Wednesday, January 31, 2018

BSA/AML Regulation:

"...But We've Always Done it This Way."

                  Related image

On September 8, 1975, I reported for duty as a college intern at the Boise, Idaho duty station of the Office of the Comptroller of the Currency (OCC).  My first assignment, at my very first bank examination, was to prepare the Bank Secrecy Act/Financial Recordkeeping page for the bank's Report of Examination and then present it to the Examiner-in-Charge for his review.  The Bank Secrecy Act  examination procedures were pre-printed on that same legal-size Report of Examination page and consisted of about a dozen yes/no questions that I was obliged to get answers to and validate.

My, have things changed in the almost half-century since the Bank Secrecy Act was first signed into law in 1970!

The Bank Secrecy Act has been amended several times over the years and most substantially by the post- 9/11 USA PATRIOT Act.  The chart below outlines how significant those changes have been:


But underlying these heightened responsibilities, at some point, we chose (or maybe defaulted to) a conceptually easy, but ultimately expensive, method for meeting those legal responsibilities that consists of industrial-scale mass financial surveillance of financial institution customers to detect anomalies that needed to be reported to law enforcement (mainly large currency transactions and suspicious activities).

Using sophisticated computer software, this transaction monitoring Leviathan uses thresholds, rules, risk ratings, and behavioral profiles to sift through the billions of financial transactions across the financial system and screen out unusual transactions for review, follow-up, or investigation by analysts at each financial institution.

The general examination approach used by financial institution regulators, as outlined in the 442-page FFIEC Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual, is to focus, in a risk-based way, on how effectively the managers of financial institutions are tending to this bulk information collection, analysis, and reporting machinery.

We probably don't think about it much, but when you sit back and reflect on the enormous scale of the mass financial surveillance that is taking place every day, in every financial institution in the country, on every customer's financial transactions, it ought to make the spies at the National Security Agency (NSA) green with envy and would probably make the framers of the U.S. Constitution shudder.

But that's the BSA/AML transaction monitoring compliance method financial institutions have learned to live with for the last half-century.  A method they have gotten used to in order to help meet their legal reporting responsibilities.  But as we all have come to realize now, bulk transaction screening can be a very inefficient process.

Barriers to Cost-Effective BSA/AML Regulation

First, the anomaly harvesting process generates many false positives - financial transactions that seem to warrant reporting to law enforcement, but upon research and review, were not deemed to be reportable.  Investigating false positives is costly and documenting why the financial institution chose not to report the transaction adds even more expense.

To put this all into perspective, banking industry experts have benchmarked that more than 90%  (yes, more than 90%) of computer-generated BSA/AML alerts are false positives.

Second, law enforcement has limited resources.  They cannot pursue every lead provided by all of the reports filed by financial institutions.  Leads that do not warrant law enforcement follow-up end up being wasted dollars for the financial institution.

Third, the high cost of BSA/AML compliance and/or increased reputation risk encourages wholesale de-risking by financial institutions of customers from countries and industries deemed to be high risk.  Financial institutions incur an opportunity cost as a lot of deserving, bankable business is being swept up in this blanket de-risking process.  De-risking merely forces both good players and bad actors outside the formal banking system and into the arms of the shadow(y) banking system... thereby increasing law enforcement costs also.

It Seems Like There is a Better Way to Do This

Earlier this month, on January 9, 2018, the Senate Banking Committee held a hearing titled: Combating Money Laundering and Other Forms of Illicit Finance: Opportunities to Reform and Strengthen BSA Enforcement.

The hearing had a panel of three excellent witnesses, but one in particular, Dennis Lormel, President and Chief Executive Officer of DML Associates (and former chief of the FBI Financial Crimes Program) discussed an approach to BSA/AML supervision that "spoke to me".  Place less emphasis on the mass financial surveillance checklist-ish compliance method and more emphasis on a compliance method that uses a targeted/focused investigative approach done in close collaboration with law enforcement authorities and other stakeholders.

In his testimony and in the Q&A session, Dennis seemed to suggest supplementing the existing mass financial surveillance process with the targeted/investigative approach, but his idea is so good that I would advocate actually replacing the existing mass transaction monitoring method with the targeted/focused method he describes.

His targeted investigative approach, as I understand it, preserves the law enforcement benefits; helps make sure the efforts of financial institutions are aligned with current law enforcement targets, priorities, and resource allocations; promotes collaboration between all stakeholders with specialized expertise; and, very importantly, wrings out much of the wasted expense from the process by making it more cost-effective.

This is a change of method, not a change of BSA/AML policy objectives or statutory requirements.  It is a process improvement suggestion; a sorely needed innovation to an aged, sclerotic, and expensive BSA/AML compliance method adopted decades ago.

Here is Dennis, in his own words: 

"Regarding the BSA, it is important that all stakeholders be engaged in the discussion and deliberation to improve the effectiveness and efficiency of BSA reporting and enforcement. More importantly, all stakeholders should be involved in breaking down real or perceived regulatory impediments. In each of our areas of responsibility, all BSA stakeholders should strive to exploit the financial vulnerability of criminals and terrorists by ensuring the financial system serves as a detection mechanism disrupting illicit funding flows. Although the BSA system works, it is flawed and lacks the effectiveness and efficiency it was intended to achieve.
The starting point toward improving the effectiveness and efficiency of BSA reporting is to improve the current system through building meaningful and sustainable public and private sector partnerships beginning with BSA stakeholders, including the financial services industry, regulators, policy makers, sanctioning authorities, intelligence experts, law enforcement, legislatures and other stakeholders. We need to start by improving the efficiencies of our current system by breaking down impediments. We then need to determine what enhancements to regulations should be considered.
Building meaningful and sustainable partnerships begins with understanding perspectives. Each stakeholder partner possesses a perspective based on their professional responsibilities and experience. Each of our perspectives will be somewhat unique. Understanding and blending the perspectives of our partners will enable us to establish a middle ground to improve or build efficiencies upon. As this process evolves, we can leverage the capabilities and capacity of our partners. This type of evolution sets the stage for developing innovative ideas and proactive measures.
One of the inherent disadvantages we have in our financial system and AML environment is that we are reactive. Criminals and terrorists have the advantage of being proactive. Our ability to add innovative ideas and proactive measures to an otherwise reactive system can achieve impactful investigative results. In fact, there have been recurring innovative and proactive law enforcement investigations. I speak from firsthand experience when I talk about developing proactive techniques. I can point to specific proactive law enforcement initiatives following 9/11 that were the direct result of innovative public and private sector partnerships. My emphasis here is we can be innovative within the current framework. We can also improve the current landscape through enhancements to encourage and/or incentivize innovation.
For example, financial institutions conduct baseline transaction monitoring to alert to anomalies that can lead to identification of suspicious activity. By developing rule sets and scenarios that are targeted to specific transactions or financial activity, we are more likely to identify specific or targeted suspicious activity regarding specific crime problems such as human trafficking.  Financial institutions are reluctant to employ targeted monitoring initiatives because of concern for the potential regulatory expectations or other perceived impediments such innovative thinking could incur (my emphasis)."

I hope the major stakeholders in the process: the Treasury Department, the federal bank regulators, banking trade associations, law enforcement, intelligence agencies, and BSA/AML software providers, give strong and honest consideration to the benefits of this more cost-effective BSA/AML compliance method.  It looks like a proposal that can be executed administratively, without much, if any, statutory change.

Perhaps a pilot/regulatory sandbox program in a selected geographic jurisdiction could test the viability of such an approach.  Would it hurt to try it?

Sure, this suggested process improvement does not deal with the other very significant BSA/AML compliance costs associated with know-your-customer (KYC) requirements and foreign sanctions screening, but it's a damn big improvement.  It advances the ball way down the field.

A statement made by the trailblazing computer scientist and U.S. Navy Admiral, Grace Hopper seems appropriate here:

"Humans are allergic to change.  They love to say, 'we've always done it this way.'  I try to fight that.  That's why I have a clock on my wall that runs counter-clockwise."

No comments:

Post a Comment