Frederick were moving from
Ohio to Las Vegas. Unfortunately, it is alleged that the title
company they used in Columbus, Ohio, fell for an email scam and
wired the $216,000 profit from their home sale to a hacker, not
to the Fredericks. William is 83 and Margaret is 75 and as of
October, they were still trying to get their money back. While
the Fredericks' tale is now a court case to determine who was
responsible for the fraudulent information, we know that the
Fredericks' experience is ``very typical'' of scams that divert
an estimated $400 million a year from title companies into
bogus accounts.
Please describe the responsibilities of financial firms to
avoid these frauds?
What penalties should be assessed and by which agencies
when financial firms enable theft?
What is the role for the Consumer Financial Protection
Bureau to ensure financial firms protect their customers' money
and information?
A.6. Wire transfers are a ``push'' payment in which a bank
customer instructs its bank to pay another party. Under the law
that applies to wire transfers, Uniform Commercial Code Article
4A, a bank is liable for losses resulting from unauthorized
wire transfer instructions unless the bank and its customer
have entered into a commercially reasonable security procedure
agreement and the bank follows those procedures when it
receives instructions. Generally banks enter into these
agreements with their customers and have security procedures in
place to verify that instructions are in fact the instructions
of their customer.
In the unfortunate case described above, the instruction
from the title company was authorized. However, the title
company had been deceived, through means outside of the bank's
control, into paying the wrong party. Legally it is not the
bank's responsibility to determine if its customer has been
deceived into paying a fraudulent actor. However, banks do not
want their customers to be victims of fraud. In response to the
increase in fraud attacks on their corporate and institutional
customers banks have conducted extensive educational campaigns
using in-person sessions, webinars, and conference calls to
alert customers to fraud schemes and the steps customers can
take to avoid fraud losses. These measures that customers are
encouraged to take include verifying the authenticity of email,
telephone, or other communications before relying on those
communications to instruct wire transfers. Failure to take
these precautions can result in a customer's authorized wire
transfer instruction to its bank that is based upon information
received from a criminal.
Q.7. In 2014, FinCEN issued an advisory with human trafficking
red flags, to aid financial institutions in detecting and
reporting suspicious activity that may be facilitating human
trafficking or human smuggling.
To what extent do you assess that financial institutions
are currently utilizing these red flags, in order to better
assess whether their banks are being used for to finance human
trafficking? If institutions are not widely utilizing the red
flags, what actions is FinCEN taking to encourage them to do
so?
A.7. As previously discussed, TCH recommends that Treasury set
AML/CFT priorities for the regime to assist financial
institutions as they work to provide leads to law enforcement--
including on human trafficking. \4\
---------------------------------------------------------------------------
\4\ We note that the U.K.'s Joint Money Laundering Intelligence
Taskforce (JMLIT) has established operational priorities for its
public-private sector information sharing partnership
www.nationalcrimeagency.gov.uk/about-us/what-we-do/economic-crime/
joint-money-laundering-intelligence-taskforce-jmlit.
---------------------------------------------------------------------------
Financial institutions around the globe are proactively
working among themselves and with the public sector to disrupt
human trafficking networks. In a 2016 Financial Times op-ed,
Standard Chartered's Group General Counsel discussed the need
for enhanced public-private sector sharing, noting that
presentations from NGOs and Government agencies ``have improved
banks' ability to detect potentially [human trafficking]
related financial transactions. In turn, they have helped law
enforcement disrupt trafficking networks.'' \5\ Such movements
are also underway in the United States. \6\
---------------------------------------------------------------------------
\5\ See Financial Times op-ed by David Fein, ``How To Beat the
Money Launderers: Banks Must Work With Governments To Combat This
Scourge'', November 22, 2016, available at www.ft.com/content/569c2e26-
adb9-11e6-ba7d-76378e4fef24.
\6\ See TCH Banking Perspectives article by Juan C. Zarate and
Chip Poncy, ``Designing a New AML System'', Q3 2016, available at
www.theclearinghouse.org/research/banking-perspectives/2016/2016-q3-
banking-perspectives/a-new-aml-system.
---------------------------------------------------------------------------
Furthermore, the U.K.'s Royal United Services Institute
published a report in 2017 on the role financial institutions
play in disrupting human trafficking. It studied efforts in
both the U.K. and U.S. and notes the following: (i) the 2016
Dow Jones and ACAMS Global Anti-Money Laundering Survey found
that ``nearly 70 percent of respondents report their
organizations have modified AML training and/or transaction
monitoring to incorporate human trafficking and smuggling red
flags and typologies,'' with heavy U.S. participation in that
survey; (ii) financial institution approaches to disrupting
human trafficking networks are mixed as some adapt alerts and
guidance; others create bespoke algorithms; and others utilize
other sources of information such as law enforcement inquiries
or negative media alerts; and (iii) many financial institutions
are proactively investigating historic transaction records
rather than relying on real-time monitoring as it may not be as
effective in detecting potential trafficking. \7\
---------------------------------------------------------------------------
\7\ See Tom Keating and Anne-Marie Barry, ``Disrupting Human
Trafficking: The Role of Financial Institutions'', Whitehall Report 1-
17, Royal United Services Institute for Defence and Security Studies,
March 2017, available at rusi.org/sites/default/files/
201703_rusi_disrupting_human_trafficking.pdf.
---------------------------------------------------------------------------
The report also notes that barriers to financial
institutions' efforts to combat human trafficking include: (i)
difficulties with automating triggers as most human
trafficking-specific signals are similar to normal commercial
activity; \8\ (ii) concerns from financial institutions that
they receive no regulatory credit for their efforts and instead
will be penalized or censured; (iii) the diverse number of
financial institutions and payment methods, in multiple
jurisdictions, over which such high volume and small
denomination activity can occur which makes it difficult to
detect without law enforcement leads and greater information
sharing; and (iv) the lack of formal law enforcement feedback
as well as coordinated law enforcement-endorsed efforts to
address human trafficking.
---------------------------------------------------------------------------
\8\ FinCEN implicitly acknowledges this in their 2014 human
trafficking advisory when it says ``financial institutions may consider
incorporating [FinCEN's red flags] into their monitoring programs. In
applying these red flags, financial institutions are advised that no
single transactional red flag is a clear indicator of human smuggling
or trafficking-related activity.'' See www.fincen.gov/resources/
advisories/fincen-advisory-fin-2014-a008.
---------------------------------------------------------------------------
As a general matter, the USA PATRIOT Act's Section 314(b)
private sector information sharing provisions have reportedly
been useful in addressing human trafficking and other crimes.
\9\
---------------------------------------------------------------------------
\9\ See Testimony of William J. Fox before the U.S. House
Financial Services Subcommittees on Financial Institutions and Consumer
Credit and Terrorism and Illicit Finance, November 29, 2017, available
at financialservices.house.gov/uploadedfiles/hhrg-115-ba15-wstate-wfox-
20171129.pdf.
Q.8. What are the pros and cons of reducing or eliminating the
standards requiring SARs filing for insider abuse (i.e.,
employee misconduct)?
The common expectation is that any financial institution
subjected to a cyberattack would be in touch with law
enforcement about whether or not it's required to file an SAR.
What are the pros and cons of eliminating SAR filing
requirement for cyberattacks against financial institutions?
A.8. While we do not support eliminating SAR filings in all
insider abuse cases, we do believe that those filing
requirements should be further tailored, perhaps by making them
subject to the same dollar thresholds as other submissions. We
believe that this would allow firms to shift resources away
from investigating activity that, even if it proved criminal,
would almost certainly never be prosecuted, and towards
innovative efforts to detect more serious offenses. We cannot
think of a ``con'' for this change.
Similarly, with respect to cyber, we presume that cyber SAR
filings are of little to no utility, for the reasons you state.
However, we would strongly urge the Committee to confirm this
impression with law enforcement or FinCEN--that is, by asking
them whether there are investigations where a SAR filing, as
opposed to direct engagement with the firm, helped make a case.
Q.9. Most of the cost of regulatory compliance for financial
institutions has been in the BSA/AML area. Yet, when we talk of
simplifying regulations for community banks, we have not
addressed this issue even though our banks and credit unions
tell us this is the most costly and complex.
Can you give a percent of staff resources invested in AML/
BSA compliance for financial institutions of less than $50
billion in assets?
A.9. BSA/AML reform would benefit institutions of all sizes. In
2017, TCH testified before the House with a community banker
who reported that his three-branch bank has four lending
officers and six AML compliance officers. While TCH represents
25 large commercial banks, the regime is no more rational for
smaller banks. \10\
---------------------------------------------------------------------------
\10\ See Testimony of Lloyd DeVaux before the House Financial
Services Committee Subcommittee on Financial Institutions and Consumer
Credit, June 28, 2017, available at financialservices.house.gov/
uploadedfiles/hhrg-115-ba15-wstate-ldevaux-20170628.pdf.
---------------------------------------------------------------------------
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
FROM DENNIS M. LORMEL
Q.1. Strengthening Financial Intelligence Tools--You have
studied the financial underpinnings of recent terrorist
attacks, like the 2017 attack in Manchester, England, where a
suicide bomber killed 22 people and injured more than 100.
Investigations in the aftermath of that event led to the arrest
of a network of at least 15 more suspects. At the time, you
wrote it was unlikely our current AML and terror finance
regimes could have alerted U.K. or U.S. authorities to this
type of attack.
What specific financial intelligence tools should we
strengthen to detect and disrupt the planning and finance of
such attacks? Is our current response capability sufficiently
joined up, both within the United States and with key allies,
so that key financial evidence is swiftly identified and shared
with relevant law enforcement authorities?
A.1. In attacks like Manchester, it is extremely unlikely that
financial institutions would generate alerts through
transaction monitoring because the banking activity of most of
the individuals involved would usually not raise any suspicion
to cause an alert. The funding flowing through the account,
particularly for homegrown violent extremists would be
generated by their employment compensation, entitlement funds,
or other sources that would usually not raise suspicion. If
they were engaged in criminal activity, there would be more
likelihood this type of funding might generate an alert as
being potentially suspicious but that would be contingent on
the funding flow. These types of individuals, for the most
part, want to avoid detection. It's usually not until after the
event occurs, when names are reported in the media that
financial institutions would identify transactional activity or
account relationships through name identification of the
negative news.
I've written a number of articles with different ideas
about identifying terrorist financing. It's extremely
difficult. I'm happy to forward a sampling of the articles to
provide more context. The problem is most people, including
individuals working in financial institutions do not adequately
understand the funding flows nor are they familiar with
terrorist financing typologies. We tend to look at terrorist
financing more generically and do not visualize sources of
funds, methods of moving funds or how terrorists access funds.
I believe there are three funding streams with numerous
variations of the three primary funding streams.
I believe U.S. law enforcement and their international law
enforcement do a good job of sharing and exchanging
information. Law enforcement does not do as good a job sharing
information with financial institutions. Part of the problem is
a lack of capacity. Part of the problem is a good deal of
information cannot be shared do to considerations to include
grand jury secrecy and classified information. I have been a
proponent for providing security clearances to select personnel
in financial institutions dating back to when I formed and ran
the Terrorist Financing Operations Section (TFOS) at the FBI.
In fact, I recommended that the 9/11 Commission recommend that
security clearances should be granted to bankers. They did not
concur with this. I am still a firm believer that security
clearances would lead to better information sharing.
Financial institution AML personnel are very dedicated to
identifying money laundering and terrorist financing.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
FROM DENNIS M. LORMEL
Q.1. I'd like to understand better the law enforcement context
for the U.S.'s efforts to fight money laundering.
Does the U.S. financial system substantially--even if
inadvertently--facilitate human trafficking?
A.1. The U.S. financial system does facilitate human
trafficking. The financial system also serves as a detection
mechanism. I conduct a lot of AML training, speak frequently at
AML and terrorist financing conferences and write articles
published mostly by the Association of Certified Anti-Money
Laundering Specialists (ACAMS). I make the point that financial
institutions are either facilitation tools or detection
mechanisms. I stress that we need to do more to enhance
detection and limit facilitation.
I believe that AML compliance professionals are dedicated
to identifying money laundering and especially for heinous
crimes such as human trafficking. In my response to Senator
Cortez Masto's questions, I spoke about proactive initiatives
certain financial institutions have taken in partnership with
law enforcement. Below is the answer I provided which puts
context around my comment above about public-private
partnerships.
The Association of Certified Anti-Money Laundering
Specialists (ACAMS) has made human smuggling a long time
priority. They started a working group in 2010 with a group of
major banks and Homeland Security Investigations. Bank analysts
and Homeland Security Investigations analysts developed
patterns of activity or typologies consistent with human
smuggling. JPMorgan Chase had a team of special investigators
who conducted targeted transaction monitoring and identified
potential suspicious activity. ACAMS gave JPMorgan Chase and
Homeland Security a special award in recognition of their
outstanding collaboration. Another outstanding example of
public-private sector partnerships occurred in January 2018, in
the run up to the Super Bowl. The ACAMS Minneapolis Chapter
held a half-day long learning event focused entirely on human
slavery/trafficking. I was proud to be the first speaker. U.S.
Bank, Homeland Security Investigations, and the U.S. Attorney's
Office in Minneapolis collaborated to develop typologies to
identify human sex trafficking specifically related to travel
for the Super Bowl. These types of initiatives have a great
impact on crime problems like human trafficking. I must give a
cautionary comment, that this type of initiative is not as easy
as it sounds. It can be costly; there are regulatory concerns
and other impediments that must be overcome. The September
issue of ACAMS Today magazine had a detailed article about the
Minneapolis learning event. I would be happy to provide a copy
of ACAMS Today if you'd like one.
Q.2. What about terrorism?
A.2. Like money laundering for human trafficking, financial
institutions serve as either facilitation tools or detection
mechanisms for terrorist financing. It is easier to develop
typologies and red flags for human trafficking and other crimes
than it is for terrorist financing. That is one reason I spend
a considerable amount of my time teaching and writing about
terrorist financing. Terrorist financing is very complex and
multifaceted. I believe there are three basic funding streams
and many variations of the three funding streams. What also
needs to be considered is who you are dealing with,
organizations or individuals. I have a great deal of content in
terms of power point presentations and articles providing
greater detail that I'm happy to share.
AML professionals are vigilant and would like to identify
potential terrorist financing but generally, they do not
understand terrorism or the funding flows to be concerned about
and how it impacts their institutions. This is not for a lack
of trying. It's an extremely complex issue. I encourage
financial institutions to form specialized investigations
teams, analogous to law enforcement SWAT teams to address
issues like terrorist financing, human trafficking and
transnational criminal organizations, as you inquire about
below. One of the problems we have in AML compliance is that we
are inherently reactive. The more we can be ``urgently''
reactive and to the extent we can be proactive, the more
detective and disruptive we can be.
Q.3. What about drug cartels and violent gangs such as MS-13?
A.3. I would characterize drug cartels, violent gangs, and
organized crime organizations as either transnational criminal
organizations or domestic criminal organizations. Either way,
they would operate locally, regionally, and/or globally. Again,
financial institutions serve as facilitation tools or detection
mechanisms. Here, one of my principal concerns is the nexus
between transnational criminal organizations and terrorist
groups. I refer to this as the problem of convergence and
diversification. Criminal and terrorist groups converge to act
together in criminal activity or to share the same supply
chains and channels for shipping illicit goods and for human
smuggling and trafficking. As these hybrid operations mature,
they diversify into more seemingly legitimate activity. This is
where public-private partnerships become more important and
meaningful.
Q.4. Can you walk me through a typical case, either as an agent
or as a field manager, where you used financial intelligence,
such as suspicious activity reports, to catch these sort of
criminals?
A.4. Senator, thank you for this question because it goes to
the heart of my January 9th written and oral testimony. Every
day, law enforcement uses BSA data, either in the form of SARs,
CTRs, 8300s, or other BSA data, to predicate or enhance
criminal investigations. I just attended the West Coast AML
Forum annual conference in San Francisco (May 2-4, 2018). Three
separate law enforcement case studies were presented that were
built on SARs, CTRs, 8300s, and other BSA data. One case
revolved around Ponzi schemes, one around Asian Organized
Crime, and one around dark web internet sites selling illicit
goods, including synthetic opioids. They were very compelling
presentations demonstrating the importance of building evidence
around BSA data. In addition to those presentations, I gave a
presentation on terrorist financing and stated that the FBI
relies extensively on SARs and CTRs for terrorist financing
investigations.
To more directly answer your question, as a hypothetical,
as a law enforcement agent I receive a SAR about an investment
fraud. I would run the subject name(s) and collateral
identifying data through the SAR database and through my
agency's investigative indices. I may or may not get additional
hits. However, if it's an investment fraud, it most likely will
have multiple victims, perhaps through multiple financial
institutions. I would contact the financial institution(s)
filing the SAR(s) and request the SAR decision documentation. I
would attempt to establish predicating information to open a
case to present to a prosecutor. I would get grand jury
subpoenas for bank account records and begin my investigation
to ``follow the money.'' As I proceed, it is likely I'll
identify CTRs and additional SARs. Through bank account
analysis, I'll likely identify other bank and credit card
accounts and continue to build my links to co-conspirators. I'd
continue to build financial evidence along with other evidence
to include audio and video recordings, surveillance, interviews
and other investigative steps to build my case. Often times an
investigation as I'm describing could lead to an opportunity to
establish an undercover operation where the undercovers provide
money laundering services to the bad guys. I would continue to
build my case to obtain an indictment and sustain a
prosecution. At every step in the process, financial record and
BSA data will be essential elements of the case.
I used SAR and CTR information in terrorist financing
following 9/11 for purposes of developing strategic
intelligence about current and emerging trends. We established
a datamining initiative where we used SAR and CTR information
with other buckets of information to develop said strategic
intelligence. I believe that capability is more robust today
than in the 2001-2003 timeframe.
In training presentations I give regarding SARs, I have a
flow chart about the lifecycle of a SAR. I would be happy to
provide it to you and to provide a demonstration or
explanation.
Q.5. At the FBI, what percentage of the time would you estimate
that unique leads are generated from AML tools, such as
suspicious activity reports and currency transaction reports?
A.5. I cannot give you a definitive answer of the current
status of how SAR and CTR data is used at the FBI today. When I
was Chief of the Terrorist Financing Operations Section (TFOS),
following its formation and through 2003, we checked for and/or
used SAR and CTR data extensively. One of the processes we
established was that all terrorism cases had a financial sub-
file and that SAR and CTR checks were made. Between December
2000 and 9/11, while I was Chief of the Financial Crimes
Section, we had an analyst checking the SAR database on a daily
basis to find SARs we could take actionable steps with. We also
had a pilot program regarding money laundering and running
through the SAR database for SARs we could predicate
investigations with and refer out to field offices. I
participate in bank working group outreach meeting that TFOS
has with financial institutions a few times a year. TFOS
leaders discuss how SARs are used for their investigative
targeting in terrorism cases. Although I cannot provide
information about how other divisions within the FBI use SARs
and CTRs, my sense is they are widely used. The FBI has a cadre
of forensic accountants that work throughout the criminal and
counterterrorism programs. My expectation is they regularly
rely on BSA data in their financial investigations.
