The Treasury Department recently issued two companion reports, the National Money Laundering Risk Assessment[1] ("NMLRA") and the National Terrorist Financing Risk Assessment[2] ("NTFRA"), that address anti-money laundering ("AML") and terrorist financing ("TF") regulations and existing threats.  The purpose of the assessments was to provide the public with an overview of various money laundering and terrorist financing methods, the effectiveness of efforts to address vulnerabilities in the financial system, and the residual risks that persist.  The assessments provide a glimpse into the Treasury Department's assessment of financial institutions' compliance with their AML and Bank Secrecy Act ("BSA") obligations.  Overall, the assessments reflect that financial institutions have diligently been attempting to comply with their obligations notwithstanding the many difficulties faced when trying to detect money laundering.

Scope of the Reports

The assessments were based on analysis of more than 5,000 federal indictments from 2006 to 2011 and reporting from the government and the private sector.  A number of government agencies were consulted, including, but not limited to, the Treasury Department, the Department of Justice, the Department of State, the Commodities Futures Trading Commission, the Federal Deposit Insurance Corporation, the Federal Reserve, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission ("SEC").[3]  The assessments can therefore fairly be read as an authoritative current statement of AML and TF risks by the federal government.

Key Role of Financial Institutions

The Treasury Department believes that financial institutions are essential to preventing money laundering and recognizes their efforts.  In an introductory letter that preceded both assessments, Adam J. Szubin, Acting Under Secretary, Terrorism and Financial Intelligence, emphasized the importance of policymakers, law enforcement, supervisors, and financial institutions working together to combat money laundering. [4]  He noted that the U.S.'s AML and anti-TF framework is "sophisticated and well-designed" to address threats while also "maintaining an attractive business environment." [5]  Additionally, he identified the financial sector as a "key partner" in "efforts to combat illicit finance" and noted that "financial institutions devote considerable time and resources to identifying and assessing risks and in taking steps to mitigate those risks." [6]  Indeed, the AML assessment notes that "[w]ith few exceptions, U.S. regulation, supervision, and enforcement are effective and adequate.  Between 2006 and 2012, out of the approximately 13,000 depository institutions in the United States only approximately 1 percent were subjected to formal enforcement actions requiring them to improve their programs, and over the last three years the issuance of enforcement actions has decreased significantly." [7]  The AML assessment notes, however, that "[o]ccasional AML compliance deficiencies" are an "inevitable consequence of a financial system with hundreds of thousands of locations for financial services." [8]  

AML Threats for Larger Institutions

The AML assessment notes the vast scope of the threat of money laundering with reference to the underlying crimes that generate the money to be laundered.  According to the report, estimated proceeds from all forms of financial crime in the United States, excluding tax evasion, were $300 billion in 2010, amounting to approximately two percent of the U.S. economy. [9]  The report lists the main predicate crimes underlying money laundering as healthcare fraud, identity theft, tax fraud, mortgage fraud, retail and consumer fraud, securities fraud, drug trafficking, human smuggling, organized crime, and public corruption.

The AML assessment, as discussed above, is complimentary of the efforts of large financial institutions.  It devotes considerable attention to vulnerabilities outside of the ambit of large institutions, such as bulk cash smuggling and the use of non-bank financial institutions by over 25 percent of Americans.  The AML assessment also points out various challenges facing banks in the current environment.  Noting that six banks hold more than 40 percent of U.S. deposits, the assessment states that these six banks are therefore "at highest risk." [10]  The assessment acknowledges that criminals are "continually seeking opportunities to misuse" the various products and services offered by banks and that "[o]ne of the key challenges facing banks is adequately adapting their controls on a timely basis to close vulnerabilities exploited by criminals." [11]  The assessment further states that, "[a]s a practical matter, it is not possible to detect and report all potentially illicit transactions that flow through a financial institution." [12]

The AML assessment describes six enforcement actions against U.S. banks between 2007 and 2013, all stemming from inadequate monitoring of relationships with Mexican money transmitters, known as casas de cambio ("CDCs"). [13]  Even in this troublesome area, the AML assessment notes significant success resulting from the partnership between U.S. law enforcement, Mexican law enforcement, and major U.S. banks.  Notably, between 2007 and the issuance of the assessment, the number of registered CDCs in Mexico fell from 24 to 8. [14]  But the assessment also cautions about new money laundering techniques by the cartels: "Mexican [drug trafficking organizations] have used front companies and individuals to receive wires and act as nominees to place U.S. currency into the Mexican banking system.  And couriers, nominee account holders, and front companies are doing the same in the United States." [15] 

