Lessons Learned as a BSA Officer – 1998 to 2018: Presentation to SoCal ACAMS Chapter, March 8, 2019

Lessons Learned as a BSA Officer – 1998 to 2018

“I didn’t say it was your fault, I said I was blaming you” – Winston Churchill

Topics Covered

  1. All the Cooks in the AML Kitchen aka Stakeholders
  2. All the Resources Available to You
  3. The 5 Dimensions of Risk – Up, Down, Across, Out, and Within
  4. FinTech versus Humans
  5. The 7 Cs – What Makes a Good Analyst/Investigator
  6. Tall, Dark and Handsome – Words and Punctuation Matter!
  7. SMEs v SMEs – Subject Matter Experts vs Subject Matter Enthusiasts
  8. Is Transaction Monitoring a Thing of the Past?
  9. The Importance of Courage
  10. Takeaways

All the Cooks in the AML Kitchen – There are more stakeholders than you realize …

To most risk professional, stakeholders are shareholders, directors and senior management, and perhaps regulators. But there are many more than that, and they all have different perspectives, even competing interests, when it comes to how you do your job as a risk professional:

  • Shareholders and Directors
  • Team Members – or employees … as opposed to … Team Mates – those who report to you, who you report to. Where you sit in an organization has a big influence on how you see the organization and your job.
  • Senior Management – however that is defined in your organization, this is the “Top” from where the “Tone” comes from in “Tone from the Top”
  • Middle Management – again, however this is defined in your organization, this is where a lot of tone deaf people reside. A G30 report from a few years ago on financial institutions and risk management referred to middle management as “the Blocking Middle”. We’ve all seen that.
  • Regulators – those you interact with, and who interact with you. I call those “your regulators”, which is different from the Regulators – the people in DC setting policy
  • The Media and Social Media (two very different stakeholders)
  • Physical communities where you operate, and online and virtual communities
  • Your trade associations (such as ACAMS)
  • Customers and Clients
  • Politicians – local, state, federal
  • Law enforcement and Prosecutors – local, state, federal
  • Family, friends … and Yourself

These stakeholders all have their own interests and perspectives. You can balance different perspectives, but you need to juggle competing interests, and even choose one or more stakeholders over others. Good risk management brings these views together as different perspectives, and balances the interests of stakeholders: bad risk management treats them as competing interests, and ignores the interests of stakeholders.

Ask yourself in each situation … which stakeholders’ interests are you preferring over others? How are you communicating with those stakeholders? But realizing you’ve got 20 or more “Cooks in the Kitchen” is helpful as you think about decisions you need to make.

Resources – The classic question: “do you have enough resources to do your job?”

In answering that question, most people start with the number of people they have. In fact, that might be the LAST thing to consider when it comes to all the things that you actually have available to you. The resources you actually have available to you, in order of importance, are:

  1. Relationships – both internal (evidenced by your stature, authority, and independence in the organization, access to senior management and the board, access to junior management in the businesses) and external (with your regulators and law enforcement). A key aspect of relationships is trust – do your regulators trust you? Does senior management trust your judgment when you stop a new business initiative, or do they fight you every step of the way?  Relationships are the critical resource you have, or don’t have. Which takes you to the second most important resource …
  2. Data – does your institution have the necessary customer and transactional and other data necessary for you to run your program? If so …
  3. Technology – does your institution have the ability to keep that data current, and to get it to you? If so …
  4. Tools – do you and your teams have the right tools to use that data? By the way, this is where machine learning and AI come in … without good relationships, great data, and better technology, investing in ML and AI is like buying a high speed train without having the tracks to run it on.
  5. Policies and Procedures – Policies tell what needs to be done, and by whom; procedures tell how it gets done, and by whom. Avoid policedures. And remember the “Dress Appropriately” concept …
  6. Time – time is, arguably, your greatest resource. If you’ve ever had to remediate a program under tight audit or regulatory time constraints, you know what I mean. And this leads us to the last resource you have available to you …
  7. People – the number of people is the LAST consideration you should have when it comes to people. Your first concerns are: (1) are they well led? (2) are they well placed in the organization? (3) are they well “fed” (compensation, benefits, opportunities)? And 4th and finally … Do you have enough of them?

Although People are the last resource to consider, they are your most precious resource!

Managing the Five Dimensions – Our professional lives are all about trying to balance five dimensions

  1. Managing UP – to your boss, senior management, the board
  2. Managing ACROSS – to your peers within your organization, as well as peers across the company
  3. Managing OUT – to your industry peers, trade associations, regulators, prosecutors, media, law enforcement
  4. Managing DOWN – managing your team … but this is more about LEADING your team … and not just your direct reports, but your entire team
  5. Managing WITHIN – managing yourself, your family and personal obligations

So consider all five dimensions, and ask yourself the following questions:

  • Which direction am I best at managing? Why?
  • Which direction am I worst at managing? Why?
  • Which direction do I like the best? Why?
  • Which direction(s) do I dread the most? Why?
  • Which direction(s) do I avoid dealing with? Why?

You’ll probably never be in balance … so find and embrace your equilibrium.

FinTech vs Humans – “A computer lets you make more mistakes faster than any inventions in human history – with the possible exceptions of handguns and tequila.” Mitch Radcliffe (1998)

  • Machine Learning has its place in financial crimes, and has had a place in financial crimes since at least 2010: it’s just that the hype and marketing around it is hitting the mainstream.
  • Artificial Intelligence? I’m not convinced we are there yet. I’ve written on this: see www.regtechconsulting.net/news. In one article I quote Mat Velloso, who tweeted: “If it’s written in Python, it’s probably machine learning: if it’s written in PowerPoint, it’s probably artificial intelligence.”
  • And unless and until FinTech can bring intuition, empathy, judgment, common sense, and courage into the financial crimes environment, us humans will always have the most important role and machines will remain tools, not solutions.

There are no technology solutions. Only tools. Humans behaving well, and with good technology and better data, provide solutions.

What about those humans?

