Elvis, Donald Duck, Bittrex, and New York’s “Safe Harbor” for Crypto Exchanges

“… examiners found that a substantial number of aliases (e.g., Give Me My Money, Elvis Presley, abc-abc, Donald Duck, and other clearly false names) and obscene terms and phrases are used to identify accounts at Bittrex …”

Bittrex, Inc., a virtual currency exchange with almost 1.7 million users across the world, applied to the New York State Department of Financial Services for two licenses: a BitLicense to engage in “virtual currency business activity” in the state of New York (that application was filed in August 2015), and to engage in money transmission activity (that application was filed in July 2018).

Both applications were denied on April 10, 2019.

The denial letter reads like a criminal charging document. https://www.dfs.ny.gov/system/files/documents/2019/04/dfs-bittrex-letter-41019.pdf

The BitLicense application didn’t go well from the beginning. The NYSDFS “worked steadily with Bittrex to address continued deficiencies” and issued “several deficiency letters” relating to BSA, AML, and OFAC compliance. Things were going so badly, that in February 2019 the NYSDFS had a number of examiners do a four-week, onsite review of Bittrex’s policies, procedures, practices, and controls, including testing 100 million virtual currency transactions that Bittrex processed in 2017 and 2018. What they found is stunning, and led to their conclusion that Bittrex had an inadequate BSA/AML/OFAC compliance program. Among other things:

  • Bittrex had non-existent or inadequate policies and procedures
  • “a large number of transactions for customers domiciled in sanctioned countries (including Iran and North Korea) had passed through screening and were processed …”
  • Bittrex excludes “corporate and cash customers from its transaction monitoring”
  • the Compliance Officer was inadequate, there was a lack of training, and audit was inadequate

I expect – hope – that New York State and federal prosecutors are taking a close look at Bittrex and its principals.

And I hope – but don’t expect – that New York takes a close look at its “safe harbor” approach for unlicensed crypto exchanges. The Department noted that Bittrex had been operating under the “safe harbor” provision that allowed Bittrex to engage in virtual currency business activity during the pendency of its crypto licensing application. Based on the denial letter, it looks like Bittrex allowed – even encouraged – transactions from its corporate and “cash” customers to go unmonitored, it had customers in North Korea and Iran, and flaunted know your customer controls. The New York harbor may have been a safe place for  Bittrex to safely flaunt AML and sanctions controls for more than two years and 100 million crypto transactions, but it wasn’t a safe place for all the New Yorkers, and others, who may have been, or eventually harmed by the unknown financial activity related to rogue states and actors.

There needs to be consequences. I hope that this isn’t the last we’ve heard of Bittrex, its CEO Bill Shihara, and New York’s crypto safe harbor.


The College Admissions Scandal – Plea Agreements, Sentencing Guidelines, and Money Laundering

The “college admission scandal” cases are complicated, and the pleadings are voluminous and more are being filed every day. I’ll try to summarize it all as accurately as possible: caution, though, that I am not offering any legal advice nor opinions, and defendants are innocent until proven guilty.

The US Attorney for Massachusetts has charged thirty three parents in two cases.

Case 19CR10117 – The Guilty Pleas

This case charges eleven parents with one count each of conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349. Those parents/defendants have entered into plea agreements. The plea agreements are important, as they set out the agreed upon punishment for each defendant using the US Sentencing Guidelines. Those Guidelines are intended to provide “guideline ranges that specify an appropriate sentence for each class of convicted persons determined by coordinating the offense behavior categories with the offender characteristic categories.” https://www.ussc.gov/guidelines/2018-guidelines-manual/2018-chapter-1#NaN So there are two things the defendants needed to consider: their own criminal histories, if any, and the “offense level” of their crime, adjusted up for (in these cases) the amounts involved, and adjusted down for “acceptance of responsibility”. This gives an offense level of between 1 and 43, organized into four “zones”. The defendant’s criminal history is then considered, resulting in being placed into one of six criminal history categories. The result is a Sentencing Table with the seriousness of the crime on the Y axis and the seriousness of the criminal on the X axis. The court refers to, and can depart from, the ranges set out in the Table. A (partial) sentencing table (showing only the first 30 of the 43 offence levels) is seen here:

So … where are these eleven defendants on the Offense Level (Y) axis of the sentencing table? Each defendant is charged with the same offense, which carries an offense level of 7. The second factor is the amount involved in the conspiracy. Here, the base offense level of 7 was enhanced or increased by between 2 and 12:

Amount Range               “Amount” Offense Level    Base Offense Level     Acceptance        Total     Number of Defendants

$250,000 – $500,000      +12                                     +7                                       -3                        16                      2

$150,000 – $250,000      +10                                     +7                                       -3                        14                      1

$95,000 – $150,000        +8                                       +7                                       -2                        13                       2

$40,000 – $95,000          +6                                       +7                                       -2                         11                      3

$15,000 – $40,000          +4                                       +7                                       -2                          9                       2

$6,500 – $15,000            +2                                       +7                                        -2                          7                        1

Based solely on the offense levels, and if all defendants are in criminal history category I (the first column), then one defendant falls within Zone A, five fall in Zone B, two fall in Zone C, and three fall in Zone D.

What did the plea agreements provide for?

Offense Level     Number of Defendants  Sentencing Range           Plea Agreement[1]

16                                     2                                   21-27 months              15 months; $95,000 fine

14                                     1                                   15-21 months               12 months; $75,000 fine

13                                     2                                  12-18 months               12 months; $55,000 fine

11                                     3                                    8-14 months                “at low end”; $40,000 fine

9                                       2                                   4-10 months                “at low end”; $20,000 fine

7                                       1                                    0-6 months                  “within the range”; $9,500 fine

A few examples are warranted.

A husband and wife (the “Abbotts”) fell into offense level 13. The allegations are that they paid a total of $125,000 to have their daughter’s ACT and SAT test scores manipulated. That amount fell into the $95,000 to $150,000 range, which added 8 to the base level of 7, for a total of 15. Because that total (15) was below 16, they received credit of 2 for accepting responsibility. Their plea agreements are recommending to the court that they receive prison sentences of 12 months each, serve 12 months of supervised release, each pay $55,000 in fines, and pay restitution in an amount to be determined.

The actress Felicity Huffmann fell into offense level 9. The allegations are she paid “at least $15,000” to have her daughter’s SAR test scores manipulated. That amount – at least $15,000 – added 4 levels to her offense level (as opposed to adding 2 for $6,5000 to $15,000).

Case 19CR10080

In a separate case, a second superseding indictment filed on April 9, 2019, nineteen defendants have been charged with two counts each: conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349 (as charged in the other indictment) and money laundering conspiracy under 18 USC 1956(h).[2]

Both the original criminal complaint and the second superseding indictment provide some detail on the money laundering “conspiracies”. I put “conspiracies” in quotes because there were no elaborate schemes to hide the origins of the payments, nor to really mask the identities of the recipients of the payments. Very simply, checks were written to a university or college sports department c/o the bribed official, or checks or wire transfers were made to a charitable organization operated by Rick Singer. The Government is alleging, and hopes to prove, that these simple transactions satisfy the elements of money laundering conspiracy. At least the Government will not have to unravel complex financial transactions involving multiple shell companies and payments mechanisms.


Eleven mothers and fathers have entered into plea agreements relating to a federal criminal charge of conspiracy to commit mail and wire fraud; nineteen more have been been charged with conspiracy to commit mail and wire fraud, and money laundering conspiracy. Ten of the eleven that have entered plea agreements have agreed to recommended federal prison sentences of between four and fifteen months; the eleventh has agreed to a recommended sentence of zero to six months. All eleven have agreed to fines ranging from $9,500 to $95,000, as well as restitution (to whom?) in amounts to be determined.

[1] In addition to the recommended sentences and fines, all defendants agreed to 12 months of supervised release and restitution to be set by the court

[2] In both indictments, the Government has brought forfeiture (18 USC 981(a)(1)) and money laundering forfeiture (18 USC 982(a)(1)) charges against the defendants.

Global Money Laundering Estimate – Time for An Update!

