Let me begin today the same way that my colleagues at FinCEN and I have begun many discussions over the past year as we sat down with individual depository institutions around the country: "Please tell me about your institution and how you seek to serve your customers." Followed perhaps by, "What are your funding sources, the key concentrations in your lending portfolio - i.e. the products and services you provide?" and, "What do you feel differentiates your institution from your competitors in the value you bring to your customers?"
Only after we had established that basic context, would it make sense to move on to the main topic of the day: "Please explain how you understand FinCEN's regulatory framework as it applies to the way you carry out your business." Just as we at FinCEN had hoped, these meetings did not involve a discussion of theory or of generalities, but rather an active dialogue about examples of issues that arise in the daily course of business for a teller when a customer comes to the window, a compliance officer when reviewing transactions, or a CEO in making recommendations to the board of directors. The whole point was to see and understand the perspective of depository institutions in their home environment.
The focus of my remarks here today will be to highlight some of what FinCEN learned throughout the course of 2010 in our outreach efforts to depository institutions with under $5 billion in assets.1Overall, we found strong agreement with the principles behind FinCEN's mission that there is a need for partnership between financial institutions and government to protect against the abuses of financial crime. We heard a strong desire to learn more about the uses and usefulness of information reported to FinCEN, and by the end of our meeting, there was a much better appreciation for the purposes behind our regulations and the context in which FinCEN is carrying out its mission. Depository institutions remarked that this in turn should lead to a greater understanding of regulatory expectations and an increased comfort in the implementation of broader compliance programs. I will share a few examples interspersed throughout my comments today, and more details can be found in a report that FinCEN is publishing on its Web site.
But first, I would like to share some of the background and the context of how FinCEN approaches the regulatory side of its mission and why these outreach meetings were so important to us. In a way, what I would like to relay to you is the flipside of me asking my hosts to tell me about their banking business - i.e. I will share today some of the answers to the questions most commonly posed to FinCEN by the depository institutions themselves. In some ways, the outreach meetings helped us not only to better understand what we need to know from financial institutions, but also what they need to hear from FinCEN.
Efficiency and Effectiveness / Transparency, Participation, and Collaboration
When I began my current position at FinCEN almost 4 years ago, I committed to stepping back and taking a fresh look at how we at FinCEN can carry out our mission in the best possible way, and to evaluate if there were ways we could do things differently - more efficiently - in order to help the financial industry meet its compliance obligations.
I hardly need to remind a group of bankers that 4 years ago the situation was different. To illustrate with two statistics: the Department of Labor reported as part of its Current Population Survey the unemployment rate at 4.5 percent for February 2007, and the Case-Shiller National Home Price Index was only slightly below the peak achieved in 2006.
Most pertinent to FinCEN, our regulations implementing the Bank Secrecy Act (BSA) were one of the primary issues on the minds of depository institutions. This reflected in part that in the years immediately prior to the financial crisis, the BSA, as expanded by Title III of the USA PATRIOT Act, was the source of many new regulations. Both the government and the financial industry were still on a steep part of the learning curve.
When I met with my new colleagues at FinCEN in my first weeks, there was some concern over whether in launching the efficiency and effectiveness initiative, I was somehow criticizing or suggesting that we had gotten something wrong. As I explained to them, I actually wanted to look at our important responsibility in a different way. The world is changing: the economy, markets in which you operate, and certainly criminals and their techniques are evolving. By nature, everything FinCEN does with respect to its regulations is focused on finding a balance among financial industry, law enforcement, and regulatory interests. Put these aspects of flux and sometimes competing interests together, and even if we had achieved the perfect balance at the time a decision was made, by the time the regulations were published the landscape might already have begun to shift.
For further context, keep in mind that while we are today focusing on community banks, FinCEN regulations cover a broad range of industry sectors, adding an additional challenge of developing technical expertise in different industries, while still maintaining a "big picture" view across these sectors. With all this in mind, I thought it critical to pose the question not "did we strike the right balance (in the past)" but rather regularly to consider whether we have the right balance in certain aspects of our regulatory framework today as we look to the future.
In June 2007, FinCEN together with then Treasury Secretary Henry Paulson launched some of our initial efficiency and effectiveness initiatives, in meetings with bankers, including representatives of America's Community Bankers and the American Bankers Association. I would like briefly to mention two steps we have since implemented.
The first is the reorganization of FinCEN's regulations to make them more intuitive. We recognized that as with any technical rule, it would be unreasonable for a financial institution to be expected to adequately comply with a rule that is difficult to find. In a little over one week, on March 1, 2011, a new chapter in the Code of Federal Regulations dedicated to FinCEN - Chapter X - will become effective.2Chapter X reorganizes the BSA regulations into general and industry-specific parts, ensuring that a financial institution can identify its obligations under the BSA in a more understandable manner.
