Federal Deposit
Insurance Corporation

This information is offered in response to a February 3, 2005 request for comments on reducing the regulatory burden imposed on banks. My related experience is in Bank Secrecy Act (BSA) and Anti-Money Laundering compliance, so my remarks are limited to those areas. I am employed as an independent trainer within the banking industry and have the opportunity to talk to and, more importantly, listen to a few thousand bankers every year. The opinions expressed are entirely my own and I am not compensated for offering them. In most cases, they reflect the perspective of community financial institutions that are unlikely to respond to requests such as this one.

Clearly, BSA requirements have increased exponentially in the decades since the initial law’s passage. A number of laws, most recently the USA PATRIOT Act, have added new branches to BSA, some without adequate consideration of how they fit into the overall regulatory framework. Also, in the absence of a “sunset” provision, some elements have taken on a life of their own without regard to their intended purpose or whether subsequent changes have eliminated the need for their protections.

However, the most problematic issues today do not emanate from the law’s requirements, but its enforcement. Banks are charged with complying with BSA, but they are subjected to varying and oftentimes unpredictable interpretations of those requirements. The agencies recently responded to an entreaty for continuity in enforcement from the ABA and state banker’s associations’ with letter saying there was no “zero tolerance” policy toward BSA compliance. The following week, I have knowledge of an exit interview where the EIC told a bank’s staff that the FDIC’s policy on BSA was “zero tolerance.” A review of the comment letters already filed in response to this request will find several writers who heard the same phrase from their regulatory personnel.

Either the agencies are misleading the industry as to their philosophy (which I doubt) or they have simply lost control over their field examiners. I have been in this industry 30 years and I have never seen the regulator – bank credibility gap so broad. (By the way, I have yet to hear a banker ask for “tolerance,” only instructions that can be followed.)

The suggestions for improvement I would offer are:

*Calls to the IRS Detroit Computing Center Hotline, 1-800-800-2877 should be answered or at least callers should receive the courtesy of having messages returned. I have had dozens of anecdotes offered by seminar attendees where they never received a response to the message they left. I have had the same experience. (I’ve had no reports of similar experiences with banks using the FinCEN 800 number. They have also answered or returned my calls promptly.) However, sometimes what a bank needs is simple information regarding form completion or assistance with a backfiling problem on CTRs; that is the Computing Center’s responsibility, not FinCEN’s.

*The IRS Detroit Computing Center should provide banks, for a fee if necessary, with lists of CTRs, DEPs, and SARs they have filed upon request. Apparently, banks can order copies of individual forms, but not lists of forms received between given dates. Such reports are readily made available to regulatory personnel when they are establishing the scope of their on-site examinations. They would be invaluable to banks in the conduct of independent examinations and their preparation for regulatory examinations. Helping the banks monitor their compliance would reduce the need for oversight from regulatory personnel.

*FinCEN should conduct all BSA compliance training for federal and state bank examiners. While the impending reinstatement of interagency examination procedures for BSA is a long overdue step in the right direction, there is no basis for assuming that just because all the students had they same text they all received the same instruction. Training should be homogenized so an examination of a national bank is comparable to that conducted for a credit union with adjustments made only on the factors unique to that individual institution. The recent involvement of state departments of banking in BSA examinations is having the effect of further balkanizing BSA compliance into regulatory fiefdoms – one state examiner, when offered a FinCEN ruling as a counter to her comments said she did not care how FinCEN interpreted the law, her organization was the bank’s “primary” regulatory agency and it was her interpretation of the law that mattered to that bank.

*Amend the current definition of “established customer” to indicate it is a “customer” from whom the bank has already obtained the information required by 31 CFR 103.121(b)(2)(i). Amend existing 31 CFR 103.29 to replace references to “deposit account holder” and “person who has a deposit account” with “established customer.” The net effect of this change is to homogenize references made in different parts of the regulation that were written at different times with different purposes. The end result would be the existence of “customer” as defined in the CIP regulations and an “established customer” as one whose basic information has been obtained. Once a customer has been subjected to the CIP, there should not be any other hurdles to jump just because he wants to send or receive a wire transfer or purchase an official check for cash.

