Good afternoon. I am honored to be given the opportunity to participate in the Conference of State Bank Supervisors International Dialogue Day. Strong cooperation at the federal and state levels is important for FinCEN – we cannot do an effective job in ensuring that financial institutions have adequate anti-money laundering controls, controls that are critical to the protection of our nation’s financial system, without your help.
Coordination with state regulators plays into much of what FinCEN does as the administrator of the regulatory regime developed under the authorities of the Bank Secrecy Act. From drafting proposed regulations to enforcement actions, your input and expertise is often a valuable part of the process. In many cases, your members are the first to spot activity that needs attention at the federal level – whether that means a regulatory gap, or a specific enforcement action.
Today, I thought I would briefly review some of our current regulatory objectives – paying particular attention to the objectives of Title III of the USA PATRIOT, and then touch on my priorities for FinCEN going forward. I hope to have some time at the end of my presentation to entertain some of your questions or comments, if you have any.
In developing the regulatory packages issued under Title III of the USA PATRIOT Act, I think it is important to understand our approach. At the most fundamental level, we have adopted a “risk-based” approach to regulation. In other words, we believe effective implementation of the Bank Secrecy Act – as amended by the PATRIOT Act must be predicated upon a financial institution’s careful assessment of its vulnerabilities to money laundering and other financial crime and building an anti-money laundering program that makes sense for that institution and its customers. This is “advanced” regulation, if you will – requiring a serious commitment on behalf of the regulated industry as well as the regulator. It is not a “rule-based” approach, where the regulator gives the regulated a laundry list of tasks to be checked off. We believe no one is better positioned to evaluate its business processes, including distribution channels and customer base than a financial institution itself. Moreover, the financial community spans a broad horizon of service providers, and even within those sectors each institution must weigh its vulnerabilities according to its corporate structure.
This approach requires a commitment on behalf of the regulated industry. The industry must – from the very top of the organizations – seriously assess the risks it has against money laundering and other financial crime. Then the organization must design a plan – within the guidelines and guidance provided by the regulator – that will address and minimize those risks. Then the organization must implement the plan in an efficient and effective manner.
While this approach is, in some ways, more challenging for financial institutions, let me submit to you that this approach is also much more challenging for the regulator. In order for this system to work, the regulator must provide constant guidance of all sorts – formal and informal – using every technology available to us to reach the regulated industry. We have a responsibility under this approach to provide you with “guideposts,” inside which you can design your program. It also requires that our regulatory regime must never become static. Our approach must be constantly iterative. We must continually critically assess our regime and ensure that it addresses – in the broadest sense – the risks posed to our system.
In addition to guidance, we must find ways to provide information to financial institutions and to functional regulators that is relevant to assessing the risks facing the financial system. This includes providing information about trends and patterns we are finding. It also includes providing specific relevant information to our regulated industry. I am not naïve. This is not and will not be as easy as it sounds, but we must find a way to do it. For example, let’s say we receive information about a particular threat or risk associated with terrorist financing. It is likely that this information would be classified national security information – and rules that were devised for the cold war still apply to the dissemination of that information. Likewise, law enforcement organizations are correctly reticent about sharing information important to its investigations that may be directly relevant to an institution or a sector of the financial industry assessing risk and addressing that risk. Let me be clear, I am certainly not advocating free and public disclosure of our national secrets, or of important law enforcement information. I am saying, however, that we need to find a way – some way – to communicate that relevant information to our regulated industry. Otherwise, how can we expect that industry to effectively assess and address risk? Let me tell you that this is a significant priority for me and for FinCEN.
Looking specifically at Title III of the PATRIOT Act – the Act essentially sought to accomplish the following: 1) enhance our ability to share information; 2) protect the international gateways to the U.S. financial system, the correspondent account; 3) prescribe uniform customer identification verification procedures for all financial institutions opening accounts; and 4) expand our anti-money laundering regime to all categories of financial institutions whose services may be abused by money launderers or terrorists.
We have some important work to finish. Of interest to many of you is probably completion of the final regulations under Section 312 requiring due diligence for correspondent accounts maintained for foreign financial institutions as well as private banking accounts. This is the final element of the comprehensive set of regulations designed to protect the international gateways to the U.S. financial system. We are working hard on completing that rule and hope to have it published soon.
