AML: tough times continue

There is no denying that the period since the passage of the USA Patriot Act in October 2001 has been difficult for the financial services industry in the United States, and for its regulators. Challenges were predictable. In atypical fashion, the USA Patriot Act was passed by the US Congress and signed into law within six weeks of the events of September 11. Title III of the law extended anti-money laundering (AML) compliance requirements to a much broader group of financial institutions; imposed a number of new requirements on certain types of financial institutions, namely banks and broker-dealers; mandated the Treasury Department to develop and issue a host of implementing regulations; and obligated the regulators to marshal and train their resources to enforce the new requirements. Neither the industry nor its regulators had much time to prepare for what would be required.

In the past few years, several financial services regulators have issued AML enforcement actions, yet it has been banks and bank regulators that continue to receive the most attention. Bank AML enforcement actions are at an unprecedented high and financial penalties, in some cases, have reached tens of millions of dollars. The obvious questions might be: (1) "Have banks, which have been subject to AML compliance requirements since the enactment of the Bank Secrecy Act in 1970, really done such a poor job at compliance and (2) have the bank regulators been more aggressive than their counterparts in enforcement?"

The answer to the first question is 'No'. Despite the number of enforcement actions and financial penalties imposed against banking organisations, most observers would likely agree that the banking industry as a whole has developed and implemented more sophisticated AML compliance programs than other segments of the financial services industry. It is also worth noting a fact that often seems to be ignored, that is, the majority of US-based banks are not subject to enforcement actions and are presumably, therefore, meeting regulatory expectations.

The answer to the second question is 'Yes'. To some extent, this might have been expected. As previously noted, banks have been subject to money laundering compliance requirements for more than three decades, so it is not completely unreasonable that the regulatory standards for banks would be higher, and they would not be allowed the same grace period to comply that other financial services regulators seemed inclined to grant their institutions. Similarly, bank regulators themselves have more experience with AML compliance, which likely also contributed to their raising the bar on compliance. There is another reason, however, that bank regulators have been more zealous, and it has its roots in events that occurred in 2005. It was 2005 when the bank regulators themselves came under criticism for their allegedly weak supervision of AML compliance at Riggs Bank and Banco de Chile, both of which were charged with laundering funds for former Chilean director Augusto Pinochet. Comptroller of the currency John Dugan, in a letter to the chairman of the Senate Committee on Banking, Housing and Urban Affairs in November 2005, admitted that "the events that transpired at Riggs Bank, NA were a wake-up call for the OCC." During congressional hearings, one of the proposals discussed was removing authority for AML enforcement from the bank regulators; as a compromise, the Financial Crimes Enforcement Network (FinCEN) was given the power to issue enforcement actions even when the bank regulators chose not to do so, and the bank regulators were put on warning that they needed to enhance their supervision and enforcement. Not surprisingly, they appear to have taken this warning seriously, and have moved quickly - some would argue too quickly - to deal with institutions they believe are falling short.

In the past several years, the bank regulators have issued myriad guidance to the banking industry, most of which they periodically codify in the Federal Financial Institutions Examination Council's (FFIEC) Bank Secrecy Act/Anti-Money Laundering Examination Manual. The third edition, which was released in July 2007, includes more than 300 pages of guidance. While well-intended by the bank regulators, the vast amount of information provided has led to charges that regulatory expectations are ever-changing and compliance with a moving target is not possible. This view is reinforced when an AML compliance programme that satisfied the examiners during the last examination is considered inadequate at the next examination.

For their part, the regulators do appear to be concerned that they may not always have applied standards consistently. To deal with this, the FFIEC issued an Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements in July 2007 to delineate and clarify the circumstances that would result in the issuances of a cease and desist order. With the ground rules published, concerns over uneven or inconsistent supervision will hopefully be minimised.

There is little, if any, reason at this time to believe that the environment for AML compliance in the US will change any time soon. Given this, there is likely to be a more instructive question worth considering. Why do some banks get it right while others continue to struggle?

Contact us:
Carol Beaumier
+1 212 603 8337
Carol.Beaumier@protiviti.com