New rules designed to thwart money laundering and terrorist financing require companies to know their customers better than ever. And for the many financial institutions that must comply with the USA Patriot Act, that will be no small task.
The new law, enacted last October in response to the terrorist attacks, expands the scope of the existing anti-money laundering (AML) law—namely, the Bank Secrecy Act—to all types of financial institutions. Now, not just banks, but broker/dealers, insurers, mutual funds, credit card systems operators, check cashers, and many others must develop adequate AML programs.
The financial services companies are charged with creating policies and procedures that continually check their client and vendor base against the Office of Financial Asset Control’s lists of known drug dealers, terrorists, and other enemies of the state, and report matches. They must also designate a compliance officer and set up AML training programs and independent audit functions to test the programs.
AML programs and customer verification procedures aren’t new to banks and the many broker/dealers either owned by banks or voluntarily issued suspicious activity reports. Their compliance is more about reviewing and perhaps tweaking existing policies and practices.
Others aren’t as lucky. Hedge funds and other previously unregulated outfits now have to disclose and verify the identities of their shareholders, as well as develop compliance programs—likely from scratch.
The Treasury Department recognized these differing degrees of readiness late last month when it extended the previous April 24th deadline by 90-days for many of the newly regulated industry sectors, including mutual funds and money-services businesses. Meanwhile, hedge funds and insurers, among others, must wait as much as six months to enable the Treasury to study them more.
CFOs probably should do some studying of their own. While the implementing the terms of the Patriot Act is more of a concern for compliance officers and corporate lawyers, finance executives and risk managers ultimately share in responsibility, says John McGovern, chief compliance officer at Royal Alliance, a division of SunAmerica/AIG.
“The takeaway for CFOs post September 11 [is], if they do nothing less in their organization, they now need to pay a lot more attention to anti-money- laundering procedures than they’ve ever done before,” says McGovern. “No one wants the publicity of any questionable transaction passing along their books.”
And when those suspicious transactions are tied to terrorists, watch out for reputation risk. “What they never want to happen again is money coming in [to financial institutions] to pay flight-school bills for people who fly planes into tall buildings,” says Alden Taylor, senior managing director and principal at consulting firm Citigate Global Intelligence & Security. “It’s not money laundering, but it’s a type of transaction that would be flagged as part of these systems.”
Not complying with the new law or having inadequate anti-money laundering controls is a costly risk to take. The penalties for companies include $1 million fines for civil or criminal violations and complete forfeiture of loaned money. Nota bene: Executives can also be fined. Then there’s the likelihood of bad press.
What’s more, enforcement agencies aren’t shy about making examples of non-compliant companies. Consider bank holding company U.S. Trust Corp. The Federal Reserve Board and the New York State Banking Department slapped the bank holding company with a cease-and-desist order and fined it $10 million last July in connection with alleged violations of and deficiencies in its internal controls and inadequate compliance with the Bank Secrecy Act. (The act regulates currency transactions.)
U.S. Trust, which is owned by Charles Schwab, Corp. admitted no wrongdoing. Still, law enforcement officials also alleged that the company’s Strategic Trading Group kept inadequate records. U.S. Trust has since invested $20 million in technology to monitor currency transactions and added 10 people to its compliance department.
Other compliance officers have taken notice. “Not one dime was laundered,” says Jay Perlman, associate general counsel at financial holding company Friedman, Billings, Ramsey Group, noting the $10-million payment. “Just use that as a barometer for what the fines or penalties will be post September 11.”
Syndicate Due Diligence
Complicating compliance, however, is the delay in detailed guidance from regulators. The Treasury secretary will issue requirements for AML programs on a rolling basis through the fall. “It’s not exactly clear how to comply, because not all the rules have been written,” says Jeff Irby, managing director at KPMG Consulting. And some of the rules are proposed, not final. Further, industry regulators like the National Association of Securities Dealers have also been issuing their own implementation guidance.
