ACAMS Florida just had three days of Anti-Money Laundering discussion for small and large institutions, law enforcement, and regulators. Listed below are the highlights of Day One, including what regulatory agencies are looking for, why de-risking isn't going away, how algorithms can make your life better, and how Law Enforcement, NGO’s and Financial Institutions (FI’s) can work together to better prevent money laundering.
The opening session had various regulatory agencies discuss what Compliance Trends they would be focusing on in 2017:
- Suspicious Activity Report (SAR)
- Half of all broker dealers have less than 10 employees which means the AML officer may also make the coffee.
- Disappointed that many firms don’t file SARs.
- Actively going to pursue more regulatory action against banks in 2017.
- Training of their own staff. They've developed a technical competency model for their 300 specialists that lists which have skills or products including correspondent banking, private banking, etc.
- Cybercrime. As banking has moved online, so has Cybercrime.
- They want SAR's to include information such as IP addresses, ISPs, etc...
- Timeliness is critical. They’ve been able to take $250m back fake-CEO email scams because of timeliness.
- SAR Topics: The SAR database is the most important tool they have because it provides them with a continual list of leads, and helps them with existing cases. However, if Financial Institutions (FI's) sometimes only focus on a limited set of typologies they won't see the new issues
- Charters: OCC is looking at special purpose charters so that certain FI's could avoid the state money licensing process
- Enforcement Action: There has been a decrease in enforcement actions as 99% of banks are satisfactory
- Detailed some of the items the OCC considers when deciding whether or not to create an enforcement action
- Management teams that aren't sufficiently trying to understand
- Risk profile
- Product risk
- Customers served.
- Management's willingness & ability to take corrective action.
- Discussed Foreign Correspondent banking in relation to regulatory actions and de-risking.
- Recommend establishing point of contact related to AML at the other institution
- If a FI can't clear an alert due to a lack of information, the default is to file a SAR
- The more SARs on that correspondent banking relationship, the more likely the FI has to close the account
- Visiting is encouraged, build a relationship
- Currently soliciting feedback for the small firm template for AML programs & list of red-flags
- Nested accounts: This is a "Real risk" they want FI's focus on
- Aware if they have accounts held by these entities.
- Know which affiliates are helping customers create those accounts.
- Once data comes in
- What do you expect will happen and are you testing that it does?
- Examiners are going to insert transactions into the system.
- Parameters review,
- when were they set?
- when did you last update?
- has your risk profile changed since you updated?
De-risking is still a problem and it's not going to get better this year; at least according to the panelists and conference attendees. Of the over 1,400 attendees polled, only 10% said the number of correspondent banking relationships at their institution would increase this year. The majority (60%) thought they would stay the same or decrease (30%). The reasons why were amazing, in that there's a huge disconnect between regulators and the banks.
The regulators explicitly stated there wouldn’t be a silver bullet that would fix the de-risking issue, instead the impacted groups would need to get around the table to discuss. The banks said the risk is too high, they're not rewarded for financial inclusion and unless that changes, they won't work with higher-risk clients. Never before have we seen several of the world's largest banks explicitly state that de-risking is here and not changing, not because they can't but because they won't.
FINRA: Discussed its supports for data-driven exercises to solve problems, not de-risking
OSFI: Discussed how a multi-level approach is required
BB&T: There's risk aversion because of the following reasons
- Virtually every major bank is under a BSA enforcement action - these last between 3-7 years
- Individual liability has been introduced
- MRAs are driving cost up
- Informal actions (that the world doesn't see) increase the cost
- Many FI's are under a deferred prosecution agreement
Wells Fargo: They won't change their behavior
- Had 5,000 correspondent banks, now have less than 1/2 that amount, but they retained their best customers
- No reason for them to increase correspondent customers at this time
- Won't change unless there's a positive financial benefit
- Still bank MSBs, but they get no benefit for increasing inclusion
- Still bank correspondent banks but they get no benefit for increasing inclusion
- If that changed, things would change
- Explicitly pointed out that de-risking increases the financial risk to the US because exited customers move downstream to them or other banks through a correspondent banking relationship
Algorithms are your friends
A session that specifically discussed the use-cases for algorithms, how to implement them, and the perils of doing so.
