Introduction
Thank you for inviting me back to participate for the third time in the past four years in this important seminar of the Association of Mexican Banks. The theme of my first speech in Acapulco three years ago was the importance of promoting greater information sharing in our global anti-money laundering and counter-terrorist financing (AML/CFT) efforts, particularly within global financial institutions. 1Two years ago here in Mexico City, I expanded upon this theme while emphasizing the importance of partnerships, both between government and the financial industry, and between the United States and Mexico at all levels.2
Indeed, the partnerships of my own agency, the Financial Crimes Enforcement Network (FinCEN) within the U.S. Department of the Treasury, has only grown, in particular with our direct counterparts within the Secretaría de Hacienda y Crédito Público, both in Mexico’s financial intelligence unit, the Unidad de Inteligencia Financiera (UIF), and increasingly with the National Banking and Securities Commission, the Comisión Nacional Bancaria y de Valores (CNBV). It is an honor and a pleasure for me to share the stage today with my friends and colleagues from those agencies, as we collectively show you a small part of our important relationship and commitment to working together.
Today, I would like to briefly address a number of different topics. First, I will provide you an update on progress on the initiatives I discussed in previous years at this seminar, together with more recent developments in efforts to share information while still protecting it. Second, I will address throughout a number of examples of the importance of ongoing discussion and dialogue between government and financial institutions, together with examples of some of the ways we at FinCEN provide feedback to banks on risks. I will also comment on how FinCEN addresses failures to comply with AML/CFT regulatory requirements as a type of feedback to financial institutions as well as an essential part of any compliance regime. Finally, in light of the AML/CFT goals we share and our interdependence, I would like to mention some recent regulatory developments in the United States related to the rapidly growing payments products known as prepaid access.
Promoting STR Sharing and Protection
Once again, referring to my presentation at this seminar three years ago, the major topic was a series of related steps designed to promote greater efficiency for both banks and the government in sharing information for AML/CFT purposes, while at the same time trying to ensure appropriate protection of sensitive information. By facilitating sharing of information among banks, within a corporate structure and among unrelated entities, we protect the banks from criminal abuse, and provide the government with the information it needs to track down the criminals and thereby protect all citizens. I encourage the Association of Mexican Banks to promote the use of the new authority in Mexico to share information among yourselves to protect the banking system.
Specifically, I spoke about expanding the ability of global financial institutions to share information related to Suspicious Activity Reports (SARs), known globally as Suspicious Transaction Reports (STRs), among different entities within a global concern as part of an effort to manage AML/CFT risks throughout the enterprise. Some of the institutions represented here today are Mexican bank subsidiaries of global financial institutions and are examples of the type of entities that would most benefit from this initiative. Since then, our countries have taken further steps to promote enterprise-wide information sharing. It is with this in mind that I would now like to talk about ways we can raise additional awareness and further this objective in other jurisdictions around the globe.
First we must recall that sharing of STR information requires finding an appropriate balance between (i) efficient efforts for financial institutions and governments to address AML/CFT risks, and (ii) protecting the confidentiality of sensitive commercial and customer information that is reported in STRs. It is essential to the partnership between the financial industry and government that sensitive financial information reported to Financial Intelligence Units (FIUs) such as FinCEN in the United States or the UIF in Mexico be protected.
In February of this year, the Egmont Group, the global association of FIUs, released a White Paper entitled, Enterprise-wide STR Sharing: Issues and Approaches3, designed to elicit further multilateral discussion of the issues surrounding the international sharing and protection of Suspicious Transaction Reports. FinCEN and the UIF worked together with other FIUs to draft this White Paper. Each FIU has a clear stake in the issue of STR sharing as it relates to a properly functioning suspicious transaction reporting system.
The White Paper explains that a critical aspect of the suspicious transaction reporting system in any jurisdiction is the confidentiality afforded to STRs. Many global financial institutions operating in multiple jurisdictions seek to implement a risk-based, enterprise-wide approach to AML/CFT compliance. In some cases, a jurisdiction’s framework designed to protect the confidentiality of STRs may serve to restrict the sharing of STRs or related information across borders, limiting the ability of a financial group to fully implement enterprise-wide compliance policies. International differences in policy and law also create obstacles that make international STR sharing difficult and often impossible.
As the White Paper illustrates, however, enterprise-wide STR sharing may not only be efficient for global financial institutions, but also could promote more effective AML/CFT compliance and more valuable information reporting to FIUs. In a global economy, illicit activity may rarely impact only a single institution, or even a single country.
