Speeches, Testimony & Articles Statement of
Donald E. Powell
Federal Deposit Insurance Corporation
Regulatory Efforts to Ensure Compliance
with the Bank Secrecy Act
Committee on Banking, Housing, and Urban Affairs
U. S. Senate
9:30 AM - June 3, 2004
Room 534 Dirksen Senate Office Building
Mr. Chairman, Senator Sarbanes, and Members of the Committee, thank you for this opportunity to discuss how the Federal Deposit Insurance Corporation, along with the other bank regulatory agencies, addresses our responsibilities under the Bank Secrecy Act (BSA) and related anti-money laundering and anti-terrorism laws.
My testimony begins with a brief history of the BSA and an overview of the work the FDIC is doing under the law. I also will outline the current initiatives that the FDIC is undertaking to foster a culture more focused on the effective supervision of banks for compliance with BSA and related laws, and to provide assistance to law enforcement agencies. Finally, I will discuss some broader ideas related to the way bank regulators, law enforcement and the banking industry can work together to address money laundering and terrorist financing.
Background and Evolution of BSA
The Bank Secrecy Act, which was enacted in 1970, authorizes the Secretary of the Treasury (Treasury) to issue regulations requiring that financial institutions keep records and file reports on certain financial transactions. Treasury’s authority includes specifying filing and recordkeeping procedures and designating the businesses and types of transactions subject to these procedures. As part of its overall responsibility and authority to examine banks for safety and soundness, the FDIC is responsible for examining state-chartered non-member financial institutions for compliance with the BSA. This is consistent with Treasury’s delegation of its authority under the BSA to the financial regulatory agencies for determining compliance with the Treasury’s Financial Reporting and Recordkeeping regulations.
The original purpose of the BSA was to prevent banks from being used to conceal money derived from criminal activity and tax evasion. A process of filing various reports, including currency transaction reports (CTRs), was established and proved highly useful in criminal, tax, and regulatory investigations and proceedings. Banks are required to report cash transactions over $10,000 using the CTR. The information collected in the CTR can provide a paper trail for investigations of financial crimes, including tax evasion and money laundering, and has led to convictions and asset forfeiture actions.
Although the BSA has been in effect for over 30 years, numerous revisions and amendments have been made to enhance the notification and investigation of financial crimes. The Money Laundering Control Act, which was enacted in 1986 to respond to the increase in money laundering activity related to narcotics trafficking, was the first major expansion of the BSA. The Money Laundering Control Act criminalized money laundering and prohibited the structuring of transactions to avoid the filing of CTRs. Additionally, at that time, banks reported suspicious transactions by marking the “Suspicious” box on the CTR and also filing a Report of an Apparent Crime form (“criminal referral”) with the bank’s primary regulator and law enforcement agencies.
Over the years, additional laws and amendments were passed to define how financial institutions share information relating to apparent money laundering activities with law enforcement. These laws included: the Annunzio-Wylie Money Laundering Suppression Act of 1992, which replaced the criminal referral form with the suspicious activity report (SAR) to be used for apparent money laundering activities; the Money Laundering Suppression Act of 1994, which liberalized the rules for using CTR exemptions; and the Money Laundering and Financial Crimes Strategy Act of 1998, which focused on improving cooperation and coordination among regulators, law enforcement, and the financial services industry.
The focus of the BSA was escalated further in the wake of the September 11, 2001, terrorist attacks against the United States with passage of the Uniting and Strengthening America by Providing Appropriate Tools to Restrict, Intercept, and Obstruct Terrorism Act of 2001, otherwise known as the USA PATRIOT Act (PATRIOT Act). Title III of the PATRIOT Act expands the BSA beyond its original purpose of deterring and detecting money laundering to include terrorist financing in the United States. One of the new provisions requires financial institutions to conduct due diligence on customer accounts through a Customer Identification Program (CIP). The CIP requires institutions to maintain records, including customer information and methods used to verify customers' identities.
In 1990, the Financial Crimes Enforcement Network (FinCEN) was established in Treasury to administer the BSA and provide a government-wide, multi-source intelligence and analytical network. In October 2001, the PATRIOT Act elevated the status of FinCEN within Treasury and emphasized its role in fighting terrorist financing. In addition to administering the BSA, FinCEN is responsible for expanding the regulatory framework to other industries (such as insurance, gaming, securities brokers/dealers) vulnerable to money laundering, terrorist financing, and other crimes.