This article is an update from the original article published on September 7, 2018 and which is available at:


Many recent reports refer to the total amount of money laundering in the world, with wild and often unsupported estimates. For example, a September 2018 CD Howe research paper titled “Hidden Beneficial Ownership and Control: Canada as a Pawn in the Global Game of Money Laundering” (with the conclusion “with increasing concern about tax evasion, corruption, money laundering, the use of shell companies and offshore legal arrangements, it is time for a central publicly accessible registry to unmask the beneficial owners of corporations and certain trusts.”) found that “official estimates of money laundering in Canada range from $5 billion to $100 billion.” That is quite a range (imagine if a prospective employer offered to pay you between $50,000 and $1 million a year)!  https://www.cdhowe.org/sites/default/files/attachments/research_papers/mixed/Final%20for%20advance%20release%20Commentary_519.pdf

Other reports use statements like “over $1 trillion is laundered globally every year, and less than one per cent is seized.” A recent article posted on LinkedIn confidently stated that “IMF indicates that every year, up to 2 trillion USD is laundered through financial systems globally.” Where do these numbers come from? Are they accurate? Even if they’re not accurate, can they be useful, if used responsibly?

The first question can be answered simply: those numbers/estimates probably come from their authors having read about, but probably not reading, a United Nations Office of Drug Control report (not an IMF report) issued in October 2011 titled “Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes.” The report is available at https://www.unodc.org/documents/data-and-analysis/Studies/Illicit_financial_flows_2011_web.pdf.

As to the second question: are the numbers accurate? The authors of the UNODC report warn in the preface of the report that “the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.” And the various estimates of total criminal proceeds, criminal proceeds available for laundering, and transnational criminal organization proceeds laundered through the financial system, are all given in broad ranges. And the estimate of the amount seized by law enforcement – “less than one per cent” – is both accurate and inaccurate: the report actually provides that “globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen”. So yes, 0.2% is “less than 1%”, but it isn’t an impressive number either way.

As to the third question: even if they’re not accurate, can they be useful, if used responsibly? In my opinion, yes. Whether the amount laundered through the global financial system is $1,000,000,000,000 or $2,000,000,000,000 ($1 trillion or $2 trillion),

The report refers to a number of earlier reports, but four deserve a mention. The first was a paper written by John Walker: “Estimates of the Extent of Money Laundering in and through Australia” (1995). The second was a 1998 IMF report that provided a “consensus range” of the total amount of criminal proceeds as 2% to 5% of global GDP. The third was a paper written by a British academic, Brigette Unger, “The Scale and Impact of Money Laundering”. The fourth was a paper written by the aforesaid Walker and Unger, “Measuring Global Money Laundering: The Walker Gravity Model” (2009). Note that with the 2011 UNODC report, there has been nothing of consequence in almost eight years.

The Preface to the UNODC Report is useful. It provides:

“‘Always follow the money’ has been sound advice in law enforcement and political circles for decades. Nevertheless, tracking the flows of illicit funds generated by drug trafficking and organized crime and analysing the magnitude and the extent to which these are laundered through the world’s financial systems remain daunting tasks … As with all such reports, however, the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.  Prior to this report, perhaps the most widely quoted figure for the extent of money-laundering was the IMF’s ‘consensus range’ of between 2-5 per cent of global GDP, made public in 1998. A study-of-studies, or meta analysis, conducted for this report, suggests that all criminal proceeds are likely to have amounted to some 3.6 per cent of GDP (2.3 – 5.5 per cent) or around US$2.1 trillion in 2009. The resulting best estimate of the amounts available for money-laundering would be within the IMF’s original ‘consensus range’, equivalent to some 2.7 per cent of global GDP (2.1 – 4 per cent) or US$1.6 trillion in 2009. From this figure, money flows related to transnational organized crime activities represent the equivalent of some 1.5 per cent of global GDP, 70 per cent of which would have been available for laundering through the financial system.


Less than 1 per cent of global illicit financial flows are currently seized and frozen. UNODC’s challenge is to work within the UN system and with Member States to help build the capacity to track and prevent money laundering, strengthen the rule of law and prevent these funds from creating further suffering.”

The 2011 report used the global GDP as of 2009. Roughly $60 trillion. The World Bank estimates that global GDP was $81 trillion in 2017. So global GDP has gone up roughly 33%.  So let’s summarize the ranges and amounts from the UNODC Report:

Global Criminal Proceeds – $2.8 trillion

Between 2.3% and 5.5% of Global GDP in 2009, likely 3.6% or $2.1 trillion in 2009 and $2.8 trillion in 2017

Global Criminal Proceeds Available for Money Laundering – $2.1 trillion

Between 2.1% and 4.0% of Global GDP in 2009, likely 2.7% or $1.6 trillion in 2009 and $2.1 trillion in 2017

Transnational Organized Crime (TOC) Proceeds – $1.2 trillion

Roughly 1.5% of Global GDP in 2009 or $870 billion in 2009 and $1.2 trillion in 2017

TOC Proceeds Laundered Through the Financial System – $775 billion

Roughly 70% of TOC proceeds are estimated to be laundered through the financial system – $580 billion in 2009 and $775 billion in 2017

Page 7 of the report provides some detail on the phrase “less than 1 per cent of global illicit financial flows are currently seized and frozen: “The results also suggest that the ‘interception rate’ for anti-money-laundering efforts at the global level remains low. Globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen.”

Proceeds of Crime Laundered Through the Financial System That Are Seized by Law Enforcement – $1.6 billion

What about this now-accepted “consensus range” for the extent of money laundering of between 2% and 5% of global GDP? Page 9 offers an interesting observation on that consensus range: “The data suggest that the best estimates are situated at the lower end of the range. But this is to some extent a question of methodology. If tax- and customs-related money-laundering activities were included in the calculation, results would move towards – and perhaps exceed – the upper end of the ‘consensus range’. On the other hand, if only transnational crime-related proceeds were considered, the available estimates for laundering would fall to levels around 1% of GDP, and thus below the ‘consensus range’.” Note that global GDP is ~$75 trillion.

This is not to say that the report lacks rigor. The authors and contributors did a remarkable, and remarkably detailed, study; the results of which deserve to be used as benchmarks for the ongoing fight against global money laundering. An example of that rigor can be found in the sections that describe the methodologies used, including (at pages 16 and 17), the “dynamic multiple-indicators multiple-causes’ (DYMIMIC) model, which uses two sets of observable variables and links them as a proxy to the unobservable variable (the extent of money-laundering).”

The result? It remains fair to say that one trillion dollars is laundered every year, most of that flows through the global financial system, and less than one-quarter of one per cent of the proceeds of crime laundered via the financial system is seized and frozen. We must do better.

Illegal cannabis grows, shell companies, straw buyers, border searches, beneficial owners … and GTOs?

US v Li et al, CD CA 19-MJ-00867


On March 7th the US Attorney for the Central District of California announced the arrests of three men for running an illegal marijuana grow and distribution operation out of eight homes in San Bernardino County.

This case reads like an ACAMS or ACFCS exam question, with even dollar wires from China, cash purchases of homes by straw buyers, linked shell companies, false leases, even border searches of cell phones (yes, when you enter the United States the Government can not only search your luggage, it can search your cell phone and laptop).

You may be asking yourself – if the homes were purchased with “all cash”, were they covered under FinCEN’s real estate-related Geographic Targeting Orders (GTOs)? The four GTOs require title insurance companies to report all cash purchases by legal entities of residential real estate over $300,000 in certain markets. The original January 2016 GTO affected only Miami and New York (and properties over $1 million in Miami and $3 million in New York). The GTO was renewed and expanded in July 2016 to cover LA County (properties over $2 million), and in November 2018 the GTO was expanded to twelve cities/counties and in all twelve the purchase price was set at $300,000.

Were any of these properties covered by the GTOs? No. San Bernardino County isn’t covered, and all eight properties were originally purchased by individuals. Even if San Bernardino County was covered, the four that were transferred to LLCs were all in amounts below the $2 million threshold and before the threshold was reduced to $300,000 in November 2018.

What if real estate agents had BSA/AML reporting requirements? Would the real estate agents in these deals recognized any red flags? No. One real estate agent handled all eight transactions: he is the lead defendant and set up the straw buyers, shell companies, etc.