These changes were developed with industry input through a public notice-and-comment period, and the American Bankers Association expressed strong support for this initiative in its public comment letter. FinCEN believes this step will promote compliance with the regulations, especially among financial sectors with newer regulatory requirements, and provide a foundation for more logical evolution over time. In publishing the reorganization last year, we allowed sufficient time before the changes become effective, and we have also made a range of tools available on our public Web site to aid financial institutions in transitioning to the new numbering system.3
Another commitment I made in June 2007 was that within 18 months of the effective date of a new regulation or significant change to an existing regulation, FinCEN will conduct an analysis and provide public written feedback. While FinCEN had previously taken similar steps - for example, in 1998 publishing a review of the first 18 months of Suspicious Activity Report (SAR) filings;4we have since operationalized this review as a component of our regulatory process, to test whether a regulatory change once implemented is achieving its intended purpose.5One such report issued in July 2010 assessing the impact of amendments made in 2009 to the Currency Transaction Report (CTR) exemption rules was a topic of discussion in our outreach meetings and will be discussed in greater detail below.6
Last month President Obama underscored the importance of retrospective analysis of existing rules among other obligations to ensure that the benefits of regulations outweigh the costs, even in those cases where they are difficult to quantify.7As further plans for regulatory review are developed and implemented going forward, note that the theme of cooperation between government and regulated industry is an essential part of the good government process. (We at FinCEN consistently emphasize the importance of partnership with financial institutions in achieving our shared goals of rooting out financial crime.)
On January 21, 2009, President Obama, in his first executive action,8issued a memorandum for the heads of executive departments and agencies on "Transparency and Open Government," which began as follows:
My Administration is committed to creating an unprecedented level of openness in Government. We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government.9
That memorandum established the three principles of the Open Government Initiative: transparency, public participation, and collaboration. In December 2009, the Office of Management and Budget issued an Open Government Directive instructing all agencies to take specific measures in furtherance of the open government principals, including the development of an Open Government Plan and the identification of a flagship initiative.10
The Treasury Department's Open Government Plan identifies the flagship initiative of "Moving to a Paperless Treasury," designed to improve the public's experience interacting with Treasury while effecting operational efficiencies in several key Treasury activities.11A highlighted step in furtherance of Treasury's flagship initiative is FinCEN's effort to encourage financial institutions that must file BSA reports to utilize the BSA E?Filing system in lieu of submitting paper reports. As noted in FinCEN's outreach12and educational brochure13for financial institutions, the E-filing system benefits financial institutions filing reports as the system is free to users, will enable information to be made available in a more timely manner to law enforcement, is less expensive than paper based processing, will improve data quality and data security, and provides financial institutions with enhanced audit and recordkeeping capabilities.
During our outreach, FinCEN received very strong endorsements of the E-Filing system, in particular at the town hall meetings, where industry representatives that had not yet begun E-Filing were eager to hear the positive experiences of those that had, even among the smallest institutions filing individual reports on only an occasional basis. The E-Filing efforts are the most visible public side of the multi-year information technology modernization effort that FinCEN is currently undergoing to better support our own mission and leverage benefits to the hundreds of Federal, State and local law enforcement and regulatory agencies we serve. If your institution has not yet moved to E-Filing, I urge you today to consider it.
Treasury's Open Government Plan also highlighted FinCEN's innovative use of technology to get word out about E-Filing and other innovations through Webinars14and e-mail updates - as of February 2011, FinCEN's free e-mail subscription service has sent over 9 million emails to more than 54,000 subscribers.15
Now, having set out some of the FinCEN perspective of how we approach the partnership with regulated financial institutions, let me turn to FinCEN's outreach initiative, which is highlighted in Treasury's Open Government Plan under the collaboration principal.16
Nature of FinCEN's Outreach Meetings
FinCEN initiated an outreach effort in 2008 with representatives from a variety of industries that fall under BSA regulatory requirements, beginning with large depository institutions.17In 2009, FinCEN conducted outreach to some of the nation's largest money services businesses.18
In an October 2009 speech before the American Bankers Association/American Bar Association's Money Laundering Enforcement Conference, I announced FinCEN's interest in meeting with representatives from some of the nation's depository institutions with assets under $5 billion to hear about how these institutions implement their anti-money laundering programs, including unique challenges faced by institutions across this asset class and where additional guidance from FinCEN could be helpful.19
Due to the large number of depository institutions with assets under $5 billion, FinCEN invited depository institutions to express their interest by applying to participate in this voluntary outreach. FinCEN received expressions of interest from 106 depository institutions in 34 states, with assets ranging from $14 million to $4.8 billion. FinCEN ultimately met with 18 individual institutions in 13 states, with asset size ranging from $39 million to $4.8 billion. More than half of these institutions had assets under $1 billion, with the majority of these having assets under $600 million. About a quarter of the institutions had assets between $1 and 2 billion, and the remaining quarter had assets ranging from $2 to $4.8 billion.