Q.6. What should our risk tolerance be for the fact that the
U.S. financial system facilitates crimes like human
trafficking? Should we strive to have zero incidence of money
laundering in our financial system?
A.6. The Bank Secrecy Act specifically states that financial
institutions have AML programs that are ``reasonably designed''
to identify and report suspicious activity. With the volume of
transactions that take place on a daily basis it is impossible
to identify all suspicious activity. Having a reasonably
designed program is the appropriate standard. In a perfect
world, we could consider a zero tolerance for money laundering
standard. However, in the real world, that is an impossible
standard. We should always strive to improve transaction
monitoring and rely more on innovation to improve the detection
versus facilitation capabilities. In my view, ensuring that
financial institutions develop and maintain ``reasonably
designed'' AML standards is appropriate.
Q.7. I'd like to understand better how technological innovation
is transforming the fight against money laundering and how
Government policy can help or hurt these efforts.
In the health care context, I hear about how researchers
have used machine learning and artificial intelligence to
identify diseases and predict when they will occur, using data
points that humans would have never put together. How have
financial institutions or law enforcement officials been able
to use of similar techniques to identify money laundering and
how much more progress can be made in this front?
A.7. I believe we need to embrace technology and use
technological advances to better monitor for suspicious
activity and to support criminal investigations. In the last
few years, technology has been greatly enhances. We should be
exploiting technology as much as we can to enhance monitoring
and investigative capabilities. We need to ensure the legal and
regulatory framework is in place to support technology. We must
also ensure that individual privacy rights are not abused. I'm
not a technology expert. I would encourage the Committee to
hold hearings and briefings with technology experts and privacy
rights advocates to determine what technologies can be
exploited in a legal framework.
I would also note, that no matter how advanced machine
learning and artificial intelligence become, we will always
need humans to conduct investigations and to make the decisions
on filing SARs and other BSA decisions.
Q.8. Outside of AI and machine learning, how can recent FinTech
innovations such as blockchain fight money laundering?
A.8. As I noted above, I am not an IT expert. However, FinTech
needs to be included in the discussion about improving the
effectiveness and efficiency of AML reporting requirements. I
believe blockchain is only going to gain momentum and become
more mainstream. We need to take a step back and better
understand blockchain and accountability regarding blockchain
and other emerging technology. I honestly believe, in listening
to experts familiar with blockchain, that blockchain can be a
tool to fight money laundering.
Q.9. What regulatory requirement or requirements--if any--most
hinders the adoption of technological innovations?
A.9. As I noted above, I am not an IT expert. I'm not sure if
it's a regulatory problem as much as a cost consideration.
Regardless of cost considerations, the problem is not
regulations. Rather it is the regulators and the lack of
clarity and leadership by regulators concerning regulatory
expectations. My sense is financial institutions are concerned
about potential regulatory consequences they may face for
enhancing technology. There is concern that if new innovations
will result in criticism that the older technology will be
criticized for not having picked up the same level of alerts
causing them to have to look back for potential suspicious
activity perceived to be missed. At the ACAMS AML Conference
held in Hollywood, Florida, from April 9-11, 2018, during a
regulator panel, one regulator advised that if financial
institutions upgraded their transaction monitoring system, they
should run the two systems in parallel for a period of time to
ensure that if one system generates more alerts, the other is
assessed to see if it missed alerts. That's a cause for concern
for two reasons, cost and perceived regulatory action against
the financial institution. This is a deterrent and not an
incentive to enhance technology.
Q.10. How much does bitcoin, blockchain, and other
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering
in traditional banks? How can law enforcement officials best
stop this newer form of money laundering?
A.10. As bitcoin, blockchain, and other cryptocurrency continue
to emerge and gain popularity and usage, it will grow as a
money laundering challenge. The initial reaction to bitcoin,
blockchain, and other cryptocurrency, and its attractiveness to
money launderers and criminals was its perceived anonymity.
Experts have demonstrated that is not true and that they can
identify people engaging in bitcoin and other cryptocurrency
transactions. This is a money laundering deterrent. However,
the more bitcoin and other cryptocurrencies are used, and the
more they can be used in cash like manners, the more prevalent
the money laundering challenge will become. Part of the problem
is the extent to which the dark net can be used and the level
of anonymity that bad guys can develop and exploit.
Q.11. I'd like to discuss Suspicious Activity Reports (SARs).
Today, around 2 million SARs are filed each year. While every
SAR used to be read by law enforcement officials, that is no
longer the case today. Financial institutions often complain
that they rarely, if ever, receive feedback from law
enforcement officials on the utility of any particular
suspicious activity report that they file. This lack of
feedback loops increases the burdens on financial institutions,
who continue to file SARs that are of little utility to law
enforcement officials. It also prevents financial institutions
from developing better analytical tools to more precisely
discern between the signal and the noise.
What percentage of SARs are actually read by someone in law
enforcement?
A.11. First, to the statement above, the number of SARs read by
law enforcement and feedback regarding SARs are two separate
issues and should not be compared with each other or considered
a metric for whether law enforcement reviews SARs.
I cannot give a precise percentage for how many SARs are
reviewed by law enforcement but based on my experience I
confidently believe a very high percentage of SARs, if not all
SARs, are reviewed in some fashion. At a macro level, a program
level or for strategic purposes the FBI, IRS, and FinCEN
possess analytics and/or datamining initiatives that scrub all
SAR data. At the grassroots or field office level SARs that
fall into the grassroots or field office jurisdictions
throughout the U.S. are reviewed. I believe that most, if not
all, SARs receive at least a cursory manual review. I think
there are 94 U.S. Attorney's Offices (USAOs) in the U.S. Each
USAO has at least one SAR review team. SAR review teams are
composed of agents from Federal law enforcement agencies in
each jurisdiction, most prominently IRS and FBI agents and/or
analysts. In addition, field office personnel or State and
local law enforcement review certain SARs independent of the
SAR review teams. As an example, the Manhattan District
Attorney's Office has a SAR review team. I'm confident that
most, if not all, SARs are reviewed by law enforcement.
Q.12. How often do financial institutions receive feedback from
law enforcement officials as to the utility of their SAR
filing?
A.12. Feedback from law enforcement to financial institutions
regarding the value of SARs is problematic. I have frequently
heard the same complaint from financial institutions. As noted
above, the lack of feedback does not mean SARs were not
reviewed or that SARs did not predicate and/or enhance law
enforcement investigations. In response to the frustration on
the part of financial institutions about the lack of SAR
feedback, I always make it a point when I provide training to
AML professionals to discuss how important SARs are to law
enforcement. I also include in my presentations a flow chart I
developed regarding the lifecycle of a SAR. As I mentioned in
an earlier response to one of your questions, I'd be happy to
provide the flow chart to you.
When I was the Chief of TFOS in the FBI, I frequently met
with then FinCEN Director James Sloan. We often spoke about
developing a consistent feedback mechanism for financial
institutions but were unable to develop an adequate mechanism
to do so. There are a number of inherent impediments to
establishing a feedback mechanism. Such include the nature of
criminal investigations. From the point a SAR is filed to the
point a case is concluded, it could be a period of one or more
years. If a case is a Grand Jury investigation, information
cannot be disclosed by law enforcement. Law enforcement lacks
the resources to consistently provide feedback. There are
always new cases to move forward with and investigators don't
have time to provide feedback. Impediments aside, they are no
excuse for not providing feedback. I believe a feedback
mechanism should be developed and implemented through FinCEN
initiated by law enforcement. I concur with your comment that a
SAR feedback mechanism would improve the quality of SAR
submissions. I also believe that a SAR feedback would improve
the morale of AML professionals who are involved in the SAR
process. They would have a greater sense of accomplishment and
satisfaction that their work contributes to law enforcement
successes. Make no mistake; SARs play a significant role in
investigations.
Q.13. While some have proposed reducing the number of SARs and
CRT filings because they are often superfluous and are never
read, others argue that this poses risks, because investigating
minor infractions may still lead to significant law enforcement
successes. How should policymakers resolve this conflict?
A.13. Having been the direct beneficiary of SARs and having
used SARs at the program or macro level for strategic analysis,
I'm a strong proponent that more SARs and CTRs are better.
Agents who manually review SARs at the grassroots level would
probably opine that less is better. In any event, a disparate
SAR that may not have a high financial loss from a consumer
fraud or elderly fraud may likely be identifiable with similar
SARs. When those SARs are aggregated, what was an insignificant
fraud could escalate into a massive fraud case. I think policy
makers should take a serious look at this issue. There are
merits to both arguments. My opinion is there is more merit to
not reducing the number of SARs filed, especially by increasing
SAR thresholds. I am definitely staunchly against that
alternative.
Q.14. How could regulators (1) set up better feedback loops
between financial institutions and law enforcement officials
that could help financial institutions better identify money
laundering; and (2) empower financial institutions to act upon
their improved ability to distinguish between useful and
superfluous reports, including by filing fewer unnecessary
SARs, without fearing regulatory consequences for doing so?
A.14. I do not believe regulators should have a role in SAR
feedback or to have a voice in what a useful SAR is. Regulators
have no authority over law enforcement, are not law enforcement
and represent an impediment to law enforcement in the SAR
process in certain regards. SARs are intended to assist law
enforcement not the regulators. One criticism I have about
regulators regarding SARs is that in a number of instances,
financial institutions write SARs geared to what the regulators
want versus what law enforcement wants. This is
counterproductive. Where regulators can assist in the SAR
process during their examinations is to identify situations
where financial institutions do not file SARs or do not file
adequate SARs. In my experience, the failure to file SARs or to
adequately file SARs is the biggest breakdown in an AML
program. This is where the regulators should be focused
regarding SARs.
Q.15. Would a better feedback loop system exist if financial
institutions employed more people with security clearances? If
so, what, if anything, can the Federal Government do to
facilitate this?
A.15. I have long been an advocate that select financial
institution AML professionals be granted security clearances.
In fact, I was interviewed many times by the 9/11 Commission. I
strongly recommended to them they recommend that security
clearances be granted to select financial institution
personnel. Unfortunately, the 9/11 Commission did not concur.
Despite that, I firmly believe security clearances would be
beneficial and are warranted.
Security clearances have been given to select AML personnel
on a limited basis through TFOS at the FBI for terrorist
financing collaboration.
I do not believe that security clearances would improve the
feedback issue. However, it would improve the ability of the
Government to provide financial institutions with classified
information.
Q.16. Often, financial institutions will derisk by refusing to
serve customers that could be involved in illegal activity. As
financial institutions start to share more information with
each other, this practice could become more prominent and
potential criminals could more frequently lose access to the
United States' financial system altogether.
Are there instances in which derisking is actually
unhelpful for law enforcement purposes, because it drives these
criminals underground and makes it more difficult to track
them?
A.16. Law enforcement would prefer that financial institutions
do not derisk. Exiting relationships is a hindrance to law
enforcement. It makes it more challenging for law enforcement
to follow the money and to develop prosecutable cases reliant
on financial evidence. There are times when law enforcement
learns that financial institutions are going to exit an account
relationship and law enforcement requests the financial
institution maintain the banking relationship. In such
instances, law enforcement will provide the financial
institution with a keep open letter. Financial institutions
often derisk and/or exit high risk relationships due to concern
of adverse regulatory actions by their regulators.
Q.17. At the moment, do the regulators that evaluate and
enforce financial institutions compliance with our Federal
money laundering take this into account?
A.17. Regulators do not take this into account, which is a
problem. Either real or perceived, financial institutions
derisk because they are concerned that the regulators will take
an enforcement action against the financial institution for the
level of high risk they accept. This is where the regulators
lack leadership and clarity with financial institutions. I've
heard regulators asked to provide guidance respond that it is
up to the financial institution to identify the appropriate
level of risk they can manage. In many such high risk
situations financial institutions believe it's better to exit
the customer relationship and not face real or perceived
regulatory action.
Q.18. Are there promising ways to increase cooperation between
financial institutions, regulators, and law enforcement
officials, so that financial institutions can make a more
informed decision about when and how to derisk?
A.18. If financial institutions, regulators, and law
enforcement could establish sustainable communications and take
the time to understand each other's perspectives, a better
sense of collaboration could be established and a middle ground
acceptable to each other could be established. If you placed
financial institutions, the regulators and law enforcement in a
triangle and places financial institutions at the top and
regulators and law enforcement at the bottom side points, there
would be hard lines from the financial institutions to the
regulators and law enforcement. Unfortunately, the line between
the regulators and law enforcement would be a broken line. The
hard lines are lines of communication. The broken line is a
lack of communication. The point is the level of communications
between the regulators and law enforcing is not good. This
leaves financial institutions in direct communications with the
regulators and law enforcement, which have conflicting
interests.
Q.19. Would financial institutions need to hire more employees
with a top security clearance and/or a law enforcement
background for this coordination to be effective?
A.19. The issue of security clearances is not related to the
issue of derisking. They are separate issues. I think it would
be extremely beneficial if financial institutions hire more
employees from law enforcement or the intelligence community
who have security clearances. This would enable law enforcement
to share classified information with financial institutions
they would not have otherwise been able to share. Financial
institutions derisk in order to avoid real or perceived
regulatory actions like enforcement actions.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
FROM DENNIS M. LORMEL
Q.1. How can we leverage technology to make the process
simultaneously less onerous on banks while enhancing the
outcomes of catching illegal behavior? Are there regulatory and
legislative barriers to getting that down?
A.1. We should definitely seek to leverage and embrace
technology to enhance transaction monitoring and to be more
innovative. I believe the barriers to this are two pronged.
First is cost considerations for financial institutions. The
second is real or perceived regulatory expectations. Financial
institutions are concerned about adverse regulatory action if
they enhance technology. In questions from Senator Sasse I
received a similar question. The answer I provided Senator
Sasse is set forth below:
As I noted above, I am not an IT expert. I'm not sure if
it's a regulatory problem as much as a cost consideration.
Regardless of cost considerations, the problem is not
regulations. Rather it is the regulators and the lack of
clarity and leadership by regulators concerning regulatory
expectations. My sense is financial institutions are concerned
about potential regulatory consequences they may face for
enhancing technology. There is concern that if new innovations
will result in criticism that the older technology will be
criticized for not having picked up the same level of alerts
causing them to have to look back for potential suspicious
activity perceived to be missed. At the ACAMS AML Conference
held in Hollywood, Florida, from April 9-11, 2018, during a
regulator panel, one regulator advised that if financial
institutions upgraded their transaction monitoring system, they
should run the two systems in parallel for a period of time to
ensure one if one system generates more alerts, the other is
assessed to see if it missed alerts. That's a cause for concern
for two reasons, cost and perceived regulatory action against
the financial institution. This is a deterrent and not an
incentive to enhance technology.
Q.2. Financial institutions often complain that FinCEN, law
enforcement officials, and prudential regulators do not tell
them whether their BSA filings serve a useful purpose, or how
the reports they submit are being used--and that the filings go
into a black hole. Can you shed some light on the filings that
you make or have used and what could be done to improve this
process?
A.2. SARs are extremely important and make significant
contributions to law enforcement investigations. Lack of
feedback is a problem. The perception by financial institutions
that SARs fall into a black hole is a misperception. SARs do
not fall into a black hole. Financial institutions have a right
to be frustrated about the lack of SAR feedback. In terms of
developing a consistent feedback mechanisms, this is not an
issue for the regulators. It is an issue for FinCEN and law
enforcement, mostly law enforcement. Law enforcement is the end
user of SARs and the beneficiary of SAR information. Senator
Sasse asked a similar question. Below is the answer I furnished
him, which is relevant to your question.
Feedback from law enforcement to financial institutions
regarding the value of SARs is problematic. I have frequently
heard the same complaint from financial institutions. As noted
above, the lack of feedback does not mean SARs were not
reviewed or that SARs did not predicate and/or enhance law
enforcement investigations. In response to the frustration on
the part of financial institutions about the lack of SAR
feedback, I always make it a point when I provide training to
AML professionals about how important SARs are. I also include
in my presentations a flow chart I developed regarding the
lifecycle of a SAR. As I mentioned in an earlier response to
one of your questions, I'd be happy to provide the flow chart
to you.
When I was the Chief of TFOS in the FBI, I frequently met
with then FinCEN Director James Sloan. We often spoke about
developing a consistent feedback mechanism for financial
institutions but were unable to develop an adequate mechanism
to do so. There are a number of inherent impediments to
establishing a feedback mechanism. Such include the nature of
criminal investigations. From the point a SAR is filed to the
point a case is concluded, it could be a period of one or more
years. If a case is a Grand Jury investigation, information
cannot be disclosed by law enforcement. Law enforcement lacks
the resources to consistently provide feedback. There are
always new cases to move forward with and investigators don't
have time to provide feedback. Impediments aside, they are no
excuse for not providing feedback. I believe a feedback
mechanism should be developed and implemented through FinCEN
initiated by law enforcement. I concur with your comment that a
SAR feedback mechanism would improve the quality of SAR
submissions. I also believe that a SAR feedback would improve
the morale of AML professionals who are involved in the SAR
process. They would have a greater sense of accomplishment and
satisfaction that their work contributes to law enforcement
successes. Make no mistake; SARs play a significant role in
investigations.
Q.3. Another compliance challenge often cited by banks is that
they feel pressured by bank examiners and law enforcement
authorities to exit certain business lines or cease offering
certain services to customers viewed as presenting particular
money-laundering vulnerabilities, i.e., severing corresponding
banking relationships with foreign institutions in certain
geographic areas, and also ending money services businesses
(MSBs, i.e., check cashing, money transmitters, currency
exchange outlets, etc.)
As banks reevaluate their business relationships with MSBs
in light of what they may view as a hostile regulatory
landscape, what can we do to change this type of behavior/is
this a prevalent problem in the industry?
A.3. Senator, let me answer the second part of your question
first. The issue is a significant prevalent issue in the
industry. The term referred to for exiting high risk
relationships by financial institutions is ``derisking''. The
problem here is with the regulators. Either real or perceived,
financial institutions believe they will face regulatory
enforcement actions if they continue to bank high risk
customers. This is where I believe regulators lack leadership
and clarity. They do not provide guidance to financial
institutions about banking high risk customers. I have heard
regulators at conference state it is not their responsibility
to provide such guidance but it's the responsibility of the
financial institution to determine the level of risk they can
manage. This lack of guidance leads to financial institutions
exiting high risk customer relationships.
Q.4. It is my understanding that there are times when law
enforcement and the bank regulators work at cross purposes.
That is, law enforcement might want a bank to continue banking
an individual or company that they are following and building a
case against but the bank regulators, whose incentives are to
not be embarrassed by their regulated entities, force the banks
to ``derisk'' or close those accounts. Is that actually the
case?
