It is an honor and a pleasure for me to share the stage today with my friends and colleagues from agencies that the Financial Crimes Enforcement Network (FinCEN) has developed such strong partnerships with over the years. In particular, with our direct counterparts within the Secretaría de Hacienda y Crédito Público, both in Mexico's financial intelligence unit, the Unidad de Inteligencia Financiera (UIF), and increasingly with the National Banking and Securities Commission, the Comisión Nacional Bancaria y de Valores (CNBV). I would also like to thank the Association of Mexican Banks, one of the premier bank associations with a long and distinguished history, for inviting me to be a part of this important conference.
Today, I would like to discuss our continuing partnership efforts in a variety of areas, as well as provide an update of our ongoing work to ensure the information that is used in our global anti-money laundering and counter-terrorist financing (AML/CFT) efforts is appropriately protected. I would also like to address the importance of bringing financial institutions into compliance with anti-money laundering and counter terrorist financing (AML/CFT) regulatory compliance.
Over the past several years, FinCEN has continued to work closely with the UIF in our ongoing efforts to study cross-border currency flows and U.S. banknote activity in Mexico, which has helped inform the approach to these issues in both countries.
As many of you know, in 2010, FinCEN and the UIF completed a milestone two-year study of the flow of U.S. dollar cash through the Mexican financial system. As a result of the study our two FIUs determined that between 30 to 50 percent of the surplus of U.S. dollar cash in Mexico, which had averaged 13 billion since 2005, was unexplained by legitimate sources of dollars in Mexico, and therefore represented a threat to both the U.S. and Mexican financial systems.
The Mexican government placed such an emphasis on this threat that it took the unprecedented and valiant step of significantly restricting the intake of U.S. dollar cash by Mexican financial institutions. As a result of the restrictions, we know that the repatriation of U.S. dollars from Mexican banks back to the United States has decreased significantly, a good indication that the money laundering operations of the Mexican cartels have been affected.
Since the passing of those restrictions, I am pleased to tell you that the relationship between the UIF and FinCEN has been strengthened, and that our two FIUs have increased and enhanced our efforts to monitor bi-national and cross-border financial trends and share information about dollar and peso activity in Mexico and the United States. FinCEN and the UIF have agreed to increase dialogue with the U.S. and Mexican regulatory communities and support Mexico's regulatory efforts in its new financial sectors such as the money services business (MSB) sector.
Mexico and the United States recognize that the Mexican cartels, their suppliers and financial facilitators, have become transnational in reach and therefore require regional and hemispheric law enforcement and policy solutions. As an example, in July of this year, FinCEN issued an Advisory to remind financial institutions of previously-published information concerning regulatory restrictions imposed on Mexican financial institutions for transactions in U.S. currency.1To assist financial institutions with monitoring how these changes could impact illicit funds in U.S. institutions, the Advisory provides examples of activity commonly seen prior to the Mexican regulatory changes to establish a baseline for future monitoring purposes, as well as recently observed activity. Financial institutions should be mindful of changes in transaction patterns based on their customers, products and services, and geographic locations.
Since the Mexican regulatory change, financial institutions have reported shifts in techniques utilized by potentially illicit actors, in addition to continuations in traditional methodologies. In the past, bulk currency was smuggled into Mexico across the U.S./Mexico border and deposited into Mexican financial institutions. Thereafter, wire transfers were made to the Mexican institution's correspondent accounts at U.S. financial institutions, and surplus dollar banknotes were repatriated to the United States. Following implementation of the cash restrictions in Mexico, wholesale U.S. dollar banknote repatriation from Mexico declined significantly and historical volumes of currency flows between the United States and Mexico are changing.
It has been said that once illicit proceeds are no longer in the possession of the criminal, once the currency has been passed to a financial institution or money services business, that the nexus between the currency and the criminal has been lost. Certainly in the case of U.S. dollars in Mexico the ability to connect these dollars to the criminal organization is severely challenged. However, by sharing and fusing information from our countries, the UIF and FinCEN can now, in some cases, connect these dollars to the criminal organization or to intermediaries who knowingly launder the dollars through mechanisms such as trade based money laundering.