*Revise the record retention requirements for selling monetary instruments for between $3,000 and $10,000 in currency so only banks who engage in such transactions with people who not established customers (as defined are above) must continue to keep the records. Those banks would also be required to address those sales in their written AML program. Thus, banks that do not engage in covered transactions with anyone other than established customers will have no specific record retention requirements. The records themselves were never the goal of record retention requirements – the sole purpose of the requirement was to eliminate the practice of “smurfing.” It did. Yet, this requirement has taken on a life of its own. Even though a November, 2002 FinCEN letter clearly said the practice refusing to sell official checks for cash was acceptable, the purpose behind its publication was so obtuse that it confused many banks regarding their ability to make policies that would eliminate specialized record retention programs. Moreover, current FDIC examination procedures inquire as to whether the bank has a procedure for monitoring whether multiple sales below the record retention threshold take place. The records currently being kept simply have no tangible value, yet the agencies act as if the records themselves were required for some ancillary use.

*Revise the record retention requirements in general to remove antiquated references; e.g. “ledger card” and acknowledge the fact that most of today’s records will be maintained electronically.

*Subject the 314(a) query system to cost justification. I have read the statistics that “demonstrate” that the program is a success, but note the stark absence of even an estimate as to how much it costs for thousands of banks to conduct those searches every two weeks. From my perspective, the statistics cited are not impressive; if the amount spent by banks to conduct those searches was coming out of the FBI’s budget, the program would be scrapped tomorrow.

*Although it is perhaps beyond the scope of this review and, like the suggestion above, is unlikely to be considered seriously, I suggest that there should be a “safe harbor” for banks in OFAC compliance. The following OFAC response to a question about whether banks should check cashiers checks against the list is typical: Every transaction that a U.S. financial institution engages in is subject to OFAC regulations. If a bank knows or has reason to know that a target is party to a transaction, the bank's processing of the transaction would be unlawful. With all due respect, that’s not an answer, it’s a mantra. It’s something short of obvious that a bank is engaging in a transaction with the payee when it issues an official check made payable in accordance with the customer’s instructions. Nevertheless, regulatory personnel communicate this “guidance” as a requirement, without regard to the fact the bank is entitled to make a risk based decision. So, many banks are now checking payees on official check sales sold to established customers and the sellers of real estate when the bank is financing a loan to the borrower. I would be curious to know if any transaction has ever been blocked as a result of thousands of repetitions this tedious exercise. If the purpose of the OFAC list was actually to “catch” people, then the list would not be publicly available. Again, at some point in years past the “OFAC exercise” would have failed any attempt at cost justification.

*Issue the commentary to the BSA regulations mandated by Congress several years ago. (I am well aware that it has recently been “re-promised,” but no such commitment should be necessary in response to a Congressional mandate.)

*The regulatory agencies should relay the message to those they supervise, in writing, that banks are not to file SARs defensively. Last October, FinCEN’s Chairman indicated that “defensive filing” of SARs had the effect of diluting the value of the SAR data base and that banks should file SARs only when they believe it to be necessary. Only the OCC has since acknowledged that SAR filing is a subjective process and that banks are entitled to some discretion in their decisions. I have anecdotal evidence that indicates examiners from at least one agency actually believe they can order a bank to file a SAR when a bank has made a documented decision not to do so. At present, only a great fool would not follow the advice, “When in doubt, file.”

*If FinCEN determines to follow the recent OIG recommendation that it require banks to use BSA Direct E-Filing, it should be evaluated in the context of the dollar filing threshold ($10,000) and exemptions from currency transaction reporting. Such a change will have a ripple effect on banks’ interest in using exemptions. It would also have implications for whether it would be appropriate to increase the $10,000 dollar threshold for CTR filing. The IRS information returns program might provide a valuable model for renovating and automating the CTR filing process. For example, banks might file CTRs that include much less information electronically on a calendar month basis rather than within a set number of days from the date the transaction took place. (Even if this occasions some delay in sending the information, according to the OIG report, the information would still be the data base much more quickly than it is under the current system and it would eliminate a number of manual processes.)

It is axiomatic to say that banks can be powerful allies with law enforcement in fighting money laundering and terrorist financing. From my perspective, they are willing allies, but they are being treated like draftees assigned to drill sergeants with differing agendas. The banks' resources and their goodwill are being squandered by agencies that do not communicate with each other, let alone those they supervise. Those agencies appear to balk at any suggestion that FinCEN might have the greater insight and expertise.

Changes in law and regulation are not enough.


Ken Golliher
Louisville, KY