Topics still under review include due diligence programs covering correspondent banks and private bank relationships (effective July 23), as well as regulations for customer identification and verification at account opening (October 25). As of December 2001, U.S. banks were prohibited from opening or maintaining correspondent accounts with “shell banks,” (bank with no physical presence) and from providing banking services to a foreign shell bank through a correspondent account with another bank.
But making sure that foreign banks have adequate money-laundering controls will not be easy, experts say. “You could have money laundering between a German and Slovenian bank,” says Taylor. “We can do nothing about it. This is where the due diligence rules become important, because it’s not clear how much [the Treasury Department] wants to extend those transactions into foreign banks, and how agreeable those banks would be to that due diligence.”
Taylor is more hopeful that financial institutions will agree to work together with one another through “due diligence syndication.” Consider a bank in the former Soviet Union, which has several banking correspondence relationships in the United States, he explains. Having 20 banks each doing costly due diligence with auditors of just the former Soviet Union bank would not be as efficient as one U.S. bank doing the work of many.
Alas, there are still barriers to mounting such group due diligence efforts. Financial institutions are still looking for Treasury to say just what types of information can be shared and how they can be shared under the Patriot Act. “Let’s say that the guidelines are silent [about whether they allow] someone to come forward with an idea like that,” Taylor says.
What’s more, the sharing of information among different institutions may be easier said than done. Companies may be less than open about exchanging their information and disagree about what constitutes a suspicious activity, says Thomas Franko, managing director and general counsel at Pershing Corp., a broker providing back-office processes for other broker/dealers that solicit clients.
Still, Pershing, which has been issuing suspicious-activity reports for years because of compliance obligations of its parent, Credit Suisse First Boston, has been involved in an information-sharing relationship with a number of its broker/dealer clients. Royal Alliance’s McGovern says he’s working closely with Pershing to make sure his company has the proper anti-money-laundering procedures in place. “They’re providing us with wire and money-movement reports and access to surveillance filters,” he says of Pershing.
Know Thy Customer
Compliance with the Patriot Act may require a significant investment in technology, depending on a company’s size and risk profile. Support will be needed for checking the Office of Financial Asset Control list, record keeping, and data reporting. Companies will also need filters to raise red flags of potential money-laundering activity. “This is a challenge for a lot of firms because they’re not architectured to have a centralized view of their customer,” explains Jim Hayden, senior vice president for product management at anti-money-laundering software provider Mantas Inc.
Pershing is considering various vendors and products such as artificial intelligence software, for its anti-money laundering program, Franko says, “to make it more of an automated process.” After all, financial institutions not only have to monitor transactions more closely, but also verify existing and new customers. They also must turn over information to federal banking agencies within 120 hours of a request.
Artificial-intelligence systems use statistical- modeling techniques to evaluate the likelihood that a transaction represents money laundering. Depending on the size of a financial institutions, CFOs can expect to budget $1 million to tens of millions of dollars for the IT upgrade.
Rules-based systems, a simpler and somewhat cheaper product line than artificial intelligence, can identify suspect activity by means of filters. It also matches customer profiles to individuals, entities, or countries that are banned or restricted.
TowerGroup, a Needham, Mass.-based research firm, expects spending by U.S. banking institutions on AML and related technology to reach at least $60 million by the close of 2002, with total financial services industry spending likely to double that figure.
Not surprisingly, many vendors are pushing the opportunity for a return on investment. “The potential is how you turn [the software] to your advantage,” says KPMG’s Irby, “not just to know the customers that you want to avoid but know the customers that you want to do business with.”
Other technology experts, however, are wary of advising companies what software solution is best suited for a particular sector’s needs. “We don’t know yet what auditors will really be demanding for full compliance,” says Richard De Lotto, senior research analyst with IT consulting firm Gartner Inc.
DeLotto notes that Gartner hasn’t received many questions from clients on compliance with the Patriot Act. “We normally get a lot of inquiries on something like this,” he adds. Gartner’s theory: Financial institutions are confident in their positions. Then again, De Lotto says, “You can be confident and wrong at the same time.”