The Seven Cs – What makes a great analyst/investigator

  1. Capable – in anything. It doesn’t have to be financial services. Military veterans are great examples of people that can make great analysts without any financial services background because they are invariably capable people.
  2. Computer Savvy – Yep, it goes without saying. And I’m not talking about “I know how to use Excel” savvy: I’m talking about two computers, three screens, and typing faster than you talk. We all know those people …
  3. Curious – this is one of the big qualities. As I’ve said, I’ve directly or indirectly hired thousands of AML analysts over the years … and was one myself. If there is any attribute that separates a good analyst from a great analyst it is an insatiable curiosity to learn more, turn one more corner, to think differently about a problem.
  4. Creative – this is the trait that allows an analyst to think about what is not in the data that should be, to realize that it is not what is in the case that makes it suspicious, but what is not in the case that should be there that makes it suspicious …
  5. Cynical – you have to be a little cynical to be a great AML analyst. As I mentioned above, where bankers see every new customer as a GREAT customer, only possibly a nuisance, and certainly not a problem, every good AML analyst sees every customer as CERTAINLY a problem, clearly a nuisance … and only possibly a great customer. But that cynicism needs to be balanced by …
  6. Compassionate – You need to be compassionate and caring to take the time to understand different cultures and religions (when banks are open in a country will impact fund flow patterns), how and why different migrant communities live and work (and remit money home to family), what the word “hawala” means, naming conventions from different cultures, etc. And I want analysts who care for their teammates, and have compassion for those that aren’t as fortunate. And last and foremost:
  7. Courageous

An analyst/investigator needs to have all 7 attributes in order to look for, find, and explain (1) what is there that should be there, (2) what is there that shouldn’t be there, (2) what is not there that should not be there, and (4) what is not there that should be there.

Tall, Dark, and Handsome – Words (especially adjectives and adverbs) and punctuation matter!

  1. Write simply and clearly

“We know all too well that drugs are killing record numbers of Americans – and almost all of them come from overseas.”          Former AG Jeff Sessions, August 2018 speech

This is a good example of a poorly written sentence that is begging for clarity. The phrase “almost all” means very little: at least 51% and less than 100%. Second, do “almost all” drugs come from overseas, or do almost all Americans come from overseas? And finally, Mexico is the source country for 90% – 94% of heroin entering the US, and the final transit country for 90% of the cocaine entering the US. Mexico isn’t actually overseas from the US.

  1. Use Adjectives and Adverbs Sparingly, if at all

Most modifiers are unnecessary. Whether necessary or not, as a risk professional you should be very aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

  1. Watch out for Red Flag Words and Phrases

Intended, Primarily, Pilot, Agile Development, shall versus may, Artificial Intelligence, Machine Learning

SMEs vs SMEs – Subject Matter Experts versus Subject Matter Enthusiasts

The Subject Matter Expert is just that. She has:

  1. talent and training,
  2. subject matter knowledge,
  3. environmental knowledge, and
  4. years of experience (and not just one year of experience many times over, but many years of experience).

The true Expert doesn’t see herself as an expert, will rarely call herself an expert, probably doesn’t see herself as an expert, but she possesses those traits, or enough of them, to truly be, and be seen as, a Subject Matter Expert.

The Subject Matter Enthusiast, on the other hand, often:

  1. calls himself an Expert when he isn’t, or
  2. thinks of himself as possessing enough of as many of the traits needed to pass himself off as an Expert.

The Enthusiast overcomes his lack of true expertise with just enough confidence, hubris, and (frankly) enthusiasm to move a project ahead or design a monitoring system just long enough to allow auditors, regulators, and prosecutors to catch up … and then for the true experts to bail him (and the project or monitoring system) out.

What’s the trick? Understanding where your expertise ends and your enthusiasm begins … understanding who are the experts and who are the enthusiasts, having the right blend of experts and enthusiasts … and taking the best of both, bringing them together, and building a highly effective team.

Is Transaction Monitoring a Thing of the Past? – Customer and Counter-Party Interaction Surveillance is the way of the future

Last year I posted on my website the “AML Scenario Builder” I first put together almost 20 years ago. It still applies today. It includes the eight essential data elements needed to do customer risk assessments and to build a relationship-based interaction monitoring and surveillance system:

  1. Customers/Clients/Others … with or without
  2. Products and Services … doing
  3. Interactions and Transactions … through
  4. Delivery Channels … at
  5. Locations/Geographies … sometimes involving
  6. Amounts … while considering
  7. External Factors … and
  8. Internal History

Twenty years ago we had moved away from Transaction Monitoring. Now, in full disclosure we kept a TM system running, and it spit out alerts that we had to deal with. But it was our least efficient, least effective, and one of the smallest sources of alerts we had at all banks I worked at. If TM hasn’t been dead for 20 years, it’s been on life support.

The Importance of Courage – “Courage is the single attribute upon which all other attributes depend” – Winston Churchill

After the September 2001 terrorist attacks, the 9/11 Commission was set up to look at what happened, and why. In its final report issued in 2004, they concluded that the US government’s failures could be grouped into four major categories: failure of policy, failure of capabilities, failure of management, and failure of imagination. And they concluded that the “most important failure” was a lack of imagination.

I believe that all four of those failures – of policy, of capabilities, of management, and of imagination – have one thing in common. A failure of courage.

What do I mean by courage?

  • Courage to speak freely – but respectfully and fairly
  • Courage to walk away when your principles are compromised
  • Courage to change
  • Courage to listen
  • Courage to compromise


  1. Be aware of all of your stakeholders … particularly your friends and family
  2. Recognize all the resources you have available to you … particularly your people
  3. Appreciate all the directions you’re being pulled in … and try to find an equilibrium that works for you
  4. Technology is important … but people are crucial
  5. Look past CVs and focus on whether someone is compassionate, curious, creative, and courageous
  6. Write carefully … and listen more carefully
  7. Identify and embrace the best of your experts and enthusiasts
  8. Be courageous

Grave Danger, Critical Habitats, and Oxford Commas – Words and Punctuation Matter!

Words and punctuation matter! Be precise in, and be careful with, the words you speak and write, and the words you’re hearing and reading.  There is much attention being placed on machine learning and artificial intelligence, both of which require computer coding that is precise. We must have the same attention paid to precise language and precise punctuation. Let me give you a few examples.

In the First Circuit Court of Appeals case of O’Connor et al v Oakhurst Dairy et al, 1st Cir. CA 16CV1901 (March 13, 2017), the Court wrote a 29-page decision on whether “packing for shipment or distribution” meant “packing for shipment” and the separate activity of “distribution”.  The drivers of a Portland, Maine dairy company, Oakhurst Dairy, were suing to recover $10 million in overtime pay. They argued that driving, or distribution, was not covered by a Maine law that sought to exempt certain activity in the perishable foods industries from overtime pay. That law required overtime pay except for “the canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of” certain products, including dairy products. The drivers argued that “packaging for shipment or distribution” didn’t include “distribution”. The Court of Appeals agreed and remanded the case back for a determination of the amount of overtime owed. In February 2019 the parties settled on $5 million.

The Oakhurst Dairy case is also known as the “Oxford Comma” case because it deals with a punctuation style for serial lists of like items that is espoused by the Oxford University Press (apparently with strong opposition from the Associated Press). The decision, which is 29 pages long and begins with “[F]or want of a comma, we have this case”, includes an interesting footnote on page 16. There, the Court notes that Maine’s Legislative Drafting Manual provides “when drafting Maine law or rules, don’t use a comma between the penultimate and the last item of a series.” So the law as written followed Maine’s drafting style. But the Court noted that Maine is one of only seven states to conform to that style, and both the House and Senate follow the “Oxford comma” style (both the House and Senate have an Office of Legislative Counsel and Manual on Drafting Style and Legislative Drafting Manual, respectively.

