Loading…

Bucksnort, Marijuana, Thresholds, and “a little bit of tension”​ … Senate Banking Committee and BSA/AML

https://www.banking.senate.gov/hearings/10/24/2018/combating-money-laundering-and-other-forms-of-illicit-finance-regulator-and-law-enforcement-perspectives-on-reform

From obvious tension between FinCEN and the OCC, to patiently waiting for marijuana guidance, to missteps on CTR filings and thresholds, to grocery stores in Bucksnort, Louisiana, and ending with a statement from a Senator that “I don’t think you’re ever going to get the safety and soundness regulator to make this a priority”, this hearing was worth watching.

To lay the groundwork, some of the more salient features of the written submissions:

FinCEN Director Ken Blanco’s written testimony began with FinCEN’s mission:

“FinCEN’s mission is to safeguard the financial system from illicit use and to promote national security through the collection, analysis, and dissemination of financial intelligence.” And he further testified that FinCEN accomplishes that mission by: “(1) aggressively investigating and pursuing illicit activity; (2) ensuring that we collect the financial intelligence necessary to support these investigations; (3) understanding the evolving trends and typologies of illicit activity; and (4) closing any regulatory gaps that expose our financial system to money laundering and the other underlying illicit activity that threaten our financial system and put our nation, communities, and families in harm’s way.”

Director Blanco then commented on the importance of the BSA information:

“nearly 500 federal, state, and local law enforcement and regulatory agencies with direct access to FinCEN’s database of BSA records. Within these agencies, there are an estimated 11,000 active users of BSA data. This consists of 149 SAR Review Teams and Financial Crimes Task Forces located all around the country, covering all 94 federal judicial districts, including one in each state, the District of Columbia, and Puerto Rico. In the last five years, FinCEN query users have made more than ten million queries of the FinCEN database.”

“Internal Revenue Service Criminal Investigation alone conducts more than 126,000 BSA database inquiries each year. And, 24 percent of its investigations begin with a BSA source. As my colleague from the Federal Bureau of Investigation (FBI) will discuss, financial intelligence is a key tool for FBI criminal investigations. All FBI subjects have their names run against the BSA database. More than 21 percent of FBI investigations use BSA data, and for some types of crime, like organized crime, nearly 60 percent of FBI investigations use BSA data. Roughly, 20 percent of FBI international terrorism cases contain BSA data.”

“We are getting better at this every day, but we believe we can do much more. Part of getting better and doing more includes providing both our financial institutions and delegated examiners better and more consistent feedback on how we use BSA data so they understand our priorities and how to better use their resources more effectively and efficiently in a more targeted and focused way.”

Director Blanco then turned to regulatory reform:

“Our goal is to ensure that financial institutions are devoting their resources to identify and report activity that relates to the highest priority national security and law enforcement interests. This effort requires a multi-prong approach with three key priorities: (1) understanding BSA value; (2) promoting responsible innovation; and (3) fostering information sharing, including through public-private partnerships.”

The OCC’s Senior Deputy Comptroller for Compliance & Community Affairs, Grovetta Gardineer, testified that: “We at the Office of the Comptroller of the Currency (OCC) support the purpose of the BSA to combat money laundering and terrorist financing (illicit finance). Toward this end, the OCC is committed to ensuring that the institutions under its supervision have robust controls in place to safeguard them from being used as vehicles to launder money for drug traffickers and other criminal organizations, or to facilitate the financing of terrorist acts. Together, with the other federal banking agencies and the law enforcement community, our goal is to prevent the misuse of our nation’s financial institutions.”

She also stated:

“New technologies such as artificial intelligence (AI) and machine learning offer banks opportunities to better manage their costs and increase the ability of their monitoring systems to identify suspicious activity, while reducing the number of false positive alerts and investigations.”

I disagree with this statement, to a degree. There is nothing wrong with the existing technologies: it is their misapplication that is the primary problem, and the secondary problem is the fear of banks – brought on by regulatory expectations and published sanctions – that they cannot afford to miss any potential suspicious activity. AI and Machine Learning are great technologies, and have been effectively deployed for 10 years by some vendors (Verafin is one), but they are not the sole answer. For a BSA Officer to blame false positives on his or her technology is like a carpenter blaming his tools … you should look first to the carpenter …

Deputy Comptroller Gardineer then testified on proposed legislative reforms, using the Economic Growth & Regulatory Paperwork Reduction Act (EGRPRA, or “Eegrippa”) process.