The institutions ranged from inner city to suburban to rural agricultural areas (at least 30 minutes drive to the nearest competitor). The charters of the participating financial institutions included State chartered banks (some of which were members of the Federal Reserve System), national banks, and Federal and State chartered credit unions.
In about half of the visits the depository institution's President/CEO/Chairman of the Board met with the FinCEN representatives. Other participants varied from institution to institution, but most often involved others who worked closely with the BSA officer including others in compliance or fraud investigations functions, risk managers, auditors (including members of the audit committee of the board of directors), legal counsel, and business lines.
The meetings were informal and interactive, with the discussion driven by the preferences and suggestions of the host depository institution. Throughout the discussions, the depository institutions illustrated their questions and explanations with actual examples of products or services; customer activities; issues that had arisen in the context of a specific interaction between a customer and a teller, upon review of transactions or generated reports, or raised by a board member, auditor, or examiner; often showing copies of documentation, reports, computer screenshots, or statistics to illustrate the point.
We also invited institutions that expressed interest in meeting at FinCEN's offices to attend two town hall meetings in suburban Washington, D.C. Of the 11 institutions that visited FinCEN's offices, five had assets under $1 billion. The remaining six institutions had assets ranging from $1.2 - $2.5 billion. FinCEN staff also attended town hall style meetings in both Chicago, Illinois and Eden Prairie, Minnesota (kindly hosted by the Minnesota Bankers Association at their headquarters).
More than 50 institutions participated in these four town hall meetings. Similar to the outreach visits, these half-day town hall meetings did not have a set agenda, but rather involved active back-and-forth discussions touching upon a range of issues of interest to the participants. Most notably, the participants in the town halls openly shared experiences and views, and asked questions of one another.
While the number of depository institutions with which FinCEN met over the year remains a small sample of those with assets under $5 billion, even within this diverse sample of depository institutions there were more common themes than institution-specific issues.
Let me be clear that these are not by any means the only interaction that FinCEN has with depository institutions. Every day, FinCEN representatives discuss with industry our regulatory framework and follow-up on leads of possible criminal activity. Every week we have people speaking at conferences and seminars. But FinCEN rarely has the occasion to sit one-on-one with a financial institution, particularly at its place of business. FinCEN is unique among the Federal banking regulators, as we do not directly examine for compliance and, therefore, do not have the same kind of day-to-day interaction as do other regulators with the financial institutions that fall under our purview.
Let me turn now to the substantive issues discussed in our outreach meetings.
Feedback on the Use and Usefulness of BSA Data
If there has been one constant for FinCEN in an otherwise ever-changing world, it is about the use and usefulness of the information reported to FinCEN. It has been, and may always be, the most common and prominent question raised by regulated financial institutions, of all sizes and across all financial industry sectors. This has certainly proven true in our outreach meetings.
With that in mind, I would like to spend a moment talking about how we - and others - are using the valuable BSA data that is entrusted to us by your depository institutions. Most notably the CTR - filed for each deposit, withdrawal, exchange of currency or other payment or transfer by, through, or to an institution which involves a transaction in currency of more than $10,000,20and the Suspicious Activity Report (SAR) - the form upon which institutions report suspicious transactions exceeding $5,000.21I like to categorize the types of uses into four different areas:
Tip Off: Primarily with respect to a SAR, but also sometimes with a CTR, the BSA information provided can be the first tip that starts an investigation. A financial institution employee's good instincts can, and do, result in the contribution of critical information that serves to set investigatory wheels in motion to track down suspected criminal activity. Most people understand and expect this usage, yet fail to appreciate the following, arguably broader uses of BSA data.
Identifying Information: When an investigation is already underway, the BSA information can add significant value by pointing to the identities of previously unknown subjects, exposing accounts and other hidden financial relationships, or unveiling items of identifying information like common addresses or phone numbers that connect seemingly unrelated individuals and, in some cases, even confirming locations of suspects at certain times.
Law enforcement, again and again, confirms the reliability of the information in BSA reports, which is a direct reflection of the diligence and training within institutions such as yours.
Trends: Law enforcement investigators, as well as FinCEN analysts, can use technology to examine the entire BSA information base more broadly. When expertly queried, the data unmasks trends and patterns that hold the tell-tale signs of criminal or terrorist networks and emerging threats. Hidden in the wealth of information, but easily revealed by skilled analysts with the right tools, are very reliable and credible reports of mortgage fraud, check fraud, identity theft, bribery, counterfeiting, insider abuse and other suspected crimes.