Both words and punctuation were found lacking in a section of a speech given by former US Attorney General, Jefferson Beauregard Sessions in August 2018:

“We know all too well that drugs are killing record numbers of Americans – and almost all of them come from overseas.”

This is a good example of a poorly written sentence that is begging for clarity. The phrase “almost all” means very little: at least 51% and less than 100%. Second, do “almost all” drugs come from overseas, or do almost all Americans come from overseas? And finally, Mexico is the source country for 90% – 94% of heroin entering the US, and the final transit country for 90% of the cocaine entering the US. I checked on a map, and Mexico isn’t actually overseas from the US. (any more than Canada was the first overseas country visited by First Lady Melania Trump).

In addition to punctuation and grammar, pay attention to modifiers – adjectives and adverbs.  In Weyerhaeuser v. US Fish & Wildlife Service, (USSC 17-71, slip opinion November 27, 2018), the US Supreme Court had the occasion to discuss adjectives at some length as they decided whether the phrase “critical habitat” required any habitability. In a unanimous opinion written by Chief Justice Roberts, the Court wrote (at page 8): “Our analysis starts with the phrase “critical habitat.” According to the ordinary understanding of how adjectives work, ‘critical habitat’ must also be ‘habitat.’ Adjectives modify nouns—they pick out a subset of a category that possesses a certain quality. It follows that ‘critical habitat’ is the subset of ‘habitat’ that is ‘critical’ to the conservation of an endangered species.” See https://www.supremecourt.gov/opinions/18pdf/17-71_omjp.pdf accessed December 6, 2018.

This case reminded me of advice I received as a young barrister in Canada in the late 1980s. My mentor – a Queen’s Counsel who later became a judge – taught me to always pay attention to modifiers: adjectives and adverbs. Remember the movie “A Few Good Men” starring Tom Cruise and Jack Nicholson? Colonel Jessup (Jack Nicholson) was on the witness stand being cross-examined by Lieutenant McCaffrey (Tom Cruise). Lieutenant McCaffrey asked “were the men in danger? Grave danger?” And Colonel Jessup replied in “is there any other kind?”  A great line! Most modifiers are unnecessary, and many are redundant (e.g., end result, first began, twelve noon, and revert back). Whether necessary or not, when writing in a business setting you should be very aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

Another example of the importance of clear language recently came from an interagency joint statement on “Innovative Efforts to Combat Money Laundering and Terrorist Financing” (December 3, 2018) (see https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-130a.pdf). In that statement, the four banking regulatory agencies and FinCEN wrote, in part:

“… pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program. For example, when banks test or implement artificial intelligence-based transaction monitoring systems and identify suspicious activity that would not otherwise have been identified under existing processes, the Agencies will not automatically assume that the banks’ existing processes are deficient. In these instances, the Agencies will assess the adequacy of banks’ existing suspicious activity monitoring processes independent of the results of the pilot program. Further, the implementation of innovative approaches in banks’ BSA/AML compliance programs will not result in additional regulatory expectations.”

The modifiers “necessarily” and “automatically” are important: the agencies did not write that “pilot programs that expose gaps in a BSA/AML compliance program will not result in supervisory action with respect to that program” or “the Agencies will not assume that the banks’ existing processes are deficient”. They left the door (wide) open for taking regulatory action against institutions where innovative pilot programs reveal gaps in their existing anti-money laundering programs.

In addition to punctuation and modifiers, also be careful when using or reading some common words and phrases that are “red flags” for compliance and risk management professionals. Two examples are:

  • Intended, as in “this product is intended to be sold only to medium-sized businesses”. When read critically, this phrase also means “although this product is intended to be sold only to medium-sized businesses, there are no controls stopping us from selling it to whatever customer class we want …”. Intent is only that: intent.
  • Primarily, as in “this product is primarily sold to mid-size businesses”. With “primarily” comes “secondarily”: “this product is primarily sold to mid-size businesses, but we’re also selling it to whoever will buy it.”

And make sure you understand words and phrases that are now commonly used but may not be commonly understood. Examples include “machine learning” and “artificial intelligence” – honestly now, do you really know what those things mean? And then there’s vague words such as “implement” (which I see all the time in Action Plans), “solution” (most solutions are simply tools), “agile development” (caution – that can mean lack of testing), and my favorite: “paradigm shift”.

It is important to be aware of how you and others use punctuation, adjectives, and adverbs. If not, your career could be in danger. Grave danger.

Public-Private Partnerships: Financial Crime Specialist Jim Richards Discusses Effective and Efficient Information Sharing under the USA PATRIOT Act

Thanks to my friend and financial crimes colleague Gina (Scialabba) Jurva of the Thomson Reuters Legal Executive Institute for the article. We did the interview and article back in November 2018 and it was recently published on LEI’s website. It’a available at:


The text of the article is reproduced below:

With an average of 55,000 new financial institution filings each day — known as Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) — the Financial Crimes Enforcement Network, (FinCEN) is busy. FinCEN, a bureau within the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence (TFI), is the arm of our government charged with safeguarding the financial system from illicit use, combating money laundering, and promoting national security.

Those CTRs and SARs are filed by individual institutions acting alone and, for the most part, are the result of each institution monitoring its own customers’ cash and other transactions and reporting large cash transactions and suspicious transactions. But since the passage of the USA PATRIOT Act, a law enacted in response to the 9/11 terrorist attacks, there have been provisions to allow for the sharing of information between the government and financial institutions, and amongst financial institutions. These provisions – contained in section 314(a) and 314(b) of Patriot Act, authorize FinCEN to share law enforcement and regulatory information with financial institutions (FIs) on individuals, entities, and organizations reasonably suspected of engaging in terrorist financing or money laundering activities, and vice versa.

“The notion of information sharing was there before the PATRIOT Act, but no one had an appetite for it without any statutory protections,” said Jim Richards, Founder of RegTech Consulting, and former Bank Secrecy Act (BSA) Officer and Global Head of Financial Crimes at Well Fargo & Co.

Richards says this is an incredibly powerful tool that has been on the books for more than 15 years; and, when used properly, has provided valuable data to disrupt money laundering and terrorist financing. But, as with anything, Richards believes there are some improvements to be made. “There are ways we can utilize these tools to be more efficient and more effective for banks and law enforcement,” he said, adding that this includes combining parts of the law together in a smarter way.

Section 314 (a) and 314 (b): What’s the Difference?

