By Brian Monroe
November 7, 2019
Quote of the Day: “A lost battle is a battle one thinks one has lost.” – Jean-Paul Sartre, French existentialist philosopher
In today’s ACFCS Fincrime Briefing, Jim Richards offers seven “fixes” for bolstering fincrime compliance, OCC offers guidance in letter for bank automating structuring SAR filings, Venezuela corruption investigation, and more.
Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.
Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!
The current BSA/AML regime is a classic fixer-upper … and here’s seven things to fix: expert commentary from the eminent Jim Richards
In this nuanced and well-informed commentary on the current state of affairs in the anti-money laundering (AML) sector, longtime financial crime compliance mage Jim Richards offers seven critical improvements financial institutions can make right now without breaking the bank.
These improvements by Richards, who most recently helmed the AML program at Wells Fargo, include critical tweaks to transaction monitoring systems to bolster effectiveness and usefulness to law enforcement, more aggressive information sharing between banks under 314(b) and new laws and regulations that will break open beneficial ownership bastions, among others.
Here are some of his thoughts:
There is a lot of media attention around the need for a new way to tackle financial crimes risk management. Apparently the current regime is “broken” (I disagree) or in desperate need of repair (what government-run programs are not in some sort of state of disrepair?), or, at the very least, not particularly effective nor efficient.
And there are a lot of suggestions from the private and public sectors on how to make the regime more effective and more efficient.
I’ll offer seven things to consider as we all work towards renovating our BSA/AML regime, to take it from its tired, dated (the last legislative change to the three statutes we call the Bank Secrecy Act was made in 2004) state to something that provides a more balanced, effective, and efficient regime.
In short, Richards covers:
- Shift from customer-centric transaction monitoring systems to relationship-based interaction surveillance systems
- Encourage cross-institutional and cross-jurisdictional information sharing
- Encourage the private sector to be more creative and innovative in its approach to AML – AML is like jazz music, not classical music
- Address de-risking through aggressive use of Section 311 Special Measures
- Simplify the CTR regime. Please. And forget about increasing the $10,000 threshold – in fact, reduce it to $5,000
- As long as financial institutions are judged on US Code Titles 12, 18, 31, and 50, expect them to be both ineffective and inefficient. Can Titles 12 and 31 try to get along?
- A central registry of beneficial ownership information that is freely accessible to financial institutions is a must have
I. Transaction Monitoring Systems
Apparently, current customer- and account-based transaction monitoring systems are highly inefficient, because for every 100 alerts they produce, five or fewer actually end up being reported to the government in a Suspicious Activity Report.
The transaction monitoring software is often blamed (although bad data is the more likely culprit), and machine learning and artificial intelligence are often touted (by providers of machine learning and artificial intelligence) as the solutions.
Consider the following when it comes to transaction monitoring and false positives:
1. If a 95% false positive rate is bad … what is good? Human-generated referrals will result in SARs about 50% of the time: that might be a good standard.
2. We have to stop tuning our transaction monitoring systems against SARs filed with law enforcement, and start tuning them against SARs used by law enforcement. I’ve written about this on many occasions, and have offered up something called the “TSV” SAR – a SAR that law enforcement indicates has Tactical or Strategic Value.
3. High false positives rates may not be caused by bad data or poor technology at all, but by regulatory expectations – real or imagined – that financial institutions can’t afford the audit, regulatory, legal, and reputational costs of failing to identify (alert on) something unusual or anomalous that could eventually be found to have been suspicious.
(I’ve written about this on a few occasions: see, for example, RegTech Consulting Article).
It may be that transaction monitoring itself is the culprit (and not bad data, outmoded technology, or unreasonable regulatory expectations). My experience is that customer- and account-based transaction monitoring is not nearly as effective as relationship-based interaction surveillance. Let’s parse this out:
- Customer versus relationship – focusing on a single customer is less efficient than looking at the entire relationship that customer is or could be part of. Bank’s marketing departments think in terms of households as the key relationship: credit department’s think in terms of parent and subsidiary entities and guarantors as the needed relationship in determining credit worthiness. Financial crimes departments need to also think in the same terms. It is simply more encompassing and more efficient.