A.4. Unfortunately, this is the case. As noted in my response
to your previous question, either real or perceived, financial
institutions derisk out of fear of regulatory enforcement
actions. The regulators do not provide financial institutions
with leadership or clarity about maintaining high risk
relationships. Consequently, financial institutions exit these
relationships. Regulators state that they do not want derisking
but they want inclusion. The problem is they do not provide the
guidance about banking high risk customers.
Law enforcement would prefer the account relations not be
exited, especially in cases of ongoing investigations. Below is
the response to a similar question that I provided to Senator
Sasse.
Law enforcement would prefer that financial institutions do
not derisk. Exiting relationships is a hindrance to law
enforcement. It makes it more challenging for law enforcement
to follow the money and to develop prosecutable cases reliant
on financial evidence. There are times when law enforcement
learns that financial institutions are going to exit an account
relationship and law enforcement requests the financial
institution maintain the banking relationship. In such
instances, law enforcement will provide the financial
institution with a keep open letter. Financial institutions
often derisk and/or exit high risk relationships due to concern
of adverse regulatory actions by their regulators.
Q.5. In terms of AML, we know that the success of AML is
centric around whether or not the predicate crime of money
laundering has been reduced, but we only really know how
pervasive money laundering is on a reactive basis, i.e., when
someone/some entity is caught. To that end, do you believe the
advent/popularity of cryptocurrencies could affect the capture
of money laundering/could it affect AML? Do enforcement
authorities have the technological capabilities to work with
private industry to capture mal-actors?
A.5. The challenge of identifying money laundering is that it
is an inherently reactive process. The evolution of
cryptocurrency presents new challenges for financial
institutions. This is certainly one area where public-private
sector partnerships could better address the emerging
challenges of cryptocurrency. I responded to a similar question
from Senator Sasse. Below is the response I provided him with.
As bitcoin, blockchain, and other cryptocurrency continue
to emerge and gain popularity and useage, it will grow as a
money laundering challenge. The initial reaction to bitcoin,
blockchain, and other cryptocurrency, and its attractiveness to
money launderers and criminals was its perceived anonymity.
Experts have demonstrated that is not true and that they can
identify people engaging in bitcoin and other cryptocurrency
transactions. This is a money laundering deterrent. However,
the more bitcoin and other cryptocurrencies are used, and the
more they can be used in cash like manners, the more prevalent
the money laundering challenge will become. Part of the problem
is the extent to which the dark net can be used and the level
of anonymity that bad guys can develop and exploit.
Q.6. In your opinion, do you think that the overall AML regime
has been effective? Additionally, what do you see as the best
way to ensure future effectiveness?
A.6. As I stated in my written and oral testimony at the
Committee hearing on January 9th, the flow of BSA information
from financial institutions to law enforcement is invaluable.
In this regard the AML regime is effective. The system is
flawed when you overlay regulatory requirements. The system
could be more effective and efficient. I encourage the
Committee to assess the perspectives of all stakeholders in the
process, especially law enforcement and financial institutions
who I consider the two primary stakeholders. BSA information is
intended to assist law enforcement. Financial institutions are
the repository for financial intelligence and serve as the
filter for identifying and reporting suspicious activity. I
believe there are three primary factors that Congress should
consider:
1. How to incentivize financial institutions to enhance
technology and be innovative. In addition to cost
factors, this will require dealing with the real or
perceived regulatory expectations financial
institutions are concerned about regarding upgrading
technology. Financial institutions are concerned about
potential adversarial regulatory consequences.
2. How to make transaction monitoring and the SAR process
more effective and efficient. The key is to improve the
percentage of SARs that are meaningful and are used to
predicate and/or enhance law enforcement
investigations.
3. How to establish a consistent and meaningful feedback
mechanism from law enforcement to financial
institutions regarding the value of SARs. This would be
one factor that would contribute to improving the
effectiveness and efficiency of the SAR process.
Q.7. Is it to have Treasury be the lead to:
1. Define with other stakeholders specific and clear
national priorities of the regime; and
2. Determine, working with other stakeholders, clear and
measurable objectives of the regime in light of those
priorities. Should Treasury or someone else have to
report those measurements against the objectives back
to Congress?
A.7. This is a difficult question that requires considerable
assessment by numerous stakeholders with varying perspectives.
On one hand, I concur that from a practical point of view, one
department or stakeholder should be the lead to establish
specific and clear national priorities and set clear and
measurable objectives that are reported back to Congress. My
problem is that Federal departments and agencies within those
departments have vastly different responsibilities and
mandates. Therefore, could one department objectively determine
the overall priorities for the intergovernmental community? For
example, the Treasury Department is primarily responsible for
sanctions and enforcement. Whereas, the Department of Justice
(DOJ) and Homeland Security are responsible for law
enforcement. From a practical standpoint, it would be prudent
to designate Treasury to be responsible. However, without equal
input, my concern would be that DOJ and Homeland Security law
enforcement perspective and priorities might not be accurately
stated and/or prioritized. In addition, are their other
stakeholders who should be included in the reporting process
such as the CIA and Department of Defense (DOD)? The CIA and
DOD are both engaged in threat and/or terrorist financing.
Having co-responsibility might be an acceptable alternative.
However, that would be a challenge for efficiency. Perhaps
Treasury, DOJ, Homeland Security, and other Government
stakeholders should be responsible to submit similar reports to
more specifically define their priorities, objectives and
measurable.
Regardless of who is designated with reporting
responsibility, I believe it would be prudent to have a
reporting mechanism to Congress.
This idea may have come from the Clearinghouse report,
dated February 2017, titled ``A New Paradigm: Redesigning the
U.S. AML/CTF Framework to Protect National Security and Aid Law
Enforcement''. I was not involved in the Clearing House
assessment process. However, my concern is the principal
participants possessed more of a Treasury perspective
(sanctions and enforcement) verses a law enforcement
perspective. I understand the working group included former law
enforcement officials. However, in reading the Clearing House
report, my concern is law enforcement interests were not
adequately considered. As noted in my written and oral
testimony on January 9th, I contacted then current law
enforcement executive in positions like I held in the FBI, and
none were included in the discussions. I believe the Clearing
House report sets a good framework for improving BSA reporting.
However, law enforcement should have greater engagement in the
assessment process.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
FROM DENNIS M. LORMEL
Q.1. What are the costs and benefits of having bank examiners
assess bank compliance with the Bank Secrecy Act's (BSA)
requirements instead of having anti-money laundering (AML) and
combating the financing of terrorism (CFT) experts at the
Financial Crimes Enforcement Network (FinCEN) examine bank
compliance programs?
A.1. I do not believe it is practical to have FinCEN perform
the bank examinations/program reviews as currently done by the
regulatory agencies. First and foremost, FinCEN does not have
the capacity to handle such demands. They lack the required
resources. FinCEN resources do not have the same level of
examination training or experience that regulatory agencies
possess. I believe it is imperative that FinCENs primary
responsibility continue to be to collect BSA reporting
information and to serve as the conduit between financial
institutions and law enforcement. FinCEN should continue to be
involved in regulatory actions on a case specific basis and in
conjunction with the regulators. FinCEN should continue to
provide regulatory guidance to financial institutions. FinCEN
should also continue to conduct the analytical work they
perform in support of law enforcement.
Q.2. Is there a way to maintain a top-shelf effective AML/CFT
policy while maintaining a commitment to increase access to
financial products for the underbanked and immigrants who rely
on remittance services?
A.2. I'm a proponent for inclusion of the underbanked and
immigrants who rely on remittance services. I conduct AML,
terrorist financing, and fraud training on a regular basis. I
also write articles published in industry publications, such as
ACAMS Today magazine. In these forums, I frequently state that
illegal money remitters represent one of the most significant
vulnerabilities to the U.S. financial system. Part of the
problem is that some illegal money remitters and underbanked
customers have been derisked. Derisking is a significant
problem. Much of the problem regarding illegal money remittance
is that different ethnic communities, especially with the
underbanked and immigrants prefer to use illegal money
remitters to transmit funds back to family members in their
countries of origin.
One of the solutions to the issue of derisking is for
regulators to provide leadership and clarity to financial
institutions about regulatory expectations. Another solution
for the issue if illegal money remittance is for FinCEN, law
enforcement, and financial institutions to establish a
partnership and working group to address the issue of illegal
money remittance operations.
Q.3. I'm interested in the ways in which technology can aid AML
compliance efforts. What are some of the innovative
technologies that you've seen that hold some promise for either
the Government or the private sector?
A.3. I'm not an IT expert. However, I believe that financial
institutions should embrace technology. In doing so, they
should also demand transparency with new technology driven
product offerings. Regarding transaction monitoring, financial
institutions should be considering technology enhancements
through artificial intelligence and FinTech capabilities.
Q.4. What are the barriers to either the Government or the
private sector adopting these technologies?
A.4. In my opinion, the barriers to Government are primarily
cost related. The barriers also include Government bureaucracy.
The barriers to the private sector, specifically to financial
institutions, are cost and real or perceived regulatory
expectations. I was asked similar questions by your colleagues
Senators Sasse and Tillis. Below are my responses to their
questions.
1. We should definitely seek to leverage and embrace
technology to enhance transaction monitoring and to be
more innovative. I believe the barrios to this are two
pronged. First is cost considerations for financial
institutions. The second is real or perceived
regulatory expectations. Financial institutions are
concerned about adverse regulatory action if they
enhance technology. In questions from Senator Sasse I
received a similar question. The answer I provided
Senator Sasse is set forth below:
2. As I noted above, I am not an IT expert. I'm not sure if
it's a regulatory problem as much as a cost
consideration. Regardless of cost considerations, the
problem is not regulations. Rather it is the regulators
and the lack of clarity and leadership by regulators
concerning regulatory expectations. My sense is
financial institutions are concerned about potential
regulatory consequences they may face for enhancing
technology. There is concern that if new innovations
will result in criticism that the older technology will
be criticized for not having picked up the same level
of alerts causing them to have to look back for
potential suspicious activity perceived to be missed.
At the ACAMS AML Conference held in Hollywood, Florida,
from April 9-11, 2018, during a regulator panel, one
regulator advised that if financial institutions
upgraded their transaction monitoring system, they
should run the two systems in parallel for a period of
time to ensure one if one system generates more alerts,
the other is assessed to see if it missed alerts.
That's a cause for concern for two reasons, cost and
perceived regulatory action against the financial institution.
This is a deterrent and not an incentive to enhance technology.
Q.5. What can we be doing as legislators to ensure that we
promote technological innovation in this sector?
A.5. Technology innovation is important. If I was a legislator,
I would consider what I could do to incentivize financial
institutions to embrace technology. One thing I would assess is
how to encourage regulators to take a leadership role and to
provide financial institutions with guidance and clarity to
change the real or perceived concern by financial institutions
that there could be adverse regulatory enforcement actions for
enhancing technology as addressed in the response to the prior
question.
Q.6. The regulatory definition of ``financial institution'' has
been expanded several times over the years, both by FinCEN
rulemaking and by legislation by Congress.
Should the definition of financial institutions be expanded
to include other sectors? If so, which sectors?
A.6. The one sector that comes to mind where the definition of
``financial institution'' might be included is the real estate
sector. As addressed in Geographic Targeting Orders (GTOs),
issued by FinCEN to require U.S. title insurance companies to
identify the natural persons behind shell companies used to pay
``all cash'' for high-end residential real estate in six major
metropolitan areas, money laundering through real estate is a
significant problem. Certainly, where focus was placed on this
specific money laundering problem, the GTOs were warranted. But
the problem of money laundering through real estate is much
broader. There are a number of real estate schemes to include
criminal property flipping that have had a detrimental economic
impact on many U.S. cities.
I believe that to answer how broadly the real estate sector
should be regulated as a financial institution requires
considerable assessment. Stakeholders should include FinCEN,
real estate professionals and experts, financial institutions,
law enforcement, and academics who have researched money
laundering in the real estate sector. As an example, the
Terrorism, Transnational Crime and Corruption Center (TraCCC)
at George Mason University (GMU), held a daylong conference at
GMU's Schar School of Policy and Government to learn about
money laundering through the real estate sector. The forum was
held on March 23, 2018. Speakers included experts from the real
estate sector, law enforcement banks, Government, associations,
nongovernment organizations, and academia. I served as a
moderator for a panel addressing new approaches to countering
money laundering in real estate in the U.S. A draft report has
been circulated to conference speakers and organizers. The
report is in the process of being finalized. If you are
interested, I'd be happy to provide a copy of the report after
it's published.
Q.7. Could these changes be made via FinCEN rulemaking or
should legislation be passed?
A.7. I believe both FinCEN rulemaking and legislation are
warranted. I believe that the GTO's issued by FinCEN are an
outstanding example of FinCEN rulemaking. However, the long-
term solution is legislation. Congress should consider
establishing a working group to assess how best to craft
legislation to address the broader risks of money laundering
through real estate.
Q.8. In August 2017, FinCEN issued an advisory encouraging real
estate brokers to share information with them that could be
helpful in AML efforts, while noting they are not required to
do so under current law.
How do we increase information sharing between real estate
brokers and FinCEN?
A.8. Meaningful information sharing between real estate brokers
and FinCEN is more likely to be accomplished through rulemaking
and legislative requirements. An alternative that could result
in voluntary information is to promote awareness through
outreach, particularly in the real estate sector, about the
risk and consequences of money laundering through real estate.
Q.9. Geographic Targeting Orders (GTOs), which impose
additional record keeping and reporting requirements on
domestic financial institutions or nonfinancial trades or
businesses in a specific geographic area for transactions
involving certain amounts of United States currency or monetary
instruments, have been deployed since 2016 to target high-end
real estate sectors in major metropolitan areas by requiring
U.S. title insurance companies to identify the natural persons
behind shell companies used to pay ``all cash'' for high-end
residential real estate.
Are GTOs an effective tool or would regulation be a
preferable way to cover the real estate sector?
A.9. I applaud the GTOs. They are a good step forward in
addressing the money laundering issues in real estate. The
GTO's focus on one significant money laundering problem. I
believe this has had the intended impact and that is why the
GTOs were extended in 2017. As noted in the response to the
prior question, I believe the long-term solution is regulations
that are broader than the one issue addressed in the GTOs.
Regulations need to address a broader range of money laundering
risks in the real estate sector.
Q.10. Cryptocurrency exchanges are money services businesses
supervised by State regulators and subject to Federal AML and
CFT laws.
Should FinCEN play an enhanced role in assessing the
compliance of cryptocurrency exchanges, or are State regulators
sufficiently equipped to handle compliance monitoring?
A.10. I will address this question first at the State level and
then at the Federal level. Overall, State regulators do a good
job at enforcing State regulatory compliance requirements.
However, there is no uniformity among States about regulatory
requirements. Regulatory requirements vary from State to State.
My sense is New York probably has the most stringent State
requirements. At the Federal Government level, we need to
assess the roles and perspectives Government agency
stakeholders have with respect to cryptocurrency exchanges. For
instance, FinCEN issued guidance to cryptocurrency exchanges in
2013. Since cryptocurrency exchanges are MSBs, they would be
subject to Federal review by the IRS, who examines MSBs from a
Federal regulatory perspective. In addition, the Securities and
Exchange Commission (SEC) and the Commodities Futures Trading
Commission (CFTC) each have interests. In some situations, the
SEC could consider the trade of cryptocurrency securities
transactions. In some situations, the CFTC could consider
virtual currency as a commodity.
The question of should FinCEN play an enhanced role in
assessing the compliance of cryptocurrency exchanges should be
assessed along with the roles of the IRS, SEC, and CFTC. One
question is, does FinCEN have the capacity, in terms of
resources, to take on enhanced responsibilities. FinCEN should
certainly provide continued guidance and rulemaking. In terms
of supervision, IRS should continue to have examination
responsibility. The problem here is the same question as I
posed for FinCEN. Does the IRS possess adequate resources to
address regulatory examination requirements?
Q.11. What additional tools could we give regulators and law
enforcement?
A.11. The tools that regulators and law enforcement need to
address the AML challenges posed by cryptocurrency begin with
budget enhancements. From the regulators side, enhanced
resources are needed in terms of personnel and equipment to
perform an adequate level of regulatory examinations. Whether
it's the IRS or FinCEN, resource enhancements are needed. Law
enforcement is less pressed for resource enhancements, although
the need for resource enhancements should be assessed.
Regulators and law enforcement could use budget enhancements to
address the training requirements necessary to gain and
maintain the skill sets required to address the evolving
challenges posed by cryptocurrencies.
Q.12. How prevalent is money laundering in cryptocurrency
markets?
A.12. I cannot speak definitively about how prevalent money
laundering is in cryptocurrency markets. However, like with all
types of financial institutions, there is a risk for money
laundering. Like financial institutions, cryptocurrency markets
serve as a facilitation tool or a detection mechanism. Our
challenge is to make cryptocurrency markets more of a detection
mechanism.
The common belief that cryptocurrencies can be anonymous
makes cryptocurrency more attractive to money laundering. Law
enforcement has begun to state that cryptocurrencies are not as
anonymous as thought and that they can trace transactions and
those transacting in cryptocurrency. The more law enforcement
proves this fact by making arrests, getting convictions, and
seizing illicit assets, the greater the deterrent there will be
for money laundering through cryptocurrency. That said, the
more cryptocurrency transactions become cash like transactions,
the greater the likelihood for money laundering. AML
transaction monitoring is inherently reactive, which poses a
significant challenge for those fighting money laundering.
Cryptocurrency is an evolving space. AML technology must evolve
along with cryptocurrency technology.
------
RESPONSES TO WRITTEN QUESTIONS OF
SENATOR CORTEZ MASTO FROM DENNIS M. LORMEL
Q.1. Gaming and tourism are some of Nevada's top industries. In
the State of Nevada, our gaming operators employ thousands of
hard working Nevadans, and the industry as a whole domestically
supports 1.7 million jobs across 40 States. Qualified casinos,
like financial institutions, are also subject to Banking
Secrecy Act requirements. Organizations within Nevada have
suggested that gaming operators would welcome a review of BSA
requirements, which they find to be burdensome. They look
forward to this Committee's thoughtful, bipartisan, review of
BSA requirements that takes into account the security
imperative for robust anti-money laundering efforts, as well as
the impact those requirements have on all industries. For
example, the Suspicious Activity Report (SAR) ($5,000) and the
Currency Transaction Report (CTR) ($10,000) levels were set
years ago. Some have recommended increasing these to correspond
with inflation. Others believe that would be too high but do
support a higher amount than currently,
A.1. I would like to comment here that I am not in favor of
raising the SAR or CTR reporting thresholds. In today's world,
where it takes small amounts of funds to commit a terrorist
act, we need the thresholds where they are. Most financial
institutions will tell you the reporting thresholds do not
cause extra burden to them.
Q.2. One of the top priorities of the gaming industry is to
remove the requirement for a detailed factual narrative for
structuring in the suspicious activity forms. What do you think
of this recommendation?
A.2. I was the direct beneficiary of SARs when I was an FBI
agent, especially following the terrorist attacks of 9/11. I
formed and ran the Terrorist Financing Operations Section
(TFOS). Following 9/11, we began a datamining project and
included SAR narratives and SAR identifying information like
addresses, phone numbers, and other collateral information.