The press release included the following quote from United States Attorney Nick Hanna: “In states that have decriminalized marijuana, we have seen an influx of foreign money used to establish grow operations, with much of the marijuana being destined for out-of-state consumers”. But seven of the eight properties used as grow houses were purchased before California passed the November 2016 proposition approving adult-use cannabis, and seven of the eight were set up as grow operations before the adult-use cannabis regime began in January 2018. However, there may be a connection to the adult-use cannabis regime: the first grow operation began in November 2016, then the next six were set up between August and October 2017. It appears that the defendant Li (through his wife) bought a house in September 2016 and immediately converted it to a grow operation (house #3 above). Once that was running, he then took six houses that had been purchased by Chinese nationals between 2013 and 2015, perhaps as investments and as means to get funds out of China and that were sitting empty, and converted them to grow operations.

There is no indication in the criminal complaint – which runs 120 pages – that the named banks identified any of the activity and filed Suspicious Activity Reports. There were certainly red flags aplenty:

  • Newly established LLC account received four incoming wire transfers from a Guangdong, China trading company in a one month period for $199,960.13, $299,960.13, $249,960.13, and $349,960.14;
  • Newly established personal account for a Chinese national on a tourist visa received nine incoming wires in a two week period, all at or just under the $50,000 limit on individual transfers from China and all referencing “tuition” or “education training”. Less than two weeks after the last wire, the account holder wired the funds to a title company and received a “second home” mortgage from the same bank;
  • Newly established personal account for a Chinese national on a temporary visa, opened with a $15 deposit, received two incoming wires from a Chinese company for more than $300,000 each in a five-day period, immediately followed by a $10,000.00 payment to a title company; and
  • A Chinese national with an account in a US bank received four incoming wires from her account at a Hong Kong bank within six days for $120,000.00, $110,000.00, $120,000.00, and $100,000.00 followed two days later by a wire transfer for $445,000.000 to a title company.

A careful review of the LLCs shows that there are common addresses (including mail drops at UPS Stores), and common managers, agents for service of process, and officers. However, all of the activity occurred prior to May 11, 2018, so the beneficial ownership rule was not yet in force.

#cannabisgrows #beneficialowner #strawbuyer #shellcompany

(Note: as of March 14 the case is not available on PACER)


Lessons Learned as a BSA Officer – 1998 to 2018: Presentation to SoCal ACAMS Chapter, March 8, 2019

Lessons Learned as a BSA Officer – 1998 to 2018

“I didn’t say it was your fault, I said I was blaming you” – Winston Churchill

Topics Covered

  1. All the Cooks in the AML Kitchen aka Stakeholders
  2. All the Resources Available to You
  3. The 5 Dimensions of Risk – Up, Down, Across, Out, and Within
  4. FinTech versus Humans
  5. The 7 Cs – What Makes a Good Analyst/Investigator
  6. Tall, Dark and Handsome – Words and Punctuation Matter!
  7. SMEs v SMEs – Subject Matter Experts vs Subject Matter Enthusiasts
  8. Is Transaction Monitoring a Thing of the Past?
  9. The Importance of Courage
  10. Takeaways

All the Cooks in the AML Kitchen – There are more stakeholders than you realize …

To most risk professional, stakeholders are shareholders, directors and senior management, and perhaps regulators. But there are many more than that, and they all have different perspectives, even competing interests, when it comes to how you do your job as a risk professional:

  • Shareholders and Directors
  • Team Members – or employees … as opposed to … Team Mates – those who report to you, who you report to. Where you sit in an organization has a big influence on how you see the organization and your job.
  • Senior Management – however that is defined in your organization, this is the “Top” from where the “Tone” comes from in “Tone from the Top”
  • Middle Management – again, however this is defined in your organization, this is where a lot of tone deaf people reside. A G30 report from a few years ago on financial institutions and risk management referred to middle management as “the Blocking Middle”. We’ve all seen that.
  • Regulators – those you interact with, and who interact with you. I call those “your regulators”, which is different from the Regulators – the people in DC setting policy
  • The Media and Social Media (two very different stakeholders)
  • Physical communities where you operate, and online and virtual communities
  • Your trade associations (such as ACAMS)
  • Customers and Clients
  • Politicians – local, state, federal
  • Law enforcement and Prosecutors – local, state, federal
  • Family, friends … and Yourself

These stakeholders all have their own interests and perspectives. You can balance different perspectives, but you need to juggle competing interests, and even choose one or more stakeholders over others. Good risk management brings these views together as different perspectives, and balances the interests of stakeholders: bad risk management treats them as competing interests, and ignores the interests of stakeholders.

Ask yourself in each situation … which stakeholders’ interests are you preferring over others? How are you communicating with those stakeholders? But realizing you’ve got 20 or more “Cooks in the Kitchen” is helpful as you think about decisions you need to make.

Resources – The classic question: “do you have enough resources to do your job?”

In answering that question, most people start with the number of people they have. In fact, that might be the LAST thing to consider when it comes to all the things that you actually have available to you. The resources you actually have available to you, in order of importance, are:

  1. Relationships – both internal (evidenced by your stature, authority, and independence in the organization, access to senior management and the board, access to junior management in the businesses) and external (with your regulators and law enforcement). A key aspect of relationships is trust – do your regulators trust you? Does senior management trust your judgment when you stop a new business initiative, or do they fight you every step of the way?  Relationships are the critical resource you have, or don’t have. Which takes you to the second most important resource …
  2. Data – does your institution have the necessary customer and transactional and other data necessary for you to run your program? If so …
  3. Technology – does your institution have the ability to keep that data current, and to get it to you? If so …
  4. Tools – do you and your teams have the right tools to use that data? By the way, this is where machine learning and AI come in … without good relationships, great data, and better technology, investing in ML and AI is like buying a high speed train without having the tracks to run it on.
  5. Policies and Procedures – Policies tell what needs to be done, and by whom; procedures tell how it gets done, and by whom. Avoid policedures. And remember the “Dress Appropriately” concept …
  6. Time – time is, arguably, your greatest resource. If you’ve ever had to remediate a program under tight audit or regulatory time constraints, you know what I mean. And this leads us to the last resource you have available to you …
  7. People – the number of people is the LAST consideration you should have when it comes to people. Your first concerns are: (1) are they well led? (2) are they well placed in the organization? (3) are they well “fed” (compensation, benefits, opportunities)? And 4th and finally … Do you have enough of them?

Although People are the last resource to consider, they are your most precious resource!

Managing the Five Dimensions – Our professional lives are all about trying to balance five dimensions

  1. Managing UP – to your boss, senior management, the board
  2. Managing ACROSS – to your peers within your organization, as well as peers across the company
  3. Managing OUT – to your industry peers, trade associations, regulators, prosecutors, media, law enforcement
  4. Managing DOWN – managing your team … but this is more about LEADING your team … and not just your direct reports, but your entire team
  5. Managing WITHIN – managing yourself, your family and personal obligations

So consider all five dimensions, and ask yourself the following questions:

  • Which direction am I best at managing? Why?
  • Which direction am I worst at managing? Why?
  • Which direction do I like the best? Why?
  • Which direction(s) do I dread the most? Why?
  • Which direction(s) do I avoid dealing with? Why?

You’ll probably never be in balance … so find and embrace your equilibrium.

FinTech vs Humans – “A computer lets you make more mistakes faster than any inventions in human history – with the possible exceptions of handguns and tequila.” Mitch Radcliffe (1998)

  • Machine Learning has its place in financial crimes, and has had a place in financial crimes since at least 2010: it’s just that the hype and marketing around it is hitting the mainstream.
  • Artificial Intelligence? I’m not convinced we are there yet. I’ve written on this: see www.regtechconsulting.net/news. In one article I quote Mat Velloso, who tweeted: “If it’s written in Python, it’s probably machine learning: if it’s written in PowerPoint, it’s probably artificial intelligence.”
  • And unless and until FinTech can bring intuition, empathy, judgment, common sense, and courage into the financial crimes environment, us humans will always have the most important role and machines will remain tools, not solutions.

There are no technology solutions. Only tools. Humans behaving well, and with good technology and better data, provide solutions.

What about those humans?