- Transaction versus interaction – customers may interact with a bank many times, through a phone call, an online session, a balance inquiry, or a mobile look-up, before they will perform an actual transaction or movement of value. Ignoring those interactions, and only focusing on transactions, doesn’t provide the full picture of that customer’s relationship with the bank.
- Monitoring versus surveillance – monitoring is not contextual: it is simply looking at specific transaction types, in certain amounts or ranges, performed by certain customers or customer classes. Surveillance, on the other hand, is contextual: it looks at the context of certain activity compared against all activity of that customer over time, and/or of certain activity of that customer compared to other customers within its class (Whatever that class may be).
So the public sector needs to encourage the private sector to shift from a customer-based transaction monitoring regime to a relationship-based interaction surveillance regime.
II. Information Sharing
Crime and criminal organizations don’t operate in a single financial institution or even in a single jurisdiction.
Yet our BSA/AML regime still encourages single entity SAR filers and doesn’t promote cross-jurisdictional information sharing. The tools are available to better share information across a financial institution, and between financial institutions.
Laws, regulations, and regulatory guidance all need to change to specifically and easily allow a single financial institution operating in multiple jurisdictions to (safely) share more information with itself.
These changes should also allow multiple institutions in a single and multiple jurisdictions to (safely) share more information between them, and to allow those institutions to jointly investigate and report together. Greater encouragement and use of Section 314(b) associations and joint SAR filings are critical.
III. Classical Music, or Jazz?
Auditors, regulators, and even a lot of FinTech companies, would prefer that AML continue to be like classical music, where every note (risk assessments and policies) is carefully written, the music is perfectly orchestrated (transaction monitoring models are static and documented), and the resulting music (SAR filings) sounds the same time and time again regardless of who plays it.
This allows the auditors and regulators to have perfectly-written test scripts to audit and examine the programs, and allows the FinTech companies to produce a “solution” to a defined problem.
This approach may work for fraud, where an objective event (a theft or compromise) produces a defined result (a monetary loss).
But from a financial institution’s perspective, AML is neither an objective event nor a defined result, but is a subjective feeling that it is more likely than not that something anomalous or different has occurred and needs to be reported.
So AML is less like classical music and more like jazz: defining, designing, tuning, and running effective anti-money laundering interaction monitoring and customer surveillance systems is like writing jazz music.
The composer/arranger (FinTech) provides the artist (analyst) a foundation to freely improvise (investigate) within established and consistent frameworks, and no two investigations are ever the same, and similar facts can be interpreted a different way by different people … and a SAR may or may not be filed.
AML drives auditors and examiners mad, and vexes all but a few FinTechs. So be it. Let’s acknowledge it, and encourage it, (via RegTech Consulting).
Monroe’s Musings: I just loved this and these fixes mirror many of the thoughts, ideas and discussions going on in fincrime compliance incubators helmed by authoritative thought leaders attempting to break what many say is a broken paradigm.
I read each and every “fix” several times and couldn’t help but find myself agreeing with the ideas, logical defenses and conclusions.
These ideas could be a powerful boon to compliance professionals at every level of their career and level of expertise, along with supercharge the compliance defenses of banks large, medium and small.
OCC offers rare glimpse of how examiners view AML fintech initiatives in action in letter reviewing bank’s request to automate SARs, auto-generate structuring narratives
The U.S. Treasury’s Office of the Controller (OCC), banking regulator overseeing the country’s largest and most complex banks, has issued an insightful interpretive letter reviewing a bank’s request to automate the suspicious activity report (SAR) and auto-generate the narrative portion of the filing in relation to suspected or actual instances of structuring – one of the most common such reports that can be a massive drain on bank investigative resources.
The letter noted that the Bank also requested the Financial Crimes Enforcement Network’s (FinCEN) issue an administrative ruling or grant exemptive relief from its SAR reporting requirements for the proposed process.
The proposal outlined in your letter raises several issues under the OCC’s regulations, the regulator stated in the letter.
First, you seek an opinion regarding whether the proposed automated generation of SAR narratives is consistent with the OCC’s SAR regulation. Second, you seek an opinion regarding whether the OCC’s SAR regulation permits a bank to file a Structuring SAR based solely on an alert, without performing a manual investigation, and, if so, under what circumstances.