From a macro or program level, I liked the narrative
information for all SARs to include structuring. That said,
SARs are a subjective topic. If you speak to law enforcement
agents at the field or grass roots level, especially those who
physically review SARs, they would likely agree that
structuring narratives are cumbersome and not necessary. There
is no easy solution to the SAR narrative question.
Q.3. Do you have specific recommendations regarding how the
gaming industry can benefit from greater communication with
Government agencies and law enforcement? Is there something the
Federal Government can do to share information with casinos and
others filing SARs about broad benefits that may occur because
of some of the 58,000 SAR forms filed by gaming firms.
A.3. I am a huge proponent for public and private partnerships
and collaboration. When I ran the Financial Crimes Section at
the FBI prior to 9/11, I had frequent conversation with the
then Director of FinCEN, James Sloan about developing a
feedback mechanism for financial institutions regarding SARs.
There were numerous inherent impediments to establishing a
feedback mechanism. That should not be an excuse. FinCEN and
law enforcement should revisit this issue and determine how to
more consistently provide feedback to financial institutions,
including Casinos.
Q.4. Would the creation of a Qualitative Feedback Mechanism
help reduce money laundering and terrorist financing? Should
the Secretary of the Treasury establish a mechanism to
communicate anti-money laundering (AML) and countering
terrorism financing (CTF) priorities to financial institutions,
gaming establishments, and Federal financial regulators? Could
such a mechanism provide qualitative feedback on information
shared by financial institutions with the Department of
Treasury, including CTRs and SARs? Please describe the pros and
cons of such a system.
A.4. As mentioned in the answer above, I am a firm believer in
the benefits of a feedback mechanism regarding SARs. I would
welcome a feedback mechanism. I do believe that would improve
the identification of money laundering and terrorist financing.
From an intangible standpoint, a consistent feedback mechanism
would greatly improve the morale and motivation of the AML
professionals involved in the SAR process. There is a constant
sense that SARs go into a black hole. That is not true. SARs
are extremely valuable. If AML professionals received
consistent feedback, there would be more interest in filing
better quality SARs that would improve the investigative
process and lead to more prosecutions and disruptions.
I do not like the idea of Treasury providing money
laundering and terrorist financing priorities to financial
institutions because their issues are with sanctioning and
enforcement actions and not law enforcement. Non-Treasury law
enforcement agencies, such as the FBI have primary criminal and
intelligence for terrorism and many criminal violations. I'm
not comfortable with Treasury setting priorities for matters
they have limited or no jurisdiction over. If Treasury acted as
a bridge with law enforcement then perhaps it would be
workable.
Q.5. The Office of the Comptroller of the Currency mentioned in
its 2018 Banking Operating Plan that financial institutions
should not inadvertently impair financial inclusion. But, as of
September 2017, the OCC has not identified any specific issues
they plan to address. We know that derisking has become an
epidemic across many communities and industries, such as
communities along the Southwest border, humanitarian
organizations aiding Nations wracked with violence, and
remittances providers that serve fragile Nations like Somalia.
What type of guidance could the OCC, FinCEN, FDIC, and the
Federal Reserve provide to help banks meet the banking needs of
legitimate consumers and businesses that are at risk of losing
access--or have already lost access?
A.5. Inclusion or derisking is a sensitive issue. Although the
regulators preach inclusion and the harm of derisking, they do
not adequately provide the needed guidance to financial
institutions. In my view and what I have observed in working
groups that discuss this issue and in other forums, the
regulators do not demonstrate any leadership or clarity in
providing direction. Regulators will state that it is up to
banks to determine the level of risk they can manage and offer
no guidance about regulatory expectations. Consequently, that
lack of guidance causes financial institutions to be more risk
averse and exit relationships for fear that the regulators
would take a negative view and some action against the
institution for banking high risk customers. Regulators should
take a leadership role and provide clear guidance about
regulatory expectations beyond stating that financial
institutions need to identify and manage their risk.
Q.6. Last year, the Countering Iran's Destabilizing Activities
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it
required the Treasury Department to publish a study by May 1,
2018, on two issues:
Somali Remittances: The law required the U.S. Department of
Treasury to study if banking regulators should establish a
pilot program to provide technical assistance to depository
institutions and credit unions that wish to provide account
services to money services businesses serving individuals in
Somalia. Such a pilot program could be a model for improving
the ability of U.S. residents to make legitimate funds
transfers through easily monitored channels while preserving
strict compliance with BSA.
Sharing State Banking Exams: The law also required Treasury
to report on the efficacy of money services businesses being
allowed to share certain State exam information with depository
institutions and credit unions to increase their access to the
banking system.
Have you or your organization been involved with these
Treasury studies?
A.6. I have not been engaged in the Treasury studies. I am in
favor of such pilot programs
Q.7. What advice did you give--or would you give--on the pilot
studies?
A.7. Somalia is a high risk country for terrorism. That said,
the stories of bulk cash being carried to Somalia from the U.S.
because MSBs are not banked and NGOs are forced to currier
money is extremely problematic. To expand on my answer above
about regulatory agencies not taking or demonstrating a
leadership role, this would be a great opportunity for that to
change. I would recommend Treasury and the regulators take a
leadership role in working with financial institutions to bank
MSBs in the Somali region and to what extent the depository
institutions should have a risk tolerance for. Part of the lack
of leadership on the part of the regulators results in a lack
of clarity with banks in terms of the level of risk they should
take on and the perceived regulatory response to financial
institutions considering taking on such risk. This is where
leadership and clarity would be helpful in formulating more
realistic risk tolerance thresholds and would lead to less
derisking.
I like the idea of MSBs being able to share certain State
exam information with depository institutions and credit
unions. In most instances, it would provide information that
should lead to establishing or maintaining a banking
relationship.
Q.8. In 2016, William and Margaret Frederick were moving from
Ohio to Las Vegas. Unfortunately, it is alleged that the title
company they used in Columbus, Ohio, fell for an email scam and
wired the $216,000 profit from their home sale to a hacker, not
to the Fredericks. William is 83 and Margaret is 75 and as of
October, they were still trying to get their money back. While
the Fredericks' tale is now a court case to determine who was
responsible for the fraudulent information, we know that the
Fredericks' experience is ``very typical'' of scams that divert
an estimated $400 million a year from title companies into
bogus accounts.
Please describe the responsibilities of financial firms to
avoid these frauds?
A.8. These situations are devastating to the victims,
especially elderly victims like the Fredericks. I wish there
was a simple recourse for the Frederick's but there is not. The
financial institutions involved in the transaction do not owe
the Fredericks or the title company a fiduciary duty. The
financial institution has a responsibility to have a reasonably
designed AML program. What that means is the program is
reasonably designed to identify and report suspicious activity
to FinCEN. Your question does not give much context about the
banking relationships involved in this case. The Frederick's
recourse should be with the title company who fell for the
phishing/email scam. It's likely the escrow company did not
have adequate controls. There are, unfortunately, to many cases
like this. They usually wind up in civil law suits.
Depending on the case specifics, it is not likely the bank
would be found negligent or responsible. Again, the culpability
is likely to lie with the escrow company. The bank would not be
responsible for the escrow company's falling victim to the
scammers.
Q.9. What penalties should be assessed and by which agencies
when financial firms enable theft?
A.9. In the event that the financial institution did not have a
reasonably designed AML program to identify suspicious
activity, the bank failed to file SARs or to adequately file
SARs than the bank should face an enforcement action by their
regulators and/or FinCEN. If it was a one off fraud, and the
bank had a reasonably designed program it is unlikely they
would be held culpable. Invariably, many of these cases wind up
with civil law suits filed against the bank. In at least some
such cases, the bank will opt to settle the law suit and avoid
trial to avert adverse publicity and reputational damage.
Q.10. What is the role for the Consumer Financial Protection
Bureau to ensure financial firms protect their customers' money
and information?
A.10. The CFPB is intended to help consumers protect their
assets from fraud. I'm not sure of the role the CFPB would play
in a scenario involving the Fredericks. If the escrow company
was negligent and lacked adequate internal controls, they
should be held culpable for the loss. I'm not a lawyer so I
cannot speak to the legal ramifications. Again, I'm not sure of
what the CFPB could or should do.
Q.11. In 2014, FinCEN issued an advisory with human trafficking
red flags, to aid financial institutions in detecting and
reporting suspicious activity that may be facilitating human
trafficking or human smuggling.
To what extent do you assess that financial institutions
are currently utilizing these red flags, in order to better
assess whether their banks are being used for to finance human
trafficking? If institutions are not widely utilizing the red
flags, what actions is FinCEN taking to encourage them to do
so?
A.11. Human trafficking is a heinous crime problem. I believe
that AML professionals are dedicated professionals and are very
concerned about human trafficking. I cannot speak definitively
as to how widely financial institutions use the FinCEN red
flags regarding human trafficking or to the extent FinCEN
provides guidance regarding human trafficking. However, I do
believe many financial institutions use human trafficking and
smuggling red flags from multiple sources. There is other red
flag guidance that financial institutions use that comes from
FATF, Homeland Security Investigations, the FBI and other
viable sources. It should be noted that the Polaris Project has
written a great reference guide about human slavery
(trafficking), titled ``Typologies of Modern Slavery''. In
addition, human trafficking is widely discussed at industry
training conferences. Training is one of the core pillars of an
AML program. Human smuggling typologies and warning signs are
frequent topics.
The Association of Certified Anti-Money Laundering
Specialists (ACAMS) has made human smuggling a long time
priority. They started a working group in 2010 with a group of
major banks and Homeland Security Investigations. Bank analysts
and Homeland Security Investigations analysts developed
patterns of activity or typologies consistent with human
smuggling. JPMorgan Chase had a team of special investigators
who conducted targeted transaction monitoring and identified
potential suspicious activity. ACAMS gave JPMorgan Chase and
Homeland Security a special award in recognition of their
outstanding collaboration. Another outstanding example of
public-private sector partnerships occurred in January 2018, in
the run up to the Super Bowl. The ACAMS Minneapolis Chapter
held a half-day long learning event focused entirely on human
slavery/trafficking. I was proud to be the first speaker. U.S.
Bank, Homeland Security Investigations, and the U.S. Attorney's
Office in Minneapolis collaborated to develop typologies to
identify human sex trafficking specifically related to travel
for the Super Bowl. These types of initiatives have a great
impact on crime problems like human trafficking. I must give a
cautionary comment that this type of initiative is not as easy
as it sounds. It can be costly; there are regulatory concerns
and other impediments that must be overcome. The September
issue of ACAMS Today magazine had a detailed article about the
Minneapolis learning event. I would be happy to provide a copy
of ACAMS Today if you'd like one.
Q.12. What are the pros and cons of reducing or eliminating the
standards requiring SARs filing for insider abuse (i.e.,
employee misconduct)?
A.12. I do not believe there are any pros to reducing or
eliminating SAR filing for insider abuse. If the insider abuse
would be considered suspicious activity, SARs should be filed.
Insider abuse can be devastating to financial institutions and
should be dealt with harshly. It's one thing if insiders
embezzle or defraud their employer. It's another issue when
insiders facilitate external fraud schemes. That can be more
devastating to the financial institution, as well as to
outsiders exposed to the fraud or other crime problem.
Q.13. The common expectation is that any financial institution
subjected to a cyberattack would be in touch with law
enforcement about whether or not it's required to file an SAR.
What are the pros and cons of eliminating SAR filing
requirement for cyberattacks against financial institutions?
A.13. As I mentioned responding to an earlier question, I do
not see any pros for eliminating SAR filing requirements
regarding cyberattacks. There are only cons. That is unless the
cyberattack has no financial lead value. I believe that most if
not all cyberattacks have a financial component to them.
Therefore, it is incumbent that SARs be filed to ensure the
financial considerations receive adequate attention from
financial experienced investigators. More importantly, FinCEN
has a cyberteam that assesses and addresses cyber SARs. I
believe that not all cyberthreats, where SARs are generated,
are reported to law enforcement other than through the SAR
filing. Also, when cyberthreats are reported to cyber
investigators, I'm not sure that the follow up cyber
investigation has a financial component as it would if SARs
were filed.
Q.14. Gaming and tourism are some of Nevada's top industries.
In the State of Nevada, our gaming operators employ thousands
of hard working Nevadans, and the industry as a whole
domestically supports 1.7 million jobs across 40 States.
Qualified casinos, like financial institutions, are also
subject to Banking Secrecy Act requirements. Organizations
within Nevada have suggested that gaming operators would
welcome a review of BSA requirements, which they find to be
burdensome. They look forward to this Committee's thoughtful,
bipartisan review of BSA requirements that takes into account
the security imperative for robust anti-money laundering
efforts, as well as the impact those requirements have on all
industries. The Suspicious Activity Report (SAR) ($5,000) and
the Currency Transaction Report (CTR) ($10,000) levels were set
years ago. Some have recommended increasing these to correspond
with inflation. Others believe that would be too high but do
support a higher amount than currently,
From a law enforcement perspective, are there risks to
raising the amounts? Is it possible that having CTRs at higher
levels could result in more fraud and terrorist financing? If
the amounts were raised, to what amount do you recommend?
A.14. I am a firm believer that the SAR and CTR thresholds
should not be raised. This would be detrimental to law
enforcement, especially considering the threat of homegrown
violent extremists. Homegrown violent extremists would be more
likely to transact in amounts below the $5,000 and $10,000
threshold levels. As the Chief of the Financial Crimes Section
and founder of the Terrorist Financing Operations Section
(TFOS) at the FBI, I was the direct beneficiary of SAR and CTR
data. I saw firsthand how information below the threshold
levels was used in investigations. I believe in 2004 or 2005,
my successor as Chief of TFOS, Michael Morehart, testified
about not raising the thresholds before a Congressional
Committee. Subsequent to that, GAO conducted a review of the
threshold issue and concured that law enforcement benefited
from SAR and CTR information at the current thresholds. My
apology for not being more specific about the hearing or report
date. At this point in time, I do not recall the specifics and
in deference to time in completing my response to questions, I
was unable to conduct the necessary research.
I also believe that most financial institutions would state
that the current thresholds do not cause them any greater work
than they would if the thresholds were raised. This topic comes
up at industry conferences and financial institution
representatives have stated this regularly.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR BROWN
FROM HEATHER A. LOWE
Q.1. Information Sharing Among Banks--While you have generally
supported increased information sharing between banks and the
U.S. Government, and among banks, you also have sounded an
alarm about the importance of appropriate privacy safeguards
around bank-bank information sharing, particularly where an
individual's access to financial services may be at risk if
negative but inaccurate information on them gets into the
system, as with inaccurate credit reporting.
Can you describe the types of safeguards you think would be
important if we were to consider clarifying or expanding this
authority? In particular, should we consider implementing a
system of redress or information correction for such
individuals, and if so how would you configure such new
protections, and how would you envision that process actually
working?
A.1. The general rule around information sharing among banks
should be that data is anonymized before being shared. This is
consistent with the Clearing House's recommendations. Instances
where an individual's personal and/or account information can
be shared among banks should be very clearly circumscribed. A
system of redress should be established for individuals to
review and rectify incorrect information that may be forming
the basis of banks' decisions to deny an individual banking
services, as is the case with credit information.
When the banks ask for permission to share information,
they are asking for that permission not just among banks in the
U.S., but globally. As such, rules circumscribing the sharing
of individuals' personal and account information and processes
for redress should be crafted in conjunction with other major
financial centers. FinCEN (the U.S.'s financial intelligence
center) could initiate and lead this process through its
membership in the Egmont Group, the umbrella organization for
more than 135 financial intelligence centers around the world.
Q.2. Bank Derisking/Remittances--Your testimony emphasized the
importance of Know Your Customer procedures for banks. But in
recent years many financial institutions have opted to shed
accounts of customers with personal or commercial links to
parts of the world where it can be difficult to ascertain the
final recipient of a financial transaction--an especially
important concern to Somali communities in Ohio, for example.
Whether we are talking about family remittances, or funds
transfers for humanitarian purposes, this derisking has
presented hurdles to effort to get resources to some of the
most at-risk populations on Earth. And customers who lose
accounts or are unable to move money through the regulated
financial system are often forced to use less transparent, safe
and regulated channels, undermining AML/CFT goals. The
Financial Action Task Force (FATF) has recently suggested
making inappropriate derisking a priority.
From your perspective, what steps can be taken as part of
BSA modernization to address the derisking problem and provide
relief to both banks and their customers? How specifically can
we better balance KYC obligations with the need to facilitate
the flow of remittances, and the legitimate work of charities
and humanitarian organizations, abroad?
A.2. My organization focuses on the movement of illicit money
out of developing countries the effect of that financial flow
for development, and not financial flows into developing
countries, so we have not focused a great deal on the
remittances and nonprofit issues. Nonprofit organizations like
the Charity and Security Network, Oxfam, and the Center for
Global Development, and intergovernmental organizations such as
the World Bank, the IMF, the OECD and others have been doing a
great deal more research in this area and I would recommend
speaking with them for more developed and far-reaching
recommendations.
Having said that, there are three somewhat different
problems in the derisking area with root causes that are not
all AML-related, and I think that is a really important point
here. One is that banks that are no longer willing to provide
banking services to money service businesses (MSBs) that are
the primary movers of remittances. Second is banks choosing not
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a
combination of both these first and second categories.) Third,
is the problem of banks choosing not to provide banking
services for charities/nonprofits. These are related issues,
but not the same issues. Something to bear in mind as well is
that the World Bank has found that the cost of transmitting
remittances has actually decreased over the past several years,
suggesting that some of the problems in the sector may really
be location specific, such as with Somalia, as opposed to being
as widespread as discussion on this topic might suggest.
In 2012 and the following 2 years, FATF Recommendations and
related guidance were published relating to risks posed by
nonprofits and risks posed by MSBs. That guidance suggested
that those entire sectors were particularly vulnerable to money
laundering with no nuance, which resulted in banks categorizing
them all as high risk, regardless of the nature of those
businesses, the strength of their compliance programs, their
clientele, or other risk assessment factors. The general
refrain from banks was that it was too costly to do proper AML
vetting on all these ``high risk'' entities. Banks also said
they were pulling out of high risk areas because of an increase
in fines and penalties, but very few fines/penalties have been
levied related to servicing MSB or nonprofit clients, which
begs the question of whether this reaction was simply
disproportionate or driven by other motives, such as an excuse
to get out of these relatively low-margin lines of business.
For example, Barclays in the U.K. caused a bit of a crisis
when it closed the accounts of the vast majority of the money
service businesses it serviced. But it held on to MSBs with
assets of $10m or more. However, the significant MSB money
laundering case on record actually relates to Western Union,
one of the world's largest and well-capitalized MSBs. Barclays'
decision to jettison smaller MSB accounts was made not in
relation to actual enforcement trends, how good their MSB
clients' compliance programs were, or other risks relating to
the individual MSB's business or other relevant factors, it was
made on whether the bank wanted to keep that capitalization or
not and bother to continue servicing smaller accounts where its
margin was smaller and getting smaller because of compliance
costs. It would be interesting to find out pre-2012 margins on
these business lines versus post-2012 margins so that Congress
has a frame of reference for what a bank consider an
unacceptable margin in these business lines.