But first, a crash course on sections 314(a) and 314(b).

  • Section 314(a): Mandatory Information Sharing between Law Enforcement and Financial Institutions — This subsection deals specifically with information sharing between law enforcement via FinCEN and FIs. Law enforcement agencies investigating a crime related to terrorism or money laundering, via a FinCEN request, can ask FIs to search their records to determine whether they maintain or had maintained accounts for, or engaged in transactions with, any “individuals, entities, and organizations reasonably suspected of engaging in terrorist acts or money laundering activities.” Essentially, FinCEN is the gatekeeper for all information requests.
  • Section 314(b): Voluntary Information Sharing Between FIs — Here, two or more FIs and any association of financial institutions (emphasis added, don’t worry, we will get back to that), may share information with one another “regarding individuals, entities, organizations, and countries suspected of possible terrorist or money laundering activities.” Simply put, this is an information-sharing mechanism to help disrupt financial fraud crimes by and among those FIs that elect to participate.

Keep in mind, Section 314(b) is a voluntary information-sharing tool; FIs are not required to register with FinCEN, nor share information.

Section 314(a) activities, however, are mandatory, and FIs must comply with FinCEN information requests. These information requests are limited in scope to terrorism activities (see 18 U.S.C. 2331) and money-laundering activity (see 18 U.S.C. 1956).

Powerful stuff, right? “Before the PATRIOT Act, we couldn’t do that,” Richards notes. Powerful, but not without its share of controversy.

Breaking Down a Section 314(b) Request

Let’s say Bank A and Bank B are registered with FinCEN under Section 314(b). Bank A is investigating an account owned by Jim for the purposes of filing a SAR. If Bank A sees that Jim has been sending money to Gina at Bank B, Bank A can request that Bank B provide transaction information.

Then Bank B can respond with “we aren’t telling you anything” or can say, “Gina has banked with us for 20 years, she owned a flower shop. We saw these transactions and have no concerns.”

The problem, Richards notes, is that because Section 314(b) information-sharing is not mandatory, it also creates more roadblocks. “If you have a certain time in which to file a SAR, and Bank B isn’t getting back to you, what do you do?” he said. “It creates a level of complexity that not many FIs want to deal with. Also, regulators are reluctant to criticize an FI for not participating in a voluntary program but can criticize a participating FI for any failures in doing so, so many FIs simply decide to save themselves from regulatory issues by not participating in an otherwise valuable program.”

Combining Sections 314(a) and 314(b): A New Approach to the PATRIOT Act

In Congressional testimony earlier this year, a witness testified that “of the roughly one million SARs filed annually by depository institutions (banks and credit unions), approximately half are filed by only four banks.” What if FinCEN and these four largest financial institutions worked together to share information? And what if they did that with tools already in the anti-money laundering (AML) toolbox?

Here’s how. Remember the language we emphasized above in Section 314(b)? Financial institutions and any association of financial institutions? An “association” can be a tremendously powerful tool when coupled with Section 314(a). Richards describes a scenario where these largest FIs get together to form an information sharing association under 314(b), which not only allows them to share certain information but provides legal protections when doing so, and then the association can work proactively with FinCEN and law enforcement to receive and send names of known targets under 314(a).

“I see this as the wave of the future,” Richards explained. “Otherwise, each individual FI is limited in what it can see and more importantly, what it can understand.” More importantly, he said, it allows FinCEN and FIs to take existing tools and use them “in a more efficient way to solve big problems like human trafficking, contraband smuggling, the opioid crisis, the fentanyl crisis, and other societal problems.”

“Information sharing associations shouldn’t be limited to the biggest FIs, although Greg Baer’s testimony about the largest four FIs, out of about 12,000 in the US, filing 60% of SARs illustrates how powerful such an association could be,” Richards noted. “This association approach, even with smaller institutions, allows law enforcement to target the worst offenders and allow those FIs to better identify those targets and share information between themselves and with the government. “I think it is really positive,” he added, “but it will only work if the regulatory agencies are fully on board and encourage FIs to participate. If there is no regulatory upside for financial institutions, even the best-intentioned of them will think twice before participating in what is otherwise the right thing to do for our communities and country.”

The Southwest Border(s) – Some Background to Inform the Debate

To understand the current broo-haha about “The Wall”, you need to understand two things. First, a bit about the Mexico – United States border, or the Southwest Border that runs from San Diego/Tijuana on the Pacific Ocean to Brownsville, Texas on the Gulf of Mexico. And second, the need for, design of, and installation of a Southwest Border fence was determined just a few short years ago with the Secure Fences Act of 2006.

First, the Southwest Border is really two different borders, both geographically and politically.

The Geographic Southwest Border

The first third or about 700 miles runs from the Pacific Coast in a series of straight lines: from San Diego to the Colorado River at Yuma, Arizona; 20+ miles down the Colorado River; southeast to Nogales; east-southeast into New Mexico where it jogs north, then east to El Paso/Ciudad Juarez. The second part of the Southwest Border then follows the middle (technically, the deepest channel) of the Rio Grande River about 1,260 miles.

Currently (early 2019), there are various types of fencing – primary pedestrian and vehicle fencing being the two most common – along 650 of the 1,954 miles of the Southwest Border. This is shown in the image below.

The Political Southwest Border

In 1907 President Ted Roosevelt signed what became known as the “Roosevelt Reservation”, which created a 60 foot buffer on the US side of the US/Mexico border in most of California, Arizona, and New Mexico. He was able to do so because the land along the border was federal land (there were a few places that had been in private hands before these states joined the Union that were essentially grandfathered or exempted from the Roosevelt Reservation). But the 60-foot buffer did not apply to any land in Texas, because Texas had retained title to all land before it became a state. The result is critical: although the US Government needs to get permission to traverse private land to get to the border, it owns that border land and can build fencing or a wall without seizing (and compensating) private land owners.  That is not the case in Texas, where eminent domain challenges have become common – and expensive and time consuming – when it comes to building a border wall.

The Secure Fences Act of 2006

In 2005 President Bush launched the Secure Border Initiative to enhance the security at ports of entry and along the ~2,000 mile US Mexico and ~5,500 mile US Canada borders. The enhancements ran the gamut: from more personnel to new technologies, infrastructure, and fencing.

In September 2006, Congressman Peter King (R. NY) introduced the Secure Fence Act of 2006, an “Act to establish operational control over the international land and maritime borders of the United States.” It was a simple, three-section, two-page bill. It passed the Republican-controlled House one day later, on September 14, 2006, by a vote of 283-138. Sixty-four Democrats voted in favor of the Bill: Nancy Pelosi voted against it. On September 29th the Senate approved the Bill 80-19, with 26 Democrats voting in favor, including Joe Biden, Chuck Schumer, Hilary Clinton, and (then Senator) Barack Obama.  President Bush signed the Bill into law on October 26, 2006. The Bill was simple and short: it called for “achieving operational control on the border” through “systematic surveillance” and “physical infrastructure improvements” (section 2), and “construction of fencing and security improvements in the border area from the Pacific Ocean to the Gulf of Mexico.”