Evolution of 314(a) Requests
Shortly after the attacks on September 11th, the Federal Bureau of Investigation provided a confidential listing (Control List) of suspected terrorists to the federal banking agencies. The federal banking agencies provided the list to financial institutions to check their records for any relationships or transactions with named suspects. Financial institutions reported positive matches to the Federal Reserve Bank of New York which, in turn, passed the information to the appropriate law enforcement agency. Based upon this information, law enforcement authorities would subpoena the reporting bank for relevant information needed to assist in their investigation. The initial Control List primarily consisted of suspects, supporters, and material witnesses of the ongoing investigation of the September 11th attacks.
Section 314 of the PATRIOT Act requires FinCEN to establish a formal mechanism for law enforcement to communicate names of suspected terrorists and money launderers that are under investigation to financial institutions on a regular basis. The implementing regulations mandate that financial institutions receiving names of suspects search their account and transaction records for potential matches and report positive results to FinCEN in the manner and time frame specified in the request. This new information sharing system, referred to as “314(a) Requests,” replaced the Control List.
Every FinCEN 314(a) request is certified and vetted as a valid and significant terrorist/money laundering investigation through the appropriate law enforcement agency prior to being sent to a financial institution. The law enforcement agencies maintain that this new system is an effective and successful tool in their investigations.
Information provided to the FDIC from FinCEN, showing the initial results of the program, indicate some successes. From February 18, 2003, through November 25, 2003, agencies have processed 188 law enforcement requests. Of these cases, 124 were related to money laundering and 64 cases were related to terrorism or terrorist financing. There were 1,256 subjects of interest in these investigations. Of these, financial institutions responded with 8,880 matches, resulting in the discovery or issuance of the following:
795 new accounts identified;
35 new transactions;
407 grand jury subpoenas;
11 search warrants;
29 administrative subpoenas/summons; and
The FDIC plays a particularly active role in ensuring that the 314(a) program runs effectively by maintaining point of contact information for FDIC-supervised and national banks. By properly maintaining this information, the FDIC ensures that banks are able to act on 314(a) requests in the timeliest fashion.
The 314(a) requests should not be confused with the list published by the Department of Treasury’s Office of Foreign Assets Control (OFAC). The Section 314(a) request pertains to suspects and material witnesses to significant terrorist/money laundering investigations, and is confidential. Further, the names are subject to a one-time search of bank records, and banks are not required by law to terminate account relationships. The OFAC list is a public list which contains names of individuals, organizations and countries against whom the United States has instituted sanctions. Financial institutions must have a formal process for regular searches of records and transactions against updated OFAC lists.
Although the Section 314(a) requests have improved our ability to identify possible money laundering or terrorist financing activity, other provisions of Section 314 may be underutilized or could be improved. For example, under Section 314(b), there is a safe harbor for bankers to discuss suspect transactions with other banks that are counterparties in a transaction. It appears that only 10 percent of insured financial institutions use this safe harbor even though it creates an opportunity to gain a better understanding of, and develop additional information about, questionable transactions before they are reported. In addition, under Section 314(a), financial institutions generally have a 14-day window to report a positive “hit.” This timeframe should be evaluated to determine whether this permissible reporting delay is realistic since the information may not be received until well after criminal activity occurs. As law enforcement, bank regulators and the industry gain experience with the PATRIOT Act, we must continually evaluate its implementation to ensure that it is as effective as possible.
Responsibilities of the FDIC to Facilitate BSA Compliance
All FDIC-supervised institutions are required to establish and maintain procedures designed to assure and monitor compliance with the requirements of the BSA. Section 326.8 of the FDIC’s rules and regulations requires that all FDIC-supervised institutions maintain BSA compliance programs that include controls, training, and independent testing necessary to assure that effective programs are in place.