And that raises an important point in all of this that is
very often missed. There has been huge bank consolidation
leading to behemoth banks that do not consider providing
services to smaller account holders to be worth the cost. (In
our experience, smaller, local banks rarely provide adequate
international transfer services and did not do so prior to AML
regulation.) We see that every day as banking fees for people
who have little savings climb while those who have sizable
accounts have no fees at all. Banks are doing everything they
can to increase their profit margins with little regard to the
effect on the average account holder. That's today's business
model, and bank decisions regarding MSB and nonprofit account
holders are driven in large part by this model. Furthermore,
the Center for Global Development put out a report on derisking
in 2015. In that report, they noted that some banks have
``derisked'' and then beefed up their own money transmitter
services, suggesting a possible move to undermine competition
and seize the market themselves.
So there are problems, some of which are not actually AML
related, but the following are some measures that can be taken
in the AML sphere to help in this area:
Better nuanced Recommendations and guidance from
FATF and regulators is needed.
In October 2014, FATF spoke out against blanket
derisking and said that FIs should derisk only on a
case by case basis. FinCEN, the FDIC, and the OCC
followed that up asking banks to come to the regulators
if they felt pressure to terminate an MSB relationship.
Other regulators have followed.
Unfortunately it seems that there is no hard data
to be able to measure what has happened in the market
since.
After an outcry from the global nonprofit
community, FATF revised its guidance with respect to
the problematic Recommendation 8, but I think it still
needs further revision and U.S. Treasury could use its
influence to make that happen. Please contact Kay
Guinane at the Charity and Security Network for further
information ([email protected]).
Banks should have access to information from FinCEN
about whether an MSB has been the subject of formal
warnings/cease and desists which are not public
information, so that they can better judge the strength
of an MSB's compliance program and its weaknesses.
Create a low-cost certification scheme for smaller
MSBs. Such a scheme would create benchmarks for MSB
compliance programs, similar to what has been done in
the development of an ISO standard for anticorruption
compliance. This could perhaps be subsidized by a fund
the big banks pay into for the smaller MSBs.
One element of compliance cost is identifying the
true owners and controllers of MSBs and charities, as
well as the remitters themselves. Transparency about
who owns and controls companies would be a real help
with that.
National ID schemes for individuals around the
world are also important. India leading the way in
effectively doing this in rural populations living in
poverty--the hardest to reach and often recipients of
remittances. While it may seem to be outside of
Congress' remit, USAID has financially supported these
initiatives in the past and Congress could prioritize
funding to USAID to continue and/or increase this work.
Q.3. Scope of AML Reporting--In recent House testimony, you
noted that AML compliance and reporting is undertaken by a wide
range of entities and persons beyond the banking sector. You
also made clear that there are entities and persons not
currently regulated or required to have AML programs in place,
that really ought to if the system is to be comprehensive.
Can you give us a sense of the scope of entities and
persons you think we ought to have in mind, beyond the banking
sector, when contemplating an update to our current anti-money
laundering framework and its underlying authorities?
A.3. FATF has identified several of what it calls Designated
Non-Financial Businesses and Professions, or DNFPB's, as
businesses and professions that are susceptible for, or can be
used to play a part in, money laundering. The idea is that
these businesses and professions should identify who they are
doing business with, in some cases carry out some customer due
diligence, and file suspicious activity reports if they think a
transaction is suspicious.
The U.S. already requires some DNFBPs to have those AML
programs, such as casinos and dealers in precious metals and
stones. Treasury regulations originally also included others,
including travel agents, those involved in real estate
closings, and car, plane, and boat dealers, among others, but
then Treasury gave them a ``temporary'' exemption from the
requirements with no sunset for that exemption which has now
been in place for many years. Still others never made it on any
list, and those four are lawyers, accountants, corporate
service providers, and escrow agents. For these four, AML
programs would really be about knowing with whom you are doing
business and not permitting practitioners in these businesses
and professions to be able to have plausible deniability that
they didn't have reason to know or suspect that they were
providing services that might be laundering dirty money.
While there are clearly several businesses and professions
missing from U.S. regulation, I would focus on five of them:
lawyers, those involved in real estate closings, corporate
service providers, escrow agents, and accountants.
Lawyers: Of course criminals need and use legal services. A
60 Minutes piece that aired last year featured undercover
footage from an organization called Global Witness, showing
just how easy it is to walk into a law firm in New York and get
a lawyer to easily suggest ways in which structures could be
created to spend money that is clearly the proceeds of
corruption to buy real estate, planes, etc. One attorney even
suggested running the dirty money through the lawyer's client
account to clean it. It was a real eye-opener. In 2010, the
American Bar Association published what I would characterize as
sound Voluntary Good Practices Guidance for Lawyers to Detect
and Combat Money Laundering and Terrorist Financing, but I
encourage you to ask every lawyer you know if they have
implemented it. It is unlikely that they have even heard of it.
This voluntary guidance is simply not enough.
Escrow Agents: Senate Permanent Subcommittee on
Investigations' 2010 report Keeping Foreign Corruption Out of
the United States: Four Case Histories tells the story of how
one escrow agent, McAfee & Taft, refused to provide escrow
services to Teodorin Obiang, the corrupt, playboy son of the
long time dictator of the impoverished Nation of Equatorial
Guinea, because the anti-money laundering policy they had
voluntarily put in place prescribed that they do so. Another
escrow agent without an AML program happily took that money.
Corporate Service Providers: The Panama Papers showed just
how entangled corporate service providers like Mossack Fonseca
can be in facilitating money laundering, corruption, and tax
evasion. The book Global Shell Games details research by a team
of American and Australian academics into just how easy it is
to create an anonymous company to engage in terror finance or
corruption in different countries around the world through
corporate service providers. They found that the easiest
country in which to do so was the United States. One email
response to the researchers' inquiry from a corporate service
provider in Florida was, ``[Y]our started purpose could well be
a front for funding terrorism, and who the f---- would get
involved in that? Seriously, if you wanted a functioning and
useful Florida corporation you'd need someone here to put their
name on it, set up bank accounts, etc. I wouldn't even consider
doing that for less that 5k a month, and I doubt you are going
to find any suckers that will do it for less, if at all. If you
are working with less than serious money, don't waste anybody's
time here. Using a f------ google account also shows you are
just a f------ poser and loser. If you have a serious proposal,
write it up and we will consider it. Your previous message and
this one are meaningless crap. Get a clue. Just how stupid do
you think we are?''
Those Involved in Real Estate: With respect to real estate,
since July 2016, FinCEN has had geographic targeting orders in
place in various counties in New York, Florida, Texas, and
California, requiring title insurance companies to collect
beneficial ownership information for those entities buying high
value real estate with cash. They found that about 30 percent
of the beneficial owners identified by the title companies
already had SARs filed on them by other financial institutions.
That's nearly one third. Exposes like The New York Times'
``Towers of Secrecy'' show just how easy it is for people to
hide behind anonymous companies and buy real estate with
proceeds of crime and corruption. It is central to the 2017
indictment of Paul Manafort and Richard Gates as well.
Q.4. Cryptocurrencies--As the use of cryptocurrencies continues
to evolve and to spread, questions have been raised about the
abuse of such virtual currency for money laundering and other
illicit purposes.
Can you please comment on the current exploitation of
virtual currency for illicit finance purposes, as well as the
potential for blockchain technology to short-circuit our
current AML regulatory and enforcement frameworks? In your
opinion, what tools should the U.S. Government be developing,
now, to head off this threat?
A.4. I am not sufficiently informed to provide a detailed
response to this question, but recommend that you contact the
following people to develop a greater understanding of the
threats and opportunities posed by both cryptocurrencies
(referred to as ``virtual currencies'' in international
regulatory parlance) and the blockchain technology that
underpins them, but also has much wider applications.
Yaya Fanusie, Director of Analysis, Center on Sanctions and
Illicit Finance ([email protected]); Tom Robinson, COO
and Cofounder, Elliptic ([email protected]); Jamie Smith, Global
Chief Communications Officer, The Bitfury Group
([email protected]).
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR SASSE
FROM HEATHER A. LOWE
Q.1. This hearing discussed the importance of increasing
information sharing between financial institutions and with law
enforcement officials.
What--if any--are the privacy risks with facilitating the
sharing of such information?
What are the best ways to mitigate such privacy concerns?
Increased information sharing between financial
institutions could make it easier for individuals to be
completely cut out of the United States' financial system. How
should wrongly targeted individuals be able to challenge their
designation?
What should our risk tolerance be for the fact that the
U.S. financial system facilitates crimes like human
trafficking? Should we strive to have zero incidence of money
laundering in our financial system?
A.1. There are three types of privacy risks that I would
identify here--the information security risk, the risk of
personal information being sold or otherwise transmitted by
financial institutions for reasons other than communicating
risk of criminal activity, and the ``cut out'' risk. I do not
have the right expertise to effectively address the information
security risk, and recommend that you speak with cybersecurity
experts focusing on the financial sector and to FinCEN/law
enforcement regarding their cybersecurity protections (and
protections on the BSA database), as those will be the two
types of entities between which this information would be
passed and collected.
Regarding the risk of information being sold or otherwise
transmitted for purposes other than detection of criminal
activity, the laws and regulations around what type of
information can be transmitted, to whom, and how and how long
it should be retained should be very clearly defined in
legislation/regulation.
The risk that someone could be incorrectly identified as a
bad actor and cut out of the global financial system is
certainly a risk here. It is a common complaint associated with
being added to the OFAC's Specially Designated Nationals and
Blocked Persons (SDN) list. Another complaint about the SDN
list is that sometimes people do not know why they have been
placed on the SDN list and there is no procedure for
challenging the designation. In that case, there is one body
making those designations. In a world of financial institution
information sharing, those decisions would be just as opaque,
could have been made by any financial institution, and there is
even less redress because a financial institution is never
under an obligation to open an account for someone.
Ultimately, we are also talking about information sharing
that is global and repercussions that are global, so I don't
think the U.S. will be able to create a redress system alone. I
think a redress system would probably need to involve FinCEN,
however, because of the confidential nature of the information
involved. FinCEN is the U.S.'s Financial Intelligence Unit, or
FIU. Most other countries with any sort of AML monitoring that
might end up denying someone access also have an FIU. Those
FIUs are, with some exceptions, members of a body called the
Egmont group, which has rules and methods for information
sharing among Egmont FIUs. There are over 135 FIU members of
Egmont at present. The U.S. could spearhead the creation of a
redress process in this area that involved the Egmont FIUs, or
a review panel housed within that secretariat the was, perhaps,
funded by bank contribution.
In terms of expectations with respect to money laundering,
at my organization, Global Financial Integrity, we always speak
in terms of curtailing the problem. We understand that it can
never be entirely prevented. However, I caution against using
terms like ``tolerance.'' There is no acceptable level of known
money laundering that should be tolerated. We need to have
reasonable expectations with respect to how much money
laundering can be detected by financial institutions that have
well-crafted and executed AML compliance programs in place, and
we need reasonable expectations as to what a well-crafted and
executed AML program is. Congress is currently in the dark with
respect to independently verifiable information about the
nonpublic citations financial institutions are currently
receiving for compliance program failures and whether they are
reasonable. Congress has only the complaints of industry
representatives themselves, many of whom resent AML compliance
and reporting requirements writ large and have every incentive
to overstate the problem. The massive fines levied on banks in
recent years have been the result of knowing, willful, and
egregious violations of laws and regulations in the AML area in
order to turn a blind eye to money laundering their clearly
knew about in order to increase profits. There should be zero
tolerance for that.
Q.2. I'd like to understand better how technological innovation
is transforming the fight against money laundering and how
Government policy can help or hurt these efforts.
In the health care context, I hear about how researchers
have used machine learning and artificial intelligence to
identify diseases and predict when they will occur, using data
points that humans would have never put together. How have
financial institutions or law enforcement officials been able
to use of similar techniques to identify money laundering and
how much more progress can be made in this front?
Outside of AI and machine learning, how can recent FinTech
innovations such as blockchain fight money laundering?
What regulatory requirement or requirements--if any--most
hinders the adoption of technological innovations?
How much does bitcoin, blockchain, and other
cryptocurrencies facilitate money laundering? How--if at all--
should this impact our approach to combating money laundering
in traditional banks? How can law enforcement officials best
stop this newer form of money laundering?
A.2. With respect to the first bulleted question, there is a
very wide world of financial analytics in use to identify money
laundering and expertise to create the algorithms used in these
processes. I am not an expert in analytics, unfortunately, but
there is an entire industry of people who can provide a helpful
response to this question, although they may not be able to
answer this broad of a question in written form.
With respect to the remaining bullet points, the most
significant block to adopting new technologies is, I believe, a
concern that regulators will not recognize the use of a new
technology as a positive development in examinations. I
therefore support the creation of a technological ``sandbox'',
as has been proposed by The Clearing House and has been
implemented in the U.K. It is important to note that the U.K.
structure appears to have some specific safeguards to protect
consumers which they consider to be an integral part of their
system. U.K. regulators presented their approach at a recent
FATF industry consultation meeting I attended. They stressed
the importance of ensuring that consumers were protected at all
times as innovative approaches were being tested, and the U.S.
should do the same. In the House of Representatives, Members
are discussing legislative language that does not require any
of the safeguards present in the U.K. system, potentially
giving financial institutions an unlimited safe harbor for the
use of any new technology with no Government oversight. This is
a significant danger because if a financial institution spends
the money to integrate new technology that, it turns out, isn't
as effective as alternative methods, they would have no
incentive to change their approach. They would incur some
unwelcome cost for doing so and they'd have the security of an
unlimited safe harbor, so there would be no incentive to act.
Connecting this in with blockchain technology, there is
certainly work being done in this area. You may wish to reach
out to Tom Robinson, COO and Cofounder, Elliptic
([email protected]). Elliptic is a company that finds ways to
identify the ``anonymous'' digital currency traders to help
with customer due diligence problems associated with digital
currencies.
Mr. Robinson recently coauthored a paper entitled ``Bitcoin
Laundering: An Analysis of Illicit Flows Into Digital Currency
Services'' with the Foundation for Defense of Democracy's Yaya
Fanusie, a long-time expert on illicit and terror finance who
has been researching the linkages between terror finance and
digital currency. I would recommend reaching out to Mr. Fanusie
to further explore this area. Yaya Fanusie, Director of
Analysis, Center on Sanctions and Illicit Finance
([email protected]).
Q.3. I'd like to discuss Suspicious Activity Reports (SARs).
Today, around 2 million SARs are filed each year. While every
SAR used to be read by law enforcement officials, that is no
longer the case today. Financial institutions often complain
that they rarely, if ever, receive feedback from law
enforcement officials on the utility of any particular
suspicious activity report that they file. This lack of
feedback loops increases the burdens on financial institutions,
who continue to file SARs that are of little utility to law
enforcement officials. It also prevents financial institutions
from developing better analytical tools to more precisely
discern between the signal and the noise.
What percentage of SARs are actually read by someone in law
enforcement?
A.3. I am not aware of credible estimates. This question will
need to be answered by FinCEN.
Q.4. How often do financial institutions receive feedback from
law enforcement officials as to the utility of their SAR
filing?
A.4. Such feedback is rare. While law enforcement cannot and
should not share information about an ongoing investigation, at
the very least they could be collecting statistics about the
number of SARs/CTRs from a given financial institution that
they followed up on in some way. Where a SAR from a financial
institution (or many SARs from several institutions, which is
more likely) helped law enforcement bring a strong case, it
could be worthwhile to positively identify the banks that
helped the case in this way once the case is resolved. Positive
reinforcement is important. I once highlighted a seminal case
regarding tax evasion and money laundering at an international
AML conference in Florida. A very excited compliance officer
from the U.S. Virgin Islands approached me after presentation--
she had been the person to file the SAR that resulted in the
case and she had never known what had happened to it. She was
thrilled that her actions had made a difference, and remembered
the SAR because the activity seemed so odd to her at the time.
I believe that we would have a much more robust AML defense
system in the U.S. if more bankers and compliance officers were
given such opportunities to feel like their actions really made
a difference. Therefore, I am in favor of initiatives like
FinCEN Exchange, announced in December, to enhance information
sharing with Financial Institutions. However FinCEN needs to
make this a meaningful program in its execution if it is to
have any impact.
Q.5. While some have proposed reducing the number of SARs and
CRT filings because they are often superfluous and are never
read, others argue that this poses risks, because investigating
minor infractions may still lead to significant law enforcement
successes. How should policymakers resolve this conflict?
A.5. The driving force behind this complaint from industry is
the amount of resources spent on drafting SARs, including
preparatory investigation time. CTR filings are automatically
generated when more than $10,000 is deposited, so should be
discussed separately if there really are valid concerns there.
One source of tension in this area appears to be that law
enforcement wants SARs to include as much information as
possible, in as standard a format as possible, and that their
demands for greater detail and specificity have grown over
time. This has obviously developed over time as law enforcement
has identified what information is most useful to them and the
presentation that is most useful--specificity that the
financial institutions have actually asked for over time.
However, financial institution employees may not have the
desired level of detail that law enforcement would like--that
is simply a reality of money laundering cases which often
involve hidden conduct and individuals. The SAR instructions
properly allow filers to indicate on the form that the
information is ``unknown''; that option should be honored by
law enforcement rather than trying to require bank employees to
become detectives uncovering illegal conduct.
Q.6. How could regulators (1) set up better feedback loops
between financial institutions and law enforcement officials
that could help financial institutions better identify money
laundering; and (2) empower financial institutions to act upon
their improved ability to distinguish between useful and
superfluous reports, including by filing fewer unnecessary
SARs, without fearing regulatory consequences for doing so?
A.6. I believe my answer is subsumed in the responses above.
Q.7. Would a better feedback loop system exist if financial
institutions employed more people with security clearances? If
so, what, if anything, can the Federal Government do to
facilitate this?
A.7. I do not have an opinion on this question.
Q.8. Often, financial institutions will derisk by refusing to
serve customers that could be involved in illegal activity. As
financial institutions start to share more information with
each other, this practice could become more prominent and
potential criminals could more frequently lose access to the
United States' financial system altogether.
Are there instances in which derisking is actually
unhelpful for law enforcement purposes, because it drives these
criminals underground and makes it more difficult to track
them?
At the moment, do the regulators that evaluate and enforce
financial institutions compliance with our Federal money
laundering take this into account?
Are there promising ways to increase cooperation between
financial institutions, regulators, and law enforcement
officials, so that financial institutions can make a more
informed decision about when and how to derisk?
Would financial institutions need to hire more employees
with a top security clearance and/or a law enforcement
background for this coordination to be effective?
