In parts 1 and 2 of this series, I wrote about the purpose and history of the Bank Secrecy Act, from its early years leading up to 9/11 and the years that immediately followed, when rising regulatory and program expectations saw the BSA evolve its purpose of providing actionable intelligence to law enforcement. Now, I will look at that impact through an era of enforcement, examine our modern risk management landscape, and offer an outlook on the future of the BSA.
A number of early, post-9/11 enforcement actions seemed to begin a focus on program requirements. In the mid-2000s, a growing number of BSA/AML penalties cemented the need for BSA officers to focus on their program requirements.
2005 Riggs Bank DPA – $16 million
2005 Bank of New York “double” Non-Prosecution Agreements – $38 million
2007 American Express Bank International DPA/civil money penalties – $85 million
2007 Union Bank of California penalties – $32 million
Ensuring that timely, effective SARs were getting to law enforcement was now secondary to meeting all programmatic requirements and expectations. Although these cases all involved AML deficiencies — failing to identify and report suspicious activity — they all had the effect of focusing BSA Officers’ attention on well-designed and documented programs… not on providing timely, actionable intelligence to law enforcement.
Lost and struggling
Although the financial crisis started slowly, it truly reached crisis levels in 2008. The seven-year period that followed saw the emergence of two major trends in the financial crimes space.
The first was an ever-increasing growth of penalties for BSA, AML, and sanctions violations and the first cases brought against individuals, including BSA officers. This stage of the BSA saw penalties rising into the billions of dollars.
The second trend was rising regulatory expectations. The OCC’s July 2010 memorandum referenced “heightened expectations” that became “heightened standards” in the proposed guidelines (published in January 2013), which became minimum standards in the final guidelines the following year.
Getting back on track
In the last few years, the financial crimes risk management industry realized that it cannot continue to spend massive amounts of money on developing programs, filing reports of dubious value to law enforcement, and paying fines and penalties. Nor could it avoid certain higher-risk products, services, customer classes, or geographies (often referred to as “de-risking”, most institutions actually practice “pre-risking,” or not offering certain products, not banking certain classes of customers, or not entering certain jurisdictions).
Coming Full Circle: Goals for the Future of the BSA
I, and many others, believe that providing timely and actionable intelligence to law enforcement is critical to the successful prevention of illicit activity. Of course, as outlined in the FFIEC Manual, a sound BSA/AML compliance program provides the necessary foundation for providing that intelligence.
Providing actionable, timely intelligence to law enforcement, while maintaining sound but rational programs, should be the new goal — and the rise of fintech and regtech solutions, like Verafin, whose express intent is fighting financial crime — are key to doing so.
Having the ability to look at more internal and external information, for multiple purposes (fraud detection, AML, and sanctions), and share that information both across private sector groups and with the public sector, will allow us to get back to why the BSA was created almost fifty years ago — to provide reports or records that have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, and, since 9/11, in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.