In addition to examining state-chartered nonmember banks for compliance with the BSA and underlying regulations, the FDIC is required to make periodic reports regarding violations of Treasury’s financial recordkeeping rules to the Treasury. The purpose of the BSA examination is to determine the effectiveness of a financial institution’s anti-money laundering program. Specifically, every BSA examination focuses on the oversight provided by a bank’s senior management and its respective Board of Directors, as well as the system of controls put in place to identify reportable transactions, prepare CTRs, monitor the purchase and sales of monetary instruments and electronic funds transfer activities, comply with the OFAC laws and regulations, administer information sharing requirements under Section 314(a) of the PATRIOT Act, administer the Customer Identification Program, and report suspicious activities. Although the BSA regulations do not prescribe the frequency with which BSA compliance should be reviewed, examination procedures for BSA compliance are included within the scope of FDIC safety and soundness examinations. Since 2000, the FDIC has conducted almost 11,000 BSA examinations.
The FDIC is the primary federal regulator of approximately 5,300 insured financial institutions holding total assets of almost $1.7 trillion. The majority of FDIC-supervised institutions are small and located outside a Metropolitan Statistical Area (MSA)1, in less-densely populated areas. To effectively supervise BSA compliance at state non-member banks, the FDIC has adopted a risk-focused approach. An institution’s level of risk for potential money laundering determines the necessary scope of the BSA examination. For example, an examiner might consider an institution with the following characteristics to have a low money-laundering risk: located in a rural area; not located in a high-risk money laundering and related financial crimes area (HIFCA)2; small asset size; small deposit base; known and stable customer base; stable management and employee base; and relatively few CTRs.
On the other hand, an institution located in a HIFCA or engaged in particularly risky business lines will receive significantly more scrutiny under the FDIC’s risk-focused compliance examinations due to their elevated risk profiles. Current HIFCA designations for money laundering are assigned to the MSAs of New York City, Los Angeles, Chicago, San Francisco, and Miami. HIFCAs also include the Mexican borders with Texas and Arizona as well as San Juan, Puerto Rico. Financial institutions located in a HIFCA, or that have certain characteristics that may indicate a greater risk of money laundering or related vulnerabilities, undergo an expanded-scope BSA examination. These examinations include extensive transaction testing designed to validate management’s compliance with BSA and anti-money laundering regulations.
Regardless of the risk profile of a particular institution, the FDIC understands that all institutions are at risk of being utilized to facilitate money laundering and terrorist financing. In today’s global banking environment where funds are transferred instantly and communication systems make services available nationally, even a lapse at a small financial institution outside of a major metropolitan area can have significant implications in another location across the nation. The more difficult it is for criminals and terrorists to gain entry into the American financial system, the more likely it is that they will need to rely on less secure and less efficient means of financing their activities.
While it has been our experience that the vast majority of FDIC-supervised institutions are diligent in their efforts to establish, execute, and administer effective BSA compliance programs, there have been instances where controls and efforts were lacking. In those cases, the FDIC implements a range of corrective measures to ensure that banks comply with the law. Generally, weaknesses noted in BSA compliance have been technical in nature and have not resulted in the facilitation of money laundering or terrorist financing activities. Usually, bank management is responsive to correcting the deficiencies within the normal course of business. In cases where significant deficiencies are cited during a BSA examination, bank management is required to address such deficiencies in a written response to the FDIC that outlines the corrective action proposed and establishes a timeframe for implementation.
In cases where an institution has been lax in administering its BSA compliance program and failed to correct previously identified deficiencies, including significant violations of law, the FDIC has procedures to obtain commitments from bank management to correct the deficiencies. The procedures generally require some type of formal or informal enforcement action. The FDIC can also utilize its authority to assess civil money penalties against an institution for non-compliance with BSA. In addition, significant violations are referred to FinCEN, in accordance with the BSA, which also has the authority to assess civil money penalties for non-compliance with the BSA.
The FDIC believes in a flexible supervisory approach using technical guidance, moral suasion, and a gradual escalation of enforcement action as appropriate. However, a more aggressive supervisory approach may be necessary to effect correction when a greater risk for money laundering exists within an institution due to willful non-compliance with the BSA and/or the absence of an effective BSA program. The type of enforcement action pursued by the FDIC against an institution is directly related to the severity of the offense, management’s willingness and ability to effectively implement corrective action, as well as the extent to which the program has failed to identify and/or deter potential money laundering. Additionally, the nature of the criticism, the response to prior weaknesses or violation notifications, and the overall risk profile of the institution are factored into the type of supervisory action. When weaknesses are identified at institutions that have a high BSA risk profile, such as those located within a HIFCA, the FDIC has been aggressive in taking formal supervisory action. In addition, the FDIC has the authority to remove and/or prohibit an individual from the banking industry for deliberate or negligent actions related to money laundering.