A.8. My organization focuses on the movement of illicit money
out of developing countries the effect of that financial flow
for development, and not financial flows into developing
countries, so we have not focused a great deal on the
remittances and nonprofit issues. Nonprofit organizations like
the Charity and Security Network, Oxfam, and the Center for
Global Development, and intergovernmental organizations such as
the World Bank, the IMF, the OECD and others have been doing a
great deal more research in this area and I would recommend
speaking with them for more developed and far-reaching
recommendations.
Having said that, there are three somewhat different
problems in the derisking area with root causes that are not
all AML-related, and I think that is a really important point
here. One is that banks that are no longer willing to provide
banking services to money service businesses (MSBs) that are
the primary movers of remittances. Second is banks choosing not
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a
combination of both these first and second categories.) Third,
is the problem of banks choosing not to provide banking
services for charities/nonprofits. These are related issues,
but not the same issues. Something to bear in mind as well is
that the World Bank has found that the cost of transmitting
remittances has actually decreased over the past several years,
suggesting that some of the problems in the sector may really
be location specific, such as with Somalia, as opposed to being
as widespread as discussion on this topic might suggest.
In 2012 and the following 2 years, FATF Recommendations and
related guidance were published relating to risks posed by
nonprofits and risks posed by MSBs. That guidance suggested
that those entire sectors were particularly vulnerable to money
laundering with no nuance, which resulted in banks categorizing
them all as high risk, regardless of the nature of those
businesses, the strength of their compliance programs, their
clientele, or other risk assessment factors. The general
refrain from banks was that it was too costly to do proper AML
vetting on all these ``high risk'' entities. Banks also said
they were pulling out of high risk areas because of an increase
in fines and penalties, but very few fines/penalties have been
levied related to servicing MSB or nonprofit clients, which
begs the question of whether this reaction was simply
disproportionate or driven by other motives, such as an excuse
to get out of these relatively low-margin lines of business.
For example, Barclays in the U.K. caused a bit of a crisis
when it closed the accounts of the vast majority of the money
service businesses it serviced. But it held on to MSBs with
assets of $10m or more. However, the significant MSB money
laundering case on record actually relates to Western Union,
one of the world's largest and well-capitalized MSBs. Barclays'
decision to jettison smaller MSB accounts was made not in
relation to actual enforcement trends, how good their MSB
clients' compliance programs were, or other risks relating to
the individual MSB's business or other relevant factors, it was
made on whether the bank wanted to keep that capitalization or
not and bother to continue servicing smaller accounts where its
margin was smaller and getting smaller because of compliance
costs. It would be interesting to find out pre-2012 margins on
these business lines versus post-2012 margins so that Congress
has a frame of reference for what a bank consider an
unacceptable margin in these business lines.
And that raises an important point in all of this that is
very often missed. There has been huge bank consolidation
leading to behemoth banks that do not consider providing
services to smaller account holders to be worth the cost. (In
our experience, smaller, local banks rarely provide adequate
international transfer services and did not do so prior to AML
regulation.) We see that every day as banking fees for people
who have little savings climb while those who have sizable
accounts have no fees at all. Banks are doing everything they
can to increase their profit margins with little regard to the
effect on the average account holder. That's today's business
model, and bank decisions regarding MSB and nonprofit account
holders are driven in large part by this model. Furthermore,
the Center for Global Development put out a report on derisking
in 2015. In that report, they noted that some banks have
``derisked'' and then beefed up their own money transmitter
services, suggesting a possible move to undermine competition
and seize the market themselves.
So there are problems, some of which are not actually AML
related, but the following are some measures that can be taken
in the AML sphere to help in this area:
Better nuanced Recommendations and guidance from
FATF and regulators is needed.
In October 2014, FATF spoke out against blanket
derisking and said that FIs should derisk only on a
case by case basis. FinCEN, the FDIC, and the OCC
followed that up asking banks to come to the regulators
if they felt pressure to terminate an MSB relationship.
Other regulators have followed.
Unfortunately it seems that there is no hard data
to be able to measure what has happened in the market
since.
After an outcry from the global nonprofit
community, FATF revised its guidance with respect to
the problematic Recommendation 8, but I think it still
needs further revision and U.S. Treasury could use its
influence to make that happen. Please contact Kay
Guinane at the Charity and Security Network for further
information ([email protected]).
Banks should have access to information from FinCEN
about whether an MSB has been the subject of formal
warnings/cease and desists which are not public
information, so that they can better judge the strength
of an MSB's compliance program and its weaknesses.
Create a low-cost certification scheme for smaller
MSBs. Such a scheme would create benchmarks for MSB
compliance programs, similar to what has been done in
the development of an ISO standard for anticorruption
compliance. This could perhaps be subsidized by a fund
the big banks pay into for the smaller MSBs.
One element of compliance cost is identifying the
true owners and controllers of MSBs and charities, as
well as the remitters themselves. Transparency about
who owns and controls companies would be a real help
with that.
National ID schemes for individuals around the
world are also important. India leading the way in
effectively doing this in rural populations living in
poverty--the hardest to reach and often recipients of
remittances. While it may seem to be outside of
Congress' remit, USAID has financially supported these
initiatives in the past and Congress could prioritize
funding to USAID to continue and/or increase this work.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR TILLIS
FROM HEATHER A. LOWE
Q.1. How can we leverage technology to make the process
simultaneously less onerous on banks while enhancing the
outcomes of catching illegal behavior? Are there regulatory and
legislative barriers to getting that down?
Financial institutions often complain that FinCEN, law
enforcement officials, and prudential regulators do not tell
them whether their BSA filings serve a useful purpose, or how
the reports they submit are being used--and that the filings go
into a black hole. Can you shed some light on the filings that
you make or have used and what could be done to improve this
process?
A.1. While law enforcement cannot and should not share
information about an ongoing investigation, at the very least
they could be collecting statistics about the number of SARs/
CTRs from a given financial institution that they followed up
on in some way. Where a SAR from a financial institution (or
many SARs from several institutions, which is more likely)
helped law enforcement bring a strong case, it could be
worthwhile to positively identify the banks that helped the
case in this way once the case is resolved. Positive
reinforcement is important. I once highlighted a seminal case
regarding tax evasion and money laundering at an international
AML conference in Florida. A very excited compliance officer
from the U.S. Virgin Islands approached me after presentation--
she had been the person to file the SAR that resulted in the
case and she had never known what had happened to it. She was
thrilled that her actions had made a difference, and remembered
the SAR because the activity seemed so odd to her at the time.
I believe that we would have a much more robust AML defense
system in the U.S. if more bankers and compliance officers were
given such opportunities to feel like their actions really made
a difference. Therefore, I am in favor of initiatives like
FinCEN Exchange, announced in December, to enhance information
sharing with Financial Institutions. However FinCEN needs to
make this a meaningful program in its execution if it is to
have any impact.
Q.2. Another compliance challenge often cited by banks is that
they feel pressured by bank examiners and law enforcement
authorities to exit certain business lines or cease offering
certain services to customers viewed as presenting particular
money-laundering vulnerabilities, i.e., severing corresponding
banking relationships with foreign institutions in certain
geographic areas, and also ending money services businesses
(MSBs, i.e., check cashing, money transmitters, currency
exchange outlets, etc.)
As banks reevaluate their business relationships with MSBs
in light of what they may view as a hostile regulatory
landscape, what can we do to change this type of behavior/is
this a prevalent problem in the industry?
A.2. My organization focuses on the movement of illicit money
out of developing countries the effect of that financial flow
for development, and not financial flows into developing
countries, so we have not focused a great deal on the
remittances and nonprofit issues. Nonprofit organizations like
the Charity and Security Network, Oxfam, and the Center for
Global Development, and intergovernmental organizations such as
the World Bank, the IMF, the OECD and others have been doing a
great deal more research in this area and I would recommend
speaking with them for more developed and far-reaching
recommendations.
Having said that, there are three somewhat different
problems in the derisking area with root causes that are not
all AML-related, and I think that is a really important point
here. One is that banks that are no longer willing to provide
banking services to money service businesses (MSBs) that are
the primary movers of remittances. Second is banks choosing not
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a
combination of both these first and second categories.) Third,
is the problem of banks choosing not to provide banking
services for charities/nonprofits. These are related issues,
but not the same issues. Something to bear in mind as well is
that the World Bank has found that the cost of transmitting
remittances has actually decreased over the past several years,
suggesting that some of the problems in the sector may really
be location specific, such as with Somalia, as opposed to being
as widespread as discussion on this topic might suggest.
In 2012 and the following 2 years, FATF Recommendations and
related guidance were published relating to risks posed by
nonprofits and risks posed by MSBs. That guidance suggested
that those entire sectors were particularly vulnerable to money
laundering with no nuance, which resulted in banks categorizing
them all as high risk, regardless of the nature of those
businesses, the strength of their compliance programs, their
clientele, or other risk assessment factors. The general
refrain from banks was that it was too costly to do proper AML
vetting on all these ``high risk'' entities. Banks also said
they were pulling out of high risk areas because of an increase
in fines and penalties, but very few fines/penalties have been
levied related to servicing MSB or nonprofit clients, which
begs the question of whether this reaction was simply
disproportionate or driven by other motives, such as an excuse
to get out of these relatively low-margin lines of business.
For example, Barclays in the U.K. caused a bit of a crisis
when it closed the accounts of the vast majority of the money
service businesses it serviced. But it held on to MSBs with
assets of $10m or more. However, the significant MSB money
laundering case on record actually relates to Western Union,
one of the world's largest and well-capitalized MSBs. Barclays'
decision to jettison smaller MSB accounts was made not in
relation to actual enforcement trends, how good their MSB
clients' compliance programs were, or other risks relating to
the individual MSB's business or other relevant factors, it was
made on whether the bank wanted to keep that capitalization or
not and bother to continue servicing smaller accounts where its
margin was smaller and getting smaller because of compliance
costs. It would be interesting to find out pre-2012 margins on
these business lines versus post-2012 margins so that Congress
has a frame of reference for what a bank consider an
unacceptable margin in these business lines.
And that raises an important point in all of this that is
very often missed. There has been huge bank consolidation
leading to behemoth banks that do not consider providing
services to smaller account holders to be worth the cost. (In
our experience, smaller, local banks rarely provide adequate
international transfer services and did not do so prior to AML
regulation.) We see that every day as banking fees for people
who have little savings climb while those who have sizable
accounts have no fees at all. Banks are doing everything they
can to increase their profit margins with little regard to the
effect on the average account holder. That's today's business
model, and bank decisions regarding MSB and nonprofit account
holders are driven in large part by this model. Furthermore,
the Center for Global Development put out a report on derisking
in 2015. In that report, they noted that some banks have
``derisked'' and then beefed up their own money transmitter
services, suggesting a possible move to undermine competition
and seize the market themselves.
So there are problems, some of which are not actually AML
related, but the following are some measures that can be taken
in the AML sphere to help in this area:
Better nuanced Recommendations and guidance from
FATF and regulators is needed.
In October 2014, FATF spoke out against blanket
derisking and said that FIs should derisk only on a
case by case basis. FinCEN, the FDIC, and the OCC
followed that up asking banks to come to the regulators
if they felt pressure to terminate an MSB relationship.
Other regulators have followed.
Unfortunately it seems that there is no hard data
to be able to measure what has happened in the market
since.
After an outcry from the global nonprofit
community, FATF revised its guidance with respect to
the problematic Recommendation 8, but I think it still
needs further revision and U.S. Treasury could use its
influence to make that happen. Please contact Kay
Guinane at the Charity and Security Network for further
information ([email protected]).
Banks should have access to information from FinCEN
about whether an MSB has been the subject of formal
warnings/cease and desists which are not public
information, so that they can better judge the strength
of an MSB's compliance program and its weaknesses.
Create a low-cost certification scheme for smaller
MSBs. Such a scheme would create benchmarks for MSB
compliance programs, similar to what has been done in
the development of an ISO standard for anticorruption
compliance. This could perhaps be subsidized by a fund
the big banks pay into for the smaller MSBs.
One element of compliance cost is identifying the
true owners and controllers of MSBs and charities, as
well as the remitters themselves. Transparency about
who owns and controls companies would be a real help
with that.
National ID schemes for individuals around the
world are also important. India leading the way in
effectively doing this in rural populations living in
poverty--the hardest to reach and often recipients of
remittances. While it may seem to be outside of
Congress' remit, USAID has financially supported these
initiatives in the past and Congress could prioritize
funding to USAID to continue and/or increase this work.
Q.3. It is my understanding that there are times when law
enforcement and the bank regulators work at cross purposes.
That is, law enforcement might want a bank to continue banking
an individual or company that they are following and building a
case against but the bank regulators, whose incentives are to
not be embarrassed by their regulated entities, force the banks
to ``derisk'' or close those accounts. Is that actually the
case?
A.3. There is no reputational risk associated with continuing
to bank a customer when instructed to do so by law enforcement.
A bank will not be sanctioned by examiners for doing so. The
information will not be made public. This seems a spurious
complaint if it is being made by industry.
Q.4. In terms of AML, we know that the success of AML is
centric around whether or not the predicate crime of money
laundering has been reduced, but we only really know how
pervasive money laundering is on a reactive basis, i.e., when
someone/some entity is caught.
To that end, do you believe the advent/popularity of
cryptocurrencies could affect the capture of money laundering/
could it affect AML? Do enforcement authorities have the
technological capabilities to work with private industry to
capture mal-actors?
A.4. NOTE: Your introduction suggests some confusion with
respect to money laundering (i.e., reference to ``whether or
not the predicate crime of money laundering has been
reduced''). It is critical to understand that money laundering
is a crime in and of itself and is not a predicate offense. The
crime is thought by many to be the crime of laundering/
disguising/accepting the funds of some underlying crime that
generated money, otherwise known as a predicate offense or, in
U.S. statutory terms, a specified unlawful activity (SUA). That
is correct, but it is not complete. A person can be convicted
of money laundering if they believed they were accepting/
disguising the proceeds of an SUA and took steps to do so. That
means that even if nobody has been convicted of the underlying
crime that is the SUA, a person can be convicted of laundering
the related funds. However, in almost every ``money
laundering'' case you have heard of, the banks were not charged
with actual criminal money laundering. They were charged with
violations of provisions of the Bank Secrecy Act requiring
financial institutions to have in place measures to detect when
someone is trying to use the institution to launder money and
preventative measures that detect if anyone inside the
institution is allowing money to be laundered by the
institution.
The advent and popularity of digital currencies are an
emerging threat in the money laundering field because much of
our AML policies depend on a financial institution carrying out
``due diligence'' and ``know your customer'' checks. That is
why accounts opened by companies with hidden beneficial
ownership are such a problem. One of the biggest challenges
with digital currencies is also the fact that the transactions
are essentially conducted anonymously. For more information, I
recommend that you contact Tom Robinson, COO and Cofounder,
Elliptic ([email protected]). Elliptic is a company that finds
ways to identify the ``anonymous'' digital currency traders to
help with customer due diligence problems associated with
digital currencies.
Mr. Robinson recently coauthored a paper entitled ``Bitcoin
Laundering: An Analysis of Illicit Flows Into Digital Currency
Services'' with the Foundation for Defense of Democracy's Yaya
Fanusie, a long-time expert on illicit and terror finance who
has been researching the linkages between terror finance and
digital currency. I would recommend reaching out to Mr. Fanusie
to further explore this area. Yaya Fanusie, Director of
Analysis, Center on Sanctions and Illicit Finance
([email protected]).
Q.5. In your opinion, do you think that the overall AML regime
has been effective? Additionally, what do you see as the best
way to ensure future effectiveness?
Is it to have Treasury be the lead to:
1. Define with other stakeholders specific and clear
national priorities of the regime; and
2. Determine, working with other stakeholders, clear and
measurable objectives of the regime in light of those
priorities. Should Treasury or someone else have to report
those measurements against the objectives back to Congress?
A.5. My organization has estimated that just 11 types of
transnational crime generate a total proceeds of between $1.6
and $2.2 trillion annually. There are many, many more types of
crime that generate proceeds in this world. Most of that money
must be laundered in some way. As noted above, there is very
little prosecution for large-scale criminal money laundering,
even when it seems from charging documents that criminal money
laundering (which includes an intent standard) was taking
place. In addition, individuals are not being prosecuted and
jailed for their actions in the cases that we see, which would
be a significant deterrent to money laundering. That may be
changing, however, as I note in a recent piece that I wrote
about the Rabobank case. So I would say that we are not
prosecuting criminal money laundering and that is a problem.
What you are asking, however, is really whether the
regulatory regime that is in place to detect money laundering
and prevent banks from engaging in it has been effective. There
is no way to determine this through data because hard data (not
extrapolated estimates) of the amount of money laundered in the
world do not and cannot exist by their very nature. What I can
say is that the AML compliance violation cases that we have
seen over the past few years (HSBC, Wachovia, Citigroup, BNP
Paribas, Rabobank, etc.) tell us that many large international
bank were either paying lip service to complying with the legal
requirements or were actively subverting the measures up until
about 2010. I have no reason to believe that these cases are
not indicative of an industrywide approach because banks had
absolutely no incentive to comply with laws which would
ultimately require them to turn away clients and money that
they had previously banked very willingly. The question at this
point is whether, now that there has been some significant
enforcement of AML compliance laws, banks are actually
complying with those laws and regulations and if they are
turning away business/closing accounts where there is
significant indication of money laundering.
The crescendo of complaints by the industry about the
``rising cost'' of compliance indicates that this is the case.
I have ``rising cost'' in quotations because we are talking
about the cost of complying with laws that have been in place
for many, many years now, so this is neither a new cost nor one
that could not have been anticipated, and should be estimated
in terms of costs that should have been incurred and spread
over that lengthy time period. The other indication that the
regime is now having an effect is the industry's
disproportionate measures in what has come to be called
``derisking'' entire client categories and/or business with
certain countries. Some of that activity may be due to a
serious concern by the bank about managing the risks associated
with a certain business, but research has indicated that some
banks may be jettisoning some types of business in order to
freeze out competition for those services and then offering
those services themselves (such as in the money transmission
area).
In some cases, I think certain actions are being taken in
order to try to force deregulation, such as when Bank of
America, a major provider of banking services to foreign
embassies in the U.S., sent a letter to its embassy clients
that it was going close their accounts and cease to provide
banking services to them only one week before closing their
accounts. The action seemed clearly designed to create a
diplomatic crisis for the U.S. Government, to be blamed on U.S.
AML regulation. If Bank of America's concern was really AML
related, they should have worked with FinCEN and law
enforcement to identify accounts, individuals and activities of
concern and, after doing so, closed the accounts in accordance
with a process that was agreed with the Government. If the
decision was that they simply did not want to service what they
perceived as a high-risk client but they hadn't actually
observed money laundering red flags associated with the
accounts, they should have provided the embassies with adequate
notice, giving them time to find an alternative service
provider and to migrate their accounts. Instead, they chose to
create an unnecessary and unwarranted diplomatic crisis which
should have had the effect of undermining their credibility in
speaking out with AML regulatory concerns. It certainly
undermined their credibility with me.