This information can also be overlaid on a map to make apparent the geographic range of suspicious activity and allow law enforcement agencies to better allocate their limited resources for maximum effectiveness. We can only gain such insights with the aid of a large database in which we see vulnerabilities invisible to individual institutions or perhaps seemingly innocuous in a single report.
Deterrence: The very existence of BSA regulations has a deterrent effect on those who would abuse the financial system. The certainty of a CTR filing and the mere possibility of a SAR filing force criminals to behave in risky ways that expose them to scrutiny and capture.
Criminals fear detection if they use the U.S. financial system and are willing to take great risk to avoid its well-designed capability to detect illicit activity. The definitive CTR threshold forces criminals to structure their transaction which, in turn, exposes them to a SAR filing. CTRs and SARs are complementary forms that together create an intimidating criminal trap. In addition to the increased likelihood of discovery, it's a success of its own that our collective efforts make it more difficult and time consuming for illicit actors to realize the proceeds of crime or raise funds for terrorist attacks.
In summary, information reported to FinCEN under the BSA can play an important role in different ways that contribute to the success of many law enforcement investigations. I want to take a minute to share with you a few concrete examples that originated from where we are gathering today - in the Southern District of California.
In what some reports called the largest organized casino-cheating scheme ever uncovered in the United States, agents and analysts relied on more than 2,000 BSA records, including CTRs and 150 SARs, to support their 5-year investigation. In addition, investigators initiated a request under Section 314(a) of the USA PATRIOT Act to identify additional accounts and assets not found in BSA records. In this case, the results of the 314(a) request included responses from more than 75 institutions identifying more than 100 additional leads. Investigators noted that the BSA records helped identify which casinos the defendants targeted, as well as pinpoint casino accounts and other assets. In all, 35 defendants -who cheated numerous casinos across the United States - were charged in the case, and one subject alone was ordered to serve almost 6 years in prison and pay over $8 million in forfeiture and restitution.
In another case, a fraud investigation that lasted more than 5 years led to the convictions of 15 defendants and the seizure of more than $2 million in cash. The fraud targeted many of the victims through churches stretching across the country. Prosecutors noted that BSA records, filed by astute bank employees, played a key role in the investigation, and were in fact the decisive tool that led to the successful prosecution of the defendants.
A third case highlights the scourge of mortgage fraud. In one of the largest mortgage fraud cases ever prosecuted in the Southern District of California, investigators found that the leader was in fact a known street gang member. The scheme included co-conspirators employed at virtually every level of the mortgage loan process and involved 220 properties with a total sales price of more than $100 million dollars. This case was initiated from a SAR found by law enforcement investigators during a routine review. The investigation was aided by several additional SARs and ultimately led to the indictment of the defendant.
In our outreach meetings with depository institutions, the compliance officers appreciated hearing examples such as these and acknowledged that both FinCEN (including through the hundreds of case examples as well as ongoing strategic reports on FinCEN's Web site) and law enforcement continue to provide a wealth of information about the use and usefulness of industry reporting. Many of the compliance officers had been contacted directly by law enforcement for additional information after the filing of a SAR. The discussions focused not on the results of the reporting being "unknown" as may have been the case only a few years ago, but rather an understandable wish that FinCEN and law enforcement would be able to do even more in terms of investigation as well as feedback to industry.
In this context it is important for financial institutions to understand what information the government can reasonably be expected to provide. First of all, there are significant resource limitations, and notwithstanding that an individual SAR might provide a good lead on possible criminal activity, the public at large should expect law enforcement to focus on the greatest risks and most egregious criminal activity, such as the third case mentioned above.
Resource limitations also underscore the importance of the strategic analysis undertaken by FinCEN to help law enforcement focus its efforts, such as in combating criminal activity like that of the third case example above related to mortgage fraud. My previous visit to California was to participate in one of the Mortgage Fraud Summits22organized by the Administration's Financial Fraud Enforcement Task Force,23in which during the afternoon sessions for criminal investigators and prosecutors a FinCEN colleague and I made presentations about trends and how to identify and target possible concentrations of organized criminal activity through a big picture look at SARs and other data.
For example, consider that where we are meeting today in San Diego is about the tenth most active metropolitan area nationwide for depository institution reporting to FinCEN of suspected mortgage fraud. You probably would not be surprised to learn that California is the leading State for overall volume of mortgage reporting, based purely on population. When we normalize the numbers on a per capita basis, we see that California ranks second to Florida, which before the financial crisis had undergone significant expansion in the residential housing market.