This is where things got interesting during the question and answer session. Chairman Crapo (R. IL) opened with a question to Director Blanco whether the OCC’s proposed EGRPRA process was the right way to make BSA changes. Director Blanco said it wasn’t necessary and was, in fact, “another layer of bureaucracy”. Ms. Gardineer disagreed. The back and forth got so intense that Senator Crapo called it “a little bit of tension” and moved on.

Senator Sherrod Brown (D. OH), the Ranking Member, chastised the OCC for calling for regulatory relief at a time when the bigger banks’ misconduct seems to continue.

There was testimony and many questions on the CTR threshold. In his written testimony, Director Blanco noted that raising the CTR threshold to $20,000 would eliminate 60% of CTRs, and raising it to $30,000 would eliminate 80%. Senator Moran asked FBI Agent Steve D’Antuono about that: Agent D’Antuono made an excellent point that it isn’t simply the amount that is important, but all the other information reported in a CTR, such as addresses, telephone numbers, etc.

The exchange with Senator Toomey was interesting for many reasons. He noted that the $10,000 threshold has been in place since 1970, and has not been adjusted for inflation. He referred to a 1994 GAO study that found that 30% – 40% of CTRs were filed by large, well-known cash intensive companies that should have been depositing large volumes of cash, and that those reports offered little value to law enforcement.

Senator Toomey – or his staff or others he and they are relying on – appear misinformed and misguided. First, the Money Laundering Suppression Act of 1994 addressed the issue of large-dollar, well-known cash businesses by providing for the CTR exemption process. That problem has (partially) been solved. Second, the “inflation” argument ignores other more relevant factors: (i) in 1970 the CTR process was entirely manual, without the aid of desk-top computer systems, with forms copied with carbon paper and mailed in envelopes; (ii) in 1970 there were no ATMs, no debit cards, no ACH, no Internet, no mobile, certainly no peer-to-peer electronic (Venmo) transactions … the world has changed, and I would argue that $10,000 in cash today is just as unusual or anomalous as $10,000 in 1970.

A recent study conducted by the Federal Reserve Bank of Boston (a study titled “the Diary of Consumer Payment Choice”) found that the average cash transaction is $22: surely a reporting threshold that requires banks to report cash deposits that are almost 500 times the average cash transaction is a reasonable threshold.

Approximately 50 minutes into the hearing (at the 1:07:10 mark), Senator Menendez (D. NY) asked Director Blanco “does FinCEN have any plans to clarify how financial institutions can provide services to marijuana related businesses …?”. Director Blanco replied “we’re still having those [interagency] conversations … the 2014 guidelines are still the guidelines.” So no help there to those banks and credit unions considering whether to provide, and which, banking services to direct, indirect, or ancillary cannabis businesses and persons.

Senator Cortez Masto (D. NV) made two important points about possible changes to FinCEN’s mandate: giving FinCEN the authority to work with tribal police, and allowing FinCEN to investigate domestic terrorism. Director Blanco agreed with both.

The exchange with Senator Kennedy (R. LA) was particularly interesting. Like Senator Toomey, Senator Kennedy – or his staff or others he and they are relying on – appear misinformed and misguided. The Senator began his questions of Director Blanco with a scenario of a well known local grocery store in a small town that deposits $15,000 in cash every day into its account at a small bank. He asked Director Blanco if a CTR would have to be filed. Unfortunately, Director Blanco replied that yes, a CTR would have to be filed. In fact, in that scenario, the bank could exempt that well-known, cash-intensive business from the CTR filing requirement. It would be good to have that corrected for the record. Senator Kennedy actually gave a name to that small town – he called it “Bucksnort, Louisiana”. I Google Mapped (is that a verb?) “Bucksnort” … there appears to be one in Tennessee and another in Alabama. I couldn’t find the Louisiana Bucksnort.