At the time of the Secure Fence Act of 2006, there was about 110 miles of existing walls or fencing. The Department of Homeland Security determined that a total of about 670 miles of fencing was “most practical and effective”, and that they could build another 260 miles of vehicle walls or barriers and 290 miles of “primary pedestrian” fencing, at a total cost of $2.3 billion. Essentially, what DHS determined was that they could fill in the rural and urban gaps in the ~700 miles of overland border from California across Arizona and New Mexico (leaving some gaps in the “remote” sections), and fence the urban and border crossing areas of the ~1,260 miles along the Rio Grande River from El Paso to the Gulf of Mexico. They determined that installing fencing along most of the Rio Grande River border was either impractical or ineffective.

By 2007 the DHS had established a Fence Lab at Texas A&M University to test and determine how to build the various types of walls or fencing, and where and how to install it. The DHS was given until December 31, 2008 to design, test, and install the ~550 miles of new fencing.

The budgets for the Secure Border Initiative – which included the new fencing – were set at $1.5 billion for Fiscal Year 2007, $1.225 billion for FY 2008, and $775 million for FY 2009.

The Southwest Border Fencing Results

A DHS Office of Inspector General Report from April 2009 (OIG-09-56) titled “Progress in Addressing Secure Border Initiative Operational Requirements and Constructing the Southwest Border Fence” found that DHS was only 55% finished constructing the pedestrian fencing (making up 370 of the total of 670 miles of fencing) and 51% finished constructing the vehicle fencing (300 miles). It noted four other interesting things: first, none of the nine approved fence prototypes were made of concrete. Second, the delays were caused, in part, from the eminent domain cases in federal court in Texas, of which there were an estimated 300. Third, the original cost estimates were much too low. And fourth, the cost of civilian contractors building and installing the fencing was as much as four times as the costs if the military built and installed the fencing. Note that all 548 miles of new fencing (and a total of 670 miles of fencing) was completed by 2010. The OIG report is at https://www.oig.dhs.gov/assets/Mgmt/OIG_09-56_Apr09.pdf.

Economic Impact of the Southwest Border Fencing

An excellent history of the Safe Fences Act and the economic impacts of a border wall can be found in a November 2018 paper available at https://www.nber.org/papers/w25267 titled “Border Walls”. The abstract for that paper provides:

Border Walls

Treb AllenCauê de Castro DobbinMelanie Morten

NBER Working Paper No. 25267
Issued in November 2018
NBER Program(s):Development EconomicsInternational Trade and Investment

What are the economic impacts of a border wall between the United States and Mexico? We use confidential data on bilateral flows of primarily unauthorized Mexican workers to the United States to estimate how a substantial expansion of the border wall between the United States and Mexico from 2007 to 2010 affected migration. We then combine these estimates with a general equilibrium spatial model featuring multiple labor types and a flexible underlying geography to quantify the economic impact of the wall expansion. At a construction cost of approximately $7 per person in the United States, we estimate that the border wall expansion harmed Mexican workers and high-skill U.S. workers, but benefited U.S. low-skill workers, who achieved gains equivalent to an increase in per capita income of $0.36. In contrast, a counterfactual policy which instead reduced trade costs between the United States and Mexico by 25% would have resulted in both greater declines in Mexico to United States migration and substantial welfare gains for all workers.

Some highlights from that report include:

  • The researchers divided the 1,954 mile Southwest Border into 1,000 identically-sized segments: 22% had a wall in 2006 and 51% had a wall by 2010
  • Of the 781 segments in 2006 without a wall or fencing, the likelihood of getting new fencing was reduced by 83% because they were along the Rio Grande River and reduced by 23% if the terrain was mountainous. They also looked at the likelihood of fencing in remote, rural, and urban areas
  • According to the Pew Research Center, 50% of the 11.6 million Mexican-born population living in the United States in 2016 was in the United States illegally
  • There are 17 border cities and towns that have traditionally been used as crossing points: 60% were fenced before the Secure Fences Act and 90% were fenced after
  • The US Border Patrol divides the Southwest Border into nine sectors: the 2007-2010 wall/fence expansion occurred in six of the nine, but not the three sectors in Texas (Big Bend, Del Rio, and Laredo)
  • “the wall changed relative migration patterns between Mexico and the United States, although our estimates imply that the direct impact on migration was small” (page 16)
  • “a wall expansion that builds along half the remaining uncovered border would result in 144,256 fewer Mexican workers residing in the United States, causing the US real GDP to decline by $4.3 billion … as a result, we do not find any evidence that a larger border wall expansion would have substantially different impacts from the Secure Fence Act.” (page 35)

Summary & Conclusion

In summary, there is currently ~650 miles of fencing along the ~1,950 mile Southwest Border. Most of that – about 550 miles – was built between 2007 and 2010 as a result of the Secure Fences Act of 2006 and a recommendation from the Department of Homeland Security that 670 miles of fence was “most practical and effective.” In February 2018 the Department of Homeland Security, in response to the President’s proposed budget, stated that they needed $1.6 billion to support the construction of 65 miles of new border wall system. See, https://www.dhs.gov/news/2018/02/12/department-homeland-security-statement-president-s-fiscal-year-2019-budget.

In conclusion, I offer no conclusion. Rather, I trust that this information provides you with some information to form your own conclusions as the debate continues in Washington DC and on Twitter and cable news about the need to build (and pay for) more fencing or walls along the Southwest Border.

Managing Through Change – How to Survive and Succeed

“If you don’t like change, you’re going to like irrelevance even less.” – General Eric Shinseki

“New ideas pass through three periods: (1) It can’t be done; (2) It probably can be done, but it’s not worth doing; and (3) I knew it was a good idea all along!” – Arthur C. Clarke

Everybody – and every organization – reacts differently to change, whether incremental, small changes such as a tweak to a policy or procedure; or massive organizational changes such as the elimination of a business or the imposition of a public order. Understanding these dynamics is critical in managing change. The notes below are taken from three books I’ve read on change management: Kotter’s “A Force for Change: How Leadership Differs from Management”; Kruger’s “Change Management Iceberg”; and Trice & Beyer’s “The Culture of Work Organizations”. Some of these points are obvious and known, others are not so obvious … but keeping all of these in mind as you personally navigate change or are responsible for leading a project implementing organizational change will help you, and your team and organization, succeed.

