Public-Private Partnerships: Financial Crime Specialist Jim Richards Discusses Effective and Efficient Information Sharing under the USA PATRIOT Act

Thanks to my friend and financial crimes colleague Gina (Scialabba) Jurva of the Thomson Reuters Legal Executive Institute for the article. We did the interview and article back in November 2018 and it was recently published on LEI’s website. It’a available at:


The text of the article is reproduced below:

With an average of 55,000 new financial institution filings each day — known as Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) — the Financial Crimes Enforcement Network, (FinCEN) is busy. FinCEN, a bureau within the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence (TFI), is the arm of our government charged with safeguarding the financial system from illicit use, combating money laundering, and promoting national security.

Those CTRs and SARs are filed by individual institutions acting alone and, for the most part, are the result of each institution monitoring its own customers’ cash and other transactions and reporting large cash transactions and suspicious transactions. But since the passage of the USA PATRIOT Act, a law enacted in response to the 9/11 terrorist attacks, there have been provisions to allow for the sharing of information between the government and financial institutions, and amongst financial institutions. These provisions – contained in section 314(a) and 314(b) of Patriot Act, authorize FinCEN to share law enforcement and regulatory information with financial institutions (FIs) on individuals, entities, and organizations reasonably suspected of engaging in terrorist financing or money laundering activities, and vice versa.

“The notion of information sharing was there before the PATRIOT Act, but no one had an appetite for it without any statutory protections,” said Jim Richards, Founder of RegTech Consulting, and former Bank Secrecy Act (BSA) Officer and Global Head of Financial Crimes at Well Fargo & Co.

Richards says this is an incredibly powerful tool that has been on the books for more than 15 years; and, when used properly, has provided valuable data to disrupt money laundering and terrorist financing. But, as with anything, Richards believes there are some improvements to be made. “There are ways we can utilize these tools to be more efficient and more effective for banks and law enforcement,” he said, adding that this includes combining parts of the law together in a smarter way.

Section 314 (a) and 314 (b): What’s the Difference?

But first, a crash course on sections 314(a) and 314(b).

  • Section 314(a): Mandatory Information Sharing between Law Enforcement and Financial Institutions — This subsection deals specifically with information sharing between law enforcement via FinCEN and FIs. Law enforcement agencies investigating a crime related to terrorism or money laundering, via a FinCEN request, can ask FIs to search their records to determine whether they maintain or had maintained accounts for, or engaged in transactions with, any “individuals, entities, and organizations reasonably suspected of engaging in terrorist acts or money laundering activities.” Essentially, FinCEN is the gatekeeper for all information requests.
  • Section 314(b): Voluntary Information Sharing Between FIs — Here, two or more FIs and any association of financial institutions (emphasis added, don’t worry, we will get back to that), may share information with one another “regarding individuals, entities, organizations, and countries suspected of possible terrorist or money laundering activities.” Simply put, this is an information-sharing mechanism to help disrupt financial fraud crimes by and among those FIs that elect to participate.

Keep in mind, Section 314(b) is a voluntary information-sharing tool; FIs are not required to register with FinCEN, nor share information.

Section 314(a) activities, however, are mandatory, and FIs must comply with FinCEN information requests. These information requests are limited in scope to terrorism activities (see 18 U.S.C. 2331) and money-laundering activity (see 18 U.S.C. 1956).

Powerful stuff, right? “Before the PATRIOT Act, we couldn’t do that,” Richards notes. Powerful, but not without its share of controversy.

Breaking Down a Section 314(b) Request

Let’s say Bank A and Bank B are registered with FinCEN under Section 314(b). Bank A is investigating an account owned by Jim for the purposes of filing a SAR. If Bank A sees that Jim has been sending money to Gina at Bank B, Bank A can request that Bank B provide transaction information.

Then Bank B can respond with “we aren’t telling you anything” or can say, “Gina has banked with us for 20 years, she owned a flower shop. We saw these transactions and have no concerns.”

The problem, Richards notes, is that because Section 314(b) information-sharing is not mandatory, it also creates more roadblocks. “If you have a certain time in which to file a SAR, and Bank B isn’t getting back to you, what do you do?” he said. “It creates a level of complexity that not many FIs want to deal with. Also, regulators are reluctant to criticize an FI for not participating in a voluntary program but can criticize a participating FI for any failures in doing so, so many FIs simply decide to save themselves from regulatory issues by not participating in an otherwise valuable program.”

Combining Sections 314(a) and 314(b): A New Approach to the PATRIOT Act

In Congressional testimony earlier this year, a witness testified that “of the roughly one million SARs filed annually by depository institutions (banks and credit unions), approximately half are filed by only four banks.” What if FinCEN and these four largest financial institutions worked together to share information? And what if they did that with tools already in the anti-money laundering (AML) toolbox?

Here’s how. Remember the language we emphasized above in Section 314(b)? Financial institutions and any association of financial institutions? An “association” can be a tremendously powerful tool when coupled with Section 314(a). Richards describes a scenario where these largest FIs get together to form an information sharing association under 314(b), which not only allows them to share certain information but provides legal protections when doing so, and then the association can work proactively with FinCEN and law enforcement to receive and send names of known targets under 314(a).

“I see this as the wave of the future,” Richards explained. “Otherwise, each individual FI is limited in what it can see and more importantly, what it can understand.” More importantly, he said, it allows FinCEN and FIs to take existing tools and use them “in a more efficient way to solve big problems like human trafficking, contraband smuggling, the opioid crisis, the fentanyl crisis, and other societal problems.”

“Information sharing associations shouldn’t be limited to the biggest FIs, although Greg Baer’s testimony about the largest four FIs, out of about 12,000 in the US, filing 60% of SARs illustrates how powerful such an association could be,” Richards noted. “This association approach, even with smaller institutions, allows law enforcement to target the worst offenders and allow those FIs to better identify those targets and share information between themselves and with the government. “I think it is really positive,” he added, “but it will only work if the regulatory agencies are fully on board and encourage FIs to participate. If there is no regulatory upside for financial institutions, even the best-intentioned of them will think twice before participating in what is otherwise the right thing to do for our communities and country.”

There Are No Drug Cartels in California, and 97% of WA Cannabis Businesses Have Checking Accounts … What We Learned in the House Hearing on Cannabis & Banking – Updated

The House Financial Services Committee’s Subcommittee on Consumer Protection and Financial Institutions held a hearing on February 13, 2019 titled “Challenges and Solutions: Access to Banking Services for Cannabis-Related Businesses”.

There were two panels of witnesses. The first panel was the Honorable Ed Perlmutter, Member of Congress (D. CO), the primary sponsor of the SAFE Banking Act of 2019. He testified passionately and with purpose on his many-years’ of effort to reform marijuana/cannabis laws, up to the just-introduced SAFE Banking Act of 2019. The second panel was made up of:

The video of the hearing – available at https://www.youtube.com/watch?time_continue=1547&v=kW7fWM04Uyc ran for a total of 4 hours and 50 minutes, less 26 minutes at the beginning when the hearing was slightly delayed and a one hour and twenty-three minute recess at the 1 hour 40 minute mark (all of this – and the time tags to follow – are for the benefit of those that may choose to watch the video of the hearing!).

First, some highlights of the written testimony of the witnesses.

California Treasurer Ma’s testimony included the following:

“The well understood Cole Memorandum offered some sense of comfort to those financial institutions skilled enough to properly know their customer, apply appropriate due diligence to the business activities of those customers, and to safeguard their banks as well as the nation’s payment system from known bad actors who violated the eight basic tenets set forth in that Memo. Unfortunately, the Cole Memorandum has been rescinded and now these financial institutions are left without even the most basic safe harbor mechanisms to guide their business decisions.”

I’d point out that this statement isn’t quite accurate. The poorly understood (in my opinion) Cole Memoranda (there were three of them) offered no sense of comfort to financial institutions, skilled or otherwise, didn’t provide a safe harbor, and remains part of the FinCEN Guidance. This was all corrected by the (excellent) written testimony of Ms. Pross:

“The compliance framework Maps utilizes to serve canna-businesses is based on the U.S. Department of the Treasury’s Financial Crimes Enforcement Network BSA Expectations Regarding Marijuana-Related Businesses (“FinCEN Guidance”). Though the February 2014 Cole Memorandum from the Department of Justice (“Cole Memo”) was rescinded in January of 2018 by Attorney General Sessions, the guidelines of the Cole Memo remain in place as part of the FinCEN Guidance.”

Ms. Pross also testified (@3:06:20) that “the FinCEN Guidance is not a safe harbor.” This is an accurate statement. And Mr. Deckard, representing the Independent Community Bankers Association, had this to say about the FinCEN Guidance:

“FinCEN Guidance (described below) does provide some assurances that a bank is complying with anti-money laundering rules if it follows the agency’s heightened SAR guidelines. However, without a statutory safe harbor, bankers rationally fear that the politics could shift against cannabis in an instant. It is telling that banks that choose to serve cannabis-related businesses are required to have an exit plan to unwind their loans, a requirement that does not exist for any other category of lending”.