The Seven Cs – What makes a great analyst/investigator

  1. Capable – in anything. It doesn’t have to be financial services. Military veterans are great examples of people that can make great analysts without any financial services background because they are invariably capable people.
  2. Computer Savvy – Yep, it goes without saying. And I’m not talking about “I know how to use Excel” savvy: I’m talking about two computers, three screens, and typing faster than you talk. We all know those people …
  3. Curious – this is one of the big qualities. As I’ve said, I’ve directly or indirectly hired thousands of AML analysts over the years … and was one myself. If there is any attribute that separates a good analyst from a great analyst it is an insatiable curiosity to learn more, turn one more corner, to think differently about a problem.
  4. Creative – this is the trait that allows an analyst to think about what is not in the data that should be, to realize that it is not what is in the case that makes it suspicious, but what is not in the case that should be there that makes it suspicious …
  5. Cynical – you have to be a little cynical to be a great AML analyst. As I mentioned above, where bankers see every new customer as a GREAT customer, only possibly a nuisance, and certainly not a problem, every good AML analyst sees every customer as CERTAINLY a problem, clearly a nuisance … and only possibly a great customer. But that cynicism needs to be balanced by …
  6. Compassionate – You need to be compassionate and caring to take the time to understand different cultures and religions (when banks are open in a country will impact fund flow patterns), how and why different migrant communities live and work (and remit money home to family), what the word “hawala” means, naming conventions from different cultures, etc. And I want analysts who care for their teammates, and have compassion for those that aren’t as fortunate. And last and foremost:
  7. Courageous

An analyst/investigator needs to have all 7 attributes in order to look for, find, and explain (1) what is there that should be there, (2) what is there that shouldn’t be there, (2) what is not there that should not be there, and (4) what is not there that should be there.

Tall, Dark, and Handsome – Words (especially adjectives and adverbs) and punctuation matter!

  1. Write simply and clearly

“We know all too well that drugs are killing record numbers of Americans – and almost all of them come from overseas.”          Former AG Jeff Sessions, August 2018 speech

This is a good example of a poorly written sentence that is begging for clarity. The phrase “almost all” means very little: at least 51% and less than 100%. Second, do “almost all” drugs come from overseas, or do almost all Americans come from overseas? And finally, Mexico is the source country for 90% – 94% of heroin entering the US, and the final transit country for 90% of the cocaine entering the US. Mexico isn’t actually overseas from the US.

  1. Use Adjectives and Adverbs Sparingly, if at all

Most modifiers are unnecessary. Whether necessary or not, as a risk professional you should be very aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

  1. Watch out for Red Flag Words and Phrases

Intended, Primarily, Pilot, Agile Development, shall versus may, Artificial Intelligence, Machine Learning

SMEs vs SMEs – Subject Matter Experts versus Subject Matter Enthusiasts

The Subject Matter Expert is just that. She has:

  1. talent and training,
  2. subject matter knowledge,
  3. environmental knowledge, and
  4. years of experience (and not just one year of experience many times over, but many years of experience).

The true Expert doesn’t see herself as an expert, will rarely call herself an expert, probably doesn’t see herself as an expert, but she possesses those traits, or enough of them, to truly be, and be seen as, a Subject Matter Expert.

The Subject Matter Enthusiast, on the other hand, often:

  1. calls himself an Expert when he isn’t, or
  2. thinks of himself as possessing enough of as many of the traits needed to pass himself off as an Expert.

The Enthusiast overcomes his lack of true expertise with just enough confidence, hubris, and (frankly) enthusiasm to move a project ahead or design a monitoring system just long enough to allow auditors, regulators, and prosecutors to catch up … and then for the true experts to bail him (and the project or monitoring system) out.

What’s the trick? Understanding where your expertise ends and your enthusiasm begins … understanding who are the experts and who are the enthusiasts, having the right blend of experts and enthusiasts … and taking the best of both, bringing them together, and building a highly effective team.

Is Transaction Monitoring a Thing of the Past? – Customer and Counter-Party Interaction Surveillance is the way of the future

Last year I posted on my website the “AML Scenario Builder” I first put together almost 20 years ago. It still applies today. It includes the eight essential data elements needed to do customer risk assessments and to build a relationship-based interaction monitoring and surveillance system:

  1. Customers/Clients/Others … with or without
  2. Products and Services … doing
  3. Interactions and Transactions … through
  4. Delivery Channels … at
  5. Locations/Geographies … sometimes involving
  6. Amounts … while considering
  7. External Factors … and
  8. Internal History

Twenty years ago we had moved away from Transaction Monitoring. Now, in full disclosure we kept a TM system running, and it spit out alerts that we had to deal with. But it was our least efficient, least effective, and one of the smallest sources of alerts we had at all banks I worked at. If TM hasn’t been dead for 20 years, it’s been on life support.

The Importance of Courage – “Courage is the single attribute upon which all other attributes depend” – Winston Churchill

After the September 2001 terrorist attacks, the 9/11 Commission was set up to look at what happened, and why. In its final report issued in 2004, they concluded that the US government’s failures could be grouped into four major categories: failure of policy, failure of capabilities, failure of management, and failure of imagination. And they concluded that the “most important failure” was a lack of imagination.

I believe that all four of those failures – of policy, of capabilities, of management, and of imagination – have one thing in common. A failure of courage.

What do I mean by courage?

  • Courage to speak freely – but respectfully and fairly
  • Courage to walk away when your principles are compromised
  • Courage to change
  • Courage to listen
  • Courage to compromise


  1. Be aware of all of your stakeholders … particularly your friends and family
  2. Recognize all the resources you have available to you … particularly your people
  3. Appreciate all the directions you’re being pulled in … and try to find an equilibrium that works for you
  4. Technology is important … but people are crucial
  5. Look past CVs and focus on whether someone is compassionate, curious, creative, and courageous
  6. Write carefully … and listen more carefully
  7. Identify and embrace the best of your experts and enthusiasts
  8. Be courageous

Grave Danger, Critical Habitats, and Oxford Commas – Words and Punctuation Matter!

Words and punctuation matter! Be precise in, and be careful with, the words you speak and write, and the words you’re hearing and reading.  There is much attention being placed on machine learning and artificial intelligence, both of which require computer coding that is precise. We must have the same attention paid to precise language and precise punctuation. Let me give you a few examples.

In the First Circuit Court of Appeals case of O’Connor et al v Oakhurst Dairy et al, 1st Cir. CA 16CV1901 (March 13, 2017), the Court wrote a 29-page decision on whether “packing for shipment or distribution” meant “packing for shipment” and the separate activity of “distribution”.  The drivers of a Portland, Maine dairy company, Oakhurst Dairy, were suing to recover $10 million in overtime pay. They argued that driving, or distribution, was not covered by a Maine law that sought to exempt certain activity in the perishable foods industries from overtime pay. That law required overtime pay except for “the canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of” certain products, including dairy products. The drivers argued that “packaging for shipment or distribution” didn’t include “distribution”. The Court of Appeals agreed and remanded the case back for a determination of the amount of overtime owed. In February 2019 the parties settled on $5 million.

The Oakhurst Dairy case is also known as the “Oxford Comma” case because it deals with a punctuation style for serial lists of like items that is espoused by the Oxford University Press (apparently with strong opposition from the Associated Press). The decision, which is 29 pages long and begins with “[F]or want of a comma, we have this case”, includes an interesting footnote on page 16. There, the Court notes that Maine’s Legislative Drafting Manual provides “when drafting Maine law or rules, don’t use a comma between the penultimate and the last item of a series.” So the law as written followed Maine’s drafting style. But the Court noted that Maine is one of only seven states to conform to that style, and both the House and Senate follow the “Oxford comma” style (both the House and Senate have an Office of Legislative Counsel and Manual on Drafting Style and Legislative Drafting Manual, respectively.

Both words and punctuation were found lacking in a section of a speech given by former US Attorney General, Jefferson Beauregard Sessions in August 2018:

“We know all too well that drugs are killing record numbers of Americans – and almost all of them come from overseas.”

This is a good example of a poorly written sentence that is begging for clarity. The phrase “almost all” means very little: at least 51% and less than 100%. Second, do “almost all” drugs come from overseas, or do almost all Americans come from overseas? And finally, Mexico is the source country for 90% – 94% of heroin entering the US, and the final transit country for 90% of the cocaine entering the US. I checked on a map, and Mexico isn’t actually overseas from the US. (any more than Canada was the first overseas country visited by First Lady Melania Trump).