FDIC Efforts to Thwart Money Laundering and Terrorist Financing Activities
In order to identify money laundering and terrorist financing activity, it is important to know the differences between the two activities. Money laundering generally involves the following factors:
Profit is the motivation;
“Dirty money” is laundered;
Funds are derived from the crime;
Large sums of money are involved (generally);
Shell companies and offshore centers are frequently used;
Complicated structures are created often requiring attorney or trustee involvement;
Assets are purchased with illicit funds, then sold, thereby converting to “clean” cash; and
Use of official or counterfeit bank checks or wire transfers.
Terrorist financing differs as it generally involves the following factors:
Ideology is the motivation;
Both “clean money” and “dirty money” are laundered;
Funds are often derived from donations and crime;
Both large and small sums of money are involved;
Banks and money exchanges (including alternate value transfer systems) are used;
Charities and front operations are used; and
Funding sometimes derives from government “state sponsorship.3”
These distinctions between money laundering and terrorist financing are important when evaluating suspicious bank transactions.
The FDIC examines CTRs and SARs to determine, in part, a bank’s compliance with the BSA. Examiners analyze an institution’s volume and trend in CTR and SAR filings to assist in risk scoping the examination. For example, increases in the volume of CTRs filed may be the result of deposit growth, the elimination of exempted businesses, or increases in retail or other high-risk customers. Decreases may be caused by the failure of the bank to file CTRs, an increase in the number of exempted businesses, the elimination of retail and/or other high-risk customers, or structuring transactions to avoid reporting requirements.
Increases in the number of SARs filed may be due to an increase in high-risk customers, entry into a high-risk market or product, or an improvement in the bank’s method for identifying suspicious activity. Decreases may be the result of deficiencies in the bank’s process for identifying suspicious activity, the closure of high-risk or suspicious accounts, personnel changes, or the failure of the bank to file SARs.
When appropriate, examiners conduct transaction testing during a BSA examination to determine if reportable transactions have been captured on the bank’s system and if a CTR was filed. In the case of a structured transaction, an examiner will determine if a SAR was filed. As part of the CTR and SAR validation process, an examiner may also note if the SAR reports fraud and/or insider abuse which is closely linked to money laundering and other illicit acts. Also, examination staff may use SARs as a basis for further evaluation of the conduct of insiders who may eventually be removed and/or banned from the banking industry under Section 8(e) of the Federal Deposit Insurance Act.
Since 2001, the FDIC has issued 30 formal enforcement actions against 25 financial institutions and three individuals to address severely deficient BSA compliance efforts and/or ineffective anti-money laundering controls. These actions include 25 Orders to Cease and Desist, three Orders of Prohibition–which ban individuals from participating in the banking industry–and two Civil Money Penalty Assessments against related entities in the amount of $7,500,000. Fourteen of the 25 Cease and Desist Orders were issued in response to severe and/or chronic BSA-related deficiencies that exposed those institutions to a high vulnerability of possible money laundering activity.
The FDIC also has effectively utilized informal actions such as bank board resolutions and memoranda of understanding to strengthen the BSA compliance efforts of its supervised institutions under appropriate circumstances. The informal actions also put the bank’s board of directors on notice of their responsibility to ensure BSA compliance. Since 2001, FDIC-supervised institutions have entered into 53 informal actions with BSA-related provisions.
FDIC Participation in Interagency Working Groups
The FDIC participates in numerous interagency working groups formed for the purpose of drafting risk-based revisions to the BSA, required by the PATRIOT Act, and developing interpretive guidance for the financial services community. The FDIC has worked actively with Treasury and the financial regulators in developing regulations and guidance to implement the PATRIOT Act. For many years, the FDIC has worked with the Treasury, FinCEN and the other banking agencies in setting international standards, developing policies, and implementing best practices to combat money laundering and, more recently, terrorist funding as part of the nation’s anti-money laundering regime.