Senator Kennedy then asked about the questions that needed to be asked of customers at account opening. He asked Director Blanco “does the bank have to ask if my company is a shell company?”. Again, unfortunately, Director Blanco answered “yes”, when in fact that is NOT a question that needs to be asked. Nor can it be reasonably answered: the only answer you’ll get is “no”. Rather, the new Beneficial Owner rule simply requires banks to ask the person opening the account to provide the names and identifying information of any natural person owning at least 25% of the entity (up to four legal owners) and the name of one controlling person, and the bank can rely on that information unless it has reason to believe it is false. Neither the Rule, nor any regulatory expectation I am aware of requires a bank to ask “is your company a shell company?”

Senator Warner (D.VA) had arguably the most interesting observation of the entire ninety minute hearing. At 1:33:17 of the hearing, after some discussion about the different missions of the OCC and FinCEN, he stated “I don’t think you’re ever going to get the safety and soundness regulator to make this a priority.”

This last statement may be getting to the crux of the matter. Depending on your perspective, do FinCEN and the safety and soundness regulators have different perspectives of the same problem, or are they competing interests? As Director Blanco put it, FinCEN has a dual mission: to safeguard the financial system from illicit use, and to promote national security through the collection, analysis, and dissemination of financial intelligence. Deputy Comptroller Gardineer testified that the OCC is committed to ensuring that the institutions under its supervision have robust controls in place to safeguard them from being used as vehicles to launder money. So FinCEN – and law enforcement – are focused on the actionable intelligence that financial institutions can provide: the OCC is focused on whether those institutions have robust controls in place. In my White Paper titled “50 Years of the Bank Secrecy Act: It’s Time to Renew the Purpose of Providing Actionable Intelligence to Law Enforcement” (https://verafin.com/resource/50-years-bank-secrecy-act/) I conclude with the following:

“I, and many others, believe that providing timely and actionable intelligence to law enforcement is critical to the successful prevention of illicit activity. Of course, as outlined in the FFIEC manual, a sound BSA/AML compliance program provides the necessary foundation for providing that intelligence. With that in mind, a first step in reforming the BSA/AML regime in the United States may be changing the language of the Manual itself. I propose that the language is changed from ‘a sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions…’ to ‘providing timely and actionable intelligence to law enforcement is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions, and a sound BSA/AML compliance program provides the foundation for the ability to provide that intelligence.’ The change is subtle but important as it strengthens and focuses the very purpose of the BSA. Providing actionable, timely intelligence to law enforcement, while maintaining sound but rational programs, should be the new goal.”

I believe that the safety and soundness regulators and FinCEN have different perspectives, not competing interests. But I would stress that a financial institution be supervised, examined, and judged first and foremost on whether it is providing actionable intelligence to law enforcement over whether the hundreds or even thousands of BSA compliance program requirements are ticked and tied and documented.

To conclude, testifying before Congress is a nerve-wracking and difficult thing to do (I’ve done it once, in 2004) and Director Blanco, Deputy Comptroller Gardineer, and Agent D’Antuono are to be commended for jobs well done. The public/private partnerships are better than they’ve ever been, and with courage, commitment, collaboration, and compromise, we can make them even better.

The Strip Club – Is Membership Now Closed?

With today’s announcements from the US Attorney for the Southern District of New York, OFAC, Federal Reserve, New York State Department of Financial Services, and the Manhattan DA’s Office, the almost-ten year “Strip Club” investigations and prosecutions may have come to a close. Today was Société Générale’s turn, closing a six year investigation into ten years of sanction violations with penalties totaling more than $1.34 billion paid to five county, state, and federal agencies. Notably, the Manhattan DA press release mentioned a “concealment practice” that ended in early 2007, and, because of SocGen’s alleged “untimely disclosure, the statute of limitations for violations relating to the concealment practice and to much of the conduct involving the Cuban credit facilities had already run by the time the investigating agencies learned of them.” The press release contains a list of, and links to, the ten banks that paid penalties for “stripping out” information about sanctioned entities in order to avoid US sanctions controls. Perhaps we’ve seen the last member added to the Manhattan DA’s “Strip Club” …  https://www.manhattanda.org/d-a-vance-announces-162-8-million-payment-from-societe-generale-to-new-york-city-and-state/ 