The “all cash” aspects of cannabis related businesses was a central theme of the hearing. In his written testimony, Major Franklin wrote:

“Current conditions, which require all-cash transactions in every aspect of the business encourage tax fraud, add expensive monitoring and bookkeeping expenses, and – most importantly – leave legitimate businesses vulnerable to theft, robbery, and the violence that accompany those crimes.”

It may be that current conditions require all-cash transactions, but there are dozens (more than fifty have been identified by myself and others) payment providers, Point-of-Sale system providers, credit and debit card and merchant services providers that have developed end-runs around the merchant identification code requirements, card network rules, etc., in order to allow – albeit improperly – consumers to swipe or insert their AmEx, Visa, Mastercard, and Discover branded cards at cannabis dispensaries and retailers. Almost every cannabis store you will walk into accepts some sort of electronic payment – either in a closed-loop system, masked as an ATM withdrawal, masked as a cryptocurrency purchase, or using a false or deceptive Merchant Identification Code to get around the issuing banks’ controls and the network rules. Ms. Pross’s written testimony touched on this issue:

“Cannabis businesses are frequently bombarded with proposals for payment “solutions” that are unregulated (and therefore not subject to Bank Secrecy Act compliance), and their “solutions” are often very clearly a form of money laundering. We have heard of proposals involving everything from cryptocurrency to cashless “chit” mechanisms to the use of prepaid gift cards—none of which would provide the Federal government any valuable information on cannabis-related financial activity or the movement of cannabis within the United States.”

One thing that re- or de-scheduling of cannabis and cannabis-related banking reforms could accomplish is to get these unregulated and sometimes less-than-transparent businesses out of the cannabis banking environment completely. That would be a positive for everyone (except those providers of end-run, head-fake payments services).

Ms. Pross, representing the Credit Union National Association, also included quite a lot of detailed information on her credit union’s cannabis program. Her written testimony included the following:

“our organization has come to provide banking services to five hundred Oregon sanctioned cannabis businesses. That makes the cannabis banking program at Maps one of the largest in the United States … In 2017 and 2018 alone, Maps received well over $529 million in cash deposits from cannabis businesses …”.

There are roughly 250 business days in a year, so over 500 business days, Maps received, on average, over $1 million in cannabis-related cash deposits from some or all of its 500 cannabis related business members (credit unions don’t have “customers”, they have “members”). That is a lot of cash for a 250 employee, 10-branch credit union in Salem, Oregon. As Ms. Pross correctly pointed out, that is $529 million that was taken off the street and entered the banking system: she and her colleagues at Maps Credit Union should be commended for that.

Ms. Pross continued:

“To put some numbers around this compliance program, Maps filed over 13,500 individual reports related to cannabis business accounts in 2017 and 2018 alone. For more context around those numbers, Maps has filed 2,770 Suspicious Activity Reports since January 1, 2017, and 90.2% of those SARs were directly due to our filing obligations for cannabis businesses.”

Based on this, and her testimony at 4:21:05, in two years Maps Credit Union filed 11,000 CTRs over approximately 500 business days, or an average of 22 CTRs per day on an average of $1 million in cannabis-related cash deposits (not all of which would have hit the $10,000.01 threshold for filing a CTR).

But the SAR testimony is more interesting. Although Ms. Pross verbally testified that “in the past two years we’ve filed nearly 3,000 marijuana-related SARs to FinCEN” and that of the 3,000, “90% related to cannabis businesses” (4:21:05), the written testimony may be more accurate. There, 90.2% of 2,770 is 2,500 SARs. The FinCEN Guidance requires banks and credit unions to file a Marijuana-related SAR every 90 days. So, if Maps has 500 CRB customers – and assuming that they had 500 CRB customers through the course of those two years, that would mean that they should have filed 500 SARs every 90 days, or 4,000 SARs in 2017-2018. They filed 2,500. Ms. Pross may need to provide some detail on the number of CRB customers it had through 2017 and 2018: simply based on this written testimony and the statement that they had 500 CRB customers, the math doesn’t seem to work.

Update – Ms. Pross did provide an update on February 14th. She wrote: “To clarify the SAR numbers, this is a growing program, so we have not had 500 cannabis business accounts for the past two years.  In fact, as of January 2017, we had 133 such accounts.  Also, it’s important to note that SAR filing requirements are effectively a 120-day reporting timeframe.  There is 90 days of activity to report and an additional 30 days to file the SAR.  While a financial institution may still report at the 91 day mark, we have an additional 30 days past the reporting timeframe to utilize as necessary.  Thanks again!”

Shifting gears, a number of the Republican Congressmen (notably Mr. Luetkmeyer (R. MO), Mr. McHenry (R. NC) and Mr. Posey (R. FL)) brought up Operation Choke Point and what they saw as an oddity that bank regulators were discouraging banks from banking certain federally legal businesses (the Choke Point issue) yet in this case there is an encouragement (through the proposed SAFE Banking Act) to bank federally illegal businesses. Mr. Deckard’s written testimony referenced Operation Choke Point. Mr. Deckard wrote:

“The memories of Operation Choke Point are still fresh. Even legal, legitimate, long-established businesses were, and unfortunately remain, subject to examiner coercion, both subtle and direct. ICBA [Independent Community Bankers Association] appreciates the ongoing work of Ranking Member Luetkemeyer and others on this committee to being an end to Operation Choke Point, just as we now seek your help in creating a safe harbor for legal cannabis businesses.”

Mr. Luetkemeyer had this interesting comment (32:42) that summarized his thinking and what appears to be lack of support for the SAFE Banking Act: “Until we modernize the BSA and anti-money laundering regulations, it would be irresponsible to open up our financial institutions to another major challenge.”

There was an interesting exchange between Mr. Tipton (R. CO) and California Treasurer Ma (3:24 – 3:27) aroudn cannabis and organized crime. Mr. Tipton stated that drug cartels can gain access to legitimate marijuana businesses, and that in Colorado, organized crime cases had tripled in the five years since legalization.[1] Treasurer Ma answered as follows (3:27:10): “The cartels actually don’t come to California anymore because of Proposition 215 [1996] and because of Proposition 64 [2016] that passed, so the legislation in our State has actually made it safer.”

Leaving aside whether the California cannabis-related legislation has actually made California safer, I don’t believe the statement “the cartels actually don’t come to California anymore”, whether because of the 1996 and 2016 propositions or not, is an appropriate statement to make. I trust that Treasurer Ma will formally retract that statement – unless, of course, it is true that drug cartels no longer come to California.

Update: On February 11, 2019 the Governor of California announced that he was pulling California’s National Guard troops from the southwest border. To effect that he issued General Order 2019-01, which among other things “authorizes up to 100 service members with critical skills to that the California National Guard can focus vital and exclusive support on combating transnational criminal organizations …”. In his state-of-the-state speech that same day, the Governor stated that he was redeploying troops to northern California “to go after illegal cannabis farms, many of which are run by cartels …”. 

Miss Porter (D. CA) asked Treasurer Ma about California’s cannabis-related tax revenue, and whether the banks that accept that revenue should also be required to provide banking services to cannabis-related businesses. Treasurer Ma replied (4:04:30) that California does business with eight banks, and “marijuana tax proceeds go into one national bank.” I was waiting to hear which national bank that was, but she neither volunteered the information nor was she asked.

For those interested, Representative Alexandria Ocasio-Cortez (D. NY) is a member of the Subcommittee and had her five minutes of time (beginning at 4:11:58). Her commentary and questions focused on what she described as the “racial wealth gap”.

Overall, I thought the introduction of the proposed SAFE Banking Act of 2019, the written testimony, and the thoughtful and respectful questions and answers, all advanced the dialogue on moving forward with responsible legislation to address the state/federal cannabis issues. As I have written many times, and most recently on January 17, 2019 (www.regtechconsulting.net/news):

“Unless and until the financial services industry gets clear, unequivocal, consistent, written laws, regulations, and guidance from Congress, Treasury, and Justice to provide banking services to marijuana-related businesses, it will and should do what it is currently doing – balancing the undue risks against the insufficient rewards – and continue to stand on the sidelines while our communities, veterans, patients, doctors, caregivers, and others suffer.”

[1] Mr. Tipton referenced a Denver Post article that referred to a Colorado government report from October 2018. That report from the Colorado Division of Criminal Justice, found that the number of court filings charged with the Colorado Organized Crime Control Act that were linked to one or more cannabis charges had gone from 31 in 2012 to 119 in 2017. Lost in the headline, though, is that the number of COCCA charges linked to marijuana dropped in 2013 to 15, and dropped again to 1 in 2014 before increasing to 40 in 2015, 81 in 2016, and 119 in 2017.

Regulatory Lag & Drag – Are There FinTech Solutions?

