On Dec. 3, 2018, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network (“FinCEN”), the National Credit Union Administration and the Office of the Comptroller of the Currency (collectively, the “Agencies”) issued a joint statement encouraging depository institutions, such as banks and credit unions, to explore innovative approaches to their Bank Secrecy Act/anti-money laundering (“BSA/AML”) compliance obligations (“Joint Statement”). The Joint Statement emphasizes two points: first, the importance of innovation in the private sector and second, the Agencies’ commitment to engaging with banks in promoting such innovation.
The Joint Statement recognizes that private sector innovation with tools such as artificial intelligence or digital identity technologies can help financial institutions enhance security and better identify and report activities such as money laundering and terrorist financing. Specifically, the Joint Statement notes that innovations can augment existing BSA/AML compliance programs by automating risk identification and enhancing transaction monitoring systems.
The Agencies recognized the importance of pilot programs in implementing innovations, and emphasized that regulatory oversight of innovation efforts would be tolerant and supportive. According to the Joint Statement:
Pilot programs undertaken by banks, in conjunction with existing BSA/AML processes, are an important means of testing and validating the effectiveness of innovative approaches. While the Agencies may provide feedback, pilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful. Likewise, pilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program. For example, when banks test or implement artificial intelligence-based transaction monitoring systems and identify suspicious activity that would not otherwise have been identified under existing processes, the Agencies will not automatically assume that the banks’ existing processes are deficient. In these instances, the Agencies will assess the adequacy of banks’ existing suspicious activity monitoring processes independent of the results of the pilot program. Further, the implementation of innovative approaches in banks’ BSA/AML compliance programs will not result in additional regulatory expectations.
Importantly, the statement also provides that the Agencies will not “penalize or criticize banks that maintain effective BSA/AML compliance programs commensurate with their risk profiles but chose not to pursue innovative approaches.” The Agencies cautioned, however, that ongoing safety and soundness and BSA/AML compliance must be maintained throughout any pilot program trial or implementation of an innovative approach to BSA/AML compliance. Bank management should carefully evaluate whether innovative approaches are sufficient in addressing BSA/AML compliance obligations or raise alternative concerns, such as those involving information security, third-party risk management and “compliance with other applicable laws and regulations, such as those related to customer notifications and privacy.”
Commitment to Private Sector Engagement
To best assist depository institutions, the Agencies committed to continued engagement with the private sector to discuss pilot programs to support innovation in BSA/AML compliance, and exploring additional cooperative measures, such as engaging in a dialogue with the private sector regarding innovation and outreach efforts, that include dedicated times for financial institutions, technology providers and other firms involved in financial services innovation, to discuss the implications and applications of their products and services. According to the Joint Statement, such engagement will allow regulators to better understand the capabilities of new technologies and provide guidance regarding continued compliance risk management. In addition, the Joint Statement also provides that, as long as depository institutions maintain the overall effectiveness of their BSA/AML compliance programs, FinCEN has agreed to consider requests for exceptive relief from regulations administered by FinCEN to facilitate the testing of new technologies.
The Joint Statement was highlighted in a speech made by Under Secretary Sigal Mandelker before the 2018 American Bankers Association and American Bar Association Financial Crimes Enforcement Conference. Under Secretary Mandelker stated:
In recent years, financial institutions have improved their ability to identify customers and monitor transactions using new technologies that rely on artificial intelligence and machine learning. To that end, we are actively engaged with financial institutions and businesses in the FinTech and RegTech sectors as we explore ways to work more closely with financial institutions, in particular, to foster innovation and leverage financial and regulatory technology. We are committed to a long-term and collaborative approach to combat financial crime and root out illicit actors. These efforts are so much more effective when we work as partners.
This publication is the second statement resulting from a working group formed by the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence, FinCEN and the federal depository institutions’ regulations, aimed at improving the effectiveness and efficiency of the BSA/AML regime in the United States. On Oct. 3, 2018, the Agencies issued an Interagency Statement on Sharing Bank Secrecy Act Resources. That statement noted that depository institutions may enter into collaborative arrangements to share resources to manage their BSA/AML compliance obligations more efficiently and effectively.