Good morning. I am honored to be joining you again this year. I recently had the opportunity to meet in Washington with SIFMA’s AML and Financial Crimes Committee and we had a very productive discussion. I know that some of the threats that are on your industry’s radar screen – threats such as securities fraud, market manipulation, and computer intrusion, are many of the same threats we are focusing on at FinCEN. It was helpful to hear your colleagues’ perspectives on these threats, and it is encouraging to know we are working towards many of the same goals in this area.
I also know from speaking with the SIFMA committee that you are interested in hearing my perspectives in the enforcement area, and this is where I would like to begin my remarks today.
As Director, I feel it is important that financial institutions take responsibility when their actions violate the Bank Secrecy Act (BSA). And by accepting responsibility, it is not just about admitting to the facts alleged in FinCEN’s assessment. It is also about acknowledging a violation of the law.
When a culture of compliance is lacking, the result is ineffective AML safeguards. A number of our recent enforcement actions have led us to begin thinking more broadly about how the culture of compliance impacts financial institutions, often with devastating consequences. So I would like to expand for a moment on the importance of a strong culture of compliance within a financial institution.
For the culture of compliance to be strong within an institution, the business side of the organization needs to take AML controls seriously. And it needs to begin with the institution’s leadership.
A financial institution’s leadership – to include the board of directors, executive management, and owners and operators – is responsible for performance in all areas of the institution, including compliance with the BSA. The commitment of an organization’s leaders should be clearly visible, as the degree of that commitment will have a direct influence on the attitudes of others within the organization.
Business interests should never compromise an institution’s AML program. I know many of you here today are responsible for compliance within your organization. The fact that you are here at this conference is evidence of your commitment in this area. And as compliance professionals, you should be empowered with sufficient authority, independence, and the tools you need to effectively implement the AML program within your institution.
I know there have been calls for more accountability on the business side of an organization when AML compliance fails. This is where a focus on individuals, as well as institutions, might come into play.
The BSA does provide FinCEN with broad authority to obtain injunctions against institutions, as well as individuals, it believes are involved in violations of the BSA. It also allows FinCEN to impose civil penalties not only against domestic financial institutions, but also against partners, directors, officers and employees of such entities who themselves participate in misconduct.
Enforcement should never be a “gotcha” or hide-the-ball exercise. And I think if you look at our past enforcement actions, and review the facts, you can clearly see why FinCEN took action in these cases.
We know that the vast majority of the industry, and in particular the compliance officers within financial institutions, are doing everything they can to comply with their responsibilities. We appreciate all you are doing to keep your financial institutions safe from illicit use. However, we will employ all of the tools at our disposal and hold accountable those institutions and individuals who recklessly allow our financial institutions to be vulnerable to terrorist financing, money laundering, proliferation finance, and other illicit financial activity.
I would like to speak for a moment of the importance of information sharing, as this also ties into a strong culture of compliance.
There is information in various departments within a financial institution that should be shared with the compliance staff, such as information developed by the department responsible for preventing fraud. A failure to share information due to systemic stove-piping, or other reasons, can significantly weaken the effectiveness of an institution’s AML program.
Information sharing within an organization is critically important, but sharing information between financial institutions is also critical. The 314(b) safe harbor provisions permit financial institutions to share information under the 314(b) program as it relates to transactions involving proceeds of suspected fraud and other specified unlawful activities (SUAs), the predicate offenses for money laundering, if the financial institution suspects there is a nexus between the suspected fraud or other SUA and possible money laundering or terrorist financing activity. And I can tell you as a former money laundering prosecutor who has handled several fraud related money laundering cases, anytime you have funds that you suspect are related to fraud in or moving through your financial institution, you should also be suspicious that transactions made with those funds may involve money laundering.
We heard that there was some confusion about how to participate in the 314(b) program, and who was able to take advantage of the safe harbor. As a result of this feedback, FinCEN issued a Fact Sheet in October to help promote the 314(b) program and clarify how to participate. You can find the Fact Sheet on FinCEN’s website, and of course FinCEN’s Resource Center is always available to answer any questions you may have.