The question now remains whether additional jurisdictions will also wish to take some of the steps that have been implemented in Mexico and the United States to find a better global balance in our efforts to combat global risks. The Egmont Group’s White Paper should serve as a valuable resource for further examination of the issues. Ultimately, however, global financial institutions themselves must take a view on how to strike the right balance and share those views with their governments. Only in such a partnership will we be able to see further progress in addressing the different approaches that exist across jurisdictions; and thus enable global financial institutions to more efficiently implement approaches across their business locations. I encourage the global institutions represented here today to draw upon your experience and provide feedback to the public sector on this issue.
Protecting Information in Law Enforcement Investigations and Prosecutions
Ultimately, of course, the reason why FinCEN, the UIF, and other FIUs ask banks to report suspicious activity is to help law enforcement criminal investigators and prosecutors find criminals and hold them accountable. As you will hear consistently from FinCEN’s law enforcement partners speaking at this seminar, financial information is a critical part of their investigations, from developing leads to building evidence.
Moreover, through STR reporting, we are asking financial institutions to provide very sensitive information. In addition to protecting the integrity of an investigation, users of STRs need to protect the source – the same way they would protect confidential informants. Disclosure of a financial institution’s reporting can put the institution and individual employees at the institution in jeopardy, reduce confidence among financial institutions, and ultimately erode the strength of the reporting system.
FIUs have the unique responsibility of making sure the information we receive from banks is shared with those who need it, but also that the information continues to be protected. This applies both within a country and in the unique role of FIUs in sharing information with their counterparts in other jurisdictions in furtherance of law enforcement investigations. Let me assure you when FIUs are sharing information, such as between FinCEN and the UIF, we also constantly keep in mind the need for information to continue to be protected.
Currently, FinCEN is working to get consensus and a common understanding among FIUs as to this protection. While instances of breaches of confidentiality of FIU information remain very rare, the expanding reliance on financial intelligence can itself increase the “risks” of the possibility of inappropriate exposure.
At a recent meeting of the Organization of American States, Inter-American Drug Abuse Control Commission (OAS/CICAD) in Washington, a number of FIUs identified some of the challenges that they face in keeping FIU information confidential when it is shared with prosecutors and judicial authorities. At that meeting it was noted that information shared between FIUs is intended to identify intelligence leads, not to be used as evidence in court or divulged to unauthorized third parties such as the press. FinCEN and the UIF are working closely together to develop Principles and Best Practices for the use and protection of FIU information shared with third parties. Our joint efforts are being presented this week to other jurisdictions in this Hemisphere at the OAS/CICAD meeting in Caracas.
One unique challenge in the cross-border context is that differences in legal systems can play a role in risks of inadvertent and unintended improper disclosure. This is notwithstanding common goals as to the need to protect STRs. Specifically, in the United States, based on a common law system which we inherited from England, an STR filed by a bank on the subject of a criminal investigation, would itself not have evidentiary value if presented before a court. Courts have ruled that such information constitutes “hearsay,” for which witness testimony would be needed, often in conjunction with a witness authenticating bank records, to prove the evidentiary point. In a civil law system such as in Mexico and much of Latin America, as inherited from continental Europe, the written dossier has a more prominent role in the development of a criminal case. In both common and civil law systems, there have been examples where in the development of the prosecutor’s case, an STR or information revealing the existence of an STR or other financial intelligence from an FIU, have been inappropriately shared with the criminal subject of the investigation.
Stepping back to general principles of information exchange, we must always remember that confidentiality breaches can undermine the relationship of trust on which all of the AML/CFT community efforts—between financial institutions and governments; between FIUs and law enforcement; and among FIUs in multiple jurisdictions—critically depend. Clearly, a continuing education effort is required as to all parties that might be involved in the financial intelligence chain, from financial institutions to FIUs to law enforcement. And again, as in the issue of STR sharing, while bilateral steps are important, global progress is necessary to fully achieve the intended goals. We require and appreciate the partnership of financial institutions in helping us raise consistent awareness and application of expectations and best practices in this regard. I hope to be able to report more results in the future of our ongoing efforts to protect sensitive financial information shared with us in the public trust.
Feedback to the Financial Industry about Risks
Law enforcement, including many of the representatives speaking at this seminar, can and should provide examples (albeit without disclosing the most sensitive details of an investigation or the existence of STRs) about the ways in which financial intelligence has aided their cases. It is also important, particularly for FIUs, to provide financial institutions with information about trends and patterns in the information they are individually reporting, as well as guidance as to evolving risks.
