By Kevin K. Watson, CAMS, Co-CEO, AuditOne LLC
We recently attended the largest ACAMS Conference in history in Las Vegas where there were 2,000 attendees, up from 1,500 the prior year. To illustrate the importance of BSA/AML, we counted the number present from the FDIC, FRB, NCUA and OCC on the attendee list at nearly 100, along with numerous other state and federal agencies and law enforcement units. Aside from most everyone agreeing that regulatory expectations and scrutiny have increased substantially, our key takeaways from the conference are summarized in the following paragraphs.
One important pronouncement, FIN-2014-A007, released August 11 by FinCEN and entitled, “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance” will have significant repercussions for financial institutions. Because of their significance, we will summarize them here for you.
- Leadership should be engaged
- Compliance should not be compromised by revenue interests
- Information should be shared throughout the organization
- Leadership should provide adequate human and technological resources
- The program should be effective and tested by an independent and competent party
- Leadership and staff should understand how their BSA reports are used
FIN-2014-A007 emphasizes regulatory expectations regarding governance of a financial institution’s BSA/AML program. We can expect examiners to consider the extent that each financial institution conforms to the culture as an important element of the overall BSA examination rating. We recommend that directors, managers, and BSA Officers make a careful read of the document that can be found at www.fincen.gov/statutes_regs/guidance/html/FIN-2014-A007.html.
Currently, out for comment is a FinCEN proposed rulemaking regarding “Customer Due Diligence Requirements for Financial Institutions”. One of the key elements will be an explicit requirement to collect information on the beneficial owners of legal entities, defined as a 25% ownership interest by an individual, regardless of how many ownership layers are in place between the legal entity and the individual owner. Individuals with a significant control responsibility, are also considered to be beneficial owners. This will prove to be a time consuming effort in many cases. Interestingly, the 25% ownership cutoff is actually less onerous than some jurisdictions, where the cutoff is 10%. Financial institutions will need to establish written procedures or polices to ensure identification is established for all such beneficial owners as examiners will certainly be scrutinizing new account files once the guidelines becomes effective. The proposed rulemaking can be found at www.fincen.gov/statutes_regs/frn/pending.html.
There is no agreement yet on the form or content of Automated AML system validations, except to provide assurance that AML monitoring systems, customer risk rating models, and sanctions (OFAC) checking features are reliable and efficient. Examiners are naturally expecting to see such independent validations completed on a periodic basis. Independent validators will need to follow the validation concepts of OCC 2011-12/FRB SR-11-7, “Supervisory Guidance on Model Risk Management” issued by the OCC and FRB, but also adhered to by the FDIC.
AML and OFAC risk assessments were also much discussed at the conference. Such risk assessments are critical elements to an AML program and should assess all products, services, geographies and customer types, with generous documentation of the relevant activity levels and other risk drivers of each. They should address inherent risk, mitigating controls and resulting residual risk for each risk category and be maintained up to date in order to always be representative of the financial institution’s structure and environment.
There were many areas of concern noted by regulators speaking at the conference, but some common issues that caught our attention were as follows.
- BSA Officer qualifications
- BSA Program resources
- Problems associated with turnover of key BSA personnel
- Inability to identify high risk customers
- Unique risks presented by exporters with specific reference made to the recent L.A. garment district sweep where 1,000 federal agents made nine arrests and confiscated $100 million cash associated with money laundering where drug cartel funds were being indirectly used to pay for exports from the garment district into Mexico, where they could later be converted to pesos. Friday’s Los Angeles Times noted that 2,000 more garment district businesses were subsequently individually warned that for the next 180 days, they must file reports for any cash transaction in excess of $3,000. Bankers to these businesses will also need to be mindful.
- Foreign correspondent banks involved in the clearing of USD
- Physicians defrauding private and public insurance companies by making referrals for unnecessary services in exchange for kickbacks
While all of these issues are cause for alarm, we believe the most important will be the FinCEN Culture of Compliance Advisory. It effectively will serve as an entry barrier into the financial services industry against those that don’t “get it”, while financial institutions that embrace the new compliance culture paradigm will be successful in the long run.