But at FinCEN we can also uncover other things through an expert analysis of our data. When we looked at the timing of when a suspected fraud occurred, as distinct from when the lender may have discovered it (such as in a post-foreclosure investigation), and then accounted for the structural delay until FinCEN receives and can analyze the report. It appears that much of the suspected fraudulent activity in California may have occurred much more recently than fraudulent activity in Florida. FinCEN is not keeping secrets about this - FinCEN regularly distinguishes between dates of underlying suspected criminal activity as compared to when it receives reports, and a detailed explanation of this approach may be found in a public report from last year.24The foregoing conclusion from comparing California to Florida is merely one takeaway from looking at Table 5 on page 6 of the most recent Mortgage Loan Fraud Update we posted on FinCEN's Web site last month. 25
Every statistical trend FinCEN analyzes gives us clues as to where we should delve more deeply into the individual reports, including to help law enforcement understand where the criminals may be moving in an effort to focus their investigative and prosecutorial efforts. And while individual reports filed with FinCEN by financial institutions might be the key tip to set law enforcement wheels into action, in many more cases including the first two examples just mentioned of organized criminal activity, it is through bringing together many pieces of information reported by multiple financial institutions over time, along with other sources of data and information developed through other criminal investigative techniques, that bad actors are ultimately brought to justice.
Fostering A Deeper Understanding
It is important for FinCEN and law enforcement to continue to get out more of these explanations and examples of case successes. But it is also important for financial institutions to understand why it would be wrong to expect that there is a one-to-one relationship between a report being filed and a law enforcement action to evaluate and if appropriate hold criminals accountable. In fact, such a narrow approach would in many cases risk missing more egregious organized criminal activity involving multiple actors, across multiple geographic areas, over extended periods of time.26
In our outreach meetings, we saw that many compliance officers had an understanding of how FinCEN and law enforcement are using the information that financial institutions report to FinCEN, understanding that has increased notably from only a few years ago. In many cases, they were using case examples and trend analyses from FinCEN's publications to assess the risks to their own institutions and to benchmark themselves against peers. FinCEN specifically disseminates information for the purpose of educating financial institutions as to how to protect themselves or their customers from becoming victims of crime.
It was also clear from our outreach meetings that the level of understanding among compliance officers was not shared consistently among senior management, the business lines, and board members, some of whom were surprised to learn about the wealth of feedback information available. As a result of this feedback heard during our outreach meetings, FinCEN published an article in the October 2010 SAR Activity Review to provide additional suggestions on how to discuss the value of BSA data with the board of directors.27The compliance officers welcomed this, emphasizing that it was in the interest of the institution to have well informed individuals from the front line tellers to board members.
Discussions of feedback also inevitably touched upon another area of finding the appropriate balance: sharing information but maintaining appropriate confidentiality. Particularly with respect to SARs, FinCEN and law enforcement take very seriously the obligation of public trust in which sensitive personal and financial information about customers is reported under an expectation and obligation of confidentiality. The obligation to protect the confidentiality of reported information prevents us from disclosing that a SAR was filed or from providing too much investigative details even in the case of an ultimate criminal conviction. And even in more general trend reports, sometimes we seek to avoid providing a level of detail that would serve as a roadmap for criminals to see how others have successfully laundered money or the investigative techniques that law enforcement has used to apprehend them.
Financial institutions appear to be quite familiar with the statutory prohibition against a banker tipping off a customer or other subject that a SAR has been filed. In January 2011, in United States v. Mendoza, the U.S. Attorney's Office for the Central District of California obtained the first ever criminal conviction for a violation of this provision by a bank insider.28Mendoza, a former bank official, disclosed confidential information to a borrower whose actions had triggered the filing of a SAR, and then solicited a bribe in return for helping the borrower. Mendoza is to be sentenced in May and faces a maximum possible sentence of 95 years in Federal prison. FinCEN assisted in the investigation and a FinCEN Senior Special Agent testified at trial. Also, in January of this year, new FinCEN regulations came into effect underscoring that the obligation to maintain the confidentiality of a SAR also applies to government employees,29prohibiting disclosure other than as necessary to carry out official duties such as in furtherance of the criminal investigation.30
One other area of discussion at the outreach meetings, where depository institutions appreciated a fuller understanding of the context, was with respect to the 314(a) requests. FinCEN's regulations under Section 314(a) of the USA PATRIOT Act enable law enforcement agencies, through FinCEN, to reach out to more than 45,000 points of contact at more than 22,000 financial institutions to locate accounts and transactions of persons that may be involved in terrorism or significant money laundering.31The 314(a) process may only be pursued by law enforcement when they have exhausted other investigative options. Financial institutions must query their records for accounts maintained during the preceding 12 months and transactions conducted within the last 6 months, and only respond if they uncover a match. This provides a pointer for law enforcement to follow up with a subpoena or other legal process to seek additional information.