The RegTech, SupTech, and FinTech communities are focused on developing new technologies to speed up, simplify, and streamline financial institutions’ ability to implement new rules, regulations, and regulatory guidance. But there are two other stages of the regulatory life cycle that may be longer and more problematic for financial institutions than implementing new regulations: these are the time it takes for new regulations to be written and published (“Regulatory Lag”), and the time it takes to enforce those regulations (“Regulatory Drag”).

Time to Regulate – or “Regulatory Lag”.

This lag occurs where a new risk emerges, or a new product is introduced, or an existing product is used in new ways. There is always a lag between that new risk or product and the resulting legislative and/or regulatory response. In the meantime, institutions have to begin addressing the new risks when they first emerge – they can’t wait for new rules, regulatory guidance, and regulations to begin the multi-year people, process, and technology changes necessary to address the requirements of the regulation. Those early, pre-rule and pre-regulation efforts at building controls to address new risks can be expensive, and institutions run the risk of missing the mark and having to re-do much of what they’ve built. The best example of regulatory lag in the AML space is 9/11, which saw legislation passed in 45 days (October 2001), regulations published two years later (2003), and regulatory guidance in the form of the BSA Exam Manual two years after that (2005). Although it was only 45 days that financial institutions knew about the new information sharing provisions in section 314 of the USA PATRIOT Act, it was almost another four years before financial institutions knew how their regulators would examine their compliance with those information sharing provisions. It was this “regulatory lag” that led to my written statement (in December 2006) that “we’ll be judged tomorrow on what we’re building today, based on regulations that haven’t yet been written and best practices that haven’t been shared.”

Time to Enforce – or “Regulatory Drag”

Public enforcement actions (and prosecutions) drive a lot of compliance-related behavior in financial services. Yet there are multi-year delays between when the impugned behavior occurred and when a public enforcement action (and/or prosecution) makes them known to the industry. FinCEN’s December 2014 action against MoneyGram’s former BSA Officer is a good example: that action was made public in December 2014, and alleged violations of the Bank Secrecy Act that occurred from 2003 through May 2008, or more than 6 ½ years from the last day of the impugned activity and when the public action was taken.

What Can Technology Do To Address Regulatory Lag and Drag?

Regulatory lag and drag have been around for as long as there have been regulators. But with the world speeding up as much as it is, with new products and services, and new providers, being rolled out and created much faster than regulatory bodies can manage, there must be changes made in the entire regulatory life cycle.

FinTech providers and their customers demand a fast revolution. Regulators prefer a slow, deliberate evolution. There has to be a better way to identify new and emerging risks, to draft and communicate regulations to address those risks, and to implement the needed controls to manage those risks.

I’m not sure what can be done from a purely technology perspective to speed up regulators (and prosecutors), but the proponents of FinTech, RegTech, and SupTech solutions shouldn’t just focus on digitizing the implementation of new regulations, but on digitizing the entire regulatory life cycle: the regulatory lag between new risks and new regulations, the regulations themselves, and the regulatory drag from regulatory problem to public resolution.

Posted on LinkedIn on January 28, 2019 https://www.linkedin.com/pulse/regulatory-lag-drag-fintech-solutions-jim-richards/

The Southwest Border(s) – Some Background to Inform the Debate

To understand the current broo-haha about “The Wall”, you need to understand two things. First, a bit about the Mexico – United States border, or the Southwest Border that runs from San Diego/Tijuana on the Pacific Ocean to Brownsville, Texas on the Gulf of Mexico. And second, the need for, design of, and installation of a Southwest Border fence was determined just a few short years ago with the Secure Fences Act of 2006.

First, the Southwest Border is really two different borders, both geographically and politically.

The Geographic Southwest Border

The first third or about 700 miles runs from the Pacific Coast in a series of straight lines: from San Diego to the Colorado River at Yuma, Arizona; 20+ miles down the Colorado River; southeast to Nogales; east-southeast into New Mexico where it jogs north, then east to El Paso/Ciudad Juarez. The second part of the Southwest Border then follows the middle (technically, the deepest channel) of the Rio Grande River about 1,260 miles.

Currently (early 2019), there are various types of fencing – primary pedestrian and vehicle fencing being the two most common – along 650 of the 1,954 miles of the Southwest Border. This is shown in the image below.

The Political Southwest Border

In 1907 President Ted Roosevelt signed what became known as the “Roosevelt Reservation”, which created a 60 foot buffer on the US side of the US/Mexico border in most of California, Arizona, and New Mexico. He was able to do so because the land along the border was federal land (there were a few places that had been in private hands before these states joined the Union that were essentially grandfathered or exempted from the Roosevelt Reservation). But the 60-foot buffer did not apply to any land in Texas, because Texas had retained title to all land before it became a state. The result is critical: although the US Government needs to get permission to traverse private land to get to the border, it owns that border land and can build fencing or a wall without seizing (and compensating) private land owners.  That is not the case in Texas, where eminent domain challenges have become common – and expensive and time consuming – when it comes to building a border wall.

The Secure Fences Act of 2006

In 2005 President Bush launched the Secure Border Initiative to enhance the security at ports of entry and along the ~2,000 mile US Mexico and ~5,500 mile US Canada borders. The enhancements ran the gamut: from more personnel to new technologies, infrastructure, and fencing.

In September 2006, Congressman Peter King (R. NY) introduced the Secure Fence Act of 2006, an “Act to establish operational control over the international land and maritime borders of the United States.” It was a simple, three-section, two-page bill. It passed the Republican-controlled House one day later, on September 14, 2006, by a vote of 283-138. Sixty-four Democrats voted in favor of the Bill: Nancy Pelosi voted against it. On September 29th the Senate approved the Bill 80-19, with 26 Democrats voting in favor, including Joe Biden, Chuck Schumer, Hilary Clinton, and (then Senator) Barack Obama.  President Bush signed the Bill into law on October 26, 2006. The Bill was simple and short: it called for “achieving operational control on the border” through “systematic surveillance” and “physical infrastructure improvements” (section 2), and “construction of fencing and security improvements in the border area from the Pacific Ocean to the Gulf of Mexico.”

At the time of the Secure Fence Act of 2006, there was about 110 miles of existing walls or fencing. The Department of Homeland Security determined that a total of about 670 miles of fencing was “most practical and effective”, and that they could build another 260 miles of vehicle walls or barriers and 290 miles of “primary pedestrian” fencing, at a total cost of $2.3 billion. Essentially, what DHS determined was that they could fill in the rural and urban gaps in the ~700 miles of overland border from California across Arizona and New Mexico (leaving some gaps in the “remote” sections), and fence the urban and border crossing areas of the ~1,260 miles along the Rio Grande River from El Paso to the Gulf of Mexico. They determined that installing fencing along most of the Rio Grande River border was either impractical or ineffective.

By 2007 the DHS had established a Fence Lab at Texas A&M University to test and determine how to build the various types of walls or fencing, and where and how to install it. The DHS was given until December 31, 2008 to design, test, and install the ~550 miles of new fencing.

The budgets for the Secure Border Initiative – which included the new fencing – were set at $1.5 billion for Fiscal Year 2007, $1.225 billion for FY 2008, and $775 million for FY 2009.

The Southwest Border Fencing Results

A DHS Office of Inspector General Report from April 2009 (OIG-09-56) titled “Progress in Addressing Secure Border Initiative Operational Requirements and Constructing the Southwest Border Fence” found that DHS was only 55% finished constructing the pedestrian fencing (making up 370 of the total of 670 miles of fencing) and 51% finished constructing the vehicle fencing (300 miles). It noted four other interesting things: first, none of the nine approved fence prototypes were made of concrete. Second, the delays were caused, in part, from the eminent domain cases in federal court in Texas, of which there were an estimated 300. Third, the original cost estimates were much too low. And fourth, the cost of civilian contractors building and installing the fencing was as much as four times as the costs if the military built and installed the fencing. Note that all 548 miles of new fencing (and a total of 670 miles of fencing) was completed by 2010. The OIG report is at https://www.oig.dhs.gov/assets/Mgmt/OIG_09-56_Apr09.pdf.

Economic Impact of the Southwest Border Fencing

An excellent history of the Safe Fences Act and the economic impacts of a border wall can be found in a November 2018 paper available at https://www.nber.org/papers/w25267 titled “Border Walls”. The abstract for that paper provides:

Border Walls

Treb AllenCauê de Castro DobbinMelanie Morten

NBER Working Paper No. 25267
Issued in November 2018
NBER Program(s):Development EconomicsInternational Trade and Investment

What are the economic impacts of a border wall between the United States and Mexico? We use confidential data on bilateral flows of primarily unauthorized Mexican workers to the United States to estimate how a substantial expansion of the border wall between the United States and Mexico from 2007 to 2010 affected migration. We then combine these estimates with a general equilibrium spatial model featuring multiple labor types and a flexible underlying geography to quantify the economic impact of the wall expansion. At a construction cost of approximately $7 per person in the United States, we estimate that the border wall expansion harmed Mexican workers and high-skill U.S. workers, but benefited U.S. low-skill workers, who achieved gains equivalent to an increase in per capita income of $0.36. In contrast, a counterfactual policy which instead reduced trade costs between the United States and Mexico by 25% would have resulted in both greater declines in Mexico to United States migration and substantial welfare gains for all workers.