In addition to punctuation and grammar, pay attention to modifiers – adjectives and adverbs.  In Weyerhaeuser v. US Fish & Wildlife Service, (USSC 17-71, slip opinion November 27, 2018), the US Supreme Court had the occasion to discuss adjectives at some length as they decided whether the phrase “critical habitat” required any habitability. In a unanimous opinion written by Chief Justice Roberts, the Court wrote (at page 8): “Our analysis starts with the phrase “critical habitat.” According to the ordinary understanding of how adjectives work, ‘critical habitat’ must also be ‘habitat.’ Adjectives modify nouns—they pick out a subset of a category that possesses a certain quality. It follows that ‘critical habitat’ is the subset of ‘habitat’ that is ‘critical’ to the conservation of an endangered species.” See https://www.supremecourt.gov/opinions/18pdf/17-71_omjp.pdf accessed December 6, 2018.

This case reminded me of advice I received as a young barrister in Canada in the late 1980s. My mentor – a Queen’s Counsel who later became a judge – taught me to always pay attention to modifiers: adjectives and adverbs. Remember the movie “A Few Good Men” starring Tom Cruise and Jack Nicholson? Colonel Jessup (Jack Nicholson) was on the witness stand being cross-examined by Lieutenant McCaffrey (Tom Cruise). Lieutenant McCaffrey asked “were the men in danger? Grave danger?” And Colonel Jessup replied in “is there any other kind?”  A great line! Most modifiers are unnecessary, and many are redundant (e.g., end result, first began, twelve noon, and revert back). Whether necessary or not, when writing in a business setting you should be very aware of both your use of adjectives and adverbs, and when reading others’ use of adjectives and adverbs. When confronted with any modifier, ask yourself (i) why is that modifier being used? (ii) is it being used correctly? (iii) does it change the meaning of the sentence in a way that is unintended? (iv) is it being used consistently with other modifiers? And (v) could it limit or prevent us in the future?

Another example of the importance of clear language recently came from an interagency joint statement on “Innovative Efforts to Combat Money Laundering and Terrorist Financing” (December 3, 2018) (see https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-130a.pdf). In that statement, the four banking regulatory agencies and FinCEN wrote, in part:

“… pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program. For example, when banks test or implement artificial intelligence-based transaction monitoring systems and identify suspicious activity that would not otherwise have been identified under existing processes, the Agencies will not automatically assume that the banks’ existing processes are deficient. In these instances, the Agencies will assess the adequacy of banks’ existing suspicious activity monitoring processes independent of the results of the pilot program. Further, the implementation of innovative approaches in banks’ BSA/AML compliance programs will not result in additional regulatory expectations.”

The modifiers “necessarily” and “automatically” are important: the agencies did not write that “pilot programs that expose gaps in a BSA/AML compliance program will not result in supervisory action with respect to that program” or “the Agencies will not assume that the banks’ existing processes are deficient”. They left the door (wide) open for taking regulatory action against institutions where innovative pilot programs reveal gaps in their existing anti-money laundering programs.

In addition to punctuation and modifiers, also be careful when using or reading some common words and phrases that are “red flags” for compliance and risk management professionals. Two examples are:

  • Intended, as in “this product is intended to be sold only to medium-sized businesses”. When read critically, this phrase also means “although this product is intended to be sold only to medium-sized businesses, there are no controls stopping us from selling it to whatever customer class we want …”. Intent is only that: intent.
  • Primarily, as in “this product is primarily sold to mid-size businesses”. With “primarily” comes “secondarily”: “this product is primarily sold to mid-size businesses, but we’re also selling it to whoever will buy it.”

And make sure you understand words and phrases that are now commonly used but may not be commonly understood. Examples include “machine learning” and “artificial intelligence” – honestly now, do you really know what those things mean? And then there’s vague words such as “implement” (which I see all the time in Action Plans), “solution” (most solutions are simply tools), “agile development” (caution – that can mean lack of testing), and my favorite: “paradigm shift”.

It is important to be aware of how you and others use punctuation, adjectives, and adverbs. If not, your career could be in danger. Grave danger.

Public-Private Partnerships: Financial Crime Specialist Jim Richards Discusses Effective and Efficient Information Sharing under the USA PATRIOT Act

Thanks to my friend and financial crimes colleague Gina (Scialabba) Jurva of the Thomson Reuters Legal Executive Institute for the article. We did the interview and article back in November 2018 and it was recently published on LEI’s website. It’a available at:


The text of the article is reproduced below:

With an average of 55,000 new financial institution filings each day — known as Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) — the Financial Crimes Enforcement Network, (FinCEN) is busy. FinCEN, a bureau within the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence (TFI), is the arm of our government charged with safeguarding the financial system from illicit use, combating money laundering, and promoting national security.

Those CTRs and SARs are filed by individual institutions acting alone and, for the most part, are the result of each institution monitoring its own customers’ cash and other transactions and reporting large cash transactions and suspicious transactions. But since the passage of the USA PATRIOT Act, a law enacted in response to the 9/11 terrorist attacks, there have been provisions to allow for the sharing of information between the government and financial institutions, and amongst financial institutions. These provisions – contained in section 314(a) and 314(b) of Patriot Act, authorize FinCEN to share law enforcement and regulatory information with financial institutions (FIs) on individuals, entities, and organizations reasonably suspected of engaging in terrorist financing or money laundering activities, and vice versa.

“The notion of information sharing was there before the PATRIOT Act, but no one had an appetite for it without any statutory protections,” said Jim Richards, Founder of RegTech Consulting, and former Bank Secrecy Act (BSA) Officer and Global Head of Financial Crimes at Well Fargo & Co.

Richards says this is an incredibly powerful tool that has been on the books for more than 15 years; and, when used properly, has provided valuable data to disrupt money laundering and terrorist financing. But, as with anything, Richards believes there are some improvements to be made. “There are ways we can utilize these tools to be more efficient and more effective for banks and law enforcement,” he said, adding that this includes combining parts of the law together in a smarter way.

Section 314 (a) and 314 (b): What’s the Difference?

But first, a crash course on sections 314(a) and 314(b).

  • Section 314(a): Mandatory Information Sharing between Law Enforcement and Financial Institutions — This subsection deals specifically with information sharing between law enforcement via FinCEN and FIs. Law enforcement agencies investigating a crime related to terrorism or money laundering, via a FinCEN request, can ask FIs to search their records to determine whether they maintain or had maintained accounts for, or engaged in transactions with, any “individuals, entities, and organizations reasonably suspected of engaging in terrorist acts or money laundering activities.” Essentially, FinCEN is the gatekeeper for all information requests.
  • Section 314(b): Voluntary Information Sharing Between FIs — Here, two or more FIs and any association of financial institutions (emphasis added, don’t worry, we will get back to that), may share information with one another “regarding individuals, entities, organizations, and countries suspected of possible terrorist or money laundering activities.” Simply put, this is an information-sharing mechanism to help disrupt financial fraud crimes by and among those FIs that elect to participate.

Keep in mind, Section 314(b) is a voluntary information-sharing tool; FIs are not required to register with FinCEN, nor share information.

Section 314(a) activities, however, are mandatory, and FIs must comply with FinCEN information requests. These information requests are limited in scope to terrorism activities (see 18 U.S.C. 2331) and money-laundering activity (see 18 U.S.C. 1956).

Powerful stuff, right? “Before the PATRIOT Act, we couldn’t do that,” Richards notes. Powerful, but not without its share of controversy.

Breaking Down a Section 314(b) Request

Let’s say Bank A and Bank B are registered with FinCEN under Section 314(b). Bank A is investigating an account owned by Jim for the purposes of filing a SAR. If Bank A sees that Jim has been sending money to Gina at Bank B, Bank A can request that Bank B provide transaction information.

Then Bank B can respond with “we aren’t telling you anything” or can say, “Gina has banked with us for 20 years, she owned a flower shop. We saw these transactions and have no concerns.”

The problem, Richards notes, is that because Section 314(b) information-sharing is not mandatory, it also creates more roadblocks. “If you have a certain time in which to file a SAR, and Bank B isn’t getting back to you, what do you do?” he said. “It creates a level of complexity that not many FIs want to deal with. Also, regulators are reluctant to criticize an FI for not participating in a voluntary program but can criticize a participating FI for any failures in doing so, so many FIs simply decide to save themselves from regulatory issues by not participating in an otherwise valuable program.”