The significant steps taken by the Mexican Government and the UIF are, however, milestones on a long continuum. It seems clear that the Mexican cash restrictions will not severely diminish the supply or demand for drugs in the United States nor halt the flow of tainted dollars emanating from narcotic sales. However, we believe these restrictions have required criminal enterprises to reevaluate and change the methods by which they move, transfer, and launder illicit proceeds, thereby opening a window into the inner workings of the cartels.
It also seems clear that unless this bold move by the Mexican government is matched by equally bold moves by other governments in the region, the criminal organizations will soon find new avenues to launder the proceeds of their illicit activities and the window opened by the Mexican government will close.
We look forward to continuing that cooperation with the UIF as part of our shared goal to promote legitimate economic activity while making it more difficult for transnational criminal organizations to launder money and enjoy the proceeds of crime.
The Use and Protection of Information
Our work with the UIF on this issue is but one way in which our two countries have deepened our partnership. I would now like to discuss something that affects all of us directly in relation to the work that we do: confidentiality; protecting the confidentiality of the information that we collect, analyze and disseminate. In this regard, I would like to talk about how we at FinCEN value the information that has been entrusted to us and how we are helping protect it not only in the United States, but also when we share it with our counterparts overseas.
A Financial Intelligence Unit (FIU) is the central authority in each country responsible for the receipt, analysis and dissemination of financial information for AML/CFT purposes. Currently there are 131 FIU members in the Egmont Group. Among the benefits of membership is the ability to exchange information in a secure manner. These FIUs have the unique responsibility of making sure the information we receive from banks is shared with those who need it, but also that the information continues to be protected. This applies both within a country and in the unique role of FIUs in sharing information with their counterparts in other jurisdictions in furtherance of law enforcement investigations. Let me assure you when FIUs are sharing information, such as between FinCEN and the UIF, we constantly keep in mind the need for information to continue to be protected.
FIU reports and communications are highly sensitive in nature, such as in the case of Suspicious Activity Reports because they often contain private and personal identifiable information of citizens and legal persons who, in some cases may have not been found guilty of a crime. Although the information we collect is meant to be shared to help those who use it to catch criminals and bring them to justice, we are cognizant that we have to be careful about how we share it, who we share it with, and that those whom we share it with use it for the right purposes, and that they protect it as well as we do.
FIU information is intended to be used as intelligence for lead purposes in investigations only. Leaks of FIU information to unauthorized recipients may have a devastating effect on the reputation of those whose personal information has been divulged inappropriately, especially if they are not charged with a crime or publically sanctioned. Leaks can also compromise law enforcement investigations, alert targets of an inquiry and erode the trust of reporting entities in the AML/CFT regime.
Those are enough reasons for us at FinCEN to take an active role in ensuring that foreign FIUs and their domestic stakeholders know this, and that they take responsibility when it comes to protecting the information that they collect from their domestic sources as well as the information that has been entrusted to them by foreign counterparts, including FinCEN.
This is why we have partnered with the UIF and have found a forum in this hemisphere to share our values and concerns when it comes to protecting FIU information. We have engaged the Inter-American Drug Abuse Control Commission (CICAD), of the Organization of American States (OAS). Under CICAD we have joined a Group of Experts for the Control of Money Laundering, and together we have been working on a Set of Principles and Best Practices for the Use and Protection of FIU Information when Shared with Third Parties. When we talk about third parties we mean law enforcement, prosecutorial, and judicial authorities.
This set of principles and best practices cover everything from explaining the sensitivity of the information that FIUs collect, and prevention of leaks in the handling of the information and dissemination to third parties. The principles and best practices also address issues such as how to hold stakeholders accountable for breaches of information and how to repair damage caused from possible breaches of information.
In the United States, there are serious consequences for unauthorized disclosures. FinCEN has terminated information sharing with jurisdictions until they remedied the problems. Sometimes it has meant the FIU had to take corrective steps. Other times it meant third parties had to address certain deficiencies. It's important to remember that any AML/CFT system is based on trust. If an FIU on its own, or working with third parties, fails to protect FIU information (either its own or others'), then reporting entities will lose confidence in reporting.
And finally, the most important point: If we fail to protect FIU information, only criminals benefit.