Some highlights from that report include:

  • The researchers divided the 1,954 mile Southwest Border into 1,000 identically-sized segments: 22% had a wall in 2006 and 51% had a wall by 2010
  • Of the 781 segments in 2006 without a wall or fencing, the likelihood of getting new fencing was reduced by 83% because they were along the Rio Grande River and reduced by 23% if the terrain was mountainous. They also looked at the likelihood of fencing in remote, rural, and urban areas
  • According to the Pew Research Center, 50% of the 11.6 million Mexican-born population living in the United States in 2016 was in the United States illegally
  • There are 17 border cities and towns that have traditionally been used as crossing points: 60% were fenced before the Secure Fences Act and 90% were fenced after
  • The US Border Patrol divides the Southwest Border into nine sectors: the 2007-2010 wall/fence expansion occurred in six of the nine, but not the three sectors in Texas (Big Bend, Del Rio, and Laredo)
  • “the wall changed relative migration patterns between Mexico and the United States, although our estimates imply that the direct impact on migration was small” (page 16)
  • “a wall expansion that builds along half the remaining uncovered border would result in 144,256 fewer Mexican workers residing in the United States, causing the US real GDP to decline by $4.3 billion … as a result, we do not find any evidence that a larger border wall expansion would have substantially different impacts from the Secure Fence Act.” (page 35)

Summary & Conclusion

In summary, there is currently ~650 miles of fencing along the ~1,950 mile Southwest Border. Most of that – about 550 miles – was built between 2007 and 2010 as a result of the Secure Fences Act of 2006 and a recommendation from the Department of Homeland Security that 670 miles of fence was “most practical and effective.” In February 2018 the Department of Homeland Security, in response to the President’s proposed budget, stated that they needed $1.6 billion to support the construction of 65 miles of new border wall system. See, https://www.dhs.gov/news/2018/02/12/department-homeland-security-statement-president-s-fiscal-year-2019-budget.

In conclusion, I offer no conclusion. Rather, I trust that this information provides you with some information to form your own conclusions as the debate continues in Washington DC and on Twitter and cable news about the need to build (and pay for) more fencing or walls along the Southwest Border.

Here is Cannabis, Where is Congress? Without Laws, Regulations, and Clear Guidance, the Financial Sector Is Rightfully Reluctant to Bank Cannabis Businesses

President Donald J. Trump – Will Congress ever present him with a cannabis bill or bills to sign?

On September 12, 2018 I posted an article titled “Cannabis, Congress, and Courage – Why Banks are not Banking Marijuana Related Businesses”. It is available at:


It’s been four months since I wrote that article, and not much has substantively changed. Yes, Jeff Sessions has gone, and William Barr looks like he will be confirmed as the new Attorney General. What differences could we see? Under AG Sessions, there was hard talk and no action. In a speech then AG Sessions gave in March 2017 (https://www.justice.gov/opa/speech/attorney-general-jeff-sessions-delivers-remarks-efforts-combat-violent-crime-and-restore ) he stated:

“ … we need to focus on the third way we can fight drug use:  preventing people from ever taking drugs in the first place. I realize this may be an unfashionable belief in a time of growing tolerance of drug use.  But too many lives are at stake to worry about being fashionable.  I reject the idea that America will be a better place if marijuana is sold in every corner store.  And I am astonished to hear people suggest that we can solve our heroin crisis by legalizing marijuana – so people can trade one life-wrecking dependency for another that’s only slightly less awful.  Our nation needs to say clearly once again that using drugs will destroy your life.”

Yet neither AG Sessions nor any of the 90+ US Attorneys have taken action against state marijuana regimes. What about a Department of Justice under AG Barr? In his January 15, 2019 Senate confirmation hearing, AG nominee Barr testified as follows:

“I’m not going to go after companies that have relied on Cole memorandum. However, we either should have a federal law that prohibits marijuana everywhere, which I would support myself because I think it’s a mistake to back off marijuana. However, if we want a federal approach – if we want states to have their own laws – then let’s get there and get there in the right way.”

So former AG Sessions has stated that he “rejects the idea that America will be a better place if marijuana is sold in every corner store” and the presumptive AG Barr has said “I think it’s a mistake to back off marijuana”. AG Sessions didn’t take any action, and presumptive AG Barr seems reluctant to do so.

So where does that leave the cannabis and financial services industries? I believe they are still in limbo, waiting for Congress to pass, and the President to enact, federal legislation that will pave the way for regulations and regulatory guidance that will truly open up banking services to cannabis related businesses. But it will take time, as there is always “regulatory lag” between new legislation being passed, regulations being written, and regulatory guidance being published. And then it takes even longer for financial institutions to implement those regulatory changes: to build programs, write policies, implement new technologies, etc. So even if Congress acted today, financial institutions won’t have a clear path forward for (at least) a couple of years. Until then, we will remain in limbo, not knowing whether, how, or when financial regulators or prosecutors could pounce on a bank or credit union.

Let’s take a look at how we got to the state of limbo. Let’s go back and take a look at the now-famous Cole Memo guidance and, more importantly, former AG Sessions’ apparent rescission of that guidance. It is those two things that are driving the discussion on whether and how financial institutions can provide banking services to marijuana related businesses.

In January 2018, Attorney General Sessions “revoked Obama-era guidance that had effectuated a hands-off approach to state-legalized cannabis businesses.” This quote from an online National Law Journal article (see https://www.law.com/nationallawjournal/2018/09/11/feds-should-be-banging-the-drum-the-loudest-for-cannabis-industry-banking/?slreturn=20180812164053) and others like it, have been used by both (all?) sides of the marijuana argument currently embroiling America.

But what, exactly, did AG Sessions revoke? Was there a “hands-off approach” by the Feds to state-legalized cannabis businesses? And what does the Sessions memo do, if anything, for financial institutions looking to provide services to marijuana-related businesses?

If there are answers to those questions, we need to first go back almost 10 years to the first DOJ memo on marijuana. But an interim stop is warranted, to March 2017 with President Trump’s Executive Order 13777 calling for federal agencies to establish Regulatory Reform Task Forces to identify regulations for potential repeal, replacement, or modification. At that time the President, and (fairly) some others felt that American society was over-regulated. It was time to take a look at all the regulations, and repeal, replace, or modify those that were out-dated, redundant, inefficient, or simply bad. In response, the Department of Justice formed a task force and began its work identifying regulations, rules, and anything that looked like and acted like a regulation or rule.

On November 17, 2017 the DOJ task force’s early work was made public when the Attorney General issued a memo prohibiting the DOJ from issuing so-called guidance memos going forward and providing notice that a DOJ task force would be looking at existing memos to recommend candidates for repeal or modification. This memo-against-memos provided, in part:

“Today, in an action to further uphold the rule of law in the executive branch, Attorney General Jeff Sessions issued a memo prohibiting the Department of Justice from issuing guidance documents that have the effect of adopting new regulatory requirements or amending the law. The memo prevents the Department of Justice from evading required rulemaking processes by using guidance memos to create de facto regulations.

In the past, the Department of Justice and other agencies have blurred the distinction between regulations and guidance documents.  Under the Attorney General’s memo, the Department may no longer issue guidance documents that purport to create rights or obligations binding on persons or entities outside the Executive Branch.

The Attorney General’s Regulatory Reform Task Force, led by Associate Attorney General Brand, will conduct a review of existing Department documents and will recommend candidates for repeal or modification in the light of this memo’s principles.”

On December 21, 2017 the DOJ announced that “pursuant to Executive Order 13777 and [AG Sessions’] November memorandum prohibiting certain guidance documents, he is rescinding 25 such documents that were unnecessary, inconsistent with existing law, or otherwise improper.” None of the “marijuana memos” were on the list of twenty-five.

But on January 4, 2018, AG Sessions issued a memo, tersely titled “Marijuana Enforcement” which, among other things, rescinded five marijuana-related memos:

  1. Ogden Memo – October 19, 2009: David W. Ogden, Deputy Attorney General, “Memorandum for Selected United States Attorneys: Investigations and Prosecutions in States Authorizing the Medical Use of Marijuana”. This was issued at a time when only a handful of states were embarking on early medical marijuana programs.
  2. Cole I – June 29, 2011: James M. Cole, Deputy Attorney General, “Memorandum for United States Attorneys: Guidance Regarding the Ogden Memo in Jurisdictions Seeking to Authorize Marijuana for Medical Use”
  3. Cole II – August 29, 2013: “Memorandum for All United States Attorneys: Guidance Regarding Marijuana Enforcement”. Note that Cole II set out the eight enforcement priorities that were picked up in FinCEN’s February 14, 2014 Guidance (see below), but it said nothing about financial institutions, financial crimes, or the Bank Secrecy Act.
  4. Cole III – February 14, 2014: “Memorandum for All United States Attorneys: Guidance Regarding Marijuana Related Financial Crimes”. The title of this memo is important: unlike Cole I, Cole II brought in marijuana related financial crimes, the obligations of financial institutions, and the specter of those institutions violating federal law by knowingly providing services to marijuana-related businesses. In fact, Cole II noted that the Cole I guidance “did not specifically address what, if any, impact it would have on certain financial crimes for which marijuana-related conduct is a predicate.” Cole II addressed those impacts.
  5. Wilkinson Memo – October 28, 2014: Monty Wilkinson, Director of the Executive Office for U.S. Attorneys, “Policy Statement Regarding Marijuana Issues in Indian Country”.