Combining Sections 314(a) and 314(b): A New Approach to the PATRIOT Act

In Congressional testimony earlier this year, a witness testified that “of the roughly one million SARs filed annually by depository institutions (banks and credit unions), approximately half are filed by only four banks.” What if FinCEN and these four largest financial institutions worked together to share information? And what if they did that with tools already in the anti-money laundering (AML) toolbox?

Here’s how. Remember the language we emphasized above in Section 314(b)? Financial institutions and any association of financial institutions? An “association” can be a tremendously powerful tool when coupled with Section 314(a). Richards describes a scenario where these largest FIs get together to form an information sharing association under 314(b), which not only allows them to share certain information but provides legal protections when doing so, and then the association can work proactively with FinCEN and law enforcement to receive and send names of known targets under 314(a).

“I see this as the wave of the future,” Richards explained. “Otherwise, each individual FI is limited in what it can see and more importantly, what it can understand.” More importantly, he said, it allows FinCEN and FIs to take existing tools and use them “in a more efficient way to solve big problems like human trafficking, contraband smuggling, the opioid crisis, the fentanyl crisis, and other societal problems.”

“Information sharing associations shouldn’t be limited to the biggest FIs, although Greg Baer’s testimony about the largest four FIs, out of about 12,000 in the US, filing 60% of SARs illustrates how powerful such an association could be,” Richards noted. “This association approach, even with smaller institutions, allows law enforcement to target the worst offenders and allow those FIs to better identify those targets and share information between themselves and with the government. “I think it is really positive,” he added, “but it will only work if the regulatory agencies are fully on board and encourage FIs to participate. If there is no regulatory upside for financial institutions, even the best-intentioned of them will think twice before participating in what is otherwise the right thing to do for our communities and country.”

There Are No Drug Cartels in California, and 97% of WA Cannabis Businesses Have Checking Accounts … What We Learned in the House Hearing on Cannabis & Banking – Updated

The House Financial Services Committee’s Subcommittee on Consumer Protection and Financial Institutions held a hearing on February 13, 2019 titled “Challenges and Solutions: Access to Banking Services for Cannabis-Related Businesses”.

There were two panels of witnesses. The first panel was the Honorable Ed Perlmutter, Member of Congress (D. CO), the primary sponsor of the SAFE Banking Act of 2019. He testified passionately and with purpose on his many-years’ of effort to reform marijuana/cannabis laws, up to the just-introduced SAFE Banking Act of 2019. The second panel was made up of:

The video of the hearing – available at https://www.youtube.com/watch?time_continue=1547&v=kW7fWM04Uyc ran for a total of 4 hours and 50 minutes, less 26 minutes at the beginning when the hearing was slightly delayed and a one hour and twenty-three minute recess at the 1 hour 40 minute mark (all of this – and the time tags to follow – are for the benefit of those that may choose to watch the video of the hearing!).

First, some highlights of the written testimony of the witnesses.

California Treasurer Ma’s testimony included the following:

“The well understood Cole Memorandum offered some sense of comfort to those financial institutions skilled enough to properly know their customer, apply appropriate due diligence to the business activities of those customers, and to safeguard their banks as well as the nation’s payment system from known bad actors who violated the eight basic tenets set forth in that Memo. Unfortunately, the Cole Memorandum has been rescinded and now these financial institutions are left without even the most basic safe harbor mechanisms to guide their business decisions.”

I’d point out that this statement isn’t quite accurate. The poorly understood (in my opinion) Cole Memoranda (there were three of them) offered no sense of comfort to financial institutions, skilled or otherwise, didn’t provide a safe harbor, and remains part of the FinCEN Guidance. This was all corrected by the (excellent) written testimony of Ms. Pross:

“The compliance framework Maps utilizes to serve canna-businesses is based on the U.S. Department of the Treasury’s Financial Crimes Enforcement Network BSA Expectations Regarding Marijuana-Related Businesses (“FinCEN Guidance”). Though the February 2014 Cole Memorandum from the Department of Justice (“Cole Memo”) was rescinded in January of 2018 by Attorney General Sessions, the guidelines of the Cole Memo remain in place as part of the FinCEN Guidance.”

Ms. Pross also testified (@3:06:20) that “the FinCEN Guidance is not a safe harbor.” This is an accurate statement. And Mr. Deckard, representing the Independent Community Bankers Association, had this to say about the FinCEN Guidance:

“FinCEN Guidance (described below) does provide some assurances that a bank is complying with anti-money laundering rules if it follows the agency’s heightened SAR guidelines. However, without a statutory safe harbor, bankers rationally fear that the politics could shift against cannabis in an instant. It is telling that banks that choose to serve cannabis-related businesses are required to have an exit plan to unwind their loans, a requirement that does not exist for any other category of lending”.

The “all cash” aspects of cannabis related businesses was a central theme of the hearing. In his written testimony, Major Franklin wrote:

“Current conditions, which require all-cash transactions in every aspect of the business encourage tax fraud, add expensive monitoring and bookkeeping expenses, and – most importantly – leave legitimate businesses vulnerable to theft, robbery, and the violence that accompany those crimes.”

It may be that current conditions require all-cash transactions, but there are dozens (more than fifty have been identified by myself and others) payment providers, Point-of-Sale system providers, credit and debit card and merchant services providers that have developed end-runs around the merchant identification code requirements, card network rules, etc., in order to allow – albeit improperly – consumers to swipe or insert their AmEx, Visa, Mastercard, and Discover branded cards at cannabis dispensaries and retailers. Almost every cannabis store you will walk into accepts some sort of electronic payment – either in a closed-loop system, masked as an ATM withdrawal, masked as a cryptocurrency purchase, or using a false or deceptive Merchant Identification Code to get around the issuing banks’ controls and the network rules. Ms. Pross’s written testimony touched on this issue:

“Cannabis businesses are frequently bombarded with proposals for payment “solutions” that are unregulated (and therefore not subject to Bank Secrecy Act compliance), and their “solutions” are often very clearly a form of money laundering. We have heard of proposals involving everything from cryptocurrency to cashless “chit” mechanisms to the use of prepaid gift cards—none of which would provide the Federal government any valuable information on cannabis-related financial activity or the movement of cannabis within the United States.”

One thing that re- or de-scheduling of cannabis and cannabis-related banking reforms could accomplish is to get these unregulated and sometimes less-than-transparent businesses out of the cannabis banking environment completely. That would be a positive for everyone (except those providers of end-run, head-fake payments services).

Ms. Pross, representing the Credit Union National Association, also included quite a lot of detailed information on her credit union’s cannabis program. Her written testimony included the following:

“our organization has come to provide banking services to five hundred Oregon sanctioned cannabis businesses. That makes the cannabis banking program at Maps one of the largest in the United States … In 2017 and 2018 alone, Maps received well over $529 million in cash deposits from cannabis businesses …”.

There are roughly 250 business days in a year, so over 500 business days, Maps received, on average, over $1 million in cannabis-related cash deposits from some or all of its 500 cannabis related business members (credit unions don’t have “customers”, they have “members”). That is a lot of cash for a 250 employee, 10-branch credit union in Salem, Oregon. As Ms. Pross correctly pointed out, that is $529 million that was taken off the street and entered the banking system: she and her colleagues at Maps Credit Union should be commended for that.

Ms. Pross continued:

“To put some numbers around this compliance program, Maps filed over 13,500 individual reports related to cannabis business accounts in 2017 and 2018 alone. For more context around those numbers, Maps has filed 2,770 Suspicious Activity Reports since January 1, 2017, and 90.2% of those SARs were directly due to our filing obligations for cannabis businesses.”

Based on this, and her testimony at 4:21:05, in two years Maps Credit Union filed 11,000 CTRs over approximately 500 business days, or an average of 22 CTRs per day on an average of $1 million in cannabis-related cash deposits (not all of which would have hit the $10,000.01 threshold for filing a CTR).

But the SAR testimony is more interesting. Although Ms. Pross verbally testified that “in the past two years we’ve filed nearly 3,000 marijuana-related SARs to FinCEN” and that of the 3,000, “90% related to cannabis businesses” (4:21:05), the written testimony may be more accurate. There, 90.2% of 2,770 is 2,500 SARs. The FinCEN Guidance requires banks and credit unions to file a Marijuana-related SAR every 90 days. So, if Maps has 500 CRB customers – and assuming that they had 500 CRB customers through the course of those two years, that would mean that they should have filed 500 SARs every 90 days, or 4,000 SARs in 2017-2018. They filed 2,500. Ms. Pross may need to provide some detail on the number of CRB customers it had through 2017 and 2018: simply based on this written testimony and the statement that they had 500 CRB customers, the math doesn’t seem to work.