The depository institutions we met with expressed comfort with their procedures and ability to promptly search and respond to FinCEN inquiries under the 314(a) system with respect to investigations of terrorist financing and significant money laundering. Many of the participants have had a positive hit. This led FinCEN to review our data, which showed that in the preceding 5-year period, approximately 64 percent of positive matches have come from institutions with assets under $5 billion. In addition, of the total number of institutions that have responded to 314(a) requests over this 5-year period, FinCEN estimates that 92 percent of these institutions have assets under $5 billion. The general proposition remains true that in absolute terms a very small depository institution is statistically less likely to be touched by organized criminal activity than the largest depository institutions with millions of customers and tens or hundreds of billions in assets. But the 314(a) statistics alone have shown that in comparative terms a disproportionately high number of actual cases of terrorist financing and significant money laundering have involved accounts and transactions at smaller depository institutions. The 314(a) statistics underscore the importance that all financial institutions, big and small, having an understanding of the risks affecting them and should implement appropriate policies and procedures to mitigate those risks.
Many depository institutions participating in the outreach reported that, as compared to only a few years ago, they had a much better appreciation for the regulatory requirements and were largely comfortable with the policies and procedures that they had developed and implemented to meet regulatory obligations such as reporting, and to manage the risks unique to their respective institutions. The institutions attributed this in part to more FinCEN publications and guidance, and, in particular, the availability since 2005 of the FFIEC BSA/AML Examination Manual, which helped make compliance expectations more transparent and consistent across regulators and examiners. And while information technology systems still can pose challenges, it was a consistent theme that the evolution of systems over time, including to better integrate customer information across business lines, significantly facilitated not only compliance efforts, investigations, and reporting obligations, but also created notable benefits in the ability to better serve customer needs.
Fraud and Money Laundering
Fighting fraud is intimately aligned with natural business incentives, since direct losses to the institution as well as indirect losses borne by its customers can impact the bottom line. FinCEN thus appreciated the opportunity to better understand depository institutions' perspectives where the regulatory obligations under the BSA intersected with steps that had been developed to address commercial incentives to combat fraud. For example, a few institutions affirmed that there was no additional information collected at account opening to comply with FinCEN's regulations than the institutions would already collect to serve the needs of the business lines.
For example, combating mortgage fraud has been one of the most significant areas of FinCEN focus in the last five years.32Many of the institutions we met with during the course of our outreach were direct residential mortgage lenders; others had exposure to real estate as collateral and through home equity lines of credit. Many of the institutions commented that they did not suffer great losses due to the recent downturn in the economy and housing market, because they employ conservative lending practices. Almost all participants commented on the direct and indirect impacts of decline in home values on their business and the local economy and were very interested in discussing FinCEN's ongoing work to combat all kinds of mortgage fraud.33
A number of institutions were also interested in sharing with us their concerns about check fraud, which along with mortgage loan fraud is among the most reported activities in SARs. FinCEN has been engaged for many years with combating a range of crimes related to fraudulent checks and continues to engage the financial industry in attempts to address these risks together. 34
FinCEN also encourages financial institutions to work together to protect themselves from fraud and related money laundering. In particular this is through our regulation implementing section 314(b) of the USA PATRIOT Act, which allows regulated financial institutions to share information with each other for the purpose of identifying and, where appropriate, reporting possible money laundering or terrorist activity.35In speaking with many of the largest banks in 2008, FinCEN found use of the 314(b) process to be quite extensive, with several banks noting that they often use the 314(b) process throughout the course of a SAR investigation, before filing a SAR, or making a decision to close an account. In our discussions with institutions with assets under $5 billion, however, FinCEN found there was rather limited use of the 314(b) program, largely due to a lack of understanding of the importance of the exceptional ability to share customer information with other institutions for these AML/CFT purposes. FinCEN's most recent issue #18 of the SAR Activity Review, Trends, Tips & Issues contains a series of articles designed to promote awareness and further encourage financial institutions to take advantage of 314(b).36
Cash Transactions and Reporting Obligations
Reporting obligations related to cash transactions were a topic of consistent discussion in our outreach meetings. Regarding CTRs, institutions again noted that they had largely developed procedures to facilitate compliance with this longstanding reporting requirement. FinCEN was encouraged to hear positive feedback regarding its rule changes effective in 2009 intended to simplify and clarify the process by which financial institutions exempt the transactions of certain persons from the requirement to report transactions in currency in excess of $10,000.37The amendments aimed to reduce the cost of the exemption process to depository institutions by eliminating the need to file a Designation of Exempt Person (DOEP) form38for certain customers and to enhance the value and utility of the remaining CTR filings for law enforcement investigative purposes by removing filings that FinCEN determined to have little value to law enforcement. The feedback from the depository institutions was consistently positive, in particular with respect to the change to shorten the timeframe (from 12 months down to 2 months) before new customers became eligible for exemption.