Change must occur in eight phases, in order:

  1. Establish a sense of urgency
  2. Create a coalition
  3. Develop a clear vision
  4. Share the vision
  5. Empower the people in order to clear obstacles
  6. Secure short-term wins
  7. Consolidate and keep moving
  8. Anchor the changes

There are four reasons why people resist change:

  1. Parochial self-interest
  2. Misunderstanding due to poor communication or lack of communication
  3. Low tolerance to change (physiological, cognitive, emotional)
  4. Different assessments of the situation

The way(s) to deal with change can be put into six buckets:

  1. Education and communication – inform and educate about the change before trying to implement it to keep the noise down
  2. Participation and involvement – particularly of those that are or are expected to resist
  3. Facilitation and support – to deal with fear and anxiety during the change process, particularly where there will be, or perceived to be, lost jobs
  4. Negotiation and agreement – with the people/group(s) that will be most adversely impacted by the change and can influence the outcome
  5. Manipulation – when nothing else works. Caution!
  6. Coercion – explicit and implicit … where speed is essential but only as a last resort

There are four groups of people in any change management effort:

  1. Known Proponents/Promoters – positive general attitude about change and a positive behavior towards the change
  2. Potential Promoters – positive general attitude about change but not yet convinced that this change effort is positive
  3. Known Opponents – negative general attitude to change and negative behavior to this particular change effort
  4. Hidden Opponents or Opportunists – a negative general attitude but they act like they’re supportive, and otherwise actively or passively resist and obstruct change

There are eight reasons why many change efforts fail:

  1. Allowing too much complexity
  2. Failing to build a sustainable coalition
  3. Not understanding the need for a clear vision
  4. Failing to clearly communicate the vision
  5. Permitting roadblocks against the vision
  6. Not planning for short-term results and then not realizing them
  7. Declaring victory too soon
  8. Failing to anchor the changes into the company’s culture

Managing Meetings – How to Increase Your Effective Staffing Level by 25% … Without Adding Any Staff!

How many of us dread those needless conference calls where the first ten minutes are spent re-capping what was just said to those that dial in late, and the host asking time and time again, “hi, I heard another beep, who just dialed in?”? And how many of us have thought “I just spent an hour in a meeting that could have been handled in an e-mail?”

Meetings, whether in-person, on conference calls, or the hybrid Skype or WebEx call, take up an enormous amount of any risk management professional’s time. Here’s a rough estimate:

You average four, one-hour meetings a day, five days a week, fifty weeks a year. That is 1,000 hours of your time. If your risk management team is made up of 100 people, all with roughly the same experience, that is 100,000 hours of your risk management time spent in meetings and on conference calls, leaving 100,000 hours for really managing risk.

If you could eliminate just one of those four daily meetings, and reduce two of them from the standard one hour to 45 minutes, and reduce the fourth to 30 minutes, you’d add 50,000 “real work” hours to your team’s year. That is the equivalent of increasing your effective staffing by 25%, without adding any staff.

“Time is a large company’s most poorly managed resource”, writes Michael Mankin of Bain & Co. in a May 2014 Harvard Business Review article titled “Your Scarcest Resource”. Mr. Mankin also writes that while all organizations carefully manage their capital and liquidity, most organizations do not manage their time, which is often squandered on long e-mail chains, needless conference calls, and countless unproductive meetings.

Mr. Mankin offers some wonderful ground rules for how many people to have at a meeting. He writes that meeting size depends on purpose:

  • Weighing a problem – 4 to 7 people. Each person should have a purpose, and neither spectator nor color commentator count as being purposeful
  • Making a decision – 4 to 7 people. And Mr. Mankin admonishes the reader to follow the Rule of Seven: for every additional meeting participant over seven, the likelihood of making a sound decision goes down by 10%
  • Setting the agenda – 5 to 15 people. These should be limited to huddles or stand-up meetings (less than 15 minutes) are best for setting an agenda for a project or initiative. There is no need to get comfortable
  • Brainstorming – 10 to 20 people. Also huddles or stand-up meetings

In an article posted online, Leda Glyptis writes “we spend time calculating how much time we will need to do things we haven’t spent the time understanding. We spend time to question our colleagues’ good intentions. We spend time (heaps and heaps of time) to discuss and mitigate risks, syndicate decisions and allocate resources. We spend time as if it wasn’t money, doing the one thing that is not irreversible for fear of doing a dozen things that are. We squander the one resource that can never be replenished to protect those that can.”  (https://www.bankingtech.com/2018/04/waste-not-want-not-time-as-the-most-undervalued-resource-in-banking/?utm_medium=email&utm_source=fintechweeklycom, “Waste not want not: time as the most undervalued resource in banking”, by Leda Glyptis. Accessed April 12, 2018).

What can you do to squander less time, become more productive, and start enjoying your work more? Here are some ideas to help with meetings and with the main focus of meetings, the dreaded PowerPoint deck:


  1. Only accept meeting invitations where there is an agenda, purpose, and you have a defined role. Otherwise, you are a spectator (or, even worse, the dreaded color commentator) to your own loss of that time. By the way, sending a note or calling a meeting organizer to question the purpose of the meeting and your expected role and deliverable is a tough thing to do … but it’s worth doing. I once sent a “decline” response back to a meeting organizer with a note that I was declining the meeting for me and one of my team members because (1) another team member was invited and could speak for the entire team, and (2) I had no discernible role. The meeting organizer angrily called me up, accusing me of being disrespectful of his meeting: I told him that I was simply trying to be more efficient and, with fewer people cluttering his meeting, making his meeting better. He had no response.
  2. If there is more than one person from your team invited to the meeting, look very closely at whether both (or all) of you are required participants. If not, decline with an explanation that X can handle it for your team. This also empowers your team members: they’ll appreciate that the boss has put them in charge, even if just for that meeting!
  3. Why are most meetings an hour long? Make all of your meetings 15, 30, or 45 minutes long. If you can’t solve something in less than an hour, you’re not going to solve it. And, as a host of a meeting with some or all of the participants on the phone, remind participants before the meeting that it will start on time, and anyone coming in late will simply have to catch up on their own. Avoid the trap of having the first 10 minutes of every call spent re-capping the first 2 minutes for the people continually dialing in 2, 4, 6 minutes late.
  4. End your meeting 5 minutes early – people will love you for it. And don’t be afraid to end a meeting 10 minutes in if you’ve accomplished what you need to accomplish, or necessary participants aren’t there.
  5. Your meetings should be true to the Mankin Rule of Seven. I’ve tried this – it works.
  6. Don’t invite anyone without telling them the purpose of the meeting, his/her role, and what is expected for preparation, and the deliverables expected to come out of the meeting. People perform better if they are prepared, have a purpose, and know their role.
  7. Look at your calendar: back-to-back (and back-to-back-to-back) meetings are less productive than meetings spread out enough to give you time to prepare before the meeting and act after the meeting (and get to, or dial into, a meeting). So avoid back-to-backs when you can.
  8. Standing meetings are generally less productive than ad hoc meetings.
  9. If you’re a slave to your Outlook calendar, block off time to think each day. Don’t allow yourself to be backed into the back-to-back-to-back days that are becoming all too common.

