Thursday, October 12, 2006
( 8:32 AM ) Ken - Pegasus
2006 ABA/ABA Money Laundering Enforcement Conference - TuesdayBy Ken Golliher
The last day of the Conference began early with 7:00 AM “power breakfasts.” Attendees could choose between “BSA/AML Compliance: What You Need to Know” and “Risk Based Anti-Money Laundering Compliance” as their early morning dose of education.
Among the first set of concurrent sessions was “Working With MSBs: Reducing Risk.” Although it was a repeat session, it was well attended. The foundation for the presentation was concerns over “discontinuance;” the situation where banks unilaterally close MSB accounts. In explaining their decisions to terminate MSB relationships, banks often cite regulatory pressures or a refusal to accept a role they often characterize as serving as the de facto regulator for the MSB. Regulatory concerns over discontinuance include the fact that MSBs provide essential financial services to millions of people in the U.S. and that, if compliant MSBs cannot find acceptable, transparent deposit relationships, their activity will continue through underground relationships which cannot be monitored.
Panelists included Joseph Cachey, III from Western Union and Tom Haider from MoneyGram International. Cachey began the session with a detailed analysis of who MSB customers really are, noting that, statistically, approximately half of them look like the average American consumer and maintain traditional banking relationships in addition to using MSB services. Their predominant use of MSBs is in making bill payments to commercial subscribers.
He noted that the other half of users make use of “person to person” money transfers. He explained that remittances leaving the U.S. total about $40 billion annually with about three fourths of that amount going to the Latin American and Caribbean regions. He emphasized that in more than 30 developing countries U.S. remittances were more than the total combined amount invested by both governmental and commercial payments in those countries.
Haider noted that MSBs perform a critical function in the U.S. economy and, in addition to federal registration requirements, now must comply with licensure requirements in 47 states. In encouraging attendees to avoid labeling all MSBs as high risk, he noted that the IRS, the MSBs’ federal regulator, has approximately 400 field examiners who conducted reviews of about 7,100 MSBs last year. He pointed out that some MSBs have intensive “know your agent” programs where they conduct background checks on their agents and would terminate an agency relationship where IRS criticisms could not be resolved.
Dan Stipano of the OCC referred attendees to Interagency Guidance published in April 2005 on the proper handling of banking relationships with MSBs, indicating “supervisory expectations are clear” He stressed that “The OCC does not supervise MSBs nor expect its supervised institutions to serve as their de facto regulator nor does the OCC discourage banks from opening or operating accounts for MSBs.” He emphasized that the agency has gone to great lengths to communicate that position to its field examiners in an attempt to eliminate any “disconnect” between agency policies and statements field examiners might make to bankers.
Although the Q&A #3 at the end of the Interagency Guidance indicates agents should expect to provide copies of their contracts and agreements with MSBs to their financial institutions on request, both Cachey and Haider said their organizations consider those agreements to be proprietary and their agents would not provide copies. Both indicated their organizations are willing to provide depositary institutions with a letter acknowledging the agency relationship. It was also noted that large MSBs often list their agents on their web sites, a method of bank verification the Guidance also notes is acceptable.
For the second concurrent session, attendees again divided into two groups and the “small” banks, those with assets of less than $5 billion in assets returned to the basement meeting room (the one with the pillars.) Entitled “Ask the Regulators,” the sessions were unstructured and entirely driven by questions from the audience covering a wide range of topics.
Stuart Levey, Under Secretary for Terrorism and Financial Intelligence, was the luncheon speaker. He commented that the size of the conference audience and the content of the agenda was a strong testament to the industry’s efforts to deny use of the banking system to illegal activity. “All of these efforts, including those of the financial industry and FinCEN, are a critical part of our national security,” he said.
He noted that the architecture of the U.S. government has changed substantially since 9/11 and that Treasury had taken on an expanded role in national security. He said that the targeted measures, such as those under section 311 of the U.S. PATRIOT Act, were more surgical and more effective in many cases than broad economic sanctions would be.
He also pointed out that the detection and interdiction tools the financial industry had begun to perfect could be used to fight issues such as nuclear proliferation in addition to money laundering and terrorist financing. He said, “Proliferators cannot avoid using the banking system and their middlemen are motivated by money, not ideology.”
Noting the “partnership” between government and the financial industry mentioned by FinCEN Director Werner the day before, he said: “Bankers are our natural allies.”
The last two general sessions of the three day conference were devoted to “Responding to Enforcement Actions” and “OFAC: Examination Procedures and Enforcement.”