The AML assessment also cautions banks to remain vigilant in updating their AML and BSA programs "to keep pace with how criminals exploit new products and services." [16]  Relying on FinCEN guidance from August 2014, the assessment states that a financial institution can strengthen its compliance program by ensuring that:

  • "Its leadership actively supports and understands compliance efforts";
  • "Efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests";
  • "Relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts";
  • "The institution devotes adequate resources to its compliance function";
  • "The compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party"; and
  • "Its leadership and staff understand the purpose of its BSA/AML efforts and how its reporting is used." [17]

 The AML assessment also reached beyond banks, noting that the gaming industry is subject to BSA requirements and had filed more than 27,000 Suspicious Activity Reports ("SARs") in 2013. [18]  The assessment also reviewed the BSA/AML responsibilities of the U.S. securities industry, emphasizing that in 2015 the SEC's Office of Compliance Inspections and Examinations announced new exam priorities, including examining "clearing and introducing broker-dealers' AML programs," using analytics to focus on firms that have not filed SARs or have inadequately filed SARs, and also focusing on broker-dealers that allow customers to deposit and withdraw cash and/or service customers from higher-risk jurisdictions. [19]

Detecting Terrorist Financing:  Successes but Further Vigilance Needed

 

The TF assessment notes that "terrorist financiers and facilitators are creative and will seek to exploit vulnerabilities in our society and financial system to further their unlawful aims." [20]  More provocatively, it quoted the deceased financial chief of Al-Qaida: "without money, jihad stops." [21]

According to the TF assessment, banks "are an attractive means for terrorist groups to move funds globally because of the speed and ease at which they can move funds within the international financial system." [22]  Even so, the assessment once again cites successes, noting that "controls instituted to combat money laundering have also strengthened our ability to identify, deter, and disrupt TF." [23]  Analyzing TF cases brought in federal courts, the assessment notes that only 8% of funds transfers in TF cases after 2007 involved the movement of funds directly through the banking system, down from 30% in the period from 2001 to 2007. [24]

For large institutions, the TF assessment locates the largest TF risk in correspondent accounts maintained by foreign financial institutions at U.S. banks.  The assessment explains that some correspondent banking relationships can inherently carry higher risks due to the challenges of "intermediation," where multiple intermediary financial institutions may be involved in a single funds transfer transaction.  The presence of multiple financial institutions in complex transactions could indirectly expose U.S. financial institutions to TF risk if the foreign financial institutions that maintain these accounts either are not subject to strict AML controls or simply fail to implement effective customer due diligence practices and suspicious activity identification processes.[25]

The TF assessment notes that, because of these risks, federal regulations require certain U.S. financial institutions to conduct due diligence on their foreign correspondents to ensure that the foreign correspondents' controls are adequate to manage the risk to the U.S. institution. [26]  In situations involving higher-risk correspondents, financial institutions must conduct enhanced due diligence that requires (1) enhanced scrutiny, (2) determining whether the foreign financial institution maintains "nested" accounts for other foreign banks, and (3) the collection of beneficial owner information regarding foreign correspondents  that are not publicly traded. [27] 

Finally, the TF assessment notes that, as U.S. regulation has made it increasingly more difficult for terrorist organizations to tap into the U.S. financial system, terrorists are rapidly seeking to develop new strategies.  These strategies include identity theft, the hijacking of foreign banks by the Islamic State of Iraq and the Levant ("ISIL"), and the use of virtual currencies. [28]  For example, the assessment notes the posting on a blog linked to ISIL of a proposal to use Bitcoin to fund global jihadist efforts. [29]  It is clear that U.S. financial institutions must remain vigilant as these threats continue to develop.

An Encouraging Trend

The banking industry has been subjected to significant BSA/AML enforcement proceedings in recent years, with financial penalties exceeding $1 billion imposed in multiple cases.  There is an argument to be made that these mega-penalties are not in keeping with the increased efforts to stop the flow of illicit funds, as recognized in the assessments.  Notably, the assessments do not focus on these large cases, but instead survey the entire breadth of the AML and TF risks, a large portion of which exists on a much smaller scale, either in smaller institutions or outside of the banking system entirely.  Treasury's praise for the compliance efforts of financial institutions, combined with the acknowledgment of the broader scope of the threat, is encouraging to banks as they strive to comply with their obligations to maintain effective AML programs.