Value of BSA
When I spoke last year, I discussed the value of the BSA data, and I would like to revisit this issue again, not only in the context of the recent Madoff case, but to update you on how the Securities and Exchange Commission utilizes the SARs you file to support its own civil enforcement efforts.
As you all know, a financial institution files a suspicious activity report, or SAR, with FinCEN when it thinks a transaction may be suspicious. FinCEN, in turn, makes such SARs available to law enforcement and regulators, including the SEC.
However, recent actions taken by FinCEN underscore the catastrophic consequences that can flow when suspicions are not acted upon. When JPMorgan failed to file a SAR with FinCEN, an opportunity to stop Mr. Madoff’s fraud was missed. When TD Bank failed to file timely SARs, a massive Ponzi scheme went undetected for 18 months. Sadly, these are cases where frauds went unheard, leaving law enforcement and regulators, including the SEC, in the dark. Critical pieces of the puzzles were left out, and innocent people continued to be victimized.
While these are examples of missed opportunities, there are also many examples of how the SARs you file do make it into the right hands, help solve the puzzle, and in some cases are the tip-off that starts an investigation. Take for example the work going on within the Securities and Exchange Commission’s Division of Enforcement.
SEC’s Division of Enforcement places such value on your reporting that it maintains a group of attorneys and contract staff dedicated exclusively to BSA-related issues, including the review of SARs. Each year, the BSA Review Group within SEC’s Office of Market Intelligence reviews thousands of SARs filed by or about persons in the securities industry, or generally alleging securities fraud or securities law violations.
Last year, SEC’s BSA Review Group individually reviewed more than 21,000 SARs. In fact, if FinCEN receives a SAR from or about an entity, person, or transaction within SEC’s jurisdiction, the odds are quite high that someone at SEC will review it. On average, SEC staff obtain these SARs within a week of your submission, and Enforcement staff assess and forward them within an average of one week after that. Imagine, your SARs are read, assessed, and if they warrant action, in the hands of SEC investigators within an average of about two weeks from the day you submit them to FinCEN.
SEC Enforcement staff constantly compares the information they extract from SARs to data in their own databases and other sources to assess the allegations in the SARs. Out of those thousands of SARs, roughly one in ten provides SEC with valuable intelligence related directly to active SEC Enforcement matters. My friends at the SEC inform me that barely a week passes in which SEC Enforcement does not open a new investigation or examination based on information it received – at least initially – in a SAR; in fact SEC opened 42 new investigations and at least 14 exams in Fiscal Year 2013 and already has initiated 17 SAR-inspired investigations or examinations this Fiscal Year. The SEC has emphasized to me – and you can tell from these statistics – that they rely on your SAR reporting literally every day.
In addition to just those new investigations and exams, last year, SEC Enforcement filed nearly a dozen actions that originated from a SAR and made referrals to other agencies that resulted in even more. Among them were actions against four Ponzi schemes involving $14-25 million in losses to more than 50 investors (and victims), and a half dozen Insider Trading cases involving millions in profits or avoided losses. These are more examples of the coveted “but-for” cases I shared with you last year. By that I mean that but for the filing of SARs, these cases may have unfolded much differently, and much later.
Let me expand on that point for a moment. These examples illustrate not just the satisfying fact that your reporting is helping to expose Ponzi Schemes involving tens of millions of dollars in losses as well as other frauds, but that clear, timely information provided by compliance professionals like you increases the opportunities for government agencies to act and possibly to restrain or recover the wrongdoers’ assets so that victims can be at least partially made whole.
Aside from the day-to-day individual review of those thousands of SARs, SEC’s BSA Review Group also analyzes the entire collection of securities-related SARs. By that, I mean that they go beyond simply reviewing and analyzing the individual reports you prepare. In addition, SEC reviews the total of securities-related SARs to identify patterns and trends in the information. This type of analysis equips all of us together to determine whether there are compliance-related vulnerabilities in the system that we can close to further protect the markets and investors.
As I noted last year, I recognize that financial institutions spend a great deal of time and money to comply with the BSA. And as such, we need to ask ourselves whether the money is being spent in the right way. So the question I asked all of us last year: Is there a delta between compliance risk and illicit finance risk?