Giving FinCEN total responsibility for establishing annual
AML priorities for banks and monitoring every bank's progress
every 3 months, as was recommended by the Clearing House, is
extremely ill-advised. A financial institution understands its
own business and products better than anyone else. It is
therefore best-placed to determine what its AML risks are and
how best to address those risks within the systems that it has
created. We support the idea of a financial institution working
with FinCEN/Treasury to discuss those risks in the context of
national and global trends observed by FinCEN, and whether
adjustments might be made as a result, however. In addition,
reviewing each financial institution's progress in AML every 3
months seems like far too short a time frame to observe how an
FI is progressing in this respect, however, and entirely
impractical from a Government resource allocation perspective.
On a related note the suggestion that FinCEN be given
access to bulk data transfers from financial institutions to
enable it to analyze AML trends and patterns across
institutions is another potentially useful idea. But questions
about the effectiveness and cost of this proposal include
whether FinCEN currently has the technological capability and
personnel needed to perform that type of data analysis or
whether it would need to be built, which could be a significant
expense. In addition, charging FinCEN with industrywide data
collection and analysis should not be seen as a way for banks
to absolve themselves of their AML obligations. The banks would
retain their position as the primary gateway into the U.S.
financial system, so the first level of responsibility to
safeguard the system against money-laundering abuses must
remain with the individual banks who open their accounts to
individuals and entities around the world.
------
RESPONSES TO WRITTEN QUESTIONS OF SENATOR WARNER
FROM HEATHER A. LOWE
Q.1. What are the costs and benefits of having bank examiners
assess bank compliance with the Bank Secrecy Act's (BSA)
requirements instead of having anti-money laundering (AML) and
combating the financing of terrorism (CFT) experts at the
Financial Crimes Enforcement Network (FinCEN) examine bank
compliance programs?
A.1. I am not sure it will make much of a difference.
Currently, you have examiners sitting at the Securities and
Exchange Commission, the Commodities Futures Trading Commission
and other specialized agencies who have specific AML/CFT
training. When they have AML/CFT enforcement questions, they
liaise with FinCEN as needed. If you had those people instead
within FinCEN, they have easy access to FinCEN personnel but
would have to reach out to the other agencies for sector-
specific guidance. Would bringing all of the examiners into
FinCEN result in a more coherent approach to examination?
Unlikely, unless specific changes were made to the examination
procedures and incentives for examiners. However, I can also
imagine that should there be more coherence in examination
procedure across industries, it would give rise to the problem
that examinations are not nuanced enough and therefore not even
addressing issues specific to a given industry where AML/CFT
risks may be significant. I can imagine that industry
complaints about that would surge. No company will ever be
happy with the way they are examined, so it is most important
to work with industry to identify real problems which result in
ineffective or inadequate AML oversight and with law
enforcement to identify areas where the resources being
expended by industry seem disproportionate to the value of
information gleaned from their efforts, and not just industry
complaints.
Q.2. Is there a way to maintain a top-shelf effective AML/CFT
policy while maintaining a commitment to increase access to
financial products for the underbanked and immigrants who rely
on remittance services?
I'm interested in the ways in which technology can aid AML
compliance efforts. What are some of the innovative
technologies that you've seen that hold some promise for either
the Government or the private sector?
What are the barriers to either the Government or the
private sector adopting these technologies?
What can we be doing as legislators to ensure that we
promote technological innovation in this sector?
A.2. The most significant block to adopting new technologies
is, I believe, a concern that regulators will not recognize the
use of a new technology as a positive development in
examinations. I therefore support the creation of a
technological ``sandbox'', as has been proposed by The Clearing
House and has been implemented in the U.K. It is important to
note that the U.K. structure appears to have some specific
safeguards to protect consumers which they consider to be an
integral part of their system. U.K. regulators presented their
approach at a recent FATF industry consultation meeting I
attended. They stressed the importance of ensuring that
consumers were protected at all times as innovative approaches
were being tested, and the U.S. should do the same. In the
House of Representatives, members are discussing legislative
language that does not require any of the safeguards present in
the U.K. system, potentially giving financial institutions an
unlimited safe harbor for the use of any new technology with no
Government oversight. This is a significant danger because if a
financial institution spends the money to integrate new
technology that, it turns out, isn't as effective as
alternative methods, they would have no incentive to change
their approach. They would incur some unwelcome cost for doing
so and they'd have the security of an unlimited safe harbor, so
there would be no incentive to act.
Q.3. The regulatory definition of ``financial institution'' has
been expanded several times over the years, both by FinCEN
rulemaking and by legislation by Congress.
Should the definition of financial institutions be expanded
to include other sectors? If so, which sectors?
Could these changes be made via FinCEN rulemaking or should
legislation be passed?
A.3. FATF has identified several of what it calls Designated
Non-Financial Businesses and Professions, or DNFPB's, as
businesses and professions that are susceptible for, or can be
used to play a part in, money laundering. The idea is that
these businesses and professions should identify who they are
doing business with, in some cases carry out some customer due
diligence, and file suspicious activity reports if they think a
transaction is suspicious.
The U.S. already requires some DNFBPs to have those AML
programs, such as casinos and dealers in precious metals and
stones. Treasury regulations originally also included others,
including travel agents, those involved in real estate
closings, and car, plane, and boat dealers, among others, but
then Treasury gave them a ``temporary'' exemption from the
requirements with no sunset for that exemption which has now
been in place for many years. Still others never made it on any
list, and those four are lawyers, accountants, corporate
service providers, and escrow agents. For these four, AML
programs would really be about knowing with whom you are doing
business and not permitting practitioners in these businesses
and professions to be able to have plausible deniability that
they didn't have reason to know or suspect that they were
providing services that might be laundering dirty money.
While there are clearly several businesses and professions
missing from U.S. regulation, I would focus on five of them:
lawyers, those involved in real estate closings, corporate
service providers, escrow agents, and accountants.
Lawyers: Of course criminals need and use legal services. A
60 Minutes piece that aired last year featured undercover
footage from an organization called Global Witness, showing
just how easy it is to walk into a law firm in New York and get
a lawyer to easily suggest ways in which structures could be
created to spend money that is clearly the proceeds of
corruption to buy real estate, planes, etc. One attorney even
suggested running the dirty money through the lawyer's client
account to clean it. It was a real eye-opener. In 2010, the
American Bar Association published what I would characterize as
sound Voluntary Good Practices Guidance for Lawyers to Detect
and Combat Money Laundering and Terrorist Financing, but I
encourage you to ask every lawyer you know if they have
implemented it. It is unlikely that they have even heard of it.
This voluntary guidance is simply not enough.
Escrow Agents: Senate Permanent Subcommittee on
Investigations' 2010 report Keeping Foreign Corruption Out of
the United States: Four Case Histories tells the story of how
one escrow agent, McAfee & Taft, refused to provide escrow
services to Teodorin Obiang, the corrupt, playboy son of the
long time dictator of the impoverished Nation of Equatorial
Guinea, because the anti-money laundering policy they had
voluntarily put in place prescribed that they do so. Another
escrow agent without an AML program happily took that money.
Corporate Service Providers: The Panama Papers showed just
how entangled corporate service providers like Mossack Fonseca
can be in facilitating money laundering, corruption, and tax
evasion. The book Global Shell Games details research by a team
of American and Australian academics into just how easy it is
to create an anonymous company to engage in terror finance or
corruption in different countries around the world through
corporate service providers. They found that the easiest
country in which to do so was the United States. One email
response to the researchers' inquiry from a corporate service
provider in Florida was, ``[Y]our started purpose could well be
a front for funding terrorism, and who the f---- would get
involved in that? Seriously, if you wanted a functioning and
useful Florida corporation you'd need someone here to put their
name on it, set up bank accounts, etc. I wouldn't even consider
doing that for less that 5k a month, and I doubt you are going
to find any suckers that will do it for less, if at all. If you
are working with less than serious money, don't waste anybody's
time here. Using a f------ google account also shows you are
just a f------ poser and loser. If you have a serious proposal,
write it up and we will consider it. Your previous message and
this one are meaningless crap. Get a clue. Just how stupid do
you think we are?''
Those Involved in Real Estate: With respect to real estate,
since July 2016, FinCEN has had geographic targeting orders in
place in various counties in New York, Florida, Texas, and
California, requiring title insurance companies to collect
beneficial ownership information for those entities buying high
value real estate with cash. They found that about 30 percent
of the beneficial owners identified by the title companies
already had SARs filed on them by other financial institutions.
That's nearly one third. Exposes like The New York Times'
``Towers of Secrecy'' show just how easy it is for people to
hide behind anonymous companies and buy real estate with
proceeds of crime and corruption. It is central to the 2017
indictment of Paul Manafort and Richard Gates as well.
Q.4. In August 2017, FinCEN issued an advisory encouraging real
estate brokers to share information with them that could be
helpful in AML efforts, while noting they are not required to
do so under current law.
How do we increase information sharing between real estate
brokers and FinCEN?
A.4. Voluntary measures will not yield the necessary results
because it is rare for a business to voluntarily want to lose
out on a sale or for it to be discovered that if you work with
a particular agent they may provide information to law
enforcement about your transcation. Any measure must be
industrywide and required to maintain a level playing field. It
is necessary to bring them into the definition of Financial
Institution. Please see response to previous question.
Q.5. Geographic Targeting Orders (GTOs), which impose
additional record keeping and reporting requirements on
domestic financial institutions or nonfinancial trades or
businesses in a specific geographic area for transactions
involving certain amounts of United States currency or monetary
instruments, have been deployed since 2016 to target high-end
real estate sectors in major metropolitan areas by requiring
U.S. title insurance companies to identify the natural persons
behind shell companies used to pay ``all cash'' for high-end
residential real estate.
Are GTOs an effective tool or would regulation be a
preferable way to cover the real estate sector?
A.5. GTOs are an effective tool for the purposes they were
created--to gather intelligence for specific cases or, as in
this case, to gather intelligence about the extent of a problem
to inform decisions about how to move forward. They should not
be used as a long-term measure. With respect to the Title
Insurer GTOs, FinCEN now has the information it needs to move
forward with a rulemaking--there is clearly a problem in the
real estate industry.
However, I would note that I would not focus regulation in
the real estate sector on title insurers, but rather on real
estate agents, who have the longest and most personal
relationship with the buyer and are in a much better position
to identify red flags. Furthermore, it is very easy for a cash
buyer of real estate to avoid title insurers entirely (which
launderers have apparently not realized yet). If I'm trying to
launder money through real estate and I'm making an all-cash
purchase, I don't need a mortgage and so title insurance isn't
actually required. If I'm going to flip the property to launder
the funds, then I'm not too worried about a challenge to title
down the line (my buyer will get their own title insurance and
my lack of it doesn't affect that). If I am concerned that the
title is not clean and it will therefore be difficult to sell
the property, I can have an attorney carry out a title search
or I can even do it myself--the search itself is not difficult
(I would probably need legal assistance to fix any problems I
found however, if I didn't simply abandon that particular
purchase). So if I were a money launderer I would simply avoid
the title insurers and avoid the disclosures entirely.
Q.6. Cryptocurrency exchanges are money services businesses
supervised by State regulators and subject to Federal AML and
CFT laws.
Should FinCEN play an enhanced role in assessing the
compliance of cryptocurrency exchanges, or are State regulators
sufficiently equipped to handle compliance monitoring?
What additional tools could we give regulators and law
enforcement?
How prevalent is money laundering in cryptocurrency
markets?
A.6. There is certainly work do be done in the area of digital
currency/blockchain technology. I am far from an expert in this
area, so I will make some recommendations for people to
contact. Before I do, however, I would note that I was
concerned by the Treasury representative's statement that they
felt they had adequately regulated in the digital currency
space by regulating the exchangers. Technology has moved on,
and the advent of ``mixers'', which are now used to make it
incredibly difficult for the exchangers to identify where the
currency they are exchanging is coming from, makes that
regulation now insufficient.
You may wish to reach out to Tom Robinson, COO and
Cofounder, Elliptic ([email protected]). Elliptic is a company
that finds ways to identify the ``anonymous'' digital currency
traders to help with customer due diligence problems associated
with digital currencies.
Mr. Robinson recently coauthored a paper entitled ``Bitcoin
Laundering: An Analysis of Illicit Flows Into Digital Currency
Services'' with the Foundation for Defense of Democracy's Yaya
Fanusie, a long-time expert on illicit and terror finance who
has been researching the linkages between terror finance and
digital currency. I would recommend reaching out to Mr. Fanusie
to further explore this area. Yaya Fanusie, Director of
Analysis, Center on Sanctions and Illicit Finance
([email protected]).
Finally, Ms. Jamie Smith, Global Chief Communications
Officer, The Bitfury Group ([email protected]), is an
excellent resource as well.
Both Ms. Smith and Mr. Fanusie have extensive prior
experience working within U.S. Government agencies and
understand political context well.
------
RESPONSES TO WRITTEN QUESTIONS OF
SENATOR CORTEZ MASTO FROM HEATHER A. LOWE
Q.1. What is the most effective action a consumer can take to
protect against identity theft if the consumer's information
has been compromised? Please include a detailed description of
the differences between credit freezes, credit locks, and fraud
alerts, including how long each takes to activate and
deactivate and the relative benefits and drawbacks of each.
A.1. Unfortunately, I am not an expert on U.S. consumer banking
laws and cannot provide an informed response to your question.
Q.2. Many States have laws requiring credit bureaus to provide
credit freezes. Can you describe what these laws generally
require and discuss whether it is appropriate for Congress to
create a Federal standard?
A.2. Unfortunately, I am not an expert on U.S. consumer banking
laws and cannot provide an informed response to your question.
Q.3. Gaming and tourism are some of Nevada's top industries. In
the State of Nevada, our gaming operators employ thousands of
hard working Nevadans, and the industry as a whole domestically
supports 1.7 million jobs across 40 States. Qualified casinos,
like financial institutions, are also subject to Banking
Secrecy Act requirements. Organizations within Nevada have
suggested that gaming operators would welcome a review of BSA
requirements, which they find to be burdensome. They look
forward to this Committee's thoughtful, bipartisan, review of
BSA requirements that takes into account the security
imperative for robust anti-money laundering efforts, as well as
the impact those requirements have on all industries. For
example, the Suspicious Activity Report (SAR) ($5,000) and the
Currency Transaction Report (CTR) ($10,000) levels were set
years ago. Some have recommended increasing these to correspond
with inflation. Others believe that would be too high but do
support a higher amount than currently.
One of the top priorities of the gaming industry is to
remove the requirement for a detailed factual narrative for
structuring in the suspicious activity forms. What do you think
of this recommendation?
Do you have specific recommendations regarding how the
gaming industry can benefit from greater communication with
Government agencies and law enforcement? Is there something the
Federal Government can do to share information with casinos and
others filing SARs about broad benefits that may occur because
of some of the 58,000 SAR forms filed by gaming firms.
Would the creation of a Qualitative Feedback Mechanism help
reduce money laundering and terrorist financing? Should the
Secretary of the Treasury establish a mechanism to communicate
anti-money laundering (AML) and countering terrorism financing
(CTF) priorities to financial institutions, gaming
establishments, and Federal financial regulators? Could such a
mechanism provide qualitative feedback on information shared by
financial institutions with the Department of Treasury,
including CTRs and SARs? Please describe the pros and cons of
such a system.
A.3. Financial Institutions file SARs because they believe that
activity is suspicious, and descriptions of what they saw that
seemed suspicious is important information for law enforcement.
SARs are subject to automated data analysis and human review,
and the narratives provide information that may seem
unimportant alone, but takes on greater significance when
reviewed in light of other SARs. I would not remove the
narrative requirement unless law enforcement takes the position
that it is of limited value.
Lack of feedback from the Government on what happens to
SARs and CTRs has long been a complaint of Financial
Institutions. I once highlighted a seminal case regarding tax
evasion and money laundering at an international AML seminar in
Florida. A very excited compliance officer from the U.S. Virgin
Islands approached me after presentation--she had been the
person to file the SAR that resulted in the case and she had
never known what had happened to it. She was thrilled that her
actions had made a difference. I believe that we would have a
much more robust AML defense system in the U.S. if more bankers
and compliance officers were given such opportunities to feel
like their actions really made a difference. Therefore, I am in
favor of initiatives like FinCEN Exchange, announced in
December, to enhance information sharing with Financial
Institutions. I would strongly recommend that the gaming
industry engage with FinCEN quickly to ensure that this
initiative is set up for the gaming industry in a way that
results in practical and meaningful exchange of information
with the Government as opposed to something less useful.
I am wary when it comes to the Government setting AML
priorities for the industry. It already happens to some extent,
but I would strongly caution against actually transferring
responsibility for setting AML priorities for individual
Financial Institutions from those institutions to FinCEN.
Financial Institutions are best placed to understand their
business and their systems and the money laundering risks
inherent therein, and create the systems that work best in
their business models to combat money laundering. FinCEN and/or
other regulators should review those assessments but cannot be
responsible for carrying them out.
Q.4. The Office of the Comptroller of the Currency mentioned in
its 2018 Banking Operating Plan that financial institutions
should not inadvertently impair financial inclusion. But, as of
September 2017, the OCC has not identified any specific issues
they plan to address. We know that derisking has become an
epidemic across many communities and industries, such as
communities along the Southwest border, humanitarian
organizations aiding Nations wracked with violence, and
remittances providers that serve fragile Nations like Somalia.
What type of guidance could the OCC, FinCEN, FDIC, and the
Federal Reserve provide to help banks meet the banking needs of
legitimate consumers and businesses that are at risk of losing
access--or have already lost access?
A.4. My organization focuses on the movement of illicit money
out of developing countries the effect of that financial flow
for development, and not financial flows into developing
countries, so we have not focused a great deal on the
remittances and nonprofit issues. Nonprofit organizations like
the Charity and Security Network, Oxfam, and the Center for
Global Development, and intergovernmental organizations such as
the World Bank, the IMF, the OECD and others have been doing a
great deal more research in this area and I would recommend
speaking with them for more developed and far-reaching
recommendations.
Having said that, there are three somewhat different
problems in the derisking area with root causes that are not
all AML-related, and I think that is a really important point
here. One is that banks that are no longer willing to provide
banking services to money service businesses (MSBs) that are
the primary movers of remittances. Second is banks choosing not
to do business with correspondent banks in certain very high-
risk countries. (The Somali remittance problems are a
combination of both these first and second categories.) Third,
is the problem of banks choosing not to provide banking
services for charities/nonprofits. These are related issues,
but not the same issues. Something to bear in mind as well is
that the World Bank has found that the cost of transmitting
remittances has actually decreased over the past several years,
suggesting that some of the problems in the sector may really
be location specific, such as with Somalia, as opposed to being
as widespread as discussion on this topic might suggest.