As mentioned earlier, in July 2010, FinCEN released an assessment examining whether these changes to the rules had the intended effects.39The study found that fewer CTR filings were made on transactions of limited or no use to law enforcement, while higher value CTRs are becoming easier to identify. And overall, CTR filings fell nearly 12 percent from 15.5 million in 2008 to 13.7 million in 2009, while certain classes of filings most valuable to law enforcement increased.
FinCEN also saw for the first time in 2009 a slight decrease in the number of depository institution SAR filings ? the first decrease since reporting began in April 1996. Meanwhile, the quality of information reported in SARs continues to increase, reflecting ongoing financial institution diligence as well as FinCEN feedback and guidance. End of year figures for 2010 continue to reflect a 3 percent decrease in depository institution SAR-DI filings from 2009 to 2010, as well as a slight decrease of under 1 percent for CTRs filed during this same time period.
Institutions also consistently described situations of specific individual customers or members who preferred to deal in large amounts of cash, often observing that the customer purported not to want the government to know about his or her business. Many examples were provided with respect to customers who knowingly structured transactions in an attempt to avoid reporting requirements. With respect to longstanding customers where the institution did not believe the customer otherwise was involved in criminal activity, institutions expressed some reticence in filing SARs.
FinCEN reminded institutions that structuring itself is a crime, while explaining that in some circumstances these filings can indeed provide useful information, particularly as a pattern is developed over time, with increasingly large aggregate sums. Institutions appreciated the caution that, especially for customers using large amounts of cash, the institution might have little insight into some of the customer's activity. One of the benefits that FinCEN has in reviewing trends and patterns in BSA reporting is to see where a particular subject is engaged in activity through multiple financial institutions.40
FinCEN acknowledges that notwithstanding the criminal prohibition against structuring, and taking into account the need of law enforcement to prioritize limited resources, isolated reports of structuring, at least in modest amounts, cannot be expected automatically to trigger an investigation or criminal prosecution. However, some SAR Review Teams across the country are particularly active in developing investigations and prosecutions in structuring cases. And the government nonetheless does investigate and prosecute structuring, in particular where the investigation may suggest other criminal activity (that might not be apparent to a financial institution).
During our outreach discussions, several institutions noted that customers who are general contractors pose unique SAR-related challenges due to the large volume of cash that is often used to pay for business-related services. While there is nothing inherently illegal about paying for services in cash, one institution noted that it is unsure of whether these scenarios should trigger SAR filing.
FinCEN indicated that, while any particular decision to file a SAR is a subjective judgment based on relevant facts, the IRS may find SAR filings useful where the institution suspects tax evasion. In fact, less than 2 weeks ago, a Stamford, Connecticut businessman pled guilty to one count of structuring cash withdrawals to deliberately circumvent the CTR filing requirement and evade reporting income on his Federal tax returns. According to court documents, the defendant used various bank accounts and routinely withdrew cash in amounts at or slightly under the $10,000 reporting threshold, totaling nearly $2 million over a 2-year period. When sentenced in April, the defendant faces a maximum penalty of 10 years in prison and a fine up to $500,000.41
Elderly Financial Exploitation
Banks emphasized a focus on the customer throughout the outreach visits. There is no better example than the recurring theme we heard from the institutions regarding their efforts to combat elder financial exploitation. Multiple depository institutions expressed that they view it as consistent with their institutional philosophy of serving their customers to try to help customers protect themselves, noting that these situations go beyond trying to protect the institution from losses or to meet regulatory requirements.
A number of institutions provided specific examples where they had advised a customer not to make payment (or declined to process a payment instruction) for what might be a consumer or advance fee scam (such as a "fee" to receive lottery "winnings").42The more concerning situations involved those where third parties were seeking to appropriate the elderly person's savings or income streams.
In strategic analytical reports on mortgage fraud, FinCEN has a number of times drawn attention to suspected schemes targeting the elderly.43As a result of the feedback FinCEN received from financial institutions during the outreach initiative on the prevalence of elderly financial abuse in particular, FinCEN is issuing an Advisory in conjunction with the release of this report that outlines red flags that may assist financial institutions in identifying whether their customers are being victimized. 44
Comparison of Outreach to Large and Small Depository Institutions
In comparing FinCEN's more recent outreach to depository institutions with assets under $5 billion to the previous outreach visits to some of the country's largest depository institutions, the commonality of issues outweighed the differences. That notwithstanding, the small institutions' (including their compliance officers') close proximity to their customers manifested itself in a number of ways. For example, in discussing the desire to report appropriately to the board of directors, a common concern raised by compliance officers was how to protect confidentiality and avoid tipping off the subject of a SAR. This was put in context of explaining the prominence of board members in the community served, meaning that a board member might know the subject of the SAR personally. Many of the compliance questions raised by smaller institutions were related to a few idiosyncratic customers well known to them.