Dan Stipano of the OCC opened the session on enforcement actions noting, “What I have to say does not apply to 98 per cent of you.” He indicated that most examination problems are resolved using the examination process itself or informal methods, not formal enforcement actions. He said that out of 1700 recent examinations there were 43 enforcement actions, 25 of which were cease and desist orders. He listed the array of possible responses beyond criticism in the written report of examination as:
Memorandum of Understanding
Cease and desist order
Civil money penalty assessment (must be coordinated with FinCEN)
The regulatory processes for instituting formal enforcement actions are very similar, but the OCC’s are the most readily discernable. Noting that the literal wording of 31 USC 1818(s), mandates the imposition of an cease and desist order when the bank has failed to establish a BSA program or is cited for repeat violations, the OCC interpretation of that mandate is found in OCC Bulletin 2004-50 and OCC Bulletin 2005-45. Stipano, referring to those bulletins, noted, “They include plenty of due process.”
Cynthia Rogers of AmSouth Bank presented the bankers’ perspective on the panel. AmSouth was the object of a major regulatory enforcement action in 2004.
At the time, many industry insiders described the penalties initially levied against AmSouth as disproportionate; a former Treasury official described the situation as: “A Justice Department hijacking of a regulatory enforcement action.”
Rogers mentioned none of that, but simply stressed that AmSouth had determined that its response to the order would be positive. Rogers explained that, in concert with the bank’s culture, its goal in responding to the enforcement action was to exceed all expectations and that its goal had been accomplished. “We feel that the overall result is that we now have one of the best BSA/AML programs in the country,” she said.
AmSouth established a program methodology by setting up teams headed by “senior player coaches.” One coach and an accompanying team was assigned to each of the eleven paragraphs in the order. The overall plan focused on a “cultural adaptation” to a BSA/AML compliance effort that crossed all internal boundaries; “We no longer have silos,” Rogers said. The teams rendered monthly reports showing the specific progress made toward compliance with each paragraph in the order and communications between the teams were interlaced to assure a coordinated effort. She said that policies, procedures, customer risk ratings, compliance oversight and compliance operations were all revised. She noted that employees now received both “corporate” and “line of business” BSA/AML training.
One paragraph in the order required a three year transaction review or “lookback” for suspicious activity that might not have been detected and reported at the time. Rogers said, “The lookback taught us what we did not know.”
AmSouth’s enforcement action was effective on October 12, 2004. It was terminated April 20, 2006, an impressive 18 months later.
Alison Clew of Deloitte Financial Services, LLP focused her remarks on how to conduct a lookback operation, an occasional requirement in BSA/AML enforcement actions. She addressed the issue from the negotiation of the scope of the exercise to an endpoint analysis of SARs filed and, particularly, what those SARs say about the activity conducted through the bank and its customer base.
In response to audience questions Stipano noted that bankers could learn a great deal from reading enforcement actions, but enforcement actions from bank regulatory agencies were customized to fit specific situations at specific institutions. He emphasized that “We do not use remedial documentation to make new policy” and encouraged bankers not to take the specifics of enforcement actions out of their context. In response to a an attendee’s question about the wisdom of refusing to sign off on an enforcement action, panel moderator, Amy Rudnick of Gibson, Dunn & Crutcher, LLP quipped: “We generally note that the death spiral for a bank began when it failed to work cooperatively with its regulator.”
The last general session of the Conference was well attended and focused on OFAC issues in the examination process. Timothy White from Banker’s Toolbox, Inc. noted OFAC’s recent successes related to blocking terrorist assets in the United States and in connection with prosecution of members of the Cali drug cartel. He advised financial institutions to clearly document their “screen or not screen” decision regarding possible transactions, establishing an “OFAC baseline” for compliance. A significant portion of his remarks related to OFAC compliance for ACH transactions, particularly Cross-Border ACH transactions.
Recordings of many of the Conference sessions will be available at http://www.intelliquestmedia.com/ Next year’s Conference will be October 21-23 at the Marriott Wardman Park Hotel in Washington, D.C. #
Tuesday, October 10, 2006
( 4:38 AM ) Michele
2006 ABA/ABA Money Laundering Enforcement Conference - Monday
By Ken Golliher
“You know your customer and your business far better than any regulator could” said Robert W. Werner, FinCEN’s Director during today’s luncheon presentation. Werner emphasized that that FinCEN’s goal was to provide guidance and feedback to financial institutions, not to dictate their policies and procedures.
He stressed that FinCEN is committed to continuing what he called a “partnership” with the banking industry that is aimed at taking reasonable steps to insure that the U.S. financial system is protected from use by criminals and terrorists. He said that some banks are now acknowledging that their enhanced ability to make better compliance decisions (based on that guidance and feedback) is also allowing them to make better business decisions.
Predicting that there will be more than one million SARs filed in 2006, Werner stressed that both the SAR and the CTR information are invaluable to law enforcement not just in individual cases, but in a broader analytical context. Praising bankers’ efforts in the difficult task of identifying suspected terrorist financing, he mentioned that SARs filed for that reason had a 20% match rate to open investigations of suspected terrorist activity, a statistic he described as “incredible.” In a broader context he noted that 88,000 SARs and CTRs had proven to have a relationship to open investigations of all types.
Mentioning that a GAO study of CTR filings is planned, he noted that the CTR data is used in the aggregate in looking for trends and identification of the way money is moved in the U.S. as well as in assisting law enforcement in deciding how to allocate their resources. In referring to individual CTR filings he said, “CTRs represent an important data point whose value is not known until after an investigation is begun.”
Preceded by concurrent “power breakfasts” on a variety of topics, the first general session of the second day of the conference focused on “Twenty Years After the Money Laundering Control Act: Where Are We? How Did we Get Here?” The panelists included some long term participants in the U.S. BSA/AML compliance effort.
Beginning only two year’s prior to the MLCA’s passage, the timeline in the materials noted the 1985 penalty assessment against the Bank of Boston. Bob Serino, counsel to the law firm of Buckley Kolar LLP, noted that the Bank of Boston became “the first poster boy” for BSA related industry problems, but he also noted that the subsequent passage of the MLCA put the focus on “the bad guys,” not the banks, for the first time.
John Byrne from B of A noted that: “There’s a lot of cooperation (between law enforcement and the financial industry) now, but it wasn’t that way then. Unfortunately, lines oftentimes got blurred between civil penalties and assumed involvement in illegal activities.” (The Bank of Boston’s violation was limited to an improper exemption from currency transaction reporting.)
Among other things, MLCA made money laundering a separate, stand alone crime. “Passage of the MLCA put a whole new focus on what has evolved into following the money,” said Les Joseph of the Department of Justice. “It’s still one of the principal techniques we use in our investigations.”
The panel discussion followed the evolution of BSA compliance and noted that at some point it had turned into the timeline for BSA/AML compliance. In tracing BSA/AML developments through the present day, the panel also spent time on the Criminal Referral Form and its replacement, the Suspicious Activity Report (SAR).
“One of the first court decisions regarding the ‘safe harbor’ for SAR filing indicated the bank would be protected from civil liability in connection with a ‘good faith’ filing of the form,” said Peter Dijinis of the Law Offices of Peter Dijinis. “That sounds fine to the layman, but it simply introduced an issue for debate after the fact; i.e. whether the filing was actually in good faith or whether it was motivated by malice.” (Later court decisions dropped the conditional language.)
The portion of the walk down memory lane that sparked the most laughter among the panelists and the audience was the discussion of the failure of the proposed “Know Your Customer” regulations. Rick Small of GE Money quipped, “We should have known better than to release them on Pearl Harbor day!” The proposal generated a record 350,000 comment letters, the vast majority of which were negative and many of which contained some unprintable quotes. (Ironically, most if not all of the substantive requirements of the KYC proposal exist today as pseudo requirements under the labels of “customer due diligence” and “enhanced due diligence.”)
The audience split into two groups, those with assets of less than $5 billion and those with more for “Risk Assessment/Exam Procedures – A Tactical Discussion with Bankers and Regulators.” (The “small” banks got the basement meeting room.)
Speaking to the small bank group, Lisa Arquette of the FDIC said, “Banks are experts at assessing risks.” She noted that in the first series of examinations after the 2005 publication of the BSA/AML manual approximately 80% of the banks examined by the FDIC did not have a written BSA/AML risk assessment. “That did not mean they had not done it,” she said, “only that they had not reduced it to writing. The risk assessment was in someone’s head. The problem we have with that is that ‘head’ can leave your bank at any time and your competent risk assessment leaves with it.”
She estimated that currently only about 25% of the banks examined by the FDIC still do not have a written risk assessment. “If you do not have one our examiners will do it for you,” she said, “but that’s not always a good thing.” She also noted that not having a risk assessment is not a violation, but that FDIC examiners have also noted that there was a correlation between the absence of a written risk assessment and the absence of reliable internal controls.
John Atkinson from the Federal Reserve noted that since written risk assessments had become a regulatory expectation that banks were steadily moving away from a compliance mentality. He said, “The first ones we saw were attempts to satisfy the examiner. Now, we are clearly seeing evidence that the banks found value in their first efforts and they are expanding them for their own purposes.”