Cole III needs to be read with the FinCEN Guidance issued the same (Valentine’s) day. I won’t repeat the FinCEN Guidance here (you can find it here https://www.fincen.gov/resources/statutes-regulations/guidance/bsa-expectations-regarding-marijuana-related-businesses) but its authors intended that it “clarifies how financial institutions can provide services to marijuana-related businesses consistent with their BSA obligations.” The FinCEN Guidance heavily relied on and quoted the Cole II eight priorities, and set out requirements for risk assessments, customer due diligence (seven distinct requirements), a requirement that “financial institutions should consider whether a marijuana-related business implicates a Cole priority or violates state law, twenty-five “red flags” for monitoring and surveillance of marijuana-related businesses, and how to (and shall) file Suspicious Activity Reports on every marijuana-related business customer, regardless of whether their activity is suspicious or not. It is important to note that, almost five years after that guidance was published, 95%+ of financial institutions have interpreted that to mean they cannot knowingly, actively provide services to marijuana-related businesses and meet their BSA obligations.[1]

But back to Attorney General Sessions and his “rescission of the Cole memo”. The terse title of his memo sends a clear message: “Marijuana Enforcement”. It was not titled “Managing Competing State and Federal Obligations In A Way That Advances The Positives Aspects of Marijuana Reform While Addressing Possible Negative Societal and Economic Harm”. Attorney General Sessions’ intent was clear from the outset: it was about enforcement.

Who was AG Sessions thinking about when he wrote his “Marijuana Enforcement” memo? He directed that enforcement at banks, credit unions, and money remitters, among others. His memo began with a statement about the “significant penalties” for the “serious crimes” of cultivating, distributing, and possessing the “dangerous drug” marijuana in violation of the Controlled Substances Act. He then stated that these activities “also may serve as the basis for the prosecution of other crimes”, and he listed three such crimes: (1) those prohibited by the money laundering statutes under Title 18, sections 1956 and 1957; (2) the unlicensed money transmitter statute under Title 18, section 1960; and (3) the Bank Secrecy Act under Title 31, section 5318.

For banks, section 5318 of Title 31 is the “program” requirement: section 5318(h) provides that “in order to guard against money laundering through financial institutions, each financial institution shall establish anti-money laundering programs …”. Failure to have an effective program or being found to have a program that doesn’t contain all the necessary “pillars” or attributes required, can result in billion-dollar fines and penalties. Knowingly providing banking services to marijuana-related businesses can expose banks to program violations.

The result? As written above, five years after the FinCEN guidance, and without having received any written guidance from their regulators, 95%+ of financial institutions have interpreted the FinCEN guidance and Sessions’ rescission of the Cole Memo to mean they cannot knowingly, actively provide services to marijuana-related businesses and meet their BSA obligations.

What must be done? Until there is legislative changes, the federal banking regulators need to provide more current, clearer guidance for banks and credit unions.  Only the National Credit Union Association has responded to FinCEN’s February 2014 Guidance (by way of a July 18, 2014 letter from the NCUA’s Director of Examinations that his office had provided the FinCEN Guidance to NCUA field examiners “who are responsible for determining the compliance of financial institutions that provide services to marijuana-related businesses”). This need for updated guidance was recognized by the Treasury Department’s Office of Inspector General in an October 16, 2017 memo he wrote to Treasury Secretary Mnuchin. In one of the four challenges facing the Treasury Department – anti-money laundering, terrorist financing, and Bank Secrecy Act enforcement – the Inspector General wrote that “FinCEN is also challenged with providing clarifying guidance to financial institutions that are reluctant to do business with State-legalized marijuana dispensaries.”

It has been almost five years since FinCEN issued its guidance, and none of the banking and credit union regulators have formally opined on it or provided written guidance. There have been some informal comments and other statements, but nothing rising to the level of written guidance that can be relied upon. Some examples include the following:

I’m aware of one federal court judge who has commented on the FinCEN guidance. In a December 28, 2015 hearing in the Fourth Corner Credit Union v Federal Reserve Bank of Kansas City case (District Court of Colorado, 15CV01633), Judge Brooke Jackson responded to a statement by the credit union’s lawyer that the FinCEN guidance “authorized financial institutions to serve marijuana related businesses” by saying

“No, it didn’t do that, did it? … It seems to me that the DOJ and guideline people are just saying, well, maybe we can put our head in the sand and this will go away.” (Transcript of hearing, page 3). And later in the same hearing, Judge Jackson stated: “But in [the credit union’s] brief, in black and white, you say the FinCEN guidance authorizes banks to serve marijuana related businesses. I don’t agree with you. I don’t think it does.” (Transcript, page 63).

In a June 17, 2018 press conference, Federal Reserve Chairman Jerome Powell is reported (by MarketWatch) to have said:

“This is a very difficult area, because many state laws permit the use of marijuana and federal law still doesn’t. So it puts federally-chartered banks in a very difficult situation … it puts the supervisor in a very, very difficult position. Of course, our mandate has nothing to do with marijuana … We just would love to see it clarified, I think.”

On January 11, 2019, West Virginia’s Attorney General issued an opinion on whether the state could safeguard financial institutions that provide access to businesses operating under West Virginia’s marijuana laws from potential liability under federal law. He concluded that financial institutions providing services to those entities “may be at risk of federal civil or criminal liability. He described the FinCEN guidance as “unofficial” and “informal” and concluded:

“ … providing banking services to cannabis businesses carries some inherent risk of federal civil or criminal action even in states where medical marijuana is legal. The current state of federal law and agency guidance creates a safe harbor for financial institutions to provide these services, but the potentially temporal nature of these protections must be factored into any assessment of enforcement risk.”

And as recently as January 17, 2019, OCC Comptroller Joseph Otting told reporters that Congress has “to act at the national level to legalize marijuana if they want those entities involved in that business to utilize the US banking system” and that he “hopes for resolution to marijuana banking issues in 2020” (quoting a PoliticoPro tweet).

The Treasury Inspector General’s challenge to FinCEN to provide clarity to financial institutions must be taken up by FinCEN and the banking regulators. Unless and until the financial services industry gets clear, unequivocal, consistent, written laws, regulations, and guidance from Congress, Treasury, and Justice to provide banking services to marijuana-related businesses, it will and should do what it is currently doing – balancing the undue risks against the insufficient rewards – and continue to stand on the sidelines while our communities, veterans, patients, doctors, caregivers, and others suffer. Congressional and Executive Branch compassion without the necessary collaboration and courage to act will not resolve this crisis.

[1] FinCEN’s SAR data suggests that ~485 of the ~12,000, or about 4% of, US credit unions and banks are providing financial services to marijuana-related businesses. The number of credit unions has been steady over the last three years at about 110; the number of banks has slowly risen to about 385. IT remains unknown how many of those 485 are actively banking MRBs, where they have assessed the risks, accepted the risks, and built a program to manage the risks.

The National Hockey League is considering a major rule change for the 2019-2020 season – one player from each team will be required to call penalties on his own team!

The size of an NHL ice surface – 200 feet by 85 feet – hasn’t changed in 100 years.  Yet professional hockey players are getting bigger and faster – for example, the 1965-1966 Boston Bruins roster averaged 5’10” and 180 pounds and the 2018-2019 Bruins roster averages 6’1” and 200 pounds, an increase of about 22%. And the game has become more international over the years, bringing in new styles, new languages, and new strategies. In 1978-1979, Canadian- and American-born players made up 95% of NHL rosters, and there were only 25 players from 6 other countries: in 2018-2019, Canadians and Americans make up 71% of the rosters, and there are 261 players from 15 other countries.[1]

Notwithstanding a number of rule changes, and the addition of a second referee in 2000-2001, NHL league officials have become increasingly concerned over the number of penalties that the referees have been missing. Faster, stronger players; not being able to clearly communicate with all players in all languages; a new “full ice” style of play; and greater stakes with bigger endorsement opportunities and higher salaries, have all contributed to more missed penalties.  And these missed calls are seen as contributing to dirtier play, as the rules-abiding (and often more skillful) players become frustrated, and those contributing the infractions don’t fear the sanction of a penalty. There have been a number of rule changes over the years, and others have been contemplated, all meant to encourage and promote fair play. And like other professional sports leagues, the NHL has been looking at using more video replay and off-ice officials. One notable fintech company has developed a machine learning, artificial intelligence-based system that relies on 120 micro-sensors embedded in the players’ equipment and 7 video cameras on helmets, jerseys, and skates to monitor the game and, when infractions occur but are not called, inform the on-ice referees in real time that a penalty occurred but was not seen or called.

