Deputizing financial institutions: How to make AML surveillance programs more useful to law enforcement (Part I) May 06 2014 Robert M Axelrod This two-part series proposes that banks and other financial institutions operating in the United States be allowed and helped to alter their current approach to recognizing and reporting suspicious activity in the course of their anti-money laundering (AML) programs, so as to support law enforcement more directly in the fight against crime. The first installment examines the current AML practice and discusses how financial institutions could take a more proactive role. The second installment will outline a process for initiating such changes, as well as a model for improved interactions between financial institutions, regulators, and law enforcement, focused on ferreting out specific criminal activity. The goal of such reforms would be to improve the alignment between AML efforts and the core crime- and terrorismfighting objectives that motivated the underlying statutes and regulations in the first place. Most financial institutions are obligated to file Suspicious Activity Reports (SARs) within 30 days of receiving information (about a known individual or entity) that establishes suspicious activity that may relate to a violation of the law or whose explanation is not reasonably apparent (and hence "suspicious") in light of the known circumstances regarding the subject and the surrounding financial transactions. (See 31 CFR Section 1020.320 for specific SAR requirements.) The failure to file SARs in a timely manner is a criminal violation and is the source of a substantial part of civil and criminal AML enforcement actions. Firms have, accordingly, developed exceptionally large and complex surveillance models and elaborate applications, and they have amassed sophisticated and numerous staff to sift through transactional and related data to determine whether a SAR must be filed. The surveillance obligation, however, is framed in terms of mere suspicion. While reducing crime and facilitating the investigation of criminal activity are no doubt a large part of the policy basis, there is no legal requirement to find significant criminal activity or even to actually facilitate any investigation. In other words, missing criminal activity that is staring you in the face represents a failure to file a SAR, but there is no specific penalty for failing to take a proactive role to recognize significant criminal activity and to go beyond merely identifying activity that is broadly defined as suspicious. If we seek, however, to emphasize and encourage the identification of significant criminal activity, including terrorist activity, and/or the facilitation of actual investigations, then three strategic initiatives may be envisioned: 1. A feedback mechanism that would allow financial institutions to track the performance of their AML programs based on their utility to law enforcement; 2. A regulatory credit framework with incentives for institutions to increase the volume of serious crimes detected; and 3. Leveraging the entrepreneurial nature inherent to FIs. Feedback to financial institutions There is currently no formal regulatory category for labeling "good" or "serious" SARs, as opposed to merely adequate ones. Additionally, there exists no recognition or disincentive regarding SARs, whose filing may be required under the current definition of suspicion, that are actually not productive for law enforcement. Thus, assuming that institutions had a strong incentive to ferret out crime, or things that law enforcement could use to reduce crime, then they would wish to evaluate the SARs they filed in terms of how useful they were. This would include getting a sense of how many of their SARs were useful and how many were relatively useless. That awareness, however, would require the delivery of systematic feedback from law enforcement about the hit-rate of their SARs, defined in terms of how frequently the reports actually helped. This is not currