Over the coming weeks we will examine a number of financial crimes issues including several for anti money laundering.  Feel free to comment or email me with any burning questions. Professor William Byrnes (www.llmprogram.org) as well as join one of daily webcasts.  This is part one in a series that I will compose on whether instiutions are implementing effective training programs or merely whitewashing to avoid criticism (at the cost of risk of non-detection of internal or external AML infraction).

The Regulatory Environment [1]

For the past several years, the US banking industry has focused on regulatory issues, such as the corporate governance provisions of the Sarbanes-Oxley Act (enacted in 2002) and the banking-related parts of the USA Patriot Act (enacted in 2001). Much literature and studies have been provided regarding the cost impact of the various implemented measures.

Smaller community banks have contended that it is difficult for them to comply with certain Sarbanes-Oxley provisions, such as the requirement that audit committees be composed entirely of independent directors and that companies have a “financial expert” on the board of directors. The provisions of the USA Patriot Act require increased investments in technology (though many in the industry have questioned the effectiveness of these investments in preventing the funding of terrorist groups or activities).

The Reporting Impact

Resulting from the impetus of the Al Qaeda’s terrorist attacks of 9/11, the US financial institution regulators became an enforcement hawk of the money laundering provisions of the Bank Secrecy Act (“BSA”).  In turn, hawkish enforcement has led to a drastic increase in the number of BSA filings.  In 2007, the approximate two hundred thousand US depository institutions filed over 649,176 Suspicious Activity Reports (“SAR”s), as  reported by the US Government Accountability Office (“GAO”) (over 1.2 million SARs filed by all financial service providers).  In 2008, these deposit institutions increased their SAR filings by nearly a hundred thousand.  In contrast, just two hundred, twenty thousand STRs were filed in the UK by all covered persons in 2006-07 (of which 140,000 were filed by banks) with a 10,000 total filing decrease last year.[2] 

This begs the question: are too many being filed in the USA, clogging the investigatory system, or are too few filed in the UK, allowing criminals to operate freely?  And leads to many other questions such as: Do criminals launder more money in the US and less in the UK?  Are US personnel improperly trained and thus filing SARs improperly or with little use?  Are UK institutions whitewashing their responsibilities and thus staff are not equipped to identify suspicious transactions and patterns?  We will discuss these and many others if not here, in the webinars.

Notwithstanding this level of apparent US hawkish compliance, the GAO noted that the federal regulatory authorities cited well over 7,000 BSA violations, leading to over 2,000 various actions against banking institutions.  Interestingly, a majority of 2005 actions were issued against the traditionally smaller credit unions that at first glance may be considered to carry less risk for money laundering.[3]  Moreover, these enforcement figures did not include the actions taken against casinos, jewelry stores, and money service businesses, such as check-cashing, whose anti money-laundering (“AML”) program compliance is audited by the IRS. 

Managing Risk through Training

International financial centers all have a requirement that firms subject to money laundering legislation have a designated compliance officer, known by different acronyms such as MLRO.  Further, the legislation requires staff training on a continuing basis.  By two examples, the USA and the UK respectively:

Bank Secrecy Act § 5318:

(h) Anti-Money Laundering Programs.—

(1) In general.— In order to guard against money laundering through financial institutions, each financial institution shall establish anti-money laundering programs, including, at a minimum—  …

(B) the designation of a compliance officer;

(C) an ongoing employee training program; ….

The Money Laundering Regulations 2007 Training: 

21. A relevant person must take appropriate measures so that all relevant employees of his are—

(a) made aware of the law relating to money laundering and terrorist financing; and

(b) regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing.

KPMG reports that the training of employees to recognize money laundering, which is labor intensive, has required a big cost increase for banks.  Yet, reviewing a few of the high dollar value civil penalty actions issued by the US regulators in the last two years illustrates that a lack of money laundering expertise at the management level and a lack of firm wide education and training at the staff level cuts across both large and small banking firms. 

Penalties for Lack of Training and Expertise

The highest publicity action in the past few years occurred against American Express Bank International (“AMEX”) – shortly thereafter purchased by Standard Chartered.  AMEX’s original sixty-five million dollar penalty resulted partly from the gross amount of errors in just one year in its SAR filings regarding its private banking services to its high net-worth individuals (HNWI) and the individuals’ respective businesses throughout Latin America.  In the 12 month period from May 2006, over 2,000 filing error were found for only 1,639 SARs, not including over 1,000 late SAR filings.  Other recent large penalties citing the lack of staff training include ABN-AMRO’s (forty million dollars) and fines of ten million dollars each for Bank Atlantic and AmSouth. 

A medium size Chicago head office bank suffered a two million dollar penalty because “management failed to implement adequate training for appropriate personnel to ensure compliance with the suspicious activity reporting requirements”.  The regulator found that the  Bank staff was inadequately trained in suspicious activity identification and monitoring, detection of structured transactions, and identification of possible money laundering.  Israel Discount Bank, with branches in a few states, paid a twelve million dollar file for inadequately training its staff regarding the heightened risks associated with its transaction involving Delaware LLC shell companies.  On the opposite size spectrum from AMEX, a one branch bank, Beach Bank of Miami, with less than $150 million in assets, suffered an eight hundred thousand dollar fine for its lack of monitoring of high risk accounts, including six foreign correspondent accounts. 

[2] The SAR Activity Review – By the Numbers Issue 10 (FINCEN May 2008); Money Laundering Regulations 2007: Regulatory Impact Assessment (HM Treasury July 2007), and The Suspicious Activity Reports Regime, Serious Organised Crime Agency (SOCA) United Kingdom http://www.soca.gov.uk/assessPublications/downloads/SAR-Annual-Report-08-pn.pdf.

[3] http://www.gao.gov/cgi-bin/getrpt?GAO-07-212