FinCEN routinely pushes out guidance and feedback on trends and patterns we are seeing in the financial data that is being reported to us. We also have committed, with respect to new regulations, to conduct a review after the first year and provide written feedback to the industry as to the results. For FinCEN itself, such review is an important test to determine whether the regulation is achieving the goal which we intended.
A good example of this type of feedback and communication between the government and banks is the discussion that you will hear later today about the impact of the changes last year to the Mexican regulations regarding the receipt of U.S. dollar cash in Mexico, led by the Ministry of Finance and CNBV. You should know that the history of our modern anti-money laundering laws in the United States began over forty years ago out of concerns over the anonymity of cash proceeds from the sale of illegal drugs. Still today, many criminals continue to rely on cash. This is why reporting requirements and sometimes restrictions on cash transactions like those under further consideration here in Mexico are such important tools for AML/CFT purposes.
Over the past few years, FinCEN worked very closely with the UIF in the development of a joint study of cross-border currency flows and U.S. banknote activity in Mexico, which has helped inform the approach to these issues in both countries. We look forward to continuing that cooperation with the UIF as part of our shared goal to promote legitimate economic activity while making it more difficult for transnational criminal organizations to launder money and enjoy the proceeds of crime.
Another example is with respect to fighting corruption. There is a growing awareness of the intrinsic link between corruption and money laundering (e.g., where the proceeds from thefts of public funds are subsequently moved through the financial system). The G 20 has identified fighting corruption among its current priorities. At its annual meeting this past July, the Egmont Group of FIUs reaffirmed a commitment, including as specifically foreseen in the United Nations Conference Against Corruption, to fulfill their important role as part of each government’s anti-corruption work, in tracing and identifying possible illicit proceeds, and in facilitating and strengthening the international exchange of information in furtherance of anti-corruption efforts. In May of this year, FinCEN published a compilation of analysis of SAR reporting related to corruption, examples of successful law enforcement cases, and further guidance to financial institutions to address corruption risks. 5
More specific to the United States, one of the areas where FinCEN has been most active in publishing information has been in the area of mortgage fraud, which has been particularly relevant in light of the financial crisis in my country and challenges as we seek to reinvigorate economic growth. With our constant analysis in this area, we are able to provide information in nearly a real-time fashion, allowing us to stay on top of emerging trends. 6
Also, when FinCEN issues an advisory to the financial community, asking for heightened vigilance in a particular area, FinCEN will then review the SARs that are subsequently filed and provide feedback to both law enforcement and the financial industry on what we have learned. For example, in the past year FinCEN issued advisories on Informal Value Transfer Systems and separately on Elder Financial Abuse.7In the coming weeks, we will be publishing analyses that show the increased reporting of SARs by financial institutions and the underlying trends and patterns in that reporting. 8
I use these examples to illustrate the importance not only of the financial industry providing information to the government, but also the critical importance of the government providing financial institutions with information about risks and where to focus their risk mitigation efforts. I encourage you to give careful thought to this feedback – not merely to answer your questions as to what government is doing with the information you report. It is in your best business interest to be aware of how other institutions may be seeing criminal or other suspicious activity, so you can mitigate similar risks to your institution and your customers.
Feedback on Compliance Failures
The issues I have addressed so far today have all been about deepening the partnership and making it work as intended. Let me change topics now to speak from FinCEN’s perspective as AML/CFT regulator and supervisor, to talk about how we approach situations where financial institutions fail to uphold their portion of the partnership, in other words, when they fail to comply with their AML/CFT obligations. I hope that this may be of interest in the context of discussions during the course of this seminar relating to recent regulatory enforcement actions in Mexico.
In any regulatory framework, establishing rules, providing education, guidance and feedback, and enforcing compliance are all critical components and mutually reinforcing. In the AML/CFT context, the basic types of rules can be simplified down to a few common categories: (i) knowing your customer and being vigilant against criminal abuse; (ii) keeping records so that they are available to “follow the money” if needed as part of an investigation of suspicion or criminal activity; and (iii) reporting of information, most critically STRs reported to FIUs. And keep in mind that around the world it is recognized that AML/CFT regulations need to be applied not just to banks, but rather to a range of financial and other types of commercial institutions. Why? The reason is that any way that you can move money—any way that value can be intermediated—can be abused by criminals for money laundering, since the motive of almost all criminal activity is financial profit. This is the reason why the steps by the Mexican government being discussed at this seminar to extend the laws and regulations to additional non-bank sectors are so important.
