In light of the recent Standard Chartered Bank flap, Saturday’s report that Deutsche Bank is under investigation for similar behavior, and today’s report that RBS (as well as two other banks, one of which is Sumitomo Mitsui) is as well, I want to look at an article on Anti-Money Laundering enforcement a Promontory Financial Group exec, Michael Dawson, published in American Banker just one week before NY’s Superintendent of Financial Services, Benjamin Lawsky, filed an order against SCB alone.
Around the same time Dawson was writing this, remember, his company was involved in a review of SCB’s laundering of Iranian funds that would show a tiny fraction of the total exposure that SCB would ultimately admit to. That is, Dawson’s comments probably provide a glimpse into what PFG was seeing not just in Citibank and Commerzbank enforcement actions, which he discusses, but also in SCB. And it might help to explain why other regulators were so intent on crafting an SCB settlement based on just $14 million in violations rather than $250 billion.
Dawson reports seeing a change in recent AML/BSA enforcement actions, away from a “rules-based approach” toward a “risk-based approach.” He suggests that regulators are demanding not a broad-based examination of the scope of AML violations, but instead more targeted information about who posed the biggest risk laundering money and what they were doing.
Instead of requiring expensive reviews of extended periods of time for a broad range of potential suspicious activity, the latest enforcement actions emphasize a risk-based approach to AML compliance, with several of the actions requiring a risk assessment or enhancements to an existing assessment.
The level of specificity required is noteworthy and includes, among other things, detail on the volumes and types of transactions and services by country or geographic location as well as detail on the numbers of customers that typically pose higher BSA/AML risk. The actions also require a more holistic approach, requiring the results of the bank’s Customer Identification Program and Customer Due Diligence program to be integrated in the risk assessment. [my emphasis]
This sounds like the regulators are interested not in discovering how banks are complicit in money laundering, but rather using the banks to get details on key people who money launder and the tactics just those key people (terrorists, cartel kingpins, mean Iranians) use. (Note, I think something similar, but even more significant, happened last year when JPMC got busted for trading with Iran, but no one seems to remember that happened.)
After making these broad statements about the general direction of AML enforcement, Dawson distinguishes between what the Office of the Comptroller of the Currency is requiring and what the Fed is. OCC has not only shortened the period which it requires banks to examine problematic behavior, but it has also permitted banks to conduct their own reviews (which seems to have Dawson worried about losing the business of providing such services for banks).
Where the OCC required lookbacks, it asked for risk-based, targeted reviews, rather than comprehensive look-backs that were sometimes found in earlier enforcement actions. The recent actions either specify a shorter look-back period than has been specified in the past or, in the case of the Citibank action, no explicitly specified period, subject to the ability of the regulator to expand the look-back depending on the results of the more limited period.
Also, the OCC actions allowed the institutions to conduct the review themselves and either do not explicitly mention an independent consultant or limit the role of the independent consultant to “supervising and certifying” the look-back.
The OCC, at least, doesn’t sound like it’s doing “smarter” enforcement, but rather doing lax enforcement. Remember, though, that OCC got a newly-confirmed Comptroller during this period, who talked aggressively at the recent Permanent Subcommittee on Investigations hearing on HSBC’s egregious AML problems–though that talk partly echoed what Dawson has to say about “flexibility” and a “holistic” approach.
Meanwhile, according to Dawson, the Fed doesn’t seem to be offering quite as much flexibility. Dawson describes the Fed employing this new risk-based approach, but it is still requiring longer reviews (though not all that long, at 16 months) and outside consultants to complete the reviews.
The Fed, in its action against Commerzbank requiring a lookback, also showed some flexibility. Read more →