However, instead of implementing more rule changes or adding off-ice officials – both of which were deemed to have too much of a negative impact on the game – and until any technologies can be deployed in real-game situations (notwithstanding the fintech company’s promotional materials, they have only deployed their system in a beta environment using a Finnish 12-and-under roller hockey team, and none of the equipment lasted longer than 1½ periods of play), the NHL has decided to require each NHL team to designate one player on the roster as the “In-Team Referee”. In addition to having his normal responsibilities as a center, forward, or defenseman (goalies are not eligible to be IRTs given they are often almost 200 feet from the play), the In-Team Referee, or IRT, will be required to call penalties on his own team. In order to ensure that the teams’ IRT programs are sound, and the IRT’s penalty-calling performance is up to the league’s expectations, each IRT will be examined and judged by NHL team examiners and, if found lacking, the NHL can impose penalties, fines, and suspensions against the IRT.

The NHL recognizes that the day-to-day life of the IRTs can become somewhat awkward. For example, if an IRT calls a penalty on one of the team’s highest performing, or highest paid, players that affects the game’s outcome or impacts that player’s bonus, the team could accuse the IRT of “not being a team player” or “being too close to the referees”. The NHL will watch for any possible retaliation, including overall situations where IRTs could find themselves changing teams every 2-3 years.


Absurd? Yes. Real? No. The NHL is not contemplating such an absurd situation. Yet calling penalties on your own team is what the Bank Secrecy Act regulations require of BSA Compliance Officers: BSA Compliance Officers are “charged with … managing the bank’s adherence to the BSA and its implementing regulations” and they are “responsible for … ensuring that employees adhere to the bank’s BSA/AML policies, procedures, and processes” (quoting the 2014 BSA Exam Manual, page 32). And how does the BSA Officer do that? He or she should “regularly apprise the board of director and senior management of ongoing compliance with the BSA.”

BSA Compliance Officers are like In-Team Referees: they are required to “call penalties” on their own team mates when those team mates don’t follow the rules. It’s an incredibly tough situation to be in, and it takes tact and skill to be effective. But like the fictitious In-Team Referee, the dual-role of a BSA Officer – designing, building and running the BSA/AML program and calling penalties on his or her own colleagues when they fail to adhere to that program – make that BSA Officer’s life within his or her financial institution very difficult. Perhaps that’s why the average tenure of a BSA Officer is less than three years. My respect and admiration go out to all BSA Officers (and AML Officers and Money Laundering Reporting Officers in other jurisdictions): bravo for doing an impossible job!

[1] Yes, I did the research. For the Bruins 1965 roster, see https://www.NHL.com/bruins/roster/1965. For the Bruins 2019 roster, see https://www.hockey-reference.com/teams/BOS/2019.html#all_roster. For the nationality breakdown of NHL players for the last 50 years, see https://www.quanthockey.com/NHL/nationality-totals/NHL-players-2018-19-stats.html. Also, I’d appreciate it if the NHL’s lawyers have a sense of humor and don’t threaten any legal action against me for using the good name of the NHL: I’m originally from Canada and played hockey growing up … I can still hum the Hockey Night in Canada theme song, and love Don Cherry!

Managing Through Change – How to Survive and Succeed

“If you don’t like change, you’re going to like irrelevance even less.” – General Eric Shinseki

“New ideas pass through three periods: (1) It can’t be done; (2) It probably can be done, but it’s not worth doing; and (3) I knew it was a good idea all along!” – Arthur C. Clarke

Everybody – and every organization – reacts differently to change, whether incremental, small changes such as a tweak to a policy or procedure; or massive organizational changes such as the elimination of a business or the imposition of a public order. Understanding these dynamics is critical in managing change. The notes below are taken from three books I’ve read on change management: Kotter’s “A Force for Change: How Leadership Differs from Management”; Kruger’s “Change Management Iceberg”; and Trice & Beyer’s “The Culture of Work Organizations”. Some of these points are obvious and known, others are not so obvious … but keeping all of these in mind as you personally navigate change or are responsible for leading a project implementing organizational change will help you, and your team and organization, succeed.

Change must occur in eight phases, in order:

  1. Establish a sense of urgency
  2. Create a coalition
  3. Develop a clear vision
  4. Share the vision
  5. Empower the people in order to clear obstacles
  6. Secure short-term wins
  7. Consolidate and keep moving
  8. Anchor the changes

There are four reasons why people resist change:

  1. Parochial self-interest
  2. Misunderstanding due to poor communication or lack of communication
  3. Low tolerance to change (physiological, cognitive, emotional)
  4. Different assessments of the situation

The way(s) to deal with change can be put into six buckets:

  1. Education and communication – inform and educate about the change before trying to implement it to keep the noise down
  2. Participation and involvement – particularly of those that are or are expected to resist
  3. Facilitation and support – to deal with fear and anxiety during the change process, particularly where there will be, or perceived to be, lost jobs
  4. Negotiation and agreement – with the people/group(s) that will be most adversely impacted by the change and can influence the outcome
  5. Manipulation – when nothing else works. Caution!
  6. Coercion – explicit and implicit … where speed is essential but only as a last resort

There are four groups of people in any change management effort:

  1. Known Proponents/Promoters – positive general attitude about change and a positive behavior towards the change
  2. Potential Promoters – positive general attitude about change but not yet convinced that this change effort is positive
  3. Known Opponents – negative general attitude to change and negative behavior to this particular change effort
  4. Hidden Opponents or Opportunists – a negative general attitude but they act like they’re supportive, and otherwise actively or passively resist and obstruct change

There are eight reasons why many change efforts fail:

  1. Allowing too much complexity
  2. Failing to build a sustainable coalition
  3. Not understanding the need for a clear vision
  4. Failing to clearly communicate the vision
  5. Permitting roadblocks against the vision
  6. Not planning for short-term results and then not realizing them
  7. Declaring victory too soon
  8. Failing to anchor the changes into the company’s culture

Managing Meetings – How to Increase Your Effective Staffing Level by 25% … Without Adding Any Staff!

How many of us dread those needless conference calls where the first ten minutes are spent re-capping what was just said to those that dial in late, and the host asking time and time again, “hi, I heard another beep, who just dialed in?”? And how many of us have thought “I just spent an hour in a meeting that could have been handled in an e-mail?”

Meetings, whether in-person, on conference calls, or the hybrid Skype or WebEx call, take up an enormous amount of any risk management professional’s time. Here’s a rough estimate:

You average four, one-hour meetings a day, five days a week, fifty weeks a year. That is 1,000 hours of your time. If your risk management team is made up of 100 people, all with roughly the same experience, that is 100,000 hours of your risk management time spent in meetings and on conference calls, leaving 100,000 hours for really managing risk.

If you could eliminate just one of those four daily meetings, and reduce two of them from the standard one hour to 45 minutes, and reduce the fourth to 30 minutes, you’d add 50,000 “real work” hours to your team’s year. That is the equivalent of increasing your effective staffing by 25%, without adding any staff.

“Time is a large company’s most poorly managed resource”, writes Michael Mankin of Bain & Co. in a May 2014 Harvard Business Review article titled “Your Scarcest Resource”. Mr. Mankin also writes that while all organizations carefully manage their capital and liquidity, most organizations do not manage their time, which is often squandered on long e-mail chains, needless conference calls, and countless unproductive meetings.

Mr. Mankin offers some wonderful ground rules for how many people to have at a meeting. He writes that meeting size depends on purpose:

  • Weighing a problem – 4 to 7 people. Each person should have a purpose, and neither spectator nor color commentator count as being purposeful
  • Making a decision – 4 to 7 people. And Mr. Mankin admonishes the reader to follow the Rule of Seven: for every additional meeting participant over seven, the likelihood of making a sound decision goes down by 10%
  • Setting the agenda – 5 to 15 people. These should be limited to huddles or stand-up meetings (less than 15 minutes) are best for setting an agenda for a project or initiative. There is no need to get comfortable
  • Brainstorming – 10 to 20 people. Also huddles or stand-up meetings

In an article posted online, Leda Glyptis writes “we spend time calculating how much time we will need to do things we haven’t spent the time understanding. We spend time to question our colleagues’ good intentions. We spend time (heaps and heaps of time) to discuss and mitigate risks, syndicate decisions and allocate resources. We spend time as if it wasn’t money, doing the one thing that is not irreversible for fear of doing a dozen things that are. We squander the one resource that can never be replenished to protect those that can.”  (https://www.bankingtech.com/2018/04/waste-not-want-not-time-as-the-most-undervalued-resource-in-banking/?utm_medium=email&utm_source=fintechweeklycom, “Waste not want not: time as the most undervalued resource in banking”, by Leda Glyptis. Accessed April 12, 2018).