Fortunately, we have the right forum in place to explore these questions. As a part of the Bank Secrecy Act Advisory Group, known as BSAAG, we formed a subcommittee aptly named the Delta Team, to start the conversation. I would like to update you on where we are with these efforts.
One of the common themes we heard across the industry is that additional information on money laundering trends ? including more specifics on schemes and methods for illicit finance and red flags ? would be helpful in aligning industry efforts with law enforcement priorities. This is something we certainly agree with.
We also heard that FinCEN needs to find ways for more dynamic, real-time information sharing, both by and between financial institutions, and with FinCEN and law enforcement. A key aspect here is to again promote information sharing between financial institutions through Section 314(b) of the USA PATRIOT Act.
As the financial intelligence unit for the United States, FinCEN must stay current on how money is being laundered in the United States, so that we can share this expertise with our many law enforcement, regulatory, industry, and foreign financial intelligence unit partners, and effectively serve as the cornerstone of this country’s AML/CFT regime.
FinCEN’s new Intelligence Division is positioned to do just that. In response to industry feedback on the need for more information sharing with industry, we have begun exploring new ways to expand information sharing from government to industry, where warranted. And our Intelligence Division is in the process of implementing a new concept whereby our analytical products will be provided to additional partners, including industry, whenever appropriate. We are working now on developing the product line, distribution methods, and dissemination restrictions.
In this vein, one area that we are currently trying to get a better handle on is the use of cash in the securities sectors for other countries. For example, FinCEN’s analysis recently revealed that Mexican casa de bolsas (Mexican securities firms) are starting to bring U.S. dollars into the United States and depositing this cash into U.S. financial institutions. To the extent that foreign securities are obtained more readily with cash, U.S. firms dealing with foreign firms should be mindful of the cash aspects and source of funding of their business, given the heightened money laundering risks associated with cash.
More broadly, when securities firms offer services similar to banks, they need to also consider the vulnerabilities associated with engaging in these types of services, and to make sure that their compliance programs are commensurate with such risks. To the extent that these entities are providing bank-like services, we need to make sure that essentially the same types of BSA obligations and compliance activities applicable to banks are in place – notwithstanding the fact that the institution might not be a bank.
FinCEN also continues to work with our colleagues at SEC, CFTC, Treasury, FINRA and NFA in the Securities and Derivatives Working Group to identify money laundering and terrorist financing vulnerabilities in the securities and derivatives markets. As a part of this effort, FinCEN has analyzed almost 28,000 SARs filed by securities and futures industry members and nearly 13,000 SARs filed by depository institutions that reported activities specifically related to suspected money laundering and terrorist financing within the securities and derivatives markets. There are also a few key take-aways which I can share with you.
First, the analysis showed that a large majority (roughly 80%) of SARs flagged for money laundering/structuring were reporting usage of brokerage accounts for “bank-like” activity in cash equivalents (wires, ACH transfers, and checks in particular.)
Second, the FinCEN analysis noted that about 20% of the SAR subjects used non-U.S. addresses, especially Latin American addresses. The team thought this supported the notion that broker-dealers, and depository institutions working with securities/derivatives industry clients, may face overseas risks.
Both of these take-aways are interesting in light of the trend I mentioned earlier wherein Mexican casas de bolsas are starting to bring U.S. dollars into the United States and depositing this cash into U.S. financial institutions.
Lastly, I would like to emphasize the importance of financial institutions providing the very best information possible in their SAR filings. As you can see from my remarks today, we take the information you provide very seriously, and the details you include help us identify and act upon your SARs more quickly.
One of the best parts of my job is getting the chance to build partnerships with those who are committed to safeguarding our financial system.
So in closing, I would like to thank all of you for the role that you play. Whether you are serving as the compliance officer within your financial institution, working as an examiner to ensure adequate BSA safeguards are in place, or utilizing the BSA data filed by financial institutions to investigate criminal activity, your role is essential.
The work you do each and every day helps prevent money launderers, terrorist financiers, and other illicit actors from abusing our financial system. I hope that it is clear that the government is using the product of your labor daily to act swiftly and decisively to counter illegal activity. I also hope that it reinforces for you, as it does for me, that the money and effort that you and your firms put into your AML programs is certainly worth it. I look forward to our ongoing partnership on these issues.