It is one thing to have rules in place, but the most important component is effective implementation. When an institution fails to uphold its compliance obligations, this creates a vulnerability—a crack in the foundation upon which our defenses against criminal abuse are built. Hence, in any regulatory framework, but certainly in the AML/CFT area, it is essential that compliance expectations be backed by a credible enforcement mechanism, which in FinCEN’s case means the imposition of civil money penalties. Not only does this hold accountable those regulated institutions which have not followed the rules, but it is only fair to the financial institutions that are trying hard to implement credible AML/CFT controls, including bearing the responsibilities associated with these controls.
My own experience in joining FinCEN almost five years ago, after a period of significant expansion of AML/CFT expectations after the events of September 11, was that banks in particular had concerns about regulatory expectations and the risks of being found non-compliant with regulations. Banks by their nature are risk averse, so uncertainty itself comes with implications. The risk-based nature of AML/CFT regulations and compliance expectations can also complicate the situation. Although there is consensus globally that these rules should be tailored to the risks of an individual financial institution’s business lines and customer base, the risk-based approach is arguably more variable than a more prescriptive approach in terms of implementation and compliance expectations.
I believe that when institutions do not follow the rules, steps must be taken to hold them accountable. I also believe that compliance actions, including enforcement penalties, also serve as a type of feedback to the financial industry about regulatory expectations. Effective feedback which the financial industry can evaluate and understand, however, requires the sharing of information about the underlying compliance deficiencies.
It is with this in mind that over four years ago, I announced together with the U.S. Secretary of the Treasury as part of efforts to increase the efficiency and effectiveness of FinCEN’s AML/CFT regulations, that, “[w]hen issues of non-compliance do arise, FinCEN will strive to better communicate how any penalties are correlated to the underlying violations, so as to avoid misimpressions about the nature of such conduct and provide a clear message to the industry about these actions.”9Three years ago at a conference very similar to this one – but sponsored by the American Bankers Association and American Bar Assocation, I dedicated my speech to explaining the way FinCEN approaches enforcement actions, including the following point: “Effective enforcement is based on the just and consistent application of the rules and enforcement penalties. Misperceptions about these matters will erode the trust and confidence in our financial system that (our regulations) seek to protect.”10My personal experience throughout my career, working with financial regulators and supervisors within the United States and around the world, gives me confidence in saying that financial regulators and supervisors take enforcement actions very seriously.
This past year alone, FinCEN has issued nine civil money penalties against banks, money services businesses, and casinos. Many of the compliance failures that we have seen may be characterized as a failure to apply effective AML/CFT controls to one or more of the institution’s lines of business—for example, a business line with little or no customer due diligence, monitoring, or review; or insufficient follow-up such as further investigation or reporting when potential issues are uncovered. Even for institutions with well-established compliance programs, a lapse may occur when key compliance personnel leave the institution and are not replaced, when developing new products or entering new business areas or markets without involving compliance personnel at an early stage, or, in more egregious cases where the financial institution recognizes the risks, but makes a choice not to invest the compliance resources that would be necessary to mitigate the risks. On a case-by-case basis, FinCEN has carried through on my pledge to make as much detail of the compliance deficiencies as appropriate publicly available on FinCEN’s website. This allows other financial institutions to learn from this feedback. Also, financial institutions that have made rational decisions to implement compliance mechanisms commensurate with the underlying risks, should take comfort when seeing the glaring deficiencies that have led to significant enforcement actions.
Note that while a substantial number of FinCEN’s civil money penalties against banks have been in the tens of millions of U.S. dollars, violations by much smaller entities might also merit monetary penalties. Of particular note, over the past year FinCEN has been engaged in an initiative to identify unregistered money services businesses, primarily independent money transmitters, which have been required to register with FinCEN since 1999, when the MSB regulations first went into effect in the United States. An entity acting as an MSB that fails to register as required is subject to civil money penalties and possible criminal prosecution.
Why is it important to identify unregistered MSBs? Because the registration of the MSB serves as a first step in establishing the compliance framework for applicable FinCEN regulations designed to help mitigate the risks of criminal abuse of MSBs for money laundering and terrorist financing as the MSB seeks to provide financial services to customers for legitimate purposes. Through registration with FinCEN, MSBs identify themselves. It is an indication that they are aware of their compliance responsibilities. In the event that a criminal investigation follows the money to an MSB, failure to comply with registration requirements could deprive law enforcement from critical lead information.
In a small number of cases, some MSBs may seek to turn a blind eye to their compliance responsibilities. The entities that do not register, who do not identify themselves, may have customers involved in activity that should raise suspicion of possible criminal behavior. Over the past year, FinCEN used its authority to bring enforcement actions against several MSBs, primarily money transmitters, for registration violations, which involved monetary penalties in the thousands or tens of thousands of dollars. In some of these cases, we also took action for other compliance failures, such as failure to have an AML program, and structuring.