The FDIC also participates in the Bank Secrecy Act Advisory Group, which is a public-private partnership devoted to the discussion of money laundering schemes, enforcement of anti-money laundering laws, and remedies for making all reporting processes more efficient. The BSA Advisory Group has 43 members with representatives from all bank regulatory agencies; law enforcement; the securities, insurance, and gaming industries; and the banking industry. The BSA Advisory Group and its subcommittees are currently evaluating all aspects of the BSA (implementing rules and reporting requirements) and developing recommendations to make these areas more efficient.
International Outreach Programs
The FDIC believes that strong governance of foreign banking programs reduces opportunities for money laundering and increases the ability to identify sources of terrorist financing. The FDIC actively participates in working groups and technical assistance missions sponsored by the Departments of State and Treasury to assess vulnerabilities to terrorist financing activity worldwide and to develop and implement plans to assist foreign governments in enforcement efforts directed towards financial crimes. To facilitate its commitment to these assignments, the FDIC identified a group of twenty-two examiners and attorneys who have received specialized training in identifying money laundering and terrorist financing. Over the past two years, several of these individuals and others have worked with over 62 countries to provide technical assistance and training, meeting with supervisory and law enforcement representatives, senior prosecutors, and financial intelligence unit directors, and assisting in the development of foreign-directed BSA training programs. In all cases, the foreign officials from these countries–ranging from Caribbean to European to Middle Eastern war-torn countries–expressed interest in the FDIC’s anti-money laundering examination programs and our progress in implementing PATRIOT Act provisions. Some of these countries have a myriad of issues and concerns with regulatory compliance and secrecy laws. Further, through participation on the Basel Committee, the FDIC has assisted in the evaluation and issuance of international guidelines on money laundering.
In addition, the FDIC provided substantial assistance to the Department of the Treasury in drafting the anti-money laundering/anti-terrorist financing rules for the Iraqi Coalition Provisional Authority in Baghdad. The comprehensive framework was drafted for the new Iraqi government to implement and conform to international standards.
Since the passage of the PATRIOT Act in 2001 (which augments the BSA to address the risk of terrorist financing activities), the FDIC has been involved in a number of activities, including: implementing rules and interpretive guidance, incorporating changes into examination procedures, training examiners, and participating in industry outreach sessions. The agency participated in the rulemaking process of relevant parts of the PATRIOT Act and has participated in a number of working groups focused on counter-financing of terrorism and the PATRIOT Act. In conjunction with these activities, and, in part, to address some recommendations identified in a recent FDIC Office of Inspector General report, we have undertaken a number of initiatives to enhance the FDIC’s enforcement of the BSA.
Consistent with the increased importance of the BSA, the additional workload associated with the PATRIOT Act, and greater emphasis on international efforts to combat terrorism, the FDIC has taken additional steps to ensure that these areas receive increased attention. The FDIC is dedicating more staff to its Special Activities Section, which oversees the nationwide implementation and coordination of the FDIC’s BSA, anti-money laundering, and PATRIOT Act efforts. Additionally, the FDIC is designating and training additional BSA subject matter experts. The FDIC expects to double its number of BSA experts over the next 18 months. Currently, the FDIC has more than 150 BSA experts nationwide. Multiple experts are assigned to offices that examine several institutions having characteristics that may indicate greater money laundering or related vulnerabilities.
In an effort to increase the level of BSA expertise in the field, the FDIC is requiring all examiners to complete additional formal training on BSA anti-money laundering and PATRIOT Act issues by year-end 2004. This computer-based training also will be offered to all state banking authorities and other regulators who wish to provide additional training for their staff. As a supplement to the required additional training, the FDIC is participating in the planning and development of anti-money laundering training for examiners that is sponsored by the Federal Financial Institutions Examination Council.
Updating Examiner Guidance
The FDIC continues to re-evaluate and modify as necessary all BSA anti-money laundering and anti-terrorism examination and industry guidance to ensure the incorporation of changes resulting from passage of the PATRIOT Act. This effort involves reviewing all written guidance for examiner and industry use, working with other bank regulators and federal law enforcement in assessing the guidance and using conferences and other public forums to communicate any changes required by banks for compliance with the law.
Improving State Examinations
The FDIC has an alternating examination program with most state banking departments. In this program, the FDIC and state authorities alternate, or conduct every other examination, accepting or using the other agency’s examination findings to meet mandatory examination cycle requirements. While the FDIC reviews BSA compliance each time it examines a state-chartered nonmember bank, not all states conduct similar examinations.