Third, your request raises the question of whether the proposed automation of SAR filings is consistent with the OCC’s BSA/AML Compliance Program regulation. Finally, you requested regulatory relief to conduct the proposal within a “regulatory sandbox,” which would include a waiver of certain regulatory actions by the OCC.
As explained further below, we conclude that the proposed automated generation of a SAR narrative is consistent with AML banking regulations.
The conclusion is based on the Bank’s representation that filed SARs “will in fact contain all required elements outlined in the SAR Form instructions and applicable FinCEN guidance.”
“We further conclude that the OCC’s SAR and BSA/AML Compliance Program regulations permit a bank to file a Structuring SAR based solely on an alert under the conditions and limitations described in your request letter,” with certain limitations.
The regulator is also open to a continuing dialogue on this subject as it has broader ramifications for banks attempting to bolster AML effectiveness through analyzing and implementing compliance automation, but won’t hamstrung itself and give this bank, and others, a broad safe harbor that prevents examiners from offering criticism and even formal actions.
“Finally, the OCC is open to engaging in regular discussions between the Bank and appropriate OCC personnel, including providing proactive and timely feedback relating to this automation proposal, but declines to offer regulatory forbearance as you have requested,” (via the OCC).
Monroe’s Musings: The letter is a rare, detailed glimpse of how, in a concrete way, the U.S. Treasury’s Office of the Controller (OCC) is viewing some of the more arcane parameters of institutions implementing financial technology, or fintech, initiatives, such as automation, in the era of innovation detailed in several supervisory missives released late last year.
The eight-page letter, which asked whether the Bank’s proposed streamlined process is consistent with the OCC SAR regulations, is required reading for bank financial crime compliance officers at institutions of all sizes.
The letter is a peek under the hood of how regulators weigh tinkering with new technologies against not letting a bank off the hook for ensuring current counter-crime compliance directives are not given short-shrift.
In short, examiners are happy to see institutions strengthen efficiency and effectiveness, but won’t give banks a get-out-of-jail-free card for uncovered fincrime compliance failures in legacy or new whiz-bang initiatives.
Venezuela’s business elite face scrutiny in $1.2 billion money laundering case
As Venezuela’s oil-based economy continues to crumble, a politically connected class of businessmen with financial ties to Miami has grown fabulously wealthy from energy deals with the socialist government.
Among the Venezuelan upper crust who have made fortunes during the Bolivarian revolution: Alejandro Betancourt.
Without any experience in the energy industry, Betancourt co-founded a power company called Derwick Associates a decade ago that has reaped billions of dollars in government contracts for a string of new plants in Venezuela — drawing barbs about being overpaid for the projects and having cozy relationships with top politicians.
With his windfall, Betancourt not only expanded his business into the United States but also bought a penthouse apartment in Manhattan’s Olympic Tower, along with a castle estate and other luxury properties in Spain, according to court documents.
In Miami, Betancourt has surfaced in a massive money laundering case that charges his cousin and several of the so-called Boliburgueses — young , well-educated entrepreneurs close to the Venezuelan regime — with conspiring to bribe government officials to approve a loan scheme to embezzle $1.2 billion from the country’s national oil company during the presidency of Nicolas Maduro.
Although Betancourt is not identified by name in the federal case filed in Miami, several sources familiar with the widening investigation say that he is “Conspirator 2” among the dozen unnamed Venezuelan conspirators and officials listed in a criminal complaint that details the alleged international racket.
Betancourt, 39, and some of the other unidentified conspirators and officials could be added as defendants to an indictment, according to sources familiar with the federal case.
So far, nine defendants have been charged in the Miami case, with two pleading guilty and one awaiting trial. The remaining six defendants, including Betancourt’s cousin, Francisco Convit Guruceaga, are considered fugitives by the U.S. Attorney’s Office in Miami.
In Miami, Houston and New York, several corruption cases have been pursued by the Justice Department alleging bribery, embezzlement and money laundering activities in Venezuela and the United States that have taken a devastating toll on Venezuela’s economy.
The country has suffered the loss of billions of dollars embezzled from its state-owned oil company, Petroleos de Venezuela S.A, or PDVSA, mainly because of green-palming between government officials and the country’s elite business class, federal authorities say, (via the Miami Herald).