Update – Ms. Pross did provide an update on February 14th. She wrote: “To clarify the SAR numbers, this is a growing program, so we have not had 500 cannabis business accounts for the past two years.  In fact, as of January 2017, we had 133 such accounts.  Also, it’s important to note that SAR filing requirements are effectively a 120-day reporting timeframe.  There is 90 days of activity to report and an additional 30 days to file the SAR.  While a financial institution may still report at the 91 day mark, we have an additional 30 days past the reporting timeframe to utilize as necessary.  Thanks again!”

Shifting gears, a number of the Republican Congressmen (notably Mr. Luetkmeyer (R. MO), Mr. McHenry (R. NC) and Mr. Posey (R. FL)) brought up Operation Choke Point and what they saw as an oddity that bank regulators were discouraging banks from banking certain federally legal businesses (the Choke Point issue) yet in this case there is an encouragement (through the proposed SAFE Banking Act) to bank federally illegal businesses. Mr. Deckard’s written testimony referenced Operation Choke Point. Mr. Deckard wrote:

“The memories of Operation Choke Point are still fresh. Even legal, legitimate, long-established businesses were, and unfortunately remain, subject to examiner coercion, both subtle and direct. ICBA [Independent Community Bankers Association] appreciates the ongoing work of Ranking Member Luetkemeyer and others on this committee to being an end to Operation Choke Point, just as we now seek your help in creating a safe harbor for legal cannabis businesses.”

Mr. Luetkemeyer had this interesting comment (32:42) that summarized his thinking and what appears to be lack of support for the SAFE Banking Act: “Until we modernize the BSA and anti-money laundering regulations, it would be irresponsible to open up our financial institutions to another major challenge.”

There was an interesting exchange between Mr. Tipton (R. CO) and California Treasurer Ma (3:24 – 3:27) aroudn cannabis and organized crime. Mr. Tipton stated that drug cartels can gain access to legitimate marijuana businesses, and that in Colorado, organized crime cases had tripled in the five years since legalization.[1] Treasurer Ma answered as follows (3:27:10): “The cartels actually don’t come to California anymore because of Proposition 215 [1996] and because of Proposition 64 [2016] that passed, so the legislation in our State has actually made it safer.”

Leaving aside whether the California cannabis-related legislation has actually made California safer, I don’t believe the statement “the cartels actually don’t come to California anymore”, whether because of the 1996 and 2016 propositions or not, is an appropriate statement to make. I trust that Treasurer Ma will formally retract that statement – unless, of course, it is true that drug cartels no longer come to California.

Update: On February 11, 2019 the Governor of California announced that he was pulling California’s National Guard troops from the southwest border. To effect that he issued General Order 2019-01, which among other things “authorizes up to 100 service members with critical skills to that the California National Guard can focus vital and exclusive support on combating transnational criminal organizations …”. In his state-of-the-state speech that same day, the Governor stated that he was redeploying troops to northern California “to go after illegal cannabis farms, many of which are run by cartels …”. 

Miss Porter (D. CA) asked Treasurer Ma about California’s cannabis-related tax revenue, and whether the banks that accept that revenue should also be required to provide banking services to cannabis-related businesses. Treasurer Ma replied (4:04:30) that California does business with eight banks, and “marijuana tax proceeds go into one national bank.” I was waiting to hear which national bank that was, but she neither volunteered the information nor was she asked.

For those interested, Representative Alexandria Ocasio-Cortez (D. NY) is a member of the Subcommittee and had her five minutes of time (beginning at 4:11:58). Her commentary and questions focused on what she described as the “racial wealth gap”.

Overall, I thought the introduction of the proposed SAFE Banking Act of 2019, the written testimony, and the thoughtful and respectful questions and answers, all advanced the dialogue on moving forward with responsible legislation to address the state/federal cannabis issues. As I have written many times, and most recently on January 17, 2019 (www.regtechconsulting.net/news):

“Unless and until the financial services industry gets clear, unequivocal, consistent, written laws, regulations, and guidance from Congress, Treasury, and Justice to provide banking services to marijuana-related businesses, it will and should do what it is currently doing – balancing the undue risks against the insufficient rewards – and continue to stand on the sidelines while our communities, veterans, patients, doctors, caregivers, and others suffer.”

[1] Mr. Tipton referenced a Denver Post article that referred to a Colorado government report from October 2018. That report from the Colorado Division of Criminal Justice, found that the number of court filings charged with the Colorado Organized Crime Control Act that were linked to one or more cannabis charges had gone from 31 in 2012 to 119 in 2017. Lost in the headline, though, is that the number of COCCA charges linked to marijuana dropped in 2013 to 15, and dropped again to 1 in 2014 before increasing to 40 in 2015, 81 in 2016, and 119 in 2017.

Regulatory Lag & Drag – Are There FinTech Solutions?

The RegTech, SupTech, and FinTech communities are focused on developing new technologies to speed up, simplify, and streamline financial institutions’ ability to implement new rules, regulations, and regulatory guidance. But there are two other stages of the regulatory life cycle that may be longer and more problematic for financial institutions than implementing new regulations: these are the time it takes for new regulations to be written and published (“Regulatory Lag”), and the time it takes to enforce those regulations (“Regulatory Drag”).

Time to Regulate – or “Regulatory Lag”.

This lag occurs where a new risk emerges, or a new product is introduced, or an existing product is used in new ways. There is always a lag between that new risk or product and the resulting legislative and/or regulatory response. In the meantime, institutions have to begin addressing the new risks when they first emerge – they can’t wait for new rules, regulatory guidance, and regulations to begin the multi-year people, process, and technology changes necessary to address the requirements of the regulation. Those early, pre-rule and pre-regulation efforts at building controls to address new risks can be expensive, and institutions run the risk of missing the mark and having to re-do much of what they’ve built. The best example of regulatory lag in the AML space is 9/11, which saw legislation passed in 45 days (October 2001), regulations published two years later (2003), and regulatory guidance in the form of the BSA Exam Manual two years after that (2005). Although it was only 45 days that financial institutions knew about the new information sharing provisions in section 314 of the USA PATRIOT Act, it was almost another four years before financial institutions knew how their regulators would examine their compliance with those information sharing provisions. It was this “regulatory lag” that led to my written statement (in December 2006) that “we’ll be judged tomorrow on what we’re building today, based on regulations that haven’t yet been written and best practices that haven’t been shared.”

Time to Enforce – or “Regulatory Drag”

Public enforcement actions (and prosecutions) drive a lot of compliance-related behavior in financial services. Yet there are multi-year delays between when the impugned behavior occurred and when a public enforcement action (and/or prosecution) makes them known to the industry. FinCEN’s December 2014 action against MoneyGram’s former BSA Officer is a good example: that action was made public in December 2014, and alleged violations of the Bank Secrecy Act that occurred from 2003 through May 2008, or more than 6 ½ years from the last day of the impugned activity and when the public action was taken.

What Can Technology Do To Address Regulatory Lag and Drag?

Regulatory lag and drag have been around for as long as there have been regulators. But with the world speeding up as much as it is, with new products and services, and new providers, being rolled out and created much faster than regulatory bodies can manage, there must be changes made in the entire regulatory life cycle.

FinTech providers and their customers demand a fast revolution. Regulators prefer a slow, deliberate evolution. There has to be a better way to identify new and emerging risks, to draft and communicate regulations to address those risks, and to implement the needed controls to manage those risks.

I’m not sure what can be done from a purely technology perspective to speed up regulators (and prosecutors), but the proponents of FinTech, RegTech, and SupTech solutions shouldn’t just focus on digitizing the implementation of new regulations, but on digitizing the entire regulatory life cycle: the regulatory lag between new risks and new regulations, the regulations themselves, and the regulatory drag from regulatory problem to public resolution.