The key use cases where algorithms can be used:
- Transaction monitoring models
- Customer Risk rating models
- List screening models
- Link Analysis
The things to keep in mind when implementing algorithms:
- How do you define success? How is it defined by regulators, financial institutions, and customers?
- How are you going to fold into existing processes?
- The math isn't the hard part, it's everything else, especially getting the pertinent data
- When looking for models to fight Human Trafficking they thought the tell-tale sign would be Hotel rooms, instead it was online and sites & shady payment processors
- Cannot set & forget -- Tuning annually or biannually isn't the best approach in a dynamic world.
- Alert risk scoring: routing & disposition of alerts based on risk score, where a higher score goes to experienced analysts
- Automated fraud scenarios: develop BSA specific fraud scenarios
Perils of using algorithms:
- Regulators aren’t comfortable, this means you need to run two systems, a rule-based system for regulators and an algorithm on top of that, even if the algorithm is better
- Your FI will be penalized for any change that changes # of alerts unless it’s documented, even if all the alerts are false-positives
- Regulators won’t accept a black box, but how explaining deep learning isn’t hard, it’s often impossible unless a reporting functionality is built-in at the beginning
- Jumping to deep-learning isn’t possible for a bank. Need to work up to it via Supervised Machine Learning, Unsupervised Machine Learning, Neural Net
Kleptocracy & International Money Laundering
It was standing room only for, arguably, the most gripping session of the day. Bringing together Law Enforcement, Private Sector, and NGOs; panelists discussed the role they have to play in preventing money laundering, what they need from the others, and how they could work together.
The NGO perspective -
Debra LaPrevotte from Sentry spoke about how they mapped out the entire banking sector of Southern Sudan and while 28 of 62 banks have been sanctioned, the sanctioned banks had access to 288 banks through correspondent banks. Moreover, the sanctioned banks are only 1-2 degree connections from over 1,000 G7 banks via correspondent banks.
Sentry produced this video detailing government corruption in Southern Sudan. For example, both the President & Vice president have large estates in the same neighborhood in Kenya, even though their government salaries are low. It’s important to note that most transactions that were laundering money were wire transfers performed using correspondent banking and in US dollars.
How Financial Institutions can help -
- Know your customer (KYC)
- Who the kleptocrats families are & their known associates
- Beneficial ownership - Shell companies are a significant way PEP's will move money around the globe
- Know your correspondents
- What they’re sending you
- Where they operate
- What normal looks like for that market.
- Not de-risking FI’s in high-risk regions without deep analysis
- De-risking an entire country because it’s easier, just makes things worse
- Lose visibility that Law Enforcement needs you to have oversight of
- Better to conduct a granular risk analysis
How Law Enforcement can help -
- The 314(a) requests, to help track where US institutions may have been used for money-laundering.
- Special measures, such as the 311 requests.
The FBI Perspective -
If money came through the US system for .5 seconds, that's sufficient to grant jurisdiction to grab the money where it now resides as kleptocrats don't keep money in their home country. However, the FBI needs help:
- The only have 40 investigators- Investigations take 6-7 years, on average- Get leads from NGO's, SAR's, etc...
How Financial Institutions can help -
SARs - Every FBI investigator reviews SARs for help
- Don't put every transaction in the SAR narrative, because it makes it too hard to read. List all the important one's and use a spreadsheet for the rest.
- If an AML analyst leaves, make sure someone knows how to gather data. Sometimes they need data 2-3 years old.
How NGOs can help -
- Passing on information that has been processed, and vetted.
Financial Institutions Perspective -
Banks have staffed up to prevent money laundering, with Financial Intelligence Units (FIU’s) and a close working relationship with law enforcement. No bank wants bad actors using their institution because of the reputational and financial risk.
How NGOs can help -
- Information on individuals/entities
How Law Enforcement can help -
- Feedback, whether about SARs or criminal typologies.
What they have
What they need
314(a) Requests, Enforcement
Blacklist Users, File SAR’s
In summary, the first day of ACAMS did a tremendous job highlighting and explaining what the regulatory agencies are looking for in 2017, why de-risking isn't going away, how banks and regulators aren’t even talking the same language or solutions, how algorithms can make your life better, and how Law Enforcement, NGO’s and Financial Institutions (FI’s) can work together to better prevent money laundering. Stay tuned for blog posts on days 2 and 3 of the conference.