News & Press: ACFCS News

ACFCS Speaker Spotlight: Former OCC Deputy Chief Counsel talks regulatory priorities, focal points

Thursday, August 24, 2017   (0 Comments)
Posted by: Brian Monroe
Share |

By Brian Monroe
August 24, 2017

In this ACFCS 2017 Conference Speaker Spotlight, we talk to Dan Stipano, an attorney and former regulator with more than 30 years of experience, including being a key part of the most high-profile financial crime compliance enforcement actions to hit the field in recent decades.

Ready to register for the Conference? Click here! Want more details on the Conference agenda? Click here

Stipano recently made the jump to private practice and is a partner in Buckley Sandler LLP’s Washington, DC office. In his practice, he advises on all aspects of bank regulatory and compliance issues in state, federal, and foreign banking enforcement actions. That includes assistance in establishing, maintaining, and monitoring Bank Secrecy Act and Anti-Money Laundering (BSA/AML) compliance programs.

Prior to joining the firm, Stipano was at the U.S. Treasury’s Office of the Comptroller of the Currency (OCC), where he served as Deputy Chief Counsel for 16 years after joining the agency as a staff attorney 30 years ago.

In addition to his AML enforcement expertise, he played a key role in every major BSA/AML post-USA PATRIOT Act rulemaking and policy issuance. He received his J.D. from the College of William & Mary and his B.A. from Union College.

Stipano, who will be speaking at the ACFCS 2017 Conference in October on regulatory trends, took the time to speak to ACFCS Director of Content Brian Monroe about current priorities and examiner focal points, regtech and convergence. To learn more about the conference, please click here.

ACFCS: What is new in terms of regulatory priorities, focal points or gaps examiners are seeing and could be concerned about?

Dan Stipano: I don’t know if there is anything necessarily new on that front. I think that the kinds of things that result in problems for banks are the ones that have resulted in problems for some time. For instance, in the internal controls area. The basic building blocks, such as banks that get into trouble with the front-end risk assessment for not knowing what their risks are. Or even if the risk assessment is good, the bank doesn’t use the assessment to inform other areas, such as the level of transaction monitoring and SAR reporting. A risk assessment is very important because if you don’t get that right, you don’t have a chance to get anything else right.

ACFCS: What are some other consistent AML focal point areas for examiners? Where do you see problems that continue to be identified?

DS: Regulators are always focused on root causes for compliance failures. In practically every case, BSA/AML compliance program failures really boil down to two things: risk governance and risk management failures.

All BSA/AML program failures are essentially risk governance and risk management failures. They are also evidenced by a lack of a compliance culture. That continues to be a problem at some institutions. But then you get to the question: how do you create and maintain a positive compliance culture? That is an important question because if you don’t have it, you likely don’t have an effective AML program. You probably hear this over and over, but the tone at the top is critical. People pay attention to what leadership says.

But tone at the top, standing alone, is not enough: it has to filter down and permeate not just the compliance function, but down to the business lines as well. Organizations also have to look at the kinds of behaviors that are rewarded. Are people rewarded for simply making money? That’s very important, obviously. But if all that is rewarded is bringing in money, and compliance is a secondary priority, institutions will not do compliance well. So what behaviors should be incentivized should also be a leadership focus.

ACFCS: How could AML compliance programs and exams change in the face of fintech, regtech and new technologies like machine learning and artificial intelligence?

DS: Now, before I get into that, you need to make a distinction between fintech and regtech. Fintech firms are businesses that are involved in delivering financial services using technology. The OCC opened the door in this area by proposing to charter fintechs. That is a healthy development as the government is not always open to new ideas. The OCC turned that on its head.

Regtech is a little different. Regtech is the use of technology to achieve compliance. I am totally convinced that this really will be the future of compliance in BSA/AML. Right now, one of the big issues in compliance is its cost, which is producing all kinds of bad outcomes, including extensive de-risking.

At some point in the future, technology could provide an opportunity to significantly reduce compliance costs and positively change the whole de-risking dynamic. At some point, these advancements may replace employees with AI and other forms of modern technology. That probably will happen eventually and is likely happening even as we speak.

The main thing holding back AI right now is that it’s not far enough along to have a huge impact. But that may change in five to 10 years from now. There is also a lot of institutional resistance by some banks to adopt these new technologies. Banks are fearful about striking out in a new direction not knowing if regulators will go along with them.

For this to really get off the ground, the government would have to step up, as the OCC did with fintech, and show they are responsive to innovation in the AML area. Innovation will happen one way or another. But even if something like AI becomes a silver bullet down the road, banks will still have to deal with the decision-making of the analysts looking at the alerts, which will continue to put pressure on bank compliance training.

ACFCS: What about the issue of convergence? Last year, the U.S. Treasury released guidance on cyber-enabled fraud that had to implemented by the AML, fraud and cyber teams. Do you think examiners are also looking at banks to be more converged when it comes to financial crime compliance?

DS: Now, convergence, that is a very interesting issue. I think on a theoretical basis, convergence makes a lot of sense. Why? Because criminal organizations don’t operate in silos. You don’t have a criminal group that does terrorist financing and nothing else. You don’t have a criminal group that does cyber fraud or launders money and nothing else. They do all of that and more.

That argues to me for the need to take a holistic approach to compliance, a convergence of all of those disciplines. Now, that’s easier to say than to accomplish because experts in all of these areas come from different places and backgrounds. They have different disciplines and grew up in different places in the organization.  

Regulators are increasingly looking at the issues in a holistic way. That is a good expectation to be passed down to their institutions, but it will be a challenge for both regulators and institutions to implement that type of approach. But even if you can’t have complete convergence, one thing that is good is to have strong communication between people in the different departments.

So make sure people working on the cyber side of the institution are talking to the AML group and vice versa. Make sure fraud investigators are talking to the other groups. They all have valuable information that could get siloed if it’s only used for one purpose.

Convergence is something that is likely to happen, but there are challenges to implementing it. In the interim, it’s important to make sure all of the relevant parts are communicating with each other.

ACFCS: Is there anything else I forgot to ask about germane to this discussion?

DS: The only thing I would touch on is the fact that this is still an administration in transition. We are only eight months in and there are a lot of key seats still unfilled. I have always felt personnel is policy. So a question people keep asking is what do you think the new administration will do on AML?

The answer that I give is that there is still a very heavy focus on law enforcement and terrorism in general. So any significant rollback on the enforcement front is unlikely. Even so, there is a sensitivity to the costs and burdens of compliance, particularly for community banks.

So with regard to community banks, there could be some easing of the regulatory burden. Those are some of the things the new administration will be sensitive to.

And remember, there are still many acting heads for agencies in this space, including at the OCC and FinCEN. So until these key roles get filled, it will be hard to say for certain what the agenda will be, but I would bet against any significant rollback on BSA/AML.


Ready to register for the Conference? Click here! Want more details on the Conference agenda? Click here

©2018 Association of Certified Financial Crime Specialists
All Rights Reserved