by Jonathan J. Rusch

FinCEN and Federal Financial Institution Supervisory Agencies Issue Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing

On December 3, 2018, the Financial Crimes Enforcement Network (“FinCEN”) and the four federal financial institution supervisory agencies[1] (“the agencies”) issued a joint statement (“Joint Statement”) encouraging banks (i.e., banks, savings associations, credit unions, and foreign banks) “to consider, evaluate, and, where appropriate, responsibly implement innovative approaches to meet their Bank Secrecy Act/anti-money laundering (BSA/AML) compliance obligations, in order to further strengthen the financial system against illicit financial activity.”[2]

The Joint Statement expressed the agencies’ recognition “that private sector innovation, including new ways of using existing tools or adopting new technologies, can help banks identify and report money laundering, terrorist financing, and other illicit financial activity by enhancing the effectiveness and efficiency of banks’ BSA/AML compliance programs.”[3]  It declared that “[i]nnovation has the potential to augment aspects of banks’ BSA/AML compliance programs, such as risk identification, transaction monitoring, and suspicious activity reporting.”[4]  In that regard, it cited examples of innovations that some banks have already undertaken:

Some banks are becoming increasingly sophisticated in their approaches to identifying suspicious activity, commensurate with their risk profiles, for example, by building or enhancing innovative internal financial intelligence units devoted to identifying complex and strategic illicit finance  vulnerabilities and threats. Some banks are also experimenting with artificial intelligence and digital identity technologies applicable to their BSA/AML compliance programs. These innovations and technologies can strengthen BSA/AML compliance approaches, as well as enhance transaction monitoring systems.[5]

The Joint Statement specifically noted that the agencies “welcome these types of innovative approaches to further efforts to protect the financial system against illicit financial activity,” and that “these types of innovative approaches can maximize utilization of banks’ BSA/AML compliance resources.”[6]

The Joint Statement offered an additional assurance that the agencies are committed to continued private-sector engagement with financial institutions, advocating early engagement with bank management to discuss pilot programs for innovative BSA/AML approaches.  Such early engagement, according to the Joint Statement, “can promote a better understanding of these approaches by the Agencies, as well as provide a means to discuss expectations regarding compliance and risk management,” and provide the agencies with the opportunity to “clarify supervisory expectations, as appropriate and necessary.”[7]

The Joint Statement also made four points critical to assuring financial institutions that the agencies do not intend to whipsaw them by encouraging innovation but then effectively penalizing them for the consequences of innovation.  First, it said that they “will not penalize or criticize banks that maintain effective BSA/AML compliance programs commensurate with their risk profiles but choose not to pursue innovative approaches.”[8]  Second, it stated that while they expected banks to maintain effective BSA/AML compliance programs, they “will not advocate a particular method or technology for banks to comply with BSA/AML requirements.”[9]  Third, it indicated the agencies’ openness to banks’ conducting pilot programs, “in conjunction with existing BSA/AML processes, [as] an important means of testing and validating the effectiveness of innovative approaches,”[10] and to providing feedback to the banks on such pilot programs.  In particular, it stated that “pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful.”[11]  Fourth, it offered a measured assurance that “pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program.”[12]

Notably, this Joint Statement is the second result of the ongoing work of a working group that the United States Department of the Treasury’s Office of Terrorism and Financial Intelligence (OTFI) and the Federal depository institutions regulators formed with the aim of improving the effectiveness and efficiency of the BSA/AML regime.[13]  Previously, on October 3, FinCEN and the agencies issued a joint interagency statement (PDF: 24.3 KB) on sharing Bank Secrecy Act resources.[14]

Deciding How To Proceed

Both the October 3 and December 3 Joint Statements are welcome developments in two respects.  First, they provide some specific assurance that federal bank regulators are genuinely interested in positive engagement with the financial sector, and not merely regulation and enforcement.  Second, they appear not to be pressing for or insisting that financial institutions must adhere to particular types of innovative methods or technologies that regulators have previously endorsed.

