Promontory Financial Group Describes a New “Risk-Based” Approach to Anti-Money Laundering
In light of the recent Standard Chartered Bank flap, Saturday’s report that Deutsche Bank is under investigation for similar behavior, and today’s report that RBS (as well as two other banks, one of which is Sumitomo Mitsui) is as well, I want to look at an article on Anti-Money Laundering enforcement a Promontory Financial Group exec, Michael Dawson, published in American Banker just one week before NY’s Superintendent of Financial Services, Benjamin Lawsky, filed an order against SCB alone.
Around the same time Dawson was writing this, remember, his company was involved in a review of SCB’s laundering of Iranian funds that would show a tiny fraction of the total exposure that SCB would ultimately admit to. That is, Dawson’s comments probably provide a glimpse into what PFG was seeing not just in Citibank and Commerzbank enforcement actions, which he discusses, but also in SCB. And it might help to explain why other regulators were so intent on crafting an SCB settlement based on just $14 million in violations rather than $250 billion.
Dawson reports seeing a change in recent AML/BSA enforcement actions, away from a “rules-based approach” toward a “risk-based approach.” He suggests that regulators are demanding not a broad-based examination of the scope of AML violations, but instead more targeted information about who posed the biggest risk laundering money and what they were doing.
Instead of requiring expensive reviews of extended periods of time for a broad range of potential suspicious activity, the latest enforcement actions emphasize a risk-based approach to AML compliance, with several of the actions requiring a risk assessment or enhancements to an existing assessment.
The level of specificity required is noteworthy and includes, among other things, detail on the volumes and types of transactions and services by country or geographic location as well as detail on the numbers of customers that typically pose higher BSA/AML risk. The actions also require a more holistic approach, requiring the results of the bank’s Customer Identification Program and Customer Due Diligence program to be integrated in the risk assessment. [my emphasis]
This sounds like the regulators are interested not in discovering how banks are complicit in money laundering, but rather using the banks to get details on key people who money launder and the tactics just those key people (terrorists, cartel kingpins, mean Iranians) use. (Note, I think something similar, but even more significant, happened last year when JPMC got busted for trading with Iran, but no one seems to remember that happened.)
After making these broad statements about the general direction of AML enforcement, Dawson distinguishes between what the Office of the Comptroller of the Currency is requiring and what the Fed is. OCC has not only shortened the period which it requires banks to examine problematic behavior, but it has also permitted banks to conduct their own reviews (which seems to have Dawson worried about losing the business of providing such services for banks).
Where the OCC required lookbacks, it asked for risk-based, targeted reviews, rather than comprehensive look-backs that were sometimes found in earlier enforcement actions. The recent actions either specify a shorter look-back period than has been specified in the past or, in the case of the Citibank action, no explicitly specified period, subject to the ability of the regulator to expand the look-back depending on the results of the more limited period.
Also, the OCC actions allowed the institutions to conduct the review themselves and either do not explicitly mention an independent consultant or limit the role of the independent consultant to “supervising and certifying” the look-back.
The OCC, at least, doesn’t sound like it’s doing “smarter” enforcement, but rather doing lax enforcement. Remember, though, that OCC got a newly-confirmed Comptroller during this period, who talked aggressively at the recent Permanent Subcommittee on Investigations hearing on HSBC’s egregious AML problems–though that talk partly echoed what Dawson has to say about “flexibility” and a “holistic” approach.
Meanwhile, according to Dawson, the Fed doesn’t seem to be offering quite as much flexibility. Dawson describes the Fed employing this new risk-based approach, but it is still requiring longer reviews (though not all that long, at 16 months) and outside consultants to complete the reviews.
The Fed, in its action against Commerzbank requiring a lookback, also showed some flexibility. The regulator required only a targeted review of currency transaction reports (required for transactions above $10,000) and bulk cash transactions. However, the review period (nearly 16 months) was longer than that specified in the OCC actions, and the Fed did not explicitly allow for a two-step approach to the review in which the institution looks first at a narrower time period and reports the results to the regulators, which then decide whether a second, expanded review is necessary. The Fed also required that an independent consultant conduct the bulk cash transaction review.
Even though Dawson describes the Fed’s process as more strict than OCC’s, it would have been the Fed that defined the terms of the SCB review that magically found less than a percentage of the violations that SCB ultimately admitted to. Given what Dawson says about customer identification, you’d think PFG’s $14 million in transactions represent just those obviously involving Specially Designated Nationals–those Iranian individuals that Treasury has singled out for special sanctions. Except according to the NYT, DOJ has not yet seen evidence of any SDNs being involved.
The prosecutors have not yet found any money transfers that went to so-called specially designated nationals, the term assigned by the Treasury Department to terrorists, drug cartels or individuals or companies owned or operated by sanctioned countries, the law enforcement officials said.
In his Aug. 6 order against Standard Chartered, Mr. Lawsky claimed the bank “left the U.S. financial system vulnerable to terrorists, weapons dealers, drug kingpins and corrupt regimes.” The order said the bank transferred money on behalf of Iranian state-owned banks — including the Central Bank of Iran/Markazi, Bank Saderat and Bank Melli. American officials suspected Iran was using those banks to finance nuclear weapons and missile programs.
So far, prosecutors said that they had not yet discovered transactions with those banks after the Iranian banks were added to the specially designated nationals list. Mr. Lawsky pointed out in his order that it was impossible to know how the money was used because Standard Chartered deliberately stripped identifying information from the transactions.
Here’s my wildarsed guess–and it is just a guess: the government has realized that its entire sanctions regime, driven as it has been by SWIFT data, was largely meaningless, because just about every foreign bank in the world entered deceptive information into SWIFT. So now they’re trying to cozy up to banks to ask them nicely to turn over the information (even as they appear to be rolling out StuxNet tools to gather the data via other means), focusing only on identified targets rather than the problem of money laundering more generally. But that approach relies on many things, not least that the banks have the information they’ve worked diligently for years to hide.
As I said, that’s just a guess, and I’m still not convinced that Andrew Cuomo’s effort to bypass the Federal regulators involves a defense of earlier approaches at preventing money laundering.
I’m not sure anyone’s trying to stop money laundering–as opposed to the Iranians–more generally.