The most complete filing is from the Manhattan US Attorney’s office: see https://www.justice.gov/usao-sdny/press-release/file/1112461/download

Swiss Regulator FINMA criticizes Societe General’s lack of an EVOC – Enterprise View of the Customer

https://www.finma.ch/en/news/2018/09/20180917-mm-gwg-cs/

Not being able to impose monetary penalties, Swiss financial supervisor FINMA concluded two enforcement procedures against Credit Suisse AG. In the first, FINMA identified wide-ranging deficiencies in the bank’s AML program in three of the biggest global fraud/AML cases of the past ten years: the International Federation of Association Football (FIFA) scandal, Brazil’s oil corruption case involving Petrobras, and Venezuelan oil bribery and corruption case involving Petróleos de Venezuela, S.A. (PDVSA). The second procedure was a garden-variety PEP versus high-performing Relationship Manager case. Collectively, FINMA “decreed measures to further improve anti-money laundering processes and to accelerate the implementation of steps already initiated by the bank” and, notably, FINMA imposed “an independent third party to monitor the implementation and effectiveness of these measures.”

One of the most significant findings – and a warning to financial institutions everywhere – was that there was “no automated comprehensive overview of client relationships”. FINMA found:

“To combat money laundering effectively, every relevant department within the bank must be able to see all the client’s relationships with the bank instantly and automatically. Credit Suisse AG has been in the process of implementing such a “single client view” since 2015. Progress has been made, however this overview is still to be extended outside the Compliance unit. This results in organisational weaknesses in addition to the contraventions of anti-money laundering provisions.”

The result? Credit Suisse will need to build out a real-time, bank-wide single view of the customer … or Enterprise View of the Customer (EVOC).

ING pays record EUR 775,000,000 fine to Dutch Public Prosecution Service for multiple AML failures

Dutch prosecutors hammered ING Group for 7+ years of abject AML failures … missing and incomplete customer due diligence files, failing to review CDD files, improper customer risk ratings, failure to exit known bad customers in a timely fashion, late suspicious transaction reports, capping transactional alerting systems (which they called “topping”), even “culpable money laundering.” ING failed to adequately staff its financial economic crime group, knew it was understaffed, and didn’t properly staff it. The Dutch prosecutors seemed irritated about this, as they imposed a EUR 100,000,000 “disgorgement” based on the amount that ING under-staffed its FEC unit by.

Expect much industry fall-out from this. It raises the penalty bar to new heights – no European agency has imposed a fine and penalty even close to this.

Ninth Circuit rules that the FFIEC BSA/AML Examination Manual has the force of regulation!

Upsetting the long-held belief that legislation is clarified by regulations that are clarified and explained by written guidance and modified over time by shifting regulators’ expectations, the Ninth Circuit has recently ruled that the BSA/AML Examination Manual (written guidance) is, effectively, regulation.

In California Pacific Bank v. Federal Deposit Insurance Corporation a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit held in March 2018 that the Bank Secrecy Act (BSA) and its implementing regulations were not unconstitutionally vague, and that the FDIC had properly relied on the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual. Writing for the majority, Judge James Gritzner wrote:

“Not only are the BSA and FDIC’s implementing regulations economic in nature and threaten no constitutionally protected rights, but it is clear that a detailed manual issued by agencies with enforcement authority, such as the FFIEC Manual, can put regulated banks on notice of expected conduct. The BSA authorizes the FDIC to review banks for compliance. 12 U.S.C. § 1818(s). The FFIEC Manual frames the examiners’ expectations in anticipation of routine compliance checks … We hold that the BSA and its implementing regulations are not unconstitutionally vague, and the FDIC did not exhibit unconstitutional bias against the Bank. We further hold that the FDIC acted in accordance with the law by relying on the FFIEC Manual to clarify its four pillars regulation.”

So unless and until this Ninth Circuit decision is over-ruled or contradicted … consider the BSA/AML Exam Manual to be have the impact of regulations.