By Elaine R. Yancey
On June 20, 2012, the BSA Coalition hosted its fourth annual Anti-Money Laundering Conference at the Federal Reserve Bank of Richmond. The theme of this year’s conference was “Back to Basics.” It covered how we’ve adjusted to the economic downturn and opportunities for improving what we do in this new economic landscape. Barbara A. Yastine, Ally Bank president and chief executive officer (CEO) and chairman of the board, offered her perspective on this topic while providing an update on the state of compliance in the financial industry. Dan Soto, chief compliance officer of Ally Financial Inc., spoke about emerging anti-money laundering (AML) threats and highlighted enforcement action cases from recent years. Additional discussions focused on Bank Secrecy Act (BSA) and AML fundamentals and regulatory guidance, trends and emerging issues.
The BSA Coalition was founded in 2008 to create a forum in which experts at financial institutions, regulatory and law enforcement agencies and other organizations can discuss and debate questions, guidance and day-to-day issues associated with the development and implementation of effective BSA/AML programs.
If you saw “SAR Wars” on the agenda of the BSA Coalition Anti-Money Laundering Conference, you might have wondered what the former Fairfax County detective Steve Gurdak was going to discuss. Had he investigated a space alien who had laundered money? It turns out he had not, but he did talk about what a money launderer looks like. He equated a money launderer’s spending habits to someone who had just won the lottery, pointing out that people spend money differently when they earn it. Gurdak emphasized that a key tool in identifying the money launderer is the interview. “More lies are told about finances than fidelity,” he said, linking sudden wealth to behavioral changes that are often borne out in an individual’s banking statement. Such behaviors include spending large sums of money in a lavish, sometimes reckless manner.
Assistant U.S. Attorney Laura Marshall offered ways for financial institutions to aid money laundering investigations. She suggested that preserving video surveillance and photos as well as maintaining documentation to prove that customers had received information about the BSA and its requirements would help. Marshall also suggested contacting law enforcement directly before closing suspicious accounts, in cases of multiple Suspicious Activity Report (SAR) filings on the same customer, and when time is of the essence (such as when a banker learns that a customer who has aroused suspicion because of recent financial transactions is moving overseas).
Keynote speakers Barbara Yastine and Dan Soto, both of Ally, gave their no nonsense straight talk. Yastine noted that compliance is one of the more difficult corporate functions to understand, partly because of the sheer volume of federal, state and local laws on the books and partly because of the differing objectives of the laws. “Some laws exist for the protection of customers, some exist to govern corporate behavior and some, like the BSA, exist to provide information to authorities for their purposes and the collective good,” she said. Yastine concluded that this complexity demands the right kind of communication. Soto focused on the current AML landscape, discussing pending or proposed regulation as well as products. His perspective on the emerging discussions about additional due diligence requirements for domestic politically exposed persons (PEPs) is that the model should operate as the OFAC and other sanctions lists. He commented, “Let the government tell us who they are interested in. We are good at screening.”
Emerging cyber threats and account takeovers were also topics on the agenda. Among the themes brought forth by Andy Hodges of Capital One were that cybercrimes are pervasive and drive bank fraud loss across almost all areas. Further, most account takeovers are perpetrated by organized crime rings. The executive vice president and corporate risk manager of United Bankshares, Joe Wilson, said ACH agreements should be reviewed carefully to determine who is liable for any loss because judges have ruled against banks, even if the fraud takes place on the customer’s computer and not at the bank. Supervisory Special FBI Agent Melissa Horvath discussed specific account takeover methodologies, such as Zeus malware. Zeus malware methodologies are evolving from keystroke logging (to obtain user credentials to defeat two-factor authentication) to a new variant which uses distributed denial of service attacks to distract systems or make them unavailable to certain workers while illicit ACH transactions are occurring.
Last but not least were the regulators. Koko Ives of the Federal Reserve Board of Governors discussed the new e-filing requirements that would go into effect on July 1 and distinguished them from the revised Currency Transaction Report (CTR), SAR and Designation of Exempt Person forms requiring mandatory compliance by March 31, 2013. Attachments will be permissible under the new SAR form, and the new descriptive fields and drop-down boxes should both make it easier to file a SAR and enable more efficient searches by law enforcement and others for investigative reasons. Guidance detailing the new CTR and SAR forms is also available as a reference. Office of the Comptroller of the Currency (OCC) speaker Gary Porter focused on lessons learned from the Citibank cease and desist order levied by his agency. One of the lessons learned was that financial institutions’ AML teams should pay attention to core BSA program fundamentals, including the risk assessment, internal controls, the right BSA officer with the right skill set, the independent review, and effective suspicious activity monitoring discussed earlier in the conference by the “Back to Basics” panelists.
Federal Deposit Insurance Company (FDIC) AML Chief Debra Novak spoke about the risk-focused approach, set forth in the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, which her agency will use in examining the BSA. However, she suggested that a few core areas, such as suspicious activity monitoring, would likely always be reviewed. She said that AML staff should not only be involved in evaluating new product risks, but also should be involved in due diligence for mergers and acquisitions. Novak ended by touching on risks involving relationships with third-party payment processors and highlighted some observations and best practices in this area, including that:
So, what were some of the key takeaways from this Anti-Money Laundering Conference? Well, for one thing, money launderers can be hard to identify. They can look like any average person — that is until they start spending their dirty money! And, perhaps more startling is that our identity and bank accounts are but a keystroke away from being someone else’s.
Elaine Yancey is a supervisory examiner with the Federal Reserve Bank of Richmond. She can be reached at firstname.lastname@example.org.
The analyses and conclusions set forth in this publication are those of the authors and do not necessarily indicate concurrence by the Board of Governors, the Federal Reserve Banks, or the members of their staffs. Although we strive to make the information in this publication as accurate as possible, it is made available for educational and informational purposes only. Accordingly, for purposes of determining compliance with any legal requirement, the statements and views expressed in this publication do not constitute an interpretation of any law, rule or regulation by the Board or by the officials or employees of the Federal Reserve System.
Supervision, Regulation & Credit