What can you do to squander less time, become more productive, and start enjoying your work more? Here are some ideas to help with meetings and with the main focus of meetings, the dreaded PowerPoint deck:


  1. Only accept meeting invitations where there is an agenda, purpose, and you have a defined role. Otherwise, you are a spectator (or, even worse, the dreaded color commentator) to your own loss of that time. By the way, sending a note or calling a meeting organizer to question the purpose of the meeting and your expected role and deliverable is a tough thing to do … but it’s worth doing. I once sent a “decline” response back to a meeting organizer with a note that I was declining the meeting for me and one of my team members because (1) another team member was invited and could speak for the entire team, and (2) I had no discernible role. The meeting organizer angrily called me up, accusing me of being disrespectful of his meeting: I told him that I was simply trying to be more efficient and, with fewer people cluttering his meeting, making his meeting better. He had no response.
  2. If there is more than one person from your team invited to the meeting, look very closely at whether both (or all) of you are required participants. If not, decline with an explanation that X can handle it for your team. This also empowers your team members: they’ll appreciate that the boss has put them in charge, even if just for that meeting!
  3. Why are most meetings an hour long? Make all of your meetings 15, 30, or 45 minutes long. If you can’t solve something in less than an hour, you’re not going to solve it. And, as a host of a meeting with some or all of the participants on the phone, remind participants before the meeting that it will start on time, and anyone coming in late will simply have to catch up on their own. Avoid the trap of having the first 10 minutes of every call spent re-capping the first 2 minutes for the people continually dialing in 2, 4, 6 minutes late.
  4. End your meeting 5 minutes early – people will love you for it. And don’t be afraid to end a meeting 10 minutes in if you’ve accomplished what you need to accomplish, or necessary participants aren’t there.
  5. Your meetings should be true to the Mankin Rule of Seven. I’ve tried this – it works.
  6. Don’t invite anyone without telling them the purpose of the meeting, his/her role, and what is expected for preparation, and the deliverables expected to come out of the meeting. People perform better if they are prepared, have a purpose, and know their role.
  7. Look at your calendar: back-to-back (and back-to-back-to-back) meetings are less productive than meetings spread out enough to give you time to prepare before the meeting and act after the meeting (and get to, or dial into, a meeting). So avoid back-to-backs when you can.
  8. Standing meetings are generally less productive than ad hoc meetings.
  9. If you’re a slave to your Outlook calendar, block off time to think each day. Don’t allow yourself to be backed into the back-to-back-to-back days that are becoming all too common.

“Decks” or Presentations (PowerPoints)

  1. PowerPoint may be one of the worst ways, or at least one of the most inefficient ways, to communicate. What takes 10 pages in a PowerPoint deck can be reduced to 1 page in Word.  And in Word, people tend to use things like sentences, and express complete thoughts. We’ve all read that meme about “if Lincoln’s Gettysburg address was done in PowerPoint” … https://norvig.com/Gettysburg/ is the best one I’ve found.
  2. Instead, follow the Amazon/Bezos rule, where it/he has banned PowerPoints for executive meetings and uses narrative-styled, 6-page maximum memos (2017 Annual Report shareholders’ letter, Bezos writes “We don’t do PowerPoint (or any other slide-oriented) presentations at Amazon. Instead, we write narratively structured six-page memos. We silently read one at the beginning of each meeting in a kind of ‘study hall.’”). At worst, impose a 10-page rule on PowerPoint presentations. And, when possible, print double-sided and in black and white: help save the planet.
  3. Insist on an Executive Summary that has a problem statement, presents at least two and no more than four options, and a suggested solution. And then understand that few people will go beyond that summary.

The Paretto Principle, or the 80/20 Rule, tells us that 20% of our time provides 80% of the value … which means that 80% of what you do provides very little value. So begin to track what you do, how much time you spend, and whether it really adds value and makes a difference.  But pay special attention to the time you spend in meetings. My guess is that if you worked at it, and gave discipline to your team and those using your team’s time, you could be much more efficient, effective, and happy.  Try it!

(another good resource for learning how to better use time is Laura Vanderkam’s book “Off The Clock: Feel Less Busy While Getting More Done”)

California Chaos – Not Only do California’s Cannabis Regulations Make Banking Cannabis Businesses Almost Impossible, They Squandered a Perfect Opportunity to Embrace Regulatory Innovation

There is a big push in the FinTech/RegTech (SupTech) space to digitize regulations. One of the biggest hurdles to doing so, however, is the “Jenga Tower” of existing regulations and regulated entities’ systems that would certainly topple over if you tried to replace any single analog piece with a new digital piece.

But what if you didn’t have a legacy regulatory regime – or even a legacy industry – that didn’t have existing regulations and systems?  You wouldn’t have the Jenga Tower problem at all.

The US (state-by-state) cannabis or marijuana regimes are a perfect example of an industry and regulatory regime that is being built from the ground up. Given that few states have put in a regime, now is the time to act … you have a clean slate: it’s a perfect environment to prove the  hypothesis that regulations can be digitized.

California might be the best example of squandering a great opportunity to create a fully digitized, harmonious regulatory regime for its nascent cannabis regime. But it may be too late for California … as I’ve written on LinkedIn, they couldn’t have a designed a more complicated, anti-business and anti-banking regulatory regime if they had tried. What evidence do I have to make that statement?

Under the California cannabis legislation – the Medicinal and Adult Use Cannabis Regulation and Safety Act, or MAUCRSA – there are three main government agencies that regulate different parts of the industry:

  1. the Bureau of Cannabis Control (Bureau) is the lead agency. The Bureau is charged with licensing, regulation, and enforcement of the following types of commercial cannabis businesses: distributors, retailers, microbusinesses, temporary cannabis events, and testing laboratories.  The BCC’s regulations are in Title 3 of the California Code of Regulations.
  2. the Manufactured Cannabis Safety Branch, a division of the California Department of Public Health (CDPH), is responsible for regulating and licensing manufacturers. The CDPH regulations are in Title 17.
  3. CalCannabis Cultivation Licensing, a division of the California Department of Food and Agriculture (CDFA), is responsible for licensing cultivators and implementing the Track-and-Trace system. The CDFA’s regulations are in Title 16.

Rather than provide a single, public-facing agency that best serves cannabis businesses and consumers, which would require the multiple government regulators and regulatory agencies to cooperate and collaborate in the background in order to make it easy for the businesses and consumers, those government agencies decided to serve themselves and their needs, and force businesses and consumers to navigate multiple agencies. They know it’s a problem (see below) but decided it wasn’t in their best interests to do what is in the best interests of Californians.

One of the issues may be found in the membership of the California Cannabis Advisory Committee, a 22-person committee created to advise these agencies (and the Governor’s office): none of the twenty-two represent technology/fintech/financial services (half the committee is made up of representatives from the cannabis industry, labor organizations, and social/community equity groups). The Subcommittee on Licensing Application (which, by the way, should be the plural “applications” because there are three different applications, depending on the type of cannabis business) is chaired by a policy analyst from a labor organization and neither of its members appear to have strong technology, regulatory, fintech, or financial services backgrounds. So perhaps it simply didn’t occur to the CAC members, or any of the 39 State Government people listed on the CAC website (including the Governor) to consider a digitized regulatory regime and to have a single Application and single definition of “owner” of a cannabis business …

But the CAC has been busy, and issued its 2018 report on January 8th. Here are some excerpts:

“The overarching reality after one year of legal cannabis sales is that the regulatory process to licensure insufficiently incentivizes unlicensed businesses to seek licensure and insufficiently de-incentivizes the illegal unlicensed underground market in order to effectively ‘protect public health and safety while ensuring a regulated environment for commercial cannabis activity.’ The variety of issues contributing to this include, but are not limited to, the following: equity issues, small business issues, microbusiness issues, excessive regulatory burden, banking issues, enforcement issues, compassionate use issues, public education issues, taxation issues, regulatory fragmentation issues.”

That may be a Government Committee Hall of Fame sentence. I’ve read that sentence 11 times and still can’t follow it, but I think what they’re trying to write is that “we’ve made the licensing requirements so onerous and complicated, and the taxes so high, that there’s little if any incentive for unlicensed cannabis businesses to get licensed.” (they make that point in other places – pages 3, 30, and 31). See https://www.bcc.ca.gov/about_us/documents/cac_annual_report_2018.pdf

And as to excessive regulatory burden:

“Excessive Regulatory Burden — Small businesses are having difficulty emerging from their historically underground status due to the inability to modify regulations to meet local conditions, the fragmentation of regulations among the different agencies and local jurisdictions, and the amount of upfront capital required to comply with the regulations.

  • The dual nature of the licensing process (i.e., state and local) has created a bottleneck in licensing at the local municipal level where unless a local municipality actually issues a license, permit, or other authorization, businesses are not able to apply for a state license. Therefore, as willing and able as the state agencies are to issue licenses, unless a qualified applicant has successfully navigated the licensing process at the local level, the state agencies are left out of the process.
  • The majority of local municipalities are either not issuing licenses or are slow in rolling out their cannabis programs. Of the municipalities issuing licenses, most are not issuing retail licenses.
  • Patchwork ordinances at the local level is creating a patchwork system that is not always in line with state requirements and is lacking in uniformity on a statewide level.”