Increasingly as FinCEN expands its AML/CFT regulations to new types of entities that are not historically as highly regulated as banks, I expect that enforcement actions will increasingly become a part of the regulatory framework. I emphasize once again that in sharing appropriate information, regulatory enforcement actions can provide an important type of feedback to regulated institutions.
New FinCEN Regulations on Prepaid Access
Let me now very briefly mention the most recent expansion of FinCEN’s AML/CFT regulations to establish a more comprehensive regulatory approach for prepaid access. 12The rule puts in place suspicious activity reporting, and customer and transactional information collection requirements on providers and sellers of certain types of prepaid access similar to other categories of money services businesses as a type of money transmission. Initial requirements went into effect earlier this week, while full compliance will be expected in six months time.
In developing these rules, FinCEN sought to achieve a balance that would not unduly stifle innovation in this rapidly growing area of consumer payments. 13Many of the same factors that make prepaid access attractive to consumers make it vulnerable to criminal activity. For instance, the ease with which prepaid access can be obtained combined with the potential for a relatively high velocity of money through accounts involving prepaid access and anonymous use, may make it particularly attractive to illicit actors. These individuals value the ability to receive and distribute a significant amount of funds without being subject to many of the reporting or recordkeeping requirements that would apply to similar transactions using cash or involving an ordinary demand deposit account at a bank.
While prepaid access is most often associated with a tangible product, like a card, the new rule was designed to be technology neutral and is meant to be adaptable to a range of products, whether tied to a plastic card, an internet system, or a mobile phone network. Through extensive regulatory, law enforcement, and industry consultations, FinCEN identified a number of risk indicia—such as whether a product is reloadable, can be transferred to other consumers, and, most relevant to the audience today, can be used to transfer funds outside the United States—that determine whether products will be subject to the requirements of the prepaid access rule.
Now that we have defined prepaid access, FinCEN is embarking on our planned second stage of regulations related to the declaration of tangible prepaid access when it is transported across a border, similar to the existing declaration required for international transport of cash and monetary instruments. We will be publishing this proposal for public comment very soon.
While the new prepaid access rules apply only to non-bank products, they are nonetheless of indirect relevance to banks in a number of ways. All bank products are subject to appropriate AML/CFT controls commensurate with the underlying risks, and the development of the prepaid access rule has shed additional light on certain risk criteria. Moreover, banks should have some awareness of the requirements with respect to the prepaid access providers and sellers to which they provide banking services, in the same way banks look to other customers that have independent AML/CFT obligations.
Relating to one aspect of our relationship with Mexico, the development of these prepaid access rules is among the specific steps to be taken by FinCEN in furtherance of the U.S. Government’s 2011 National Southwest Border Counternarcotics Strategy. The 2011 Strategy, which expanded its focus beyond stemming the flow of illegal drugs, weapons, and bulk currency between the United States and Mexico, is the result of an expanded consultation process between our two countries. Among the other specific actions to be taken in support of this strategy are further efforts to deepen our bilateral cooperation with the UIF and the CNBV.
Conclusion -- Moving Forward Together
Among all the topics I have addressed in my talk today, I hope that one point you will remember is the importance of partnership and working together to achieve our shared goals. From my perspective at FinCEN, we cannot achieve our own mission without the cooperation of financial institutions, regulators, law enforcement, and international counterparts.
I have also provided a number of examples whereby even if we continue our strong cooperation with other entities within our own countries, and bilaterally between Mexico and the United States, more must be done on a global effort to address global risks. As I have frequently stated, criminals do not respect the law; they certainly do not respect borders. Financial institutions and markets, moreover, have become increasingly interconnected and interdependent.
For these reasons, we certainly appreciate the leadership that Mexico has shown in seeking to promote global improvements in the anti-money laundering area. Examples include leading the Egmont Group of FIUs two years ago, leading the Financial Action Task Force this past year, and taking on the leadership of the G-20 in the coming year.
A strong partnership between our two countries is as important as ever. As President Obama noted in his remarks in March of this year at a press conference with President Calderon, “[o]f course, the relationship between the United States and Mexico isn’t measured just in the partnership between two Presidents. It’s evident every day in the strong bonds between our two societies. It’s the thousands of people who work together, at every level — federal, states and community levels — to keep our citizens safe, to keep our economies growing.”15Those of us here today all play an important role in deepening that relationship to help ensure the prosperity and security of our countries.
Thank you. I look forward to your questions and observations.