Posted on LinkedIn on January 28, 2019 https://www.linkedin.com/pulse/regulatory-lag-drag-fintech-solutions-jim-richards/

The Southwest Border(s) – Some Background to Inform the Debate

To understand the current broo-haha about “The Wall”, you need to understand two things. First, a bit about the Mexico – United States border, or the Southwest Border that runs from San Diego/Tijuana on the Pacific Ocean to Brownsville, Texas on the Gulf of Mexico. And second, the need for, design of, and installation of a Southwest Border fence was determined just a few short years ago with the Secure Fences Act of 2006.

First, the Southwest Border is really two different borders, both geographically and politically.

The Geographic Southwest Border

The first third or about 700 miles runs from the Pacific Coast in a series of straight lines: from San Diego to the Colorado River at Yuma, Arizona; 20+ miles down the Colorado River; southeast to Nogales; east-southeast into New Mexico where it jogs north, then east to El Paso/Ciudad Juarez. The second part of the Southwest Border then follows the middle (technically, the deepest channel) of the Rio Grande River about 1,260 miles.

Currently (early 2019), there are various types of fencing – primary pedestrian and vehicle fencing being the two most common – along 650 of the 1,954 miles of the Southwest Border. This is shown in the image below.

The Political Southwest Border

In 1907 President Ted Roosevelt signed what became known as the “Roosevelt Reservation”, which created a 60 foot buffer on the US side of the US/Mexico border in most of California, Arizona, and New Mexico. He was able to do so because the land along the border was federal land (there were a few places that had been in private hands before these states joined the Union that were essentially grandfathered or exempted from the Roosevelt Reservation). But the 60-foot buffer did not apply to any land in Texas, because Texas had retained title to all land before it became a state. The result is critical: although the US Government needs to get permission to traverse private land to get to the border, it owns that border land and can build fencing or a wall without seizing (and compensating) private land owners.  That is not the case in Texas, where eminent domain challenges have become common – and expensive and time consuming – when it comes to building a border wall.

The Secure Fences Act of 2006

In 2005 President Bush launched the Secure Border Initiative to enhance the security at ports of entry and along the ~2,000 mile US Mexico and ~5,500 mile US Canada borders. The enhancements ran the gamut: from more personnel to new technologies, infrastructure, and fencing.

In September 2006, Congressman Peter King (R. NY) introduced the Secure Fence Act of 2006, an “Act to establish operational control over the international land and maritime borders of the United States.” It was a simple, three-section, two-page bill. It passed the Republican-controlled House one day later, on September 14, 2006, by a vote of 283-138. Sixty-four Democrats voted in favor of the Bill: Nancy Pelosi voted against it. On September 29th the Senate approved the Bill 80-19, with 26 Democrats voting in favor, including Joe Biden, Chuck Schumer, Hilary Clinton, and (then Senator) Barack Obama.  President Bush signed the Bill into law on October 26, 2006. The Bill was simple and short: it called for “achieving operational control on the border” through “systematic surveillance” and “physical infrastructure improvements” (section 2), and “construction of fencing and security improvements in the border area from the Pacific Ocean to the Gulf of Mexico.”

At the time of the Secure Fence Act of 2006, there was about 110 miles of existing walls or fencing. The Department of Homeland Security determined that a total of about 670 miles of fencing was “most practical and effective”, and that they could build another 260 miles of vehicle walls or barriers and 290 miles of “primary pedestrian” fencing, at a total cost of $2.3 billion. Essentially, what DHS determined was that they could fill in the rural and urban gaps in the ~700 miles of overland border from California across Arizona and New Mexico (leaving some gaps in the “remote” sections), and fence the urban and border crossing areas of the ~1,260 miles along the Rio Grande River from El Paso to the Gulf of Mexico. They determined that installing fencing along most of the Rio Grande River border was either impractical or ineffective.

By 2007 the DHS had established a Fence Lab at Texas A&M University to test and determine how to build the various types of walls or fencing, and where and how to install it. The DHS was given until December 31, 2008 to design, test, and install the ~550 miles of new fencing.

The budgets for the Secure Border Initiative – which included the new fencing – were set at $1.5 billion for Fiscal Year 2007, $1.225 billion for FY 2008, and $775 million for FY 2009.

The Southwest Border Fencing Results

A DHS Office of Inspector General Report from April 2009 (OIG-09-56) titled “Progress in Addressing Secure Border Initiative Operational Requirements and Constructing the Southwest Border Fence” found that DHS was only 55% finished constructing the pedestrian fencing (making up 370 of the total of 670 miles of fencing) and 51% finished constructing the vehicle fencing (300 miles). It noted four other interesting things: first, none of the nine approved fence prototypes were made of concrete. Second, the delays were caused, in part, from the eminent domain cases in federal court in Texas, of which there were an estimated 300. Third, the original cost estimates were much too low. And fourth, the cost of civilian contractors building and installing the fencing was as much as four times as the costs if the military built and installed the fencing. Note that all 548 miles of new fencing (and a total of 670 miles of fencing) was completed by 2010. The OIG report is at https://www.oig.dhs.gov/assets/Mgmt/OIG_09-56_Apr09.pdf.

Economic Impact of the Southwest Border Fencing

An excellent history of the Safe Fences Act and the economic impacts of a border wall can be found in a November 2018 paper available at https://www.nber.org/papers/w25267 titled “Border Walls”. The abstract for that paper provides:

Border Walls

Treb AllenCauê de Castro DobbinMelanie Morten

NBER Working Paper No. 25267
Issued in November 2018
NBER Program(s):Development EconomicsInternational Trade and Investment

What are the economic impacts of a border wall between the United States and Mexico? We use confidential data on bilateral flows of primarily unauthorized Mexican workers to the United States to estimate how a substantial expansion of the border wall between the United States and Mexico from 2007 to 2010 affected migration. We then combine these estimates with a general equilibrium spatial model featuring multiple labor types and a flexible underlying geography to quantify the economic impact of the wall expansion. At a construction cost of approximately $7 per person in the United States, we estimate that the border wall expansion harmed Mexican workers and high-skill U.S. workers, but benefited U.S. low-skill workers, who achieved gains equivalent to an increase in per capita income of $0.36. In contrast, a counterfactual policy which instead reduced trade costs between the United States and Mexico by 25% would have resulted in both greater declines in Mexico to United States migration and substantial welfare gains for all workers.

Some highlights from that report include:

  • The researchers divided the 1,954 mile Southwest Border into 1,000 identically-sized segments: 22% had a wall in 2006 and 51% had a wall by 2010
  • Of the 781 segments in 2006 without a wall or fencing, the likelihood of getting new fencing was reduced by 83% because they were along the Rio Grande River and reduced by 23% if the terrain was mountainous. They also looked at the likelihood of fencing in remote, rural, and urban areas
  • According to the Pew Research Center, 50% of the 11.6 million Mexican-born population living in the United States in 2016 was in the United States illegally
  • There are 17 border cities and towns that have traditionally been used as crossing points: 60% were fenced before the Secure Fences Act and 90% were fenced after
  • The US Border Patrol divides the Southwest Border into nine sectors: the 2007-2010 wall/fence expansion occurred in six of the nine, but not the three sectors in Texas (Big Bend, Del Rio, and Laredo)
  • “the wall changed relative migration patterns between Mexico and the United States, although our estimates imply that the direct impact on migration was small” (page 16)
  • “a wall expansion that builds along half the remaining uncovered border would result in 144,256 fewer Mexican workers residing in the United States, causing the US real GDP to decline by $4.3 billion … as a result, we do not find any evidence that a larger border wall expansion would have substantially different impacts from the Secure Fence Act.” (page 35)

Summary & Conclusion

In summary, there is currently ~650 miles of fencing along the ~1,950 mile Southwest Border. Most of that – about 550 miles – was built between 2007 and 2010 as a result of the Secure Fences Act of 2006 and a recommendation from the Department of Homeland Security that 670 miles of fence was “most practical and effective.” In February 2018 the Department of Homeland Security, in response to the President’s proposed budget, stated that they needed $1.6 billion to support the construction of 65 miles of new border wall system. See, https://www.dhs.gov/news/2018/02/12/department-homeland-security-statement-president-s-fiscal-year-2019-budget.

In conclusion, I offer no conclusion. Rather, I trust that this information provides you with some information to form your own conclusions as the debate continues in Washington DC and on Twitter and cable news about the need to build (and pay for) more fencing or walls along the Southwest Border.