At the same time, banks should read the December 3 Joint Statement’s four caveats with care in deciding how to proceed:

1. “No Penalty for Choice Not to Innovate.” The key point here is the language that banks must “maintain effective BSA/AML compliance programs commensurate with their risk profiles.”  In short, if what a bank’s current AML compliance program is doing is effective, regulators should not criticize the program on the ground that the company has not introduced “innovations.”
2. “Neutrality on Choice of Technology.” If a bank decides it wants to pursue a particular innovation, it should have the freedom of testing and selecting the technology that it believes stands the best chance of improving its AML program.  At the same time, it would be prudent for a bank that does so to engage its regulators early in the innovation process, and let the regulators in on its thinking about why this technology makes sense for the bank, from the standpoints of cost and effectiveness, and invite regulators to comment.  Early and genuine engagement with regulators on such issues can foster greater confidence by the regulators in the soundness of the bank’s approach.
3. “No Penalty for Failure of Pilot Program.” Banks should pay close attention to the regulators’ language that pilot programs that prove unsuccessful “in and of themselves” should not prompt supervisory criticism.  In other words, the mere fact of trying and failing should not be a valid basis for criticism.  On the other hand, if a bank adopts a pilot program on which its overall AML program is dependent, without backup capacity to maintain consistent ongoing monitoring and response, and that pilot fails, the bank can fully expect supervisory criticism.
4. “No Necessary Sanction for Pilot Program’s Exposure of Compliance Gaps.” On this point, banks should note the regulators’ qualifier that a pilot that exposes gaps in a company’s BSA/AML compliance program will not necessarily result” in supervisory action with respect to that compliance program. In other words, as indicated above, a bank that implements a pilot should maintain backup or parallel monitoring capacities for the full duration of the pilot, including evaluation of the pilot’s effectiveness.  If the bank does identify gaps in its existing AML program as a result, it should be prepared to explain to regulators the basis for its prior belief that the current program was sound and effective, and discuss candidly what it learned about the gaps in its program, how the pilot identified those gaps, and what it plans to do to remedy those gaps.

Financial institutions should therefore take the December 3 statement at its word – or, to be more precise, at all of its words — and consider developing innovative AML/CTF approaches that they believe make sense from a risk-based perspective (including costs and benefits), when they think it makes sense to develop and implement such innovations, and test the strength of the regulators’ professed commitment to engagement with the financial sector.  FinCEN and the other regulators undoubtedly hope that the joint statement will signal to banks that they should not fear being penalized when they choose to innovate.   For that reason, as they identify particular examples of AML innovation that they believe are effective, FinCEN and the regulators should use the OTFI-bank regulator working group and public statements to highlight (without publicly crediting specific institutions by name) such examples.  Those steps can help to persuade banks that regulators are serious about encouraging AML innovation, and that investment in AML innovation can be rewarded.

Footnotes

[1] I.e., the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency.

[2] Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes  Enforcement Network, National Credit Union Administration, and Office of the Comptroller of the Currency, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing 1 (December 3, 2018) (Joint Statement) (PDF: 67.4 KB).

[3] Id.

[4] Id.

[5] Id. 1-2.

[6] Id. 2.

[7] Id.

[8] Id. 1.

[9] Id.

[10] Id. 2.

[11] Id.

[12] Id.

[13] See Financial Crimes Enforcement Network, Press Release (December 3, 2018).

[14] See Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes  Enforcement Network, National Credit Union Administration, and Office of the Comptroller of the Currency, Interagency Statement on Sharing Bank Secrecy Act Resources (October 3, 2018) (PDF: 24.3 KB).

Jonathan J. Rusch is Principal of DTG Risk & Compliance, a consulting firm specializing in corporate-compliance issues, and Senior Fellow in the Program on Corporate Compliance and Enforcement at New York University Law School.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.