If the terms “financial crime” and “money laundering” once brought to mind James Bond and the Mafioso, today they are more likely to conjure up Osama bin Laden and his international terror network. Keeping current with this evolution, the tools for fighting these criminal enterprises have also had to change.
In 1970 Congress passed the Currency and Foreign Transactions Reporting Act, better known as the Bank Secrecy Act, which requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of daily cash transactions exceeding $10,000, and report suspicious activity that might signify money laundering, tax evasion, or other criminal activities.
The act covers depository institutions, like banks, credit unions, and thrifts; securities brokers; insurance companies that issue or underwrite certain products; money services businesses; casinos and card clubs; and dealers in precious metals, stones, or jewels.
In 1990 the United States Department of the Treasury established the Financial Crimes Enforcement Network, called Fincen, to provide government-wide financial intelligence and analysis, and in 1994 its responsibility was broadened to include administration of the Bank Secrecy Act.
The Patriot Act of 2001, enacted in the wake of 9/11, broadened the scope of the Bank Secrecy Act to focus on terrorist financing as well as money laundering. “The issue behind money laundering is doing a series of transactions where you are trying to disguise or conceal the true owner or source of funds, wealth, or assets,” explains Phillips Gay, a principal at Compliance Advisory Service and Profit Protection (also known as the National Association for Bank Security). “You don’t want to be identified if you are a bad guy or in organized crime. You want to hire middlemen to get examined instead of you.”
Gay is offering both an introduction to the Bank Secrecy Act on Thursday, December 4, and a more intensive course on anti-money laundering and current issues, developments, and initiatives on Friday, December 5, at the Crowne Plaza in Jamesburg. Each seminar, sponsored by NJBankers, begins at 8 a.m.. Cost: $375 for either day, or $725 for both. For information, E-mail email@example.com or 609-520-1221, ext. 503. Register online at www.njbankers.com.
For more than two decades following 1970, explains Gay, the Bank Secrecy Act required financial institutions to do nothing more than fill out forms, make reports, and keep records. But with the advent of the Patriot Act, the bar got raised. “Since 9/11,” says Gay, “they have not just had to report historically, but to anticipate what is going to happen; what is normal and not normal for certain customers, relationships, and businesses.”
Even by the late 1980s, he adds, there were already greater expectations that institutions assess their environments and consider what would represent higher vulnerability to money laundering and what controls would be needed to offset or mitigate that exposure.
Gay describes different ways that financial institutions have been controlling their exposure to risks like money laundering:
Filing forms for deposits over $10,000. Banks must file these forms within 15 days of the transaction, and although most of the millions of large cash reports filed are perfectly legal, the information is stored in a database for use by government and law-enforcement officials — for example, if someone is not paying taxes or doing something else illegal.
Since 9/11, however, the procedure has tightened somewhat. “Now the expectation is to question whether that customer is the kind of customer that would generate that cash and whether the cash going the right way,” says Gay. For example, it would make sense for a gas station to deposit $10,000 every several days, but probably not to withdraw that amount.
The bank might also have to question a customer further about the nature of certain transactions. Say a convenience store is depositing multiple personal, business, payroll, and government checks paid out to individuals and endorsed over to the store. Suspecting that the business may be cashing checks, the bank would ascertain whether this was true and then help the customer to get registered with the Department of Treasury.
The large cash transaction report form in itself helps the government and banks reduce risk exposure. Its 50-plus fields contain identifying information about the person and the entity involved in the transaction; the amount of the transaction and how it was conducted; and the disposition of the funds. In the form’s final section is a space for the bank to provide information about itself as well as names and identifying information for three officials: the person who prepared the form; the approving official for the bank; and a contact person in case the government has any problems with the form. “This gives the bank an opportunity to put in three layers of built-in control,” says Gay. “Some banks have the same person on all three, and that is inherently dangerous.”