“Decks” or Presentations (PowerPoints)

  1. PowerPoint may be one of the worst ways, or at least one of the most inefficient ways, to communicate. What takes 10 pages in a PowerPoint deck can be reduced to 1 page in Word.  And in Word, people tend to use things like sentences, and express complete thoughts. We’ve all read that meme about “if Lincoln’s Gettysburg address was done in PowerPoint” … https://norvig.com/Gettysburg/ is the best one I’ve found.
  2. Instead, follow the Amazon/Bezos rule, where it/he has banned PowerPoints for executive meetings and uses narrative-styled, 6-page maximum memos (2017 Annual Report shareholders’ letter, Bezos writes “We don’t do PowerPoint (or any other slide-oriented) presentations at Amazon. Instead, we write narratively structured six-page memos. We silently read one at the beginning of each meeting in a kind of ‘study hall.’”). At worst, impose a 10-page rule on PowerPoint presentations. And, when possible, print double-sided and in black and white: help save the planet.
  3. Insist on an Executive Summary that has a problem statement, presents at least two and no more than four options, and a suggested solution. And then understand that few people will go beyond that summary.

The Paretto Principle, or the 80/20 Rule, tells us that 20% of our time provides 80% of the value … which means that 80% of what you do provides very little value. So begin to track what you do, how much time you spend, and whether it really adds value and makes a difference.  But pay special attention to the time you spend in meetings. My guess is that if you worked at it, and gave discipline to your team and those using your team’s time, you could be much more efficient, effective, and happy.  Try it!

(another good resource for learning how to better use time is Laura Vanderkam’s book “Off The Clock: Feel Less Busy While Getting More Done”)

Subject Matter Experts vs. Subject Matter Enthusiasts

Like most industries, the financial crimes risk management industry is rank with jargon, axioms, and hackneyed phrases we all toss around with plenty of abandon but little discipline.  Rising to the top of this heap is “Subject Matter Expert” or “SME”.

More important to the success or failure of any endeavor than the self-styled Subject Matter Expert is the dreaded Subject Matter Enthusiast.  The Expert is just that: someone with talent, training, subject matter knowledge, environmental knowledge, and years of experience (and not just one year of experience many times, but many years of experience). The true Expert doesn’t see him or herself as an expert, won’t call himself (I’m going single pronoun from here on, if that’s OK) an expert, probably doesn’t see himself as an expert, but he possesses those traits, or enough of them, to truly be, and be seen as, a Subject Matter Expert.  The Enthusiast, on the other hand, often calls himself an Expert when he isn’t, or thinks of himself as possessing enough of as many of the traits needed to pass himself off as an Expert. The Enthusiast overcomes his lack of true expertise with just enough confidence, hubris, and (frankly) enthusiasm to move a project ahead or design a monitoring system just long enough to allow auditors, regulators, and prosecutors to catch up … and for the experts to bail him (and the project or monitoring system) out.

A Subject Matter Enthusiast usually means well but isn’t the “expert” he thinks he is. Unwittingly, he can cause all sorts of damage (note that the word immediately after “enthusiasm” is “entice” … indeed, Enthusiasts often entice people into doing things they wouldn’t otherwise do). And as a rule, a business person in a typical financial institution is a Subject Matter Expert in their business and a Subject Matter Enthusiast in your business (financial crimes risk management), and risk management professionals are Subject Matter Experts in risk and Subject Matter Enthusiasts about the businesses. The trick is to be respectful of and acknowledge where each other’s expertise begins and ends, and enthusiasm begins and ends, and somehow meet in the middle.

Oddly enough, most of us in the financial crimes risk management industry are a little bit of both: we may be an Expert in technology and an Enthusiast in AML, or an Expert in auditing and an Enthusiast in AML, or an Expert in AML and an Enthusiast in technology … the key is to recognize where (whether) your Expertise begins and ends, and where your Enthusiasm begins and ends, and to know where your colleagues fall on the Expertise/Enthusiasm spectrum.  And the most successful financial crimes risk management efforts are those where everyone involved in the effort knows where his and everyone else’s expertise and enthusiasm begin and end, and where everyone is respectful of and accepts others’ expertise.

This seems particularly important in this new age of disruptive fintech. I’ve seen some great fintech companies that are technology experts but financial crimes enthusiasts but aren’t aware (or aware enough) of their lack of financial crimes expertise and are not respectful enough of the financial crimes expertise of those they’re trying to sell to.

So, the next time you’re pulling together a team to solve any financial crimes problem – and that team can include fintech companies looking to sell you a “solution” – make sure everyone on the team recognizes and is aware of every team member’s Expertise/Enthusiasm spectrum. Knowing, and admitting, where/whether your expertise begins and ends, and your enthusiasm begins and ends, will make your team, and project, a success.

(Thomas Friedman had a different twist on subject matter enthusiasts in a NYT Op/Ed from April 24, 2001, where he wrote: “The well-intentioned but ill-informed being led by the ill-intentioned but well-informed.”)

“The Courage To Change” Podcast has been published


Please take the time to listen to Jo Ann Barefoot’s podcast. The notes provide:


We’re moving into a new era of regulation and compliance that will be driven by new technology. Most of our listeners know I’ve co-founded a regtech firm, Hummingbird, to help bring this new model, first, to anti-money laundering, which is widely seen as the arena where the old compliance model is most broken, and where new technology could go the farthest, fastest, to solve everyone’s problems — by both improving outcomes and cutting costs. There is a growing global “regtech” community, in both the public and private sectors, aiming to transform financial regulation and compliance, and specifically to make them both digitally-native, with all the power of digitization to make everything better, faster, and cheaper, all at once.

Executing this transformation will take imagination, vision, wisdom and even courage, which is why I invited today’s guest to join us.  He is Jim Richards, founder of the new firm, RegTech Consulting, and I think he used the word “courage” six times, in our talk.  We sat down together at this year’s LendIt conference in San Francisco, just a few days after Jim had retired from his position as the Bank Secrecy Act Officer and Global Head of Financial Crimes Risk management at Wells Fargo, a job he held for more than twelve years. He’s also an attorney and a deep expert in financial crime.

Jim is famously outspoken. He’s also funny (he says the book he wrote on transnational financial crime sold more copies in Russian than in English. Most of all, though, he’s frustrated. He thinks we can do better in fighting financial crime.

I do too. According to the United Nations, there’s about $2 trillion in global financial crime each year, and we’re catching less than 1 percent of it. To achieve these paltry results, the financial industry spends around $50 billion a year. In other words, launderers can fund terrorism and amass wealth by trafficking in drugs, weapons, and human beings, with very little risk of getting caught. No wonder financial crime is a growing global business.

Jim says that the heart of this problem is that incentives are misaligned, which means resources are too. He thinks we’ve built a regulatory system that does not reward effectiveness but instead prizes compliance “hygiene.” The theory of the system, of course, is that banks’ careful compliance with the AML regulations should lead to high levels of effectiveness in helping law enforcement stop financial crime. Possibly, in an earlier era, it did. Today, though, there is a massive mismatch between the compliance activities required by our regulations and the desired outcomes — partly because the technology of both money laundering, and anti-money laundering, has shifted under our feet. And today’s methods can’t scale up.

Like many people in the AML world — including me — Jim envisions a better system in which, mostly through newer technology, we could take some of the thousands of people and billions of dollars devoted to this effort and redirect them to drive better results, and cut the costs, too.

He has lots of ideas. They include updating the rules on Currency Transaction Reports; fixing the Know Your Customer process through more information standardization, prescreening, and data sharing; addressing the new beneficial ownership requirements (which he calls a tsunami hitting banks and their small business customers; and resolving what he calls “The Clash of the Titles” — the four titles of the US Code that govern financial crime. He suggests getting law enforcement input into financial regulators’ enforcement efforts. He has thoughts on how AML and fraud detection overlap and differ. He says there’s a lot to learn from how fintech companies do AML since they generally have good data and new systems. Like our previous Barefoot Innovation guest, Ripple’s Chris Larsen, Jim sees a useful model in how global trade was transformed by the advent of standardized shipping containers, as explained in Marc Levinson’s book, The Box.

A key issue is transaction monitoring (although Jim vigorously argues that term is obsolete). The law requires banks to monitor their customers’ activity and report suspicious patterns.  Today, this process, systemwide, produces huge over-reporting of meaningless alerts that drown both bank personnel and law enforcement in low-value information they don’t have the tools to analyze. It’s a perfect use case for AI, which Jim says Wells Fargo began using in AML as early as 2008 and is now building further under his successor, Graham Bailey (whom Jim calls a genius, the best AML technologist in the industry).

Jim says that banks like Wells Fargo devote less than ten percent of their AML compliance people to working on sophisticated, complex crime, while the other 90+ percent do regulatory compliance, just “crunching through the volumes.”  This is at a time when the crime itself is getting more and more sophisticated because the worst criminals are adopting new tech and are building global networks, most of which we can’t find with current methods. He makes the case that it would be good to flip that and deck the 90 percent against the big problems. We already have the technology to do that, both in process and analytics. We just need to enable the system to adopt it, for both government and industry.

The original AML law in the United States, the Bank Secrecy Act, is approaching the half-century mark. It’s been modernized and automated along the way — FinCEN has brought in a lot of automation — but the system doesn’t yet leverage the newest technology. It needs to shift to digitally-native design, probably with open source technology that can enable new, efficient, effective approaches, system-wide. A few weeks after we recorded this episode, I hosted a roundtable in Washington where experts from across the AML ecosystem — large and small banks, fintechs, regtechs, bank regulators, trade groups, Congressional staff, academics and, crucially, law enforcement — spent a day together thinking through next-generation AML. The new Comptroller of the Currency, Joseph Otting, has made AML modernization a top priority. Change is coming.

And it’s attracting great people, including great tech people, into solving these problems, including many who, a year ago, would surely have laughed to hear Jim Richards say, as he did to me, that BSA Officer is “the most fascinating job you can have in banking.”  People think compliance is boring. They’re wrong. It’s fascinating, and it’s important.

Jim has founded his new firm, RegTech Advisors, to, as he puts it, “develop the next generation of professionals, technologies, programs, and regimes and really make a difference.” He thinks doing that will take courage… including the courage to make some mistakes. That’s a type of courage that doesn’t come easily to the regulatory sector, but we’re going to have to develop it.

Jim Richards featured in two podcasts

Thomson Reuters Legal Executive Institute podcast on the beneficial ownership rule, with Holly Sais Phillippi, Partner Director in Governance, Risk & Compliance for Thomson Reuters Legal; Brett Wolf, Reuters senior financial crimes correspondent; and Jim Richards.

American Bankers Association/American Bar Association (ABA/ABA) Financial Crimes conference podcast with Ryan Rasske, Senior VP, Risk & Compliance, ABA’s Professional Development Group, available at https://www.youtube.com/watch?v=gDCnAujJHMA&feature=youtu.be (“Jim Richards, former BSA Officer at Wells Fargo and currently the Principal at RegTech Consulting LLC, talks with ABA’s Ryan Rasske about the synergy between BSA/AML, fraud and cyber-enabled crimes, including the focus on clean data to fight financial crimes. Learn more about the ABA/ABA”)

For all of the great ABA/ABA Financial Crimes podcasts, go to the “Experience Page” at https://www.aba.com/Training/Conferences/Pages/fce-podcasts.aspx

Dress Appropriately – AML Policies, Procedures, and Policedures

“As chief executive at General Motors, Mary Barra practices what she preaches. Her management philosophy is epitomized by GM’s workplace dress code—which is equally brief, and also an antidote to the restrictive, wallet-draining policies at many large corporations. It reads, in full: ‘Dress appropriately.’”

Much can be learned from this when it comes to writing BSA/AML policies (what you must do), procedures (how you must do it), and policedures (those bridge-too-far documents that describe what to do and how to do it).  Tremendously detailed and prescriptive policies and procedures are usually impossible to adhere to on a day-to-day basis, invariably ignored in times of stress, and often turned against you by regulators and prosecutors.  Granted, a two-word policy may not cut it with regulators or those in the implementation trenches, but a general rule to follow may be that you keep your policies below 1,500 words: after all, if the US Colonies can declare their independence from Britain in 1,458 words, a decent BSA Governance team can declare that a bank adhere to customer due diligence regulations in 1,458 words (or less).

A common policy drafting mistake is to assume that the theory of the policy will translate into sound practice in the front line units. As the great philosopher Yogi Berra said, “in theory there is no difference between theory and practice: in practice there is.” So give your policies and procedures (and your policedures) to those people in your organization that are supposed to be following them, and have them tell you whether the practice of implementation meets the theory of compliance.

And on a related note, if your program is replete with “Roles & Responsibilities” documents and intra-company service level agreements, take another look at your corporate policies and line of business procedures: R&Rs and SLAs are often manifestations of the failure to write policies and procedures that can actually be understood and followed.