“The fullest discussion of the risk assessment is in the current manual,” said John Wagner of the OCC. Like other regulators on the panel, he encouraged bankers to begin with Appendix J of the manual and organize their analysis around the matrix found there. He stressed the importance of analysis and noted that, “Your concern is with ‘net risk.’ You identify your inherent risk and then you overlay your controls; i.e. your risk mitigation techniques. You can reduce your risk to a manageable level with an effective BSA program.”
Christopher Spellman of American Sterling Bank, the sole banker on the panel, encouraged attendees to “Put risk categories together where your rating matches up to your resources. For example, why have 5 or 6 customer risk ratings when you only have the capability to monitor ‘high’ risk.”
In terms of managing risk, he noted that his bank had a traditional desire to provide services to non customers and that many people believed those offerings were profitable. Realizing that such a practice was a voluntary enhancement of the bank’s risk, he said, “We actually went back and figured out how much money we earned from dealing with non customers. It was a lot less than people assumed. Ultimately, we made a business decision that it simply just did not justify the increased attention it drew.”
Atkinson noted that he believed the Federal Reserve was showing deference to the risk assessments performed by supervised institutions. “However,” he noted, “if the bank tells us via their risk assessment that they don’t have this type of customer and we find ten of them that erodes our confidence and our deference.”
In a concurrent break out session on “OFAC and 311 Exposure Issues” Hank Grant Jr. from B of A demonstrated an “inherent risk template” that a bank could use in measuring its inherent risk for OFAC compliance. Based on the matrix in Appendix M of the Examination Manual, completion of the matrix yields a percentage rating based on the variables chosen by the bank. He also provided examples of how the inherent risk template could be used by a specific bank and then provided another template showing the residual risk for the same bank. Attendees can access the matrices on the ABA web site.
The conference concludes on Tuesday. Recordings of many of the sessions will be available at http://www.intelliquestmedia.com/ after the conference is over.
Monday, October 09, 2006
( 3:24 AM ) Ken - Pegasus
2006 ABA/ABA Money Laundering Enforcement Conference - Sunday
By Ken Golliher
Emphasizing that “Banks are the first responders” in the war against the financing of illegal activity, Marcy Forman, Immigration and Customs Enforcement’s (ICE’s) Director of Investigations, said the agency “goes after the money and after the assets,” the “life’s blood” of illegal enterprises. She noted that ICE depends heavily on the SARs and CTRs filed by banks as sources of crucial information in both beginning and expanding ICE investigations.
Forman’s remarks were made Sunday before more than 1,100 registrants at the ABA’s Money Laundering Enforcement Conference. In its 18th year, this year the program is being held at the Marriott Wardman Park in Washington D.C. The conference runs through Tuesday.
The program began with break-out sessions where attendees chose from a variety of concurrent sessions. Later, the break-out sessions were followed with the general session, “Suspicious Activity Risk and Reporting” where Forman made her remarks.
Among the earlier break-out sessions was one on “Electronic Payments Issues – Risks and Challenges.” That panel noted the metamorphosis in technology where electronic cards were once tied to deposit accounts, but they now represent stand alone relationships such as gift cards, payroll cards and HSA cards. Panelists noted that the law had not kept apace with the evolution of cards from “pay later” (credit cards) to “pay as you go” (debit cards), to “pay before” (stored value) cards over the last several years. For example, unlike monetary instrument sales and funds transfers, there are no specific BSA record retention requirements for banks in connection with the sale of stored value cards.
To illustrate the versatility of the stored value card, one of the presenters used the “MiCash” card as an example. MiCash customers receive two cards and the card is generally designed to facilitate remittances to Latin America. For example, a U.S. purchaser may give the second card to a relative in Mexico. The U.S. card could be “charged” here (perhaps at the local Home Depot) while the Mexican card could be used to access the balance for purchases, ATM withdrawals and telephone calls in Mexico. The U.S. card could be loaded with up to $999 per day, either with cash or through a bank account. Either card could be used to wire money to 26 different banks in Latin America via a call to an 800 number.
The versatility of stored value cards is cited as a potential problem by law enforcement agencies. Stored value cards, particularly those that can be used in “open” systems, are widely acknowledged to represent significant risks for use in both money laundering and terrorist financing.
Banks considering the sale of stored value cards, aka “gift cards” were encouraged to analyze the risks inherent in such a program. For example would the card be:
usable in a “closed” or an “open” system (cards used in an open system pose greater risks),
capable of being recharged,
capable of being recharged over the Internet,
designed for use inside or outside of the U.S.,
useable at ATMs,
useable at POSs,
sold to only to customers,
subject to identification and verification requirements,
have dollar limits consistent with the “gift” card label, and
several other factors.
Attendees were encouraged to walk through the potential risk analysis for stored value cards with their regulators, recognizing that restrictions on their stored value programs would be self imposed.
A later break out session was titled: “Training for Employees Beyond the Frontline – What is Your Plan?” The panelists included banks of different sizes and an FDIC representative.
Jeanne Thurman of the Bank of America (B of A) noted that BSA training needed to start at the top of the organization and “cascade” down to every associate. Noting that B of A has 200,000 employees, Thurman indicated that a single training message would not work for the bank’s entire training population. She noted that all employees needed “awareness” training for BSA/AML issues, but that each line of business must have its own BSA/AML training, designed specifically to meet the needs of that particular group of employees.
She stressed that the Board of Directors and Senior Management were also among the groups that needed training specific to BSA, “…not just once a year, but continuously.”
Also noting the need to particularize training, Debra Novak, Chief of the FDIC’s Anti-Money Laundering section, indicated that training, including computer based training should be specialized to the job function. She indicated that the need for effective BSA/AML training had been developing for a long time, but that the need exploded after 9/11. She indicated that bankers should anticipate that examiners would want to see training and testing materials, the dates of training sessions and attendance records.
In day’s final segment, the general session on suspicious activity reporting, the ICE representative was joined on the dais by Michael DeLuca from FinCEN’s Division of Analytics and G. Clayton Grigg of the FBI’s Foreign Terrorist Tracking Task Force.
DeLuca reviewed the dramatic growth in SAR filings by depositary institutions in recent years which he largely attributed to greater due diligence, familiarity with the form, and increasing recognition of reportable situations. In commenting on SAR filing statistics, he noted that mortgage loan fraud is becoming a serious problem and that incidents of identity theft reporting could be expected to grow exponentially.
He mentioned that overall SAR quality was very good. However, he did note a number of routine SAR filing problems, sometimes distinguishing whether the problem was more likely to appear on paper or electronically filed SARs. Among those he mentioned were:
reporting financial institution’s EIN left blank,
reporting financial institution’s EIN invalid,
no indication of primary federal regulator,
blank date or date range of suspicious activity,
blank summary characterization of suspicious activity,
blank “contact for assistance,”
blank narrative section,
inadequate narrative; e.g. sometimes narratives say “see attachments.” (SARs are not intended to have attachments),
“subject information unavailable” box is checked even when the form contains subject information,
“Other” is checked as a form of identification for the subject, but there is no indication what the other identification was, and
information regarding identification is missing e.g. the form may indicate the subject’s identification was a drivers license, but the information describing that driver’s license is not included.
DeLuca noted that the revised SAR should be published on December 4 and should be ready for use in February, 2007. Its use will be mandatory by August 1, 2007. Among the expected changes, he indicated that the SAR would include more detailed line by line instructions and that there would be expanded instructions for the narrative portion of the form.
Echoing the ICE representative’s praise for the banking industry, Grigg told the audience, “You really are on the frontline in fighting financial crimes here in the U.S. – you are doing a fantastic job.” He noted that the FinCEN data benefits all aspects of the FBI’s investigation and intelligence gathering operations.
He stressed that a SAR filed today can be critical to an investigation, but so can one filed four years ago. He encouraged banks to provide all the information they could regarding the subject of a SAR and that a small piece of identifying information, such as a subject’s e-mail address, included in the narrative portion of the SAR could be crucial to an investigation. He encouraged SAR filers to include all the personal identifiers they had for a subject and to do everything they could to assure their accuracy.
As an example, he noted that a simple thing such as a date of birth was oftentimes very helpful in assuring that the person named in the SAR was actually the same person as one who was the subject of active investigation. He also noted that addresses and telephone numbers could also be critical in linking related activities from other SARs or from the FBI’s own data base.
Grigg also mentioned that the names of between 30 – 50% of the subjects of active terrorist investigations could be found in the FinCEN data base. He noted that the terrorist suspects were more likely to be mentioned in CTRs than in SARs, but that the CTR information was very helpful in investigating potential terrorist financing.
In her comments, Forman mentioned that inexplicable amounts of cash doesn’t always indicate drug trafficking, sometimes cash is a marker for human smuggling. She mentioned that individuals smuggled in from Asia often pay smugglers upwards of $60,000 while people being smuggled in from Mexico or Central America may pay between $5,000 and $15,000.
Recordings of many of the sessions will be available at http://www.intelliquestmedia.com/ after the conference i #