The U.S. Treasury and federal banking and credit union regulators this week issued a rare joint statement focusing on smaller institutions, essentially giving their blessing for these operations to pool financial crime compliance resources to lower costs, improve efficiency and potentially get access to more expertise and greater independence.
The Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC) Federal Reserve (Fed), Federal Deposit Insurance Corp. (FDIC) and National Credit Union Administration (NCUA) stated it was time to make a more formal ovation to smaller entities with similar risk profiles so they could experiment and innovate to better battle a more aggressive array of criminal, terror and cyber groups.
The statement comes amid an overall increased focus by groups within and without the U.S. to see how the country and the world can better improve the results of anti-money laundering (AML) programs, which cumulatively spend billions of dollars annually, yet only identify, seize, freeze and forfeit mere percentage points of the trillions of dollars in illicit finance flowing annually through major financial centers.
In tandem, federal investigators and regulators have seen a marked shift of domestic and foreign high-risk entities – including virtual currency exchanges, third-party payment processors and cross-border money services businesses – to smaller and medium-sized banks after they have been de-risked from larger banks with more sophisticated AML transaction monitoring systems.
That puts even more pressure on smaller institutions to bolster the accumulated acumen at their operations to prevent from being duped.
The tipping point came as a result of analysis and conclusions from a recent working group including these agencies and Treasury’s Office of Terrorism and Financial Intelligence “aimed at improving the effectiveness and efficiency of the BSA/AML regime,” they said.
In these cooperative arrangements, say regulators, smaller financial institutions, such as community banks and credit unions, could get access to trainers – training is one of the key prongs of an AML program – with more expertise than they may have had the budget for individually.
The arrangements may be similar in how banks juggle dual use employees, for instance, when a bank is so small that the AML officer must wear other hats and may also have oversight of certain business functions.
Where compliance sharing can work
The statement gives several examples where regulators feel sharing resources could work and a few where they won’t. One area that multi-bank partnerships could work is internal controls:
- reviewing, updating, and drafting BSA/AML policies and procedures;
- reviewing and developing risk-based customer identification and account monitoring processes; and
- tailoring monitoring systems and reports for the risks posed.
While another area that could benefit from smaller banks helping each other is the independent testing prong of the AML program.
In many cases at smaller banks, the AML officer could also be the individual who created the entire program, including writing the policies and procedures, tuning the monitoring systems and filing the SARs. Not surprisingly, this person also can’t review their own work as that wouldn’t be considered independent.
This scenario, however, could be remedied by playing musical chairs among, say, two banks, where the AML officer at one bank becomes the independent reviewer of the other bank’s AML program. And because neither individual had any involvement in the creation of the AML function, they maintain their independence.
But who takes the blame for mistakes?
But if the shared resource of one bank makes a mistake that impacts a different institution, the blame still falls squarely on the bank where the error was made – an institution can’t blame the actions of the individual working on its behalf from the other bank.
This is similar to the dynamic of a recent trend in AML compliance circles where some banks “outsource” compliance functions to third parties as the bank may not have the resources to do that prong of the AML program well enough to pass muster with examiners.
This is made clear in the statement: “Sharing resources in no way relieves a bank of this responsibility. Nothing in this interagency statement alters a bank’s existing legal and regulatory requirements.”
That’s also why some compliance officers are not likely to open themselves up to sharing or take help from other institutions, said one professional, who asked not to be named.
“Personally speaking, I wouldn’t be too gung-ho about this,” said the person. “For instance, how many firms on the street share their policies and procedures with each other?”
The answer: not many.
Where sharing won’t work
The statement also makes clear that cooperating on the operating of a compliance program does not invoke the protections of Patriot Act Section 314(b), which allows institutions to share information on individuals, companies and entities suspected of illicit activity, even though any of the banks involved can’t disclose if they ever filed a suspicious activity report (SAR).
Conversely, the only way that would be allowed is if somehow during the sharing of compliance resources, two banks end up sharing information and finding out they have activity that appears to be linked in both institutions.
If so, then the banks can engage in a joint-SAR filing to that law enforcement agencies understand the activity or individual is attempting to, say, launder funds and move the proceeds of a fraud at multiple financial institutions.
But one area regulators put the kibosh on the sharing is caring mantra is attempting to share a compliance officer among multiple banks or credit unions.
“The sharing of a BSA officer among banks could be challenging due to the confidential nature of suspicious activity reports filed and the ability of the BSA officer to effectively coordinate and monitor each bank’s day-to-day BSA/AML compliance,” the regulators stated.
In addition, the sharing of a BSA officer “may create challenges with effective communication between the BSA officer and each bank’s board of directors and senior management,” they stated. “Accordingly, it may not be appropriate for banks to enter into a collaborative arrangement to share a BSA officer.”