In 2012 and the following 2 years, FATF Recommendations and
related guidance were published relating to risks posed by
nonprofits and risks posed by MSBs. That guidance suggested
that those entire sectors were particularly vulnerable to money
laundering with no nuance, which resulted in banks categorizing
them all as high risk, regardless of the nature of those
businesses, the strength of their compliance programs, their
clientele, or other risk assessment factors. The general
refrain from banks was that it was too costly to do proper AML
vetting on all these ``high risk'' entities. Banks also said
they were pulling out of high risk areas because of an increase
in fines and penalties, but very few fines/penalties have been
levied related to servicing MSB or nonprofit clients, which
begs the question of whether this reaction was simply
disproportionate or driven by other motives, such as an excuse
to get out of these relatively low-margin lines of business.
For example, Barclays in the U.K. caused a bit of a crisis
when it closed the accounts of the vast majority of the money
service businesses it serviced. But it held on to MSBs with
assets of $10m or more. However, the significant MSB money
laundering case on record actually relates to Western Union,
one of the world's largest and well-capitalized MSBs. Barclays'
decision to jettison smaller MSB accounts was made not in
relation to actual enforcement trends, how good their MSB
clients' compliance programs were, or other risks relating to
the individual MSB's business or other relevant factors, it was
made on whether the bank wanted to keep that capitalization or
not and bother to continue servicing smaller accounts where its
margin was smaller and getting smaller because of compliance
costs. It would be interesting to find out pre-2012 margins on
these business lines versus post-2012 margins so that Congress
has a frame of reference for what a bank consider an
unacceptable margin in these business lines.
And that raises an important point in all of this that is
very often missed. There has been huge bank consolidation
leading to behemoth banks that do not consider providing
services to smaller account holders to be worth the cost. (In
our experience, smaller, local banks rarely provide adequate
international transfer services and did not do so prior to AML
regulation.) We see that every day as banking fees for people
who have little savings climb while those who have sizable
accounts have no fees at all. Banks are doing everything they
can to increase their profit margins with little regard to the
effect on the average account holder. That's today's business
model, and bank decisions regarding MSB and nonprofit account
holders are driven in large part by this model. Furthermore,
the Center for Global Development put out a report on derisking
in 2015. In that report, they noted that some banks have
``derisked'' and then beefed up their own money transmitter
services, suggesting a possible move to undermine competition
and seize the market themselves.
So there are problems, some of which are not actually AML
related, but the following are some measures that can be taken
in the AML sphere to help in this area:
Better nuanced Recommendations and guidance from
FATF and regulators is needed.
In October 2014, FATF spoke out against blanket
derisking and said that FIs should derisk only on a
case by case basis. FinCEN, the FDIC, and the OCC
followed that up asking banks to come to the regulators
if they felt pressure to terminate an MSB relationship.
Other regulators have followed.
Unfortunately it seems that there is no hard data
to be able to measure what has happened in the market
since.
After an outcry from the global nonprofit
community, FATF revised its guidance with respect to
the problematic Recommendation 8, but I think it still
needs further revision and U.S. Treasury could use its
influence to make that happen. Please contact Kay
Guinane at the Charity and Security Network for further
information ([email protected]).
Banks should have access to information from FinCEN
about whether an MSB has been the subject of formal
warnings/cease and desists which are not public
information, so that they can better judge the strength
of an MSB's compliance program and its weaknesses.
Create a low-cost certification scheme for smaller
MSBs. Such a scheme would create benchmarks for MSB
compliance programs, similar to what has been done in
the development of an ISO standard for anticorruption
compliance. This could perhaps be subsidized by a fund
the big banks pay into for the smaller MSBs.
One element of compliance cost is identifying the
true owners and controllers of MSBs and charities, as
well as the remitters themselves. Transparency about
who owns and controls companies would be a real help
with that.
National ID schemes for individuals around the
world are also important. India leading the way in
effectively doing this in rural populations living in
poverty--the hardest to reach and often recipients of
remittances. While it may seem to be outside of
Congress' remit, USAID has financially supported these
initiatives in the past and Congress could prioritize
funding to USAID to continue and/or increase this work.
Q.5. Last year, the Countering Iran's Destabilizing Activities
Act of 2017 (P.L. 115-44) was enacted. In Section 271, it
required the Treasury Department to publish a study by May 1,
2018, on two issues:
Somali Remittances: The law required the U.S. Department of
Treasury to study if banking regulators should establish a
pilot program to provide technical assistance to depository
institutions and credit unions that wish to provide account
services to money services businesses serving individuals in
Somalia. Such a pilot program could be a model for improving
the ability of U.S. residents to make legitimate funds
transfers through easily monitored channels while preserving
strict compliance with BSA.
Sharing State Banking Exams: The law also required Treasury
to report on the efficacy of money services businesses being
allowed to share certain State exam information with depository
institutions and credit unions to increase their access to the
banking system.
Have you or your organization been involved with these
Treasury studies?
What advice did you give--or would you give--on the pilot
studies?
A.5. I have not been involved with either of these Treasury
studies because other organizations have been leading research
and advocacy on remittance issues. They may have been involved
in and/or consulted on these issues. Please contact: Kay
Guinane, Director of the Charity and Security Network
([email protected]); Vijaya Ramachandran, Senior
Fellow at the Center for Global Development
([email protected]).
Q.6. In 2016, William and Margaret Frederick were moving from
Ohio to Las Vegas. Unfortunately, it is alleged that the title
company they used in Columbus, Ohio, fell for an email scam and
wired the $216,000 profit from their home sale to a hacker, not
to the Fredericks. William is 83 and Margaret is 75 and as of
October, they were still trying to get their money back. While
the Fredericks' tale is now a court case to determine who was
responsible for the fraudulent information, we know that the
Fredericks' experience is ``very typical'' of scams that divert
an estimated $400 million a year from title companies into
bogus accounts.
Please describe the responsibilities of financial firms to
avoid these frauds?
What penalties should be assessed and by which agencies
when financial firms enable theft?
What is the role for the Consumer Financial Protection
Bureau to ensure financial firms protect their customers' money
and information?
A.6. As noted above, I am not an expert on U.S. consumer
banking laws and cannot provide an informed response to your
question with respect to CFPB. Your question regarding the
title insurance company's culpability is a fact-specific
question of criminal or tortious liability that I am unable to
answer in this format, and does not relate to money laundering.
Q.7. In 2014, FinCEN issued an advisory with human trafficking
red flags, to aid financial institutions in detecting and
reporting suspicious activity that may be facilitating human
trafficking or human smuggling.
To what extent do you assess that financial institutions
are currently utilizing these red flags, in order to better
assess whether their banks are being used for to finance human
trafficking? If institutions are not widely utilizing the red
flags, what actions is FinCEN taking to encourage them to do
so?
A.7. I have not seen any data pertaining to the number of SARs
filed in relation to human trafficking or smuggling in the
United States, so I do not have enough information to provide
an accurate assessment. FinCEN has an online tool that can be
used to look at the number of SARs filed with respect to
specific activities, but unfortunately human trafficking is not
one of the categories. However, anecdotally I can say that
human trafficking and human smuggling are issues where I have
seen a relatively large number of training programs offered to
compliance personnel in recent years. It is therefore on the
radar of compliance personnel in the U.S. at least. I would
recommend that you reach out to FinCEN for an answer to this
question and, if they are not currently collecting statistics
to be able to answer this question, ask or legislate for them
to do so. You might also reach out to Polaris for further
discussions on the intersection between money laundering and
human trafficking.
Q.8. What are the pros and cons of reducing or eliminating the
standards requiring SARs filing for insider abuse (i.e.,
employee misconduct)?
A.8. I do not have a strong opinion about this issue.
Logically, however, I think it is helpful for FinCEN to know
the identifying information of people who have been found by
financial institutions to be engaging in fraudulent activity or
other malfeasance, and for the CFPB to be aware of the same if
it involved harm to consumers, but I do not necessarily think a
SAR is likely to be the most effective way to communicate that.
Q.9. The common expectation is that any financial institution
subjected to a cyberattack would be in touch with law
enforcement about whether or not it's required to file an SAR.
What are the pros and cons of eliminating SAR filing
requirement for cyberattacks against financial institutions?
A.9. Cyberattacks are an ever-growing threat to the financial
services sector and, therefore, to the business and individual
consumers with accounts at financial institutions. A great deal
of personal information is collected and held by financial
institutions, so they are a particular target for that reason
as well. I think FinCEN does a good job of explaining why they
want cyberattacks to be reported in SAR form, how they have
used such information in the past, and what information is most
useful for them in a SAR relating to cyberattacks in an October
2016 Advisory. In December 2017, news broke in the U.K. that
the U.K.'s Financial Conduct Authority had found that U.K.
banks were significantly under-reporting the full extent of
cyberattacks. As history has shown in a number of AML-related
areas, it is unlikely that U.S. banks are reporting more
rigorously. This puts not only account holders at risk, but the
entire fabric of our financial system.
Q.10. As you know, under current regulations, FinCEN currently
exempts a range of institutions from the requirement to
maintain an anti-money laundering program. The list of exempted
institutions includes ``pawnbrokers,'' ``private bankers,''
``seller of vehicles, including automobiles, airplanes and
boats,'' as well persons ``involved in real estate closings and
settlements'' among others.
In your view, what are some of the most glaring exemptions
on this list?
Are there any additional categories of institution, such as
persons involved in the art market or lawyers that should be
required to establish minimum anti-money laundering program
requirements?
A.10. FATF has identified several of what it calls Designated
Non-Financial Businesses and Professions, or DNFPB's, as
businesses and professions that are susceptible for, or can be
used to play a part in, money laundering. The idea is that
these businesses and professions should identify who they are
doing business with, in some cases carry out some customer due
diligence, and file suspicious activity reports if they think a
transaction is suspicious.
The U.S. already requires some DNFBPs to have those AML
programs, such as casinos and dealers in precious metals and
stones. Treasury regulations originally also included others,
including travel agents, those involved in real estate
closings, and car, plane, and boat dealers, among others, but
then Treasury gave them a ``temporary'' exemption from the
requirements with no sunset for that exemption which has now
been in place for many years. Still others never made it on any
list, and those four are lawyers, accountants, corporate
service providers, and escrow agents. For these four, AML
programs would really be about knowing with whom you are doing
business and not permitting practitioners in these businesses
and professions to be able to have plausible deniability that
they didn't have reason to know or suspect that they were
providing services that might be laundering dirty money.
While there are clearly several businesses and professions
missing from U.S. regulation, I would focus on five of them:
lawyers, those involved in real estate closings, corporate
service providers, escrow agents, and accountants.
Lawyers: Of course criminals need and use legal services. A
60 Minutes piece that aired last year featured undercover
footage from an organization called Global Witness, showing
just how easy it is to walk into a law firm in New York and get
a lawyer to easily suggest ways in which structures could be
created to spend money that is clearly the proceeds of
corruption to buy real estate, planes, etc. One attorney even
suggested running the dirty money through the lawyer's client
account to clean it. It was a real eye-opener. In 2010, the
American Bar Association published what I would characterize as
sound Voluntary Good Practices Guidance for Lawyers to Detect
and Combat Money Laundering and Terrorist Financing, but I
encourage you to ask every lawyer you know if they have
implemented it. It is unlikely that they have even heard of it.
This voluntary guidance is simply not enough.
Escrow Agents: Senate Permanent Subcommittee on
Investigations' 2010 report Keeping Foreign Corruption Out of
the United States: Four Case Histories tells the story of how
one escrow agent, McAfee & Taft, refused to provide escrow
services to Teodorin Obiang, the corrupt, playboy son of the
long time dictator of the impoverished Nation of Equatorial
Guinea, because the anti-money laundering policy they had
voluntarily put in place prescribed that they do so. Another
escrow agent without an AML program happily took that money.
Corporate Service Providers: The Panama Papers showed just
how entangled corporate service providers like Mossack Fonseca
can be in facilitating money laundering, corruption, and tax
evasion. The book Global Shell Games details research by a team
of American and Australian academics into just how easy it is
to create an anonymous company to engage in terror finance or
corruption in different countries around the world through
corporate service providers. They found that the easiest
country in which to do so was the United States. One email
response to the researchers' inquiry from a corporate service
provider in Florida was, ``[Y]our started purpose could well be
a front for funding terrorism, and who the f---- would get
involved in that? Seriously, if you wanted a functioning and
useful Florida corporation you'd need someone here to put their
name on it, set up bank accounts, etc. I wouldn't even consider
doing that for less that 5k a month, and I doubt you are going
to find any suckers that will do it for less, if at all. If you
are working with less than serious money, don't waste anybody's
time here. Using a f------ google account also shows you are
just a f------ poser and loser. If you have a serious proposal,
write it up and we will consider it. Your previous message and
this one are meaningless crap. Get a clue. Just how stupid do
you think we are?''
Those Involved in Real Estate: With respect to real estate,
since July 2016, FinCEN has had geographic targeting orders in
place in various counties in New York, Florida, Texas, and
California, requiring title insurance companies to collect
beneficial ownership information for those entities buying high
value real estate with cash. They found that about 30 percent
of the beneficial owners identified by the title companies
already had SARs filed on them by other financial institutions.
That's nearly one third. Exposes like The New York Times'
``Towers of Secrecy'' show just how easy it is for people to
hide behind anonymous companies and buy real estate with
proceeds of crime and corruption. It is central to the 2017
indictment of Paul Manafort and Richard Gates as well.
Q.11. In recent years we've witnessed a seemingly endless
string of money laundering violations by some of the largest
global banks, with Deutsche Bank being the most recent megabank
to disregard the anti-money laundering requirements contained
in the Bank Secrecy Act.
Given that large megabanks continued to disregard their
obligations under the law, what in your view should this
Committee do to ensure compliance, particularly by the largest
global banks?
A.11. Unfortunately for the banking community, many of the high
profile, incredibly egregious cases that involve the biggest
banks in the world have eroded public trust that banks will
indeed act in a manner that is law-abiding and actively try to
turn away proceeds of crime. Even many bankers lack faith in
their institutions. You may find a 2015 study by the University
of Notre Dame and the law firm of Labaton Sucharow, entitled
``The Street, the Bull, and the Crisis'', to be of interest.
The researchers surveyed more than 1,200 U.S. and U.K.-based
financial services professionals to examine views on workplace
ethics, the nexus between principles and profits, the state of
industry leadership and confidence in financial regulators. As
the report states, ``The answers are not pretty. Despite the
headline-making consequences of corporate misconduct, our
survey reveals that attitudes toward corruption within the
industry have not changed for the better.''
There are forms of enforcement that we have not been
pursuing that I believe would be highly dissuasive. The first
is prosecuting the individuals that are behind the decisions
that are resulting in these money laundering violations. When a
banker sees his or her colleague being prosecuted for decisions
that bring the proceeds of crime into the bank, he or she will
be careful not to do the same. Second, prosecution of financial
institutions has historically been for regulatory violations of
the BSA as opposed to the criminal act of money laundering,
even when the hallmarks of a clear money laundering case are
present. We need to begin to criminally prosecute these
entities as well. Finally, when a financial institution is
convicted of or pleads guilty to felonious behavior, it must
trigger any cross-debarments that we have built into our legal
system. For example, Credit Suisse should have lost its status
as a Qualified Professional Asset Manager (QPAM) in 2014 by
virtue of its conviction for facilitating large-scale tax
evasion by Americans. However, as with several similar cases
which preceded it, the Department of Labor waived Credit
Suisse's disqualification and allowed the bank to continue to
enjoy this ``privileged'' status under U.S. law that meant that
the bank had to meet fewer regulatory requirements in its
handling of U.S. pension funds--something we tend to try to
keep felons away from for public policy reasons.
Q.12. Despite record fines, rarely have the individuals who run
the largest global banks been held accountable for their firms'
willful disregard of anti-money laundering and counterterrorism
financing rules included in the Bank Secrecy Act.
Can you discuss why we've seen such low levels of
individual accountability for such violations? To what degree
does the lack of clear chains of responsibility within large
firms contribute to the lack of accountability among senior
leaders?
A.12. The Department of Justice is the most appropriate body to
answer this question because it is the body that has taken
these decisions based on the evidence before it, prosecution
guidelines, and cost/benefit analysis. However, there have
certainly been a few cases where information made publicly
available the Statement of Facts attached to relevant Deferred
Prosecution Agreements, such as excerpts from emails between
executives, strongly suggested that there was sufficient
evidence to bring individuals to trial in certain cases, and
yet we did not see that happen. When I have asked the DOJ about
this, they have responded that they did not feel that they had
sufficient evidence to move forward with prosecution.
After receiving a fair amount of criticism about this, in
September 2015 the DOJ released a memo outlining its intention
to more frequently prosecute individuals. It would be
worthwhile to ask for the DOJ for statistics around
prosecutions of individuals before and after the publication of
the memo. It is possible that we are seeing the first
significant example of this approach being applied to a large
bank money laundering case in the case of Rabobank, as I
explain more fully in a recent blog post that was heavily
quoted in the press. It will be important to keep an eye on
whether individual executives are prosecuted in that case for
the reasons outlined in the blog.
Q.13. Just as the success of the BSA is reliant on good
behavior by individual employees of financial institutions, the
efficacy of the BSA also depends on regulatory and supervisory
accountability. U.S. anti-money laundering efforts in recent
years at times failed to recognize the cumulative effect of the
violations they cited, leading them to permit massive problems
to occur before any serious enforcement actions were taken.
What in your view should be done to address this problem
and ensure that regulators are holding repeat violators of the
Bank Secrecy Act accountable?
To your knowledge, to what extent are Bank Secrecy Act
deficiencies currently factored into the management aspect of
firms' CAMELS rating?
A.13. It seems clear that any policies in place regarding
number and nature of infractions leading to escalation in
enforcement actions are either insufficient or not adhered to.
Either way, this is an area that could certainly benefit from
Congressional review. Policies on elevation/escalation need to
be clear, proportionate, and enforced in a way that results in
meaningful adjustments/reforms being carried out by banks when
they have been the subject of violation notices.
While I think the revolving door issue is a tricky one (we
want experienced people in Government and in financial
institutions and they should have the ability to progress their
careers), I am concerned that there may not be sufficient
safeguards preventing regulators from moving directly to work
for the banks that they have been regulating. In the recent
Rabobank case, Rabobank's OCC examiner put Rabobank under a
Formal Agreement (requiring reform of their AML compliance
program), and then while that Formal Agreement was still in
place, she was hired by Rabobank as a senior executive
overseeing compliance at the bank. According to Rabobank's Plea
Agreement and accompanying Information, the OCC released
Rabobank form that Formal Agreement within the year, although
bank employees reported that nothing substantial having changed
within the bank's compliance program in that time. Whether or
not the executive used her close ties to the OCC to get the
Formal Agreement dismissed, measures should be put in place to
ensure that the revolving door does not allow this type of
situation to arise.
Additional Material Supplied for the Record
COUNTERING INTERNATIONAL MONEY LAUNDERING
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
LETTER SUBMITTED BY THE FACT COALITION
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
STATEMENT SUBMITTED BY THE INDEPENDENT COMMUNITY BANKERS OF AMERICA
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
LETTER SUBMITTED BY THE CREDIT UNION NATIONAL ASSOCIATION
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]