We are also continuing to look at final anti-money laundering program regulations for non-bank sectors such as the insurance industry and dealers in precious stones, metals, and jewels. Suspicious activity reporting regulations for mutual funds and certain insurance companies will also be finalized. And, of course, additional customer identification regulations similar to those issued for banks for other financial services providers are in the works.
I think it is worth taking a moment to discuss briefly another side of compliance – enforcement. Let me be clear. FinCEN’s enforcement policy will not be punitive, except when punitive action is called for. Our objective is to gain compliance by issuing guidance, by being readily accessible to answer questions, by participating in conferences and by reaching out to institutions through as many other avenues as we can. In know from my experience of working on these issues at the highest levels of the Treasury Department that the vast majority of the financial industry is fully engaged in honoring their regulatory obligations. Our job is to help them understand what is expected of them. For those institutions, whose programs are not in compliance our first objective will be to assist them in understanding and correcting their violations as well as to ensure that the required records and reports are made available to law enforcement. Our regulatory staff works with institutions across the country on a daily basis to clarify issues and respond to concerns. Last year four employees on this staff responded to more than 6,000 regulatory questions, the vast majority handled by phone through our Regulatory Help Line and Terrorist Hot Line. I believe they understand the need for a customer service mentality in interacting with our industry partners.
When FinCEN does take an enforcement action it is usually resolved through warning letters, which again are meant to help illuminate problems and point the way to effective remedial actions. Civil penalties are reserved for cases involving only serious and repeated – or using the term of the statute – willful violations.
I would also like to touch upon a set of issues related to improving the effectiveness and efficiency of the BSA reporting process. I believe we all understand the objective in collecting the financial transaction information under the BSA. But I have growing concern that the proliferation and bureaucratization of forms may be impediments to achieving the goal of providing information relevant to combating terrorist financing and money laundering. I think this is particularly true with respect to the universe of non-bank financial service providers that are new to the world of anti-money laundering programs and suspicious activity reporting. So we are going to take a serious look at simplifying the filing process in concert with our regulatory and law enforcement partners. I would like, for example, to see the MSB SAR reduced down to one or two pages. We need to make it accessible to a whole new universe of potential filers whose native language may not be English, who do not understand bureaucratize, and who in fact be prime targets for exploitation by terrorists in moving their funds.
I also believe we have to do a much better job of getting the best information quickly into intelligence and law enforcement hands that need it to perform their roles in safeguarding the nation’s financial system. I am taking a comprehensive, hard look at FinCEN’s Gateway and electronic filing systems. I think improvements are necessary and I’m going to move aggressively to make sure that users of BSA data can access it in the most efficient way possible. Given the effort and resources that go into production of the data, the last thing we want or need is for a law enforcement official to avoid this incredibly important resource because it is too cumbersome or too confusing or takes too long connect to the data.
I have highlighted a few of the areas we will be directing our energies towards at FinCEN but you will be hearing and I hope engaging in a dialogue with us on a number of issues as we move forward. The international arena, for example, is a key dimension of the FinCEN network. The group of financial intelligence units or FIUs known as the Egmont Group is chaired by FinCEN’s Deputy Director, William Baity. Egmont is an important communications channel that provides U.S. law enforcement and their counterparts in more than 80 countries around the globe with the means to share information quickly and securely. Our international staff is a talented and dedicated group of professionals who are helping to make a measurable difference in promoting the adoption of meaningful regulatory regimes around the globe. Many of you represent financial institutions with strong international interests and I believe there are opportunities to exchange ideas and experiences in this area that we haven’t yet explored.
In closing, I hope I leave you with the impression that my overriding priority in the coming months and years will be to continue to raise the bar with respect to the products and services FinCEN delivers. We are in the business first and foremost of gathering, analyzing and disseminating data that reinforces the defenses of financial institutions against criminal abuse and that it provides meaningful information to law enforcement-- information that enables law enforcement officials, at every level, to more effectively detect and prosecute those who do harm to our country. We all have significant responsibilities in this fight and I intend to ensure that FinCEN does its part in providing the tools we all need to meet the challenge.