Beginning this month, in those instances where a state banking authority does not conduct Bank Secrecy Act exams, the FDIC will send an examiner to conduct an examination for BSA and anti-money laundering compliance concurrent with the state authority’s safety and soundness examination. This initiative will ensure that all FDIC-supervised banks are reviewed for money laundering and terrorist financing activity during every examination cycle. Conducting a BSA examination concurrent with the state’s safety and soundness examination is expected to reduce the regulatory burden upon the financial institution by scheduling both events simultaneously rather than multiple examinations conducted during a given year.
In addition, ten states have committed to beginning BSA-examinations in 2004. The FDIC will assist those states as necessary with training to facilitate thorough state evaluations of BSA compliance.
The FDIC has centralized the monitoring process for FDIC-supervised banks with serious BSA, anti-money laundering and anti-terrorist financing program deficiencies. This allows senior Washington Office personnel to confer with regional staff to ensure that a consistent supervisory approach is applied on a national basis. In addition, the FDIC recently centralized the process for referring BSA violations to FinCEN which provides consistency in reporting. These centralization efforts also will enable the FDIC to analyze historical data internally to identify emerging trends and issues among FDIC-supervised banks.
In order to provide more information to financial institutions and the general public, a section of the FDIC’s external website is devoted to the Bank Secrecy Act, anti-money laundering and counter-financing of terrorism issues.
Improving Government and Industry Coordination
While there has been marked improvement in information sharing among government agencies in recent years, communication between government entities and the banking industry could be improved. Current communication tends to be limited to requests for information and responses to those requests. We should also create a better dialogue between the industry, the regulators, and law enforcement about how our banking system can be used for nefarious purposes. We should continue to work to eliminate any barriers that exist between government and the industry to foster more seamless communication about both the broader context and potential threats. In my view, these efforts would help us detect and deter the use of the financial system by criminals and terrorists.
The FDIC believes that a vigilant BSA, anti-money laundering and anti-terrorist financing supervisory program requires that appropriate supervisory actions be taken to support compliance with Treasury and FDIC regulations and guidance. Proper supervision of banks to ensure that they maintain effective programs creates an environment where terrorists know that any attempt to use the American financial system to fund their operations pose an unacceptable risk of discovery.
The FDIC diligently enforces the BSA by establishing a comprehensive supervisory approach that includes conducting thorough BSA compliance examinations and ensuring an appropriate supervisory approach when BSA concerns exist in FDIC-supervised institutions. In addition, the FDIC is proactive in addressing recent changes to the BSA by incorporating those rules into examiner and industry guidance, providing various forms of examiner and industry training and outreach sessions, and assisting in global anti-money laundering and anti-terrorist financing efforts.
The FDIC is fully committed to preventing the use of the financial system to support criminal or terrorist activities. Highly trained bank examiners are a major resource in this fight that cannot be easily duplicated. They are in every bank in the country, they are able to identify suspicious relationships and transactions and they have the power to dig deeply into the facts when warning flags are raised. While the current system is not perfect, we should approach reforms carefully to ensure that they do not duplicate resources and expertise that already exist and do not inadvertently interfere with the achievement of the goals that we all share.
This concludes my testimony. I would be happy to answer any questions and would like to thank the Committee for providing this opportunity to discuss the FDIC’s role in enforcing the Bank Secrecy Act and assisting the overall effort to fight money laundering and terrorist financing activity.
1 The Office of Management and Budget defines an MSA as an area with either a minimum population of 50,000 or a Census Bureau-defined urbanized area with a total population of at least 100,000. MSAs comprise one or more counties and may include one or more outlying counties that have close economic and social relationships with the central county. An outlying county must have a specified level of commuting to the central counties and also must meet certain standards regarding metropolitan character. For example, the Washington, D.C. MSA extends from Frederick, Maryland, to Fredericksburg, Virginia, and includes two counties in West Virginia.
2 HIFCA is a term used in the Money Laundering and Financial Crimes Strategy Act of 1998 as a means of concentrating law enforcement efforts at the federal, state, and local levels in high intensity money laundering zones.
3 State sponsorship can be described as implicit or explicit action or funding by a government to endorse terrorist activity.