Monroe’s Musings: Betancourt should be on the radar of anti-money laundering (AML) compliance professionals as a politically-exposed person, an entity at a substantially higher risk of financial crime than the rank-and-file customer – in particular due to ties to Venezuela, a regime racked by graft and weak rule of law.
ECB governor accused of bribery in Latvia corruption trial
Latvia’s central bank chief, who led the former Soviet republic into the euro, appeared in court on Monday accused of bribery in the first corruption trial of a European Central Bank governor – just the latest twist in the sprawling money laundering and corruption scandals rocking the European Union.
Latvia’s public prosecutor has accused Ilmars Rimsevics, 54, of accepting the offer of a 500,000-euro bribe and taking a paid holiday in Russia.
Rimsevics’ trial is a landmark case for the 20-year-old euro currency bloc, which spans EU countries from Portugal to the three Baltic nations that neighbor Russia.
The case has tarnished the image of the ECB, where Rimsevics sits on the governing council, which decides the price of money in the euro zone and has the final say in supervising banks.
Rimsevics appeared in court alongside Latvian businessman Maris Martinsons, who prosecutors say acted as a middleman.
State prosecutor Viorika Jirgena said the central charge against Rimsevics was that he took a bribe. If convicted, he could face jail. Rimsevics denied the accusation, while Martinsons’ lawyer also denied the charges.
The case centers on allegations of a 500,000-euro bribe promised, and partly paid, by two shareholders of Trasta Komercbanka at a time when the Latvian bank was worried about its future.
Part of the evidence is based on conversations between the defendants in a sauna, secretly recorded by Latvian investigators.
Jirgena has earlier said the bribery dates back to 2010, when the shareholders paid for Rimsevics to spend a vacation in Kamchatka, a wilderness region in Russia’s far east.
In return, Jirgena said Rimsevics helped them prepare answers to questions from the Latvian regulator, the Financial and Capital Market Commission (FCMC).
Later, in 2012, the shareholders agreed to pay him 500,000 euros in two equal installments, in return for Rimsevics using his influence to soften treatment of the bank.
Lawyers for Rimsevics persuaded the judge on Monday to allow him travel to Frankfurt in December for what will be his final ECB Governing Council meeting before his term expires.
He had earlier been reinstated in that post after the ECB challenged his suspension from office. Rimsevics’ lawyers argued in court that his position with the ECB granted him immunity from such a prosecution.
The prosecutor alleges that Rimsevics was unsuccessful in preventing Trasta Komercbanka’s demise and that, as a result, the shareholders refused to pay the second 250,000-euro installment.
The bank closed in 2016 after the Latvian regulator said it had broken money-laundering rules.
The shareholders approached Latvian anti-corruption investigators, handing over evidence of the bribery.
As central bank governor, Rimsevics was entitled to attend meetings at the FCMC regulator and was also responsible, along with the finance ministry, for proposing its head.
A spokeswoman for the FCMC said it took decisions independently. The ECB declined to comment.
The stakes are high for Latvia. After securing independence from Russia in 1991, more than a dozen of its banks have promoted themselves as a gateway to Western markets for clients in former Soviet states, promising Swiss-style secrecy.
Its prime minister, Krisjanis Karins, has pledged to end that and promised to overhaul the banking sector but his efforts have been overshadowed by slow progress in the Rimsevics case. Rimsevics was originally detained in early 2018, (via Reuters).
Monroe’s Musings: This case, along with the Danske Bank money laundering scandal, that saw some $230 billion in suspect Russian funds flow through the operation’s Estonian branch, is painting parts of Europe, including the Nordic and Baltic regions, in a harsh new light when it comes to financial crime and compliance defenses.
The move has seen many top leaders at banks like Danske and Swedbank get canned, in some cases at the behest of irate investors. Regulators in these regions have also come under intense scrutiny for what they saw – or didn’t see – and did or didn’t report that allowed a massive laundering scandal to fester.
As a result, the EU has pledged to bolster AML oversight at the bloc and member-state level, along with creating a central oversight body to better analyze and chastise home country regulators for any actual or perceived weak compliance oversight.
This corruption investigation could be the first of many and a win could further embolden investigators and prosecutors to take more similar cases now that they have had a taste of victory against underlying graft that has hurt the reputation of Latvia, Estonia and the rest of Europe.