We are very proud of being part of this initiative, and grateful that we have found meaningful partnerships with jurisdictions that share our values when it comes to protecting FIU information, and that have stayed committed to these efforts. I am happy to report that on September 18, CICAD approved as final both the Principles and Best Practices documents to assess jurisdictions on how well they're protecting FIU information, and to train them on how to do it effectively.
We also envision eventually promoting the same principles and best practices in other parts of the world through other forums such as the Egmont Group of FIUs. That way, we will continue to play a leading role in maintaining the integrity of FIU information.
I would now like to speak from FinCEN's perspective as an AML/CFT regulator and supervisor, to talk about how we approach situations where financial institutions fail to uphold their portion of the partnership, in other words, when they fail to comply with their AML/CFT obligations.
In any regulatory framework, establishing rules, providing education, guidance and feedback, and enforcing compliance are all critical components and mutually reinforcing. In the AML/CFT context, the basic types of rules can be simplified down to a few common categories: (i) knowing your customer and being vigilant against criminal abuse; (ii) keeping records so that they are available to "follow the money" if needed as part of an investigation of suspicion or criminal activity; and (iii) reporting of information, most critically STRs reported to FIUs.
At FinCEN, we often refer to the "four pillars" of an effective AML program. And they are the "four pillars" of an AML program for a reason, as each one is critical to holding up the overall structure of the program. Without one, the others will fail. The pillars of an effective AML program are: (1) the development of internal policies, procedures, and controls; (2) designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function to test programs.2It would be difficult to expect effective, reliable SAR reporting without the pillars of an AML program firmly in place.
And keep in mind that around the world it is recognized that AML/CFT regulations need to be applied not just to banks, but rather to a range of financial and other types of commercial institutions. Why? The reason is that any way that you can move money-any way that value can be intermediated-can be abused by criminals for money laundering, since the motive of almost all criminal activity is financial profit.
It is one thing to have rules in place, but the most important component is effective implementation. When an institution fails to uphold its compliance obligations, this creates a vulnerability-a crack in the foundation upon which our defenses against criminal abuse are built. Hence, in any regulatory framework, but certainly in the AML/CFT area, it is essential that compliance expectations be backed by a credible enforcement mechanism, which in FinCEN's case means the imposition of civil money penalties. Not only does this hold accountable those regulated institutions which have not followed the rules, but it is only fair to the financial institutions that are trying hard to implement credible AML/CFT controls, including bearing the responsibilities associated with these controls.
After the events of September 11, banks had concerns about regulatory expectations and the risks of being found non-compliant with regulations. Banks by their nature are risk averse, so uncertainty itself comes with implications. However, each bank needs to assess its own risk based on numerous factors including business lines and customer base.
I believe that when institutions do not follow the rules, steps must be taken to hold them accountable. And the recent fine imposed by CNBV on HSBC for failure to comply with anti-money laundering rules demonstrates Mexico's commitment in this area.
I also believe that compliance actions, including enforcement penalties, also serve as a type of feedback to the financial industry about regulatory expectations. Effective feedback that the financial industry can evaluate and understand, however, requires the sharing of information about the underlying compliance deficiencies.
As FinCEN expands its AML/CFT regulations to new types of entities that are not historically as highly regulated as banks, I expect that enforcement actions will increasingly become a part of the regulatory framework. I emphasize once again that in sharing appropriate information, regulatory enforcement actions can provide an important type of feedback to regulated institutions.
Conclusion -- Moving Forward Together
Among all the topics I have addressed in my talk today, I hope that one point you will remember is the importance of partnership and working together to achieve our shared goals. From my perspective at FinCEN, we cannot achieve our own mission without the cooperation of financial institutions, regulators, law enforcement, and international counterparts.
I have also provided a number of examples whereby even if we continue our strong cooperation with other entities within our own countries, and bilaterally between Mexico and the United States, more must be done on a global effort to address global risks. Criminals do not respect the law; and they certainly do not respect borders. Financial institutions and markets, moreover, have become increasingly interconnected and interdependent. For these reasons, governments must not let borders become obstacles to ensuring effective enforcement of AML/CFT regulations.
And we certainly appreciate the leadership that Mexico has shown in seeking to promote global improvements in the anti-money laundering area. Those of us here today all play an important role in deepening that relationship to help ensure the prosperity and security of our countries.
Thank you. I look forward to your questions and observations.