Information and risk assessment. New customers have always had to share data like name, address, and social security number, but if the person is involved in activities that are inherently more risky — for example, international wire funds transfers — the bank may ask customers to explain their businesses in greater detail.
But too much information gathering can have negative consequences. “The idea is not to impose unnecessary restrictions,” says Gay. “Otherwise people may go from here to jurisdictions where they don’t ask questions with regard to trade secrets and proprietary information, so it has put us at something of a competitive disadvantage.”
Where are you? Risk and the need for close questioning vary by geographic area. New York and New Jersey — with relatively diverse populations, more money transfers, greater rapidity of funds movement, and proximity to the border of Canada — are likely to be determined to be more risky, says Gay, than a small town in the Midwest where you see large cash once in a blue moon.
The level of exposure to risk also depends on category of customer; types of products; geographical locations of customers, and even customer’s customers and vendors; many cross-border transactions or lots of cash; and quick transfer of funds from one point to another.
Internal controls. Most banks limit the amount of cash that can be taken out of an ATM in a single day to minimize their exposure to the ongoing risk of theft. Starting in November, 2003, the Fair and Accurate Credit Transactions Act required every depository institution in the U.S. to adopt a formal identity theft protection program.
The act also mandates that all depository institutions put in place a series of risk evaluations, or red flags, and corresponding controls. For example, in response to checkbooks being stolen out of the mailbox or credit cards misplaced, the institution would put alerts at credit bureaus as well and safeguards on the account to identify any activity that is unusual for the account owner. Or, if tellers see apparently phony identification cards, altered documents, or a photo that does not match the customer, they would notify the bank secrecy officer. Or if a bank receives an alert from a credit bureau, filed by law enforcement or a business, the bank won’t cash the checks or refinance a loan without checking first.
Often a bank’s controls are automated. “Most banks have pretty sophisticated programs to look for things that are unusual,” says Gay.
One common type of suspicious activity, which most systems will pick up, is if someone is doing something that by its nature is unusual, like depositing $9,900 every day.
Or the software would flag any business that changes its normal pattern of activity — say that does wire transfers starts to deposit cash and begins receiving credit card payments. There might be a problem, or the company may recently have bought a car wash.
Auditing. Banks will either hire outside audit firms or perform internal, risk-based audits, but in either case the time spent on the audit would vary based on levels of exposure. “If the bank does lots of international private banking,” says Gay, “the auditors would have to add two to three days to the audit to check the integrity of the system and make sure it is working according to plan.”
Gay grew up in south Florida, where his father was a builder and developer. He attended the University of Alabama and graduated from Florida State in 1970 with a bachelor’s in management. He also has certifications from a variety of banking organizations.
Gay worked in all areas of community banking before becoming a banking educator. He has been involved since the late 1980s in Profit Protection, which focuses on banker education through face-to-face seminars and online events, as well as products like manuals, videotapes, and brochures.
With the advent of electronic banking and international private banking, a number of banks have gotten in trouble, warns Gay, “because they are using the same old same old.” They may not, for example, be mitigating the additional exposure to risk as many merchants scan deposits from off site rather than bringing them to the bank. Or they may face extra risk in international banking, where it can be difficult to find out whether a purported foreign business is indeed a business that is incorporated and in good standing.
A few years ago Gay came across a bank that had received a series of international wire transfers, with authorizations, purportedly from Venezuela, for the bank to transfer funds to another bank by following instructions that would arrive by fax. Luckily the bank had a call-back procedure, and the real customer had not authorized any transfers; someone had hacked into the customer’s account and was using identifying information to try to scam the bank.
With the economic distress, difficulties are arising in how to value assets and collateral. But Gay expressed greater concern that recent bail outs might divert resources away from the examining agencies that are monitoring money laundering toward those dealing with the toxic asset bail out. Both activities need the same caliber examiners, says Gay, and “if you’re looking at asset quality or concentration of assets, that is an hour you can’t spend on money laundering.”