One implication of the proximity to their customers was that small institutions consistently posited that they felt comfortable that they were able to manage the risks related to serving idiosyncratic customers. One key finding noted in the large depository institutions outreach was that many institutions have account closure practices in place relating to SAR filings (while practices varied, for example, some institutions had a presumption to exit a relationship after two SARs were filed). Small institutions did not have such strict policies in place, with a number citing examples of filing about ten SARs on a customer, largely related to cash structuring.
With respect to anti-fraud and anti-money laundering responsibilities, many large institutions visited 2 years ago had had distinct operations, although there has been increasing convergence. Among smaller institutions, the two areas worked more closely together, ranging from a single person with both responsibilities to a common work unit to statements that the two areas work closely on a day-to-day basis. The small institutions also more readily volunteered the rationality of such an approach in their own business context. Both large and small institutions raised concerns about BSA/AML compliance personnel being asked to take on responsibilities for compliance with other regulatory obligations.
Large and small institutions alike raised concerns about relying on information technology to support their work. Many large institutions found this complicated by the need to integrate information from legacy systems not only across lines of business but also as a result of mergers over time. Some smaller institutions continued to feel comfortable with certain processes and reports being completed on a manual basis (for example, reviewing a small number of international wires each month, a task that would be impossible for certain large institutions). Notwithstanding the importance of IT systems, both large and small institutions stressed the importance of trained personnel to carry out their functions. This included a universal acknowledgement that referrals from alert front-line personnel are more likely than computer generated alerts to result in the reporting of suspicious activity. Both large and small institutions represented that they only file SARs when merited or required by law (such as related to structuring of transactions, although some smaller institutions questioned the usefulness of some of these filings).
Universally in large and small institutions, compliance officers stressed the importance of the institution's business lines working with compliance officers when rolling out new products or services. With respect to banking money services businesses (MSBs), large and small banks took quite similar approaches, beginning with the question as to whether these MSBs were within their target customer groups. If yes, banks commonly applied centralized processes for account opening and monitoring.
Both large and small institutions expressed appreciation for the information published by FinCEN, ranging from guidance to statistical information to case examples based on reporting to FinCEN and also strategic analytical studies. Almost every institution visited had a request for more detailed information or guidance about a specific, and in some cases unique, issue of concern. In contrast, there were no notable comments with respect to less useful information to which FinCEN should stop devoting resources. Some of the smaller institutions nonetheless expressed concern with their ability to keep up with too much new and useful information. As mentioned earlier in this report, smaller institutions were much less likely to be aware of and utilize opportunities that should directly benefit their institutions, such as E-Filing and 314(b).
Perhaps the most prominent topic of discussion and significant area of concern among large depository institutions that was absent among small institutions was with respect to correspondent account relationships, especially services provided by large banks to foreign customers. Small banks did not provide these services and raised very little concern with the services provided to them by domestic and even overseas correspondents.
Earlier in this speech, I mentioned the launch of FinCEN's efficiency and effectiveness initiatives. As part of that announcement, I reiterated the importance of applying a risk-based approach to regulatory compliance, acknowledging, "An institution with minimal to no international business that serves only a handful of communities does not share the same risk profile as a bank that does business around the world in many countries." Large and small institutions participating in FinCEN's outreach universally endorsed the importance of a risk-based approach.45
As a general proposition, the sample of smaller depository institutions participating in these outreach visits consistently expressed a high level of comfort with the risk profile of the bank's business model and also confidence in their ability to manage those risks.
We hear consistently and regularly from financial institutions that with a few years of experience since the passage of our regulations and through the large amount of information now made public, that they have a much greater understanding of regulatory compliance expectations and the importance of their contributions to protecting the country and financial system from criminal abuse. That does not by any means suggest that FinCEN has achieved all that we can do, but it does suggest that the partnership that Congress intended between government and the financial industry is working. We can make that partnership better through an ongoing dialogue about ways to make both government and financial institutions more efficient and effective in focusing on the areas of greatest risk.
If we understand what each of us is trying to do, and then also understand where the areas intersect in terms of aligned interest, we can focus on those areas to address them better. And negatively, if something looks good in theory, but it breaks down in the implementation when it meets the practical reality of the banking business, well that is also something on which we can work better together.
Let me close here today the same way I closed some of the meetings with the individual depository institutions over the course of the past year. You have given me a few things to think about, and I hope I have given you a few things to think about. While the meeting must come to an end, let us consider this the beginning of a new level of dialogue, for which suggestions and constructive criticism will always be welcome.
I look forward to your questions and the opportunity for further discussions with some of you individually today. Thank you.