None of these should have been surprises, and many of them are self-inflicted. As to “the fragmentation of regulations among the different agencies”, they admit that “The need for licensees to interact with three separate regulatory agencies (Bureau, CDPH and CDFA) is burdensome. Increasing coherence by providing one single point of contact would be advantageous for business operators. Current regulatory agency structure and oversight is over complicating licensing processes without clear enough direction and authority.”

Granted, the CAC cannot legislate or regulate, but can only make recommendations to the legislators and regulators.

The best example of the excessive regulatory burden – and something that could practically block many banks from banking cannabis businesses even if the Feds get around to providing some legal and regulatory clarity – is the multiple definitions of “owner” from the three different regulations (see below). There are subtle, major, and minor differences, between the three, and all have some terrible language (for example, the word “any” in the phrase “any of the following” means one, some, or all (according to Merriam Webster)). It makes no sense to have different definitions of “owner” depending on the type of license, particularly where many businesses have multiple license types. Also, in addition to having different definitions of “owner”, the Applications are all different.

It’s madness. California has squandered an opportunity to have a 21st century regulatory regime for a 21st century industry. But if they were trying to deter banks from providing products and services to the commercial cannabis industry, they seem to have succeeded.

California State Agency California Regulation Regulated Cannabis Business Type(s) Definition of Owner
Department of Public Health California Code of Regulations, Title 17
Division 1 Chapter 13.
Manufactured Cannabis Safety
SUBCHAPTER 1.  General Provisions and Definitions
Manufacturers §40102. Owners and Financial Interest Holders.
(a) An owner shall mean any of the following:
(1) Any person that has an aggregate ownership interest, other than a security interest, lien, or encumbrance, in a commercial cannabis business of 20 percent or more;  (A) If the owner identified in subsection (a)(1) is an entity, then the chief executive officer and members of the board of directors of the entity shall be considered owners.
(2) The chief executive officer of a commercial cannabis business;
(3) If a non-profit entity, each member of the Board of Directors;
(4) Any individual that will be participating in the direction, control, or management of the licensed commercial cannabis business
(5) The trustee(s) and all persons that have control of the trust and/or the commercial cannabis business that is held in trust
(a) “Owner” means any of the following:
(1)  A person with an aggregate ownership interest of twenty (20) percent or more in the person applying for a license or a licensee, unless the interest is solely a security, lien, or encumbrance;
(2)  The chief executive officer of a nonprofit or other entity;
(3)  A member of the board of directors of a nonprofit;
(4)  An individual who will be participating in the direction, control, or management of the person applying for a license.
(b)  An owner who is an individual participating in the direction, control, or management of the commercial cannabis business includes any of the following: (1)  A partner of a commercial cannabis business that is organized as a partnership; (2)  A managing member of a commercial cannabis business that is organized as a limited liability company; (3)  An officer or director of a commercial cannabis business that is organized as a corporation.
Bureau of Cannabis Control BUREAU OF CANNABIS CONTROL
Testing Labs
Cannabis Events
§ 5003. Designation of Owner
(a) All applicants for a commercial cannabis license shall have at a minimum one individual who meets the definition of “owner” under Business and Professions Code section 26001(al) and who will submit the information required of owners under section 5002 of this division.
(b) “Owner” means any of the following:
(1) A person with an aggregate ownership interest of 20 percent or more in the person applying for a license or a licensee, unless the interest is solely a security, lien, or encumbrance.
(2) The chief executive officer of a nonprofit or other entity.
(3) A member of the board of directors of a nonprofit.
(4) The trustee(s) and all persons who have control of the trust and/or the commercial cannabis business that is held in trust.
(5) An individual entitled to a share of at least 20 percent of the profits of the commercial cannabis business.
(6) An individual who will be participating in the direction, control, or management of the person applying for a license. Such an individual includes any of the following: (A) A general partner of a commercial cannabis business that is organized as a partnership. (B) A non-member manager or managing member of a commercial cannabis business that is organized as a limited liability company. (C) An officer or director of a commercial cannabis business that is organized as a corporation.
(c) When an entity is an owner in a commercial cannabis business, all entities and individuals with a financial interest in the entity shall be disclosed to the Bureau and may be considered owners of the commercial cannabis business. For example, this includes all entities in a multi-layer business structure, as well as the chief executive officer, members of the board of directors, partners, trustees and all persons that have control of a trust, and managing members or non-member managers of the entity. Each entity disclosed as having a financial interest must disclose the identities of persons holding financial interests until only individuals remain.

2018 National Money Laundering Risk Assessment – AML 2018 Looks Very Similar to AML 2015

On December 20th the Treasury Department released its National Illicit Finance Strategy (something required under the Countering America’s Adversaries Through Sanctions Act of 2017 (CAATSA). That Strategy was based on three risk assessments that were released simultaneously, but to little or no fanfare:

  1. 2018 National Proliferation Financing Risk Assessment
  2. 2018 National Terrorist Financing Risk Assessment
  3. 2018 National Money Laundering Risk Assessment

The 2018 National Money Laundering Risk Assessment (2018 NMLRA) is available at https://home.treasury.gov/system/files/136/2018NMLRA_12-18.pdf. It follows the June 2015 NMLRA, available at https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Laundering%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf.

What threats, vulnerabilities, and risks have changed or been added in the last 3 1/2 years since the 2015 NMLRA? Oddly … not much.

The 2018 NMLRA begins with an estimate of the size of the AML problem:

“The United States continues to estimate that domestic financial crime, excluding tax evasion, generated approximately $300 billion of proceeds for potential laundering, based on the sources and analysis cited in the 2015 NMLRA.”

So over the last 2 1/2 years, the size of the AML problem in the US hasn’t changed – it remains $300 billion of proceeds for potential laundering. In other words, not all of the proceeds of criminal activity make it into the financial system for potential laundering. But for arguments sake, let’s assume that all of the proceeds of criminal activity in the US make it into the financial system (and of course the NMLRA notes that proceeds of criminal activity from outside the United States are laundered through financial institutions based in the United States, and much of that simply passes through US-based financial institutions that are facilitating US DOllar-based transactions). Three hundred billion dollars is a lot of dirty money to go into, pass through, and/or end up in US financial institutions … but how much total money flows through those institutions? The 2015 NMLRA gives a clue: at page 35 is a reference to the volume of funds flowing through Fedwire, CHIPS, and ACH. The Fedwire and CHIPS numbers are daily volumes: $3.5 trillion per day and $1.5 trillion per day, respectively (ACH is measly $10 trillion per year). By my math, the three main US-based financial payments systems move ~two quintillion dollars a year, which means that criminal proceeds make up about $3 for every $20,000 that flow through US based financial institutions.  To put that in perspective, $300 billion in criminal proceeds out of $2 quintillion in total proceeds is equivalent to 1 drunk fan at a Yankees game every other game. OR to put it another way, 99.999985% of dollars moving through US financial institutions are “clean”. This is different than the other anecdotes and axioms we hear about the volume of dirty money in (or flowing through?) the financial system. Regardless, we can all agree that $300 billion is too much … and I digress …

What is particularly interesting about the 2018 NMLRA is that the sources of criminal proceeds, and how those proceeds are laundered, didn’t materially change from 2015 to 2018.

Both the 2015 and 2018 NMLRAs conclude that the biggest sources of criminal proceeds are the common frauds – bank fraud, consumer fraud, healthcare fraud, securities fraud, and tax refund fraud – drug trafficking, human smuggling and human trafficking (correctly noted as two very different crimes), organized crime, and corruption. Health care fraud and drug trafficking each account for the bulk of the $300 billion in criminal proceeds – $1oo billion each. Human trafficking is a large and growing source at an estimated $36 billion a year.

Notably, the most significant money laundering risks in the United States in 2018 are essentially the same risks found in 2015: the misuse of cash (pages 4, 20), complicit individuals and financial services employees, and lax compliance at financial institutions (pages 40-45). And the “main risk that facilitates money laundering”? Anonymity in transactions and funds transfers (pages 4, 46). Much of the 2015 and 2018 NMLRAs deal with the misuse of cash – bulk cash smuggling, structuring, and funnel accounts are detailed in both assessments. And according to the 2018 NMLRA, cash structuring is a predominate activity reported in Suspicious Activity Reports: at page 24 is a table of SARs filed in 2015, 2016, and 2017. At a high level, over those three years the ratio of “structuring” SARs didn’t change much: about one in seven SARs had structuring as the sole category of reported activity, and about four in ten SARs had structuring as one of the categories of reported activity.

I highly recommend that every AML professional download and read the 2018 National Money Laundering Risk Assessment. It is well-written, well-organized, and provides links to excellent resources. It refers to and provides a link to the 2015 NMLRA, which, in some respects, is a more comprehensive (and still relevant) source.  Many of us still have the 2005 United States Money Laundering Threat Assessment on our book shelves: for those that don’t …