Contact:

editor@nationalbankexaminer.com

Monday, August 6, 2018

OCC's Tropical Fintech Charter Havens?

Related image
Beautiful St. Croix, U.S. Virgin Islands
Credit: Coastal Living Magazine


On July 31st, the Office of the Comptroller of the Currency (OCC) announced that it would be accepting applications for national bank charters from non-depository financial technology (fintech) companies engaged in the business of banking.

The effort to study the possibility of creating special-purpose national bank charters began with former comptroller Thomas Curry and has been carried forward by the current comptroller, Joseph Otting.  Its formal public debut this week shows some beefing-up of comptroller Curry's effort, but the bones of the original proposal remain largely intact.  

In March of 2017, I posted an analysis of the concept of a special-purpose national bank charter for fintech companies.  Now that the concept of a special-purpose national bank charter for fintechs is our present reality, you can read the analysis right here.

Speaking as a veteran of the OCC's customized charter for "internet banks" debacle in the mid-1990's, this special-purpose national bank charter deserves to have the highest prospects for long-term success.   I was solidly in favor of the concept in March 2017 (and still am), with three caveats:

  • A resolution plan or living will requirement for the fintech charter.  I am pleased to see that, in the new proposal, the resolution plan is no longer optional.

  • Operating Agreements (OAs) for these novel bank charters should be made public.  OAs are the "guardrails" that newly-chartered national banks must steer between during the initial years of their operations.  In the new proposal (and consistent with current chartering policy) the existence of an OA will be disclosed in the publicly-released conditional approval letter, but the OA's contents (sadly) will be withheld from you.

  • The Federal Reserve System (Fed) should be a second set of bank regulatory eyes as these untested special-purpose national banks evolve over time. 


Due to the novelty and infancy of this special-purpose national bank charter, the heterogeneous structure and market foci of the myriad firms in the fintech industry, and the known unknowns and the unknown unknowns that the high-tech world throws at each of us mortals every day; it would only be prudent public policy to have the perspectives of a back-up federal bank regulator.

The ground-level business operations of a financial technology company are different than the traditional banking model.  High-technology, AI-supported, virtual firms move transactions essentially instantaneously, meaning that when "stuff" happens, it happens at the speed of light.  We have been conditioned to troubled banks gradually decaying over time.  Well, in this brave new world, fintech banks are more likely to explode instead... challenging the OCC's bomb-handling skills.


Gaming Back-up Bank Supervision

But, as far as back-up bank supervision is concerned, other federal bank regulatory agencies can easily be kicked to the curb by the special-purpose national bank charter for fintechs.

First, the Federal Deposit Insurance Corporation (FDIC) has been cut out of the picture because these special-purpose national banks would not be taking insured deposits.

Second, bank holding company supervision by the Federal Reserve is not that likely to happen, as the legal definition of a bank, for bank holding company purposes, was changed many years ago from an entity that offered certain enumerated banking services to merely a bank that was insured (with a few very specific exceptions).

Finally, the Fed's remaining tenuous supervisory toehold in this entire picture is the legal requirement that national banks be members of the Federal Reserve System (12 USC 222).  That legal requirement, unfortunately, is not absolute, and therein lies the possibility of fintech companies using Caribbean and South Pacific U.S. territories and insular dependencies as legal domiciles in order to avoid Federal Reserve membership (12 USC 466).

This artful dodge of the Fed's back-up supervision role was telegraphed to the fintech industry by the OCC, via footnote 17 in the OCC's December 2016 publication: Exploring Special Purpose National Bank Charters for Fintech Companies.

The U.S., by the way, has 16 territories; five of which are permanently inhabited by humans - Puerto Rico, Guam, Northern Mariana Islands, the U.S. Virgin Islands, and American Samoa.

The Fed has been largely silent regarding the OCC special-purpose national bank charters for fintechs.  It is presumably taking a wait-and-see position on the topic.  I can understand a fellow regulator's natural reluctance to stand too close to an early-stage product that could be potentially radioactive.  But, on the other hand, an unintentional epic fail could damage the global financial system, a topic in which the Fed has more than a passing interest.






Wednesday, January 31, 2018


BSA/AML Regulation:

"...But We've Always Done it This Way."



                  Related image
                           


On September 8, 1975, I reported for duty as a college intern at the Boise, Idaho duty station of the Office of the Comptroller of the Currency (OCC).  My first assignment, at my very first bank examination, was to prepare the Bank Secrecy Act/Financial Recordkeeping page for the bank's Report of Examination and then present it to the Examiner-in-Charge for his review.  The Bank Secrecy Act  examination procedures were pre-printed on that same legal-size Report of Examination page and consisted of about a dozen yes/no questions that I was obliged to get answers to and validate.

My, have things changed in the almost half-century since the Bank Secrecy Act was first signed into law in 1970!

The Bank Secrecy Act has been amended several times over the years and most substantially by the post- 9/11 USA PATRIOT Act.  The chart below outlines how significant those changes have been:


                 


But underlying these heightened responsibilities, at some point, we chose (or maybe defaulted to) a conceptually easy, but ultimately expensive, method for meeting those legal responsibilities that consists of industrial-scale mass financial surveillance of financial institution customers to detect anomalies that needed to be reported to law enforcement (mainly large currency transactions and suspicious activities).

Using sophisticated computer software, this transaction monitoring Leviathan uses thresholds, rules, risk ratings, and behavioral profiles to sift through the billions of financial transactions across the financial system and screen out unusual transactions for review, follow-up, or investigation by analysts at each financial institution.

The general examination approach used by financial institution regulators, as outlined in the 442-page FFIEC Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual, is to focus, in a risk-based way, on how effectively the managers of financial institutions are tending to this bulk information collection, analysis, and reporting machinery.

We probably don't think about it much, but when you sit back and reflect on the enormous scale of the mass financial surveillance that is taking place every day, in every financial institution in the country, on every customer's financial transactions, it ought to make the spies at the National Security Agency (NSA) green with envy and would probably make the framers of the U.S. Constitution shudder.

But that's the BSA/AML transaction monitoring compliance method financial institutions have learned to live with for the last half-century.  A method they have gotten used to in order to help meet their legal reporting responsibilities.  But as we all have come to realize now, bulk transaction screening can be a very inefficient process.


Barriers to Cost-Effective BSA/AML Regulation

First, the anomaly harvesting process generates many false positives - financial transactions that seem to warrant reporting to law enforcement, but upon research and review, were not deemed to be reportable.  Investigating false positives is costly and documenting why the financial institution chose not to report the transaction adds even more expense.

To put this all into perspective, banking industry experts have benchmarked that more than 90%  (yes, more than 90%) of computer-generated BSA/AML alerts are false positives.

Second, law enforcement has limited resources.  They cannot pursue every lead provided by all of the reports filed by financial institutions.  Leads that do not warrant law enforcement follow-up end up being wasted dollars for the financial institution.

Third, the high cost of BSA/AML compliance and/or increased reputation risk encourages wholesale de-risking by financial institutions of customers from countries and industries deemed to be high risk.  Financial institutions incur an opportunity cost as a lot of deserving, bankable business is being swept up in this blanket de-risking process.  De-risking merely forces both good players and bad actors outside the formal banking system and into the arms of the shadow(y) banking system... thereby increasing law enforcement costs also.


It Seems Like There is a Better Way to Do This

Earlier this month, on January 9, 2018, the Senate Banking Committee held a hearing titled: Combating Money Laundering and Other Forms of Illicit Finance: Opportunities to Reform and Strengthen BSA Enforcement.

The hearing had a panel of three excellent witnesses, but one in particular, Dennis Lormel, President and Chief Executive Officer of DML Associates (and former chief of the FBI Financial Crimes Program) discussed an approach to BSA/AML supervision that "spoke to me".  Place less emphasis on the mass financial surveillance checklist-ish compliance method and more emphasis on a compliance method that uses a targeted/focused investigative approach done in close collaboration with law enforcement authorities and other stakeholders.

In his testimony and in the Q&A session, Dennis seemed to suggest supplementing the existing mass financial surveillance process with the targeted/investigative approach, but his idea is so good that I would advocate actually replacing the existing mass transaction monitoring method with the targeted/focused method he describes.

His targeted investigative approach, as I understand it, preserves the law enforcement benefits; helps make sure the efforts of financial institutions are aligned with current law enforcement targets, priorities, and resource allocations; promotes collaboration between all stakeholders with specialized expertise; and, very importantly, wrings out much of the wasted expense from the process by making it more cost-effective.

This is a change of method, not a change of BSA/AML policy objectives or statutory requirements.  It is a process improvement suggestion; a sorely needed innovation to an aged, sclerotic, and expensive BSA/AML compliance method adopted decades ago.

Here is Dennis, in his own words: 

"Regarding the BSA, it is important that all stakeholders be engaged in the discussion and deliberation to improve the effectiveness and efficiency of BSA reporting and enforcement. More importantly, all stakeholders should be involved in breaking down real or perceived regulatory impediments. In each of our areas of responsibility, all BSA stakeholders should strive to exploit the financial vulnerability of criminals and terrorists by ensuring the financial system serves as a detection mechanism disrupting illicit funding flows. Although the BSA system works, it is flawed and lacks the effectiveness and efficiency it was intended to achieve.
The starting point toward improving the effectiveness and efficiency of BSA reporting is to improve the current system through building meaningful and sustainable public and private sector partnerships beginning with BSA stakeholders, including the financial services industry, regulators, policy makers, sanctioning authorities, intelligence experts, law enforcement, legislatures and other stakeholders. We need to start by improving the efficiencies of our current system by breaking down impediments. We then need to determine what enhancements to regulations should be considered.
Building meaningful and sustainable partnerships begins with understanding perspectives. Each stakeholder partner possesses a perspective based on their professional responsibilities and experience. Each of our perspectives will be somewhat unique. Understanding and blending the perspectives of our partners will enable us to establish a middle ground to improve or build efficiencies upon. As this process evolves, we can leverage the capabilities and capacity of our partners. This type of evolution sets the stage for developing innovative ideas and proactive measures.
One of the inherent disadvantages we have in our financial system and AML environment is that we are reactive. Criminals and terrorists have the advantage of being proactive. Our ability to add innovative ideas and proactive measures to an otherwise reactive system can achieve impactful investigative results. In fact, there have been recurring innovative and proactive law enforcement investigations. I speak from firsthand experience when I talk about developing proactive techniques. I can point to specific proactive law enforcement initiatives following 9/11 that were the direct result of innovative public and private sector partnerships. My emphasis here is we can be innovative within the current framework. We can also improve the current landscape through enhancements to encourage and/or incentivize innovation.
For example, financial institutions conduct baseline transaction monitoring to alert to anomalies that can lead to identification of suspicious activity. By developing rule sets and scenarios that are targeted to specific transactions or financial activity, we are more likely to identify specific or targeted suspicious activity regarding specific crime problems such as human trafficking.  Financial institutions are reluctant to employ targeted monitoring initiatives because of concern for the potential regulatory expectations or other perceived impediments such innovative thinking could incur (my emphasis)."

I hope the major stakeholders in the process: the Treasury Department, the federal bank regulators, banking trade associations, law enforcement, intelligence agencies, and BSA/AML software providers, give strong and honest consideration to the benefits of this more cost-effective BSA/AML compliance method.  It looks like a proposal that can be executed administratively, without much, if any, statutory change.

Perhaps a pilot/regulatory sandbox program in a selected geographic jurisdiction could test the viability of such an approach.  Would it hurt to try it?

Sure, this suggested process improvement does not deal with the other very significant BSA/AML compliance costs associated with know-your-customer (KYC) requirements and foreign sanctions screening, but it's a damn big improvement.  It advances the ball way down the field.

A statement made by the trailblazing computer scientist and U.S. Navy Admiral, Grace Hopper seems appropriate here:

"Humans are allergic to change.  They love to say, 'we've always done it this way.'  I try to fight that.  That's why I have a clock on my wall that runs counter-clockwise."