Bates Research - 10-10-19
FinCEN Leaders Highlight Innovation, Identity Information and “Culture” as Keys to AML Approach
In two speeches delivered in September 2019, leaders of the Financial Crimes Enforcement Network (FinCEN) laid out their thinking behind the agency’s current regulatory approach to combatting money laundering and terrorist financing. FinCEN Deputy Director Jamal El-Hindi focused on innovation and reform of the Bank Secrecy Act (BSA) and emphasized compliance implementation and supervision in the non-bank financial institution (NBFI) sector. He also addressed federal coordination with state supervisors and delivered a message on the need to develop a “culture of compliance” in the context of national security.
In the second speech, FinCEN Director Kenneth Blanco described the use of financial data to fight money laundering and the vulnerability and abuse of personally identifiable information (PII) by bad actors. He too, urged financial institutions to embrace compliance as the surest way to prevent fraud and combat financial terrorism. Together, these speeches offer a clear picture of how FinCEN expects financial and technology firms to approach their compliance efforts. In this article, Bates takes a closer look at FinCEN’s message.
FinCEN Deputy Director Jamal El-Hindi
In his prepared remarks for the September 11, 2019, Money Transmitter Regulators Association Conference, Deputy Director El-Hindi discussed how the current Bank Secrecy Act/Anti-Money Laundering (BSA/AML) framework can be improved through regulatory reform. He emphasized three points: (i) a full embrace of the opportunities presented by fintech and regtech innovation, (ii) greater supervision and oversight into technology firms engaged in the financial markets, and (iii) the establishment of a culture of compliance for the purpose of national security.
Endorsing innovation as the key to their go-forward strategy, the FinCEN Deputy advocated for greater collaboration between government and industry to help “detect and safeguard against illicit activity.” He positioned FinCEN as a leader among regulators on innovation initiatives and cited a recent joint policy statement that encourages banking institutions to create pilot programs that “expose gaps in banking anti-money laundering compliance programs.”
Mr. El-Hindi shared that FinCEN is actively prioritizing the oversight of NBFIs by: (i) leading examinations of currency exchangers and other specialty providers, (ii) working to identify and collate new sources of data (geographical, operational, and transactional) that can be used to track trends and vulnerabilities, and (iii) strengthening the risk assessment framework for compliance. He repeatedly emphasized FinCEN’s efforts to collaborate with foreign counterparts that have similar regulatory regimes (Canada, the U.K., Australia, et al.) as well as other federal and state examiners.
Culture and Compliance
The Deputy Director described how FinCEN expects financial firms with international reach to be leaders in fostering a culture of compliance. At the same time, he also acknowledged the challenges: international cultural differences, corruption, cross border regulatory regimes with different “underpinnings,” and certain unique elements of the U.S. financial and legal system. He offered an update to FinCEN’s 2014 Guidance on the subject, advising that (i) financial leaders must be engaged and must provide the necessary human and technological resources to address the risk, (ii) revenue interests should not compromise compliance, (iii) there should be greater sharing of information within an organization, and (iv) there should be independent compliance testing to ensure effectiveness. He urged business leaders not to take the benefits of cooperation and collaboration for granted.
FinCEN Director Kenneth Blanco
In his remarks prepared for a September 24th, 2019 Federal Identity (FedID) Forum and Exposition, Director Kenneth Blanco applied many of the themes discussed in Mr. El-Hindi’s address to the management and use of identity information. The Director emphasized the fundamental nature of identity information to the regulatory framework affecting every aspect of our “lives, our businesses, and how we interact with customers and vendors in person and online.” Beyond a description of FinCEN’s mandate, his speech was devoted to how FinCEN is concentrating on securing identity information and how bad actors leverage it for gain.
Identity Information as the Key to the AML/CFT Regulatory Framework
Director Blanco explained how FinCEN requires financial institutions to “understand whom they are doing business with and to continue to monitor their risk throughout the business relationship.” He described how identity information—as informed through reporting and recordkeeping—is critical to law enforcement in order to ferret out illicit transactions and money laundering. (Reports are made available to approximately 12,000 authorized law enforcement and regulatory users all over the country.) He emphasized that the importance of beneficial ownership information, in particular, cannot be understated in terms of national security. He lauded the Customer Due Diligence Rule (CDD Rule) as essential to a “system in which we can identify the trail of transactions and actual account owners” and disrupt illicit activities and dismantle criminal and terrorist networks.
He described how the CDD Rule closed “regulatory gaps” but went on to call for further legislative measures. Specifically, he recommended new rules that would require the “collecting of beneficial ownership information at the corporate formation stage.” This would prevent “sophisticated criminals of all kinds, including terrorists,” from establishing shell companies that “mask and further their criminal activity, to invest and buy assets with illicit proceeds.” He noted that, currently, “there is no federal standard requiring those who establish shell companies in the United States to provide basic, but critical information at company formation.” (See here for a recently introduced Senate bill to improve AML laws.)
Illicit Use of Personally Identifiable Information
Director Blanco offered sobering statistics to describe the extent of the problem of illicit use of personal information. He speculated that “there is a high likelihood that most users of the U.S. financial system have had some information about themselves, whether PII or login information, compromised at some point.” He said that FinCEN receives over 5000 “account takeover” reports every month and estimates that this type of cybercrime may account for $350 million dollars in losses each month. Though banks are the most common targets, he said, “institutions like insurance companies, money services businesses, and casinos” are also affected.* He went on to describe several other cyber fraud typologies or schemes that involve “seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.” These include: automated clearing house fraud, credit card fraud and wire fraud all enabled through the use of synthetic identities and through account takeovers via fintech platforms.
The common link in these schemes is the compromise of vulnerable business processes like weaknesses in verification and authentication systems for processing payments. Mr. Blanco shared that financial institutions filed SARs that revealed over 600,000 compromised social security numbers affiliated with identity theft. He relayed that institutions must consider the “entire attack surface and risk exposure to such illicit activity and misuse.” Further, he said that beyond system processes and vulnerabilities, firms should “evaluate the threat posture already affecting them or that has the potential to affect them, such as the availability of customer credential information available for sale on places like darknet marketplaces.”
Innovation and Emerging Technology
Director Blanco reaffirmed Deputy Director El-Hindi’s embrace of innovation, noting potential technology solutions involving digital identity and for improving inclusion, privacy, security, and cost-effectiveness for individuals and organizations. He also expressed a belief that technological innovation holds the key to strengthening the current regulatory framework and may not only improve the fulfillment of a financial institution’s due diligence obligations, but also provide law enforcement with ways to better investigate illegal activity. (Expanding the number of technical indicators in SARs reporting requirements, he said, was a step in that direction.)
Taken together, these two speeches provide a revealing overview of the approach FinCEN is taking toward addressing and deterring illicit activity. The fulsome embrace of technological innovation is matched by a determination to enlist the private sector—through regulation and promotion of a compliance culture—in the cause. Director Blanco’s appeal for additional authority to close loopholes in the collection of beneficial ownership is noteworthy. Bates will continue to monitor regulatory and legislative efforts at BSA reform.
* Director Blanco dedicated an entire address to the application of the AML/CFT framework to casinos at the August 13, 2019 Las Vegas Anti-Money Laundering Conference.