BSA/AML Compliance Programs are Important, but Providing Timely, Actionable Intelligence to Law Enforcement Should be the Goal

Eighteen months ago I called for a renewal of the original purpose of the Bank Secrecy Act: with recent changes – and more expected changes – to the FFIEC’s BSA/AML Examination Manual, I’m renewing that call.

On April 15, 2020, state and federal bank regulatory agencies, through the Federal Financial Institutions Examination Council (FFIEC), updated one of the six main sections of the FFIEC’s BSA/AML Examination Manual, the section titled “Core Examination Overview and Procedures for Assessing the BSA/AML Compliance Program.” What the regulators haven’t (yet) updated are the Introduction that precedes the newly-updated section, the core examination section on the regulatory requirements, the two expanded examination sections on products and services, and persons and entities, respectively, the expanded examination section on compliance compliance programs, and the twenty appendices.

So perhaps there’s time to influence their thinking.

The stated purpose of the Manual is to provide instructions to examiners as they assess the adequacy of a bank’s BSA/AML compliance program. But the Manual is much more than that: indeed, it could be called the “BSA/AML Program Design, Development, Testing, Auditing, and Examination” Manual. It is the proverbial Bible, Torah, and Koran for everyone involved in BSA/AML. It sets the tone, as well as expectations, for everyone involved in BSA/AML, not just examiners. What is written in the Manual is critical, because the Bank Secrecy Act, or BSA is critical: “The BSA is intended to safeguard the U.S. financial system and the financial institutions that make up that system from the abuses or financial crime, including money laundering, terrorist financing, and other illicit financial transactions.” So says the Introduction section of the Manual, at page 7.

That same Introduction section also includes this:

“Banking organizations must develop, implement, and maintain effective AML programs that address the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system. A sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions.” (emphasis added)

Eighteen months ago, Verafin released my White Paper titled “50 Years of the Bank Secrecy Act: It’s Time to Renew the Purpose of Providing Actionable Intelligence to Law Enforcement”. The Paper is available at https://verafin.com/resource/50-years-bank-secrecy-act/. I conclude with the following:

“I, and many others, believe that providing timely and actionable intelligence to law enforcement is critical to the successful prevention of illicit activity. Of course, as outlined in the FFIEC manual, a sound BSA/AML compliance program provides the necessary foundation for providing that intelligence. With that in mind, a first step in reforming the BSA/AML regime in the United States may be changing the language of the Manual itself. I propose that the language is changed from ‘a sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions…’ to ‘providing timely and actionable intelligence to law enforcement is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions, and a sound BSA/AML compliance program provides the foundation for the ability to provide that intelligence.’ The change is subtle but important as it strengthens and focuses the very purpose of the BSA. Providing actionable, timely intelligence to law enforcement, while maintaining sound but rational programs, should be the new goal.”

I believe that a financial institution should be supervised, examined, and judged first and foremost on whether it is providing timely, actionable intelligence to law enforcement over whether the hundreds or even thousands of BSA compliance program requirements are ticked and tied and documented. Having an effective – or to use the new adjective in the just-released update – “adequate” BSA/AML compliance program is critically important, but it shouldn’t be the only defense, or even the primary defense from money laundering, terrorist financing, or other illicit financial activity.

So my suggestion to the FFIEC is this: on page 7 of the current Introduction section, replace:

“Banking organizations must develop, implement, and maintain effective AML programs that address the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system. A sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions.

With:

“Banking organizations must develop, implement, and maintain effective AML programs that address the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system. Providing timely and actionable intelligence to law enforcement is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions, and a sound BSA/AML compliance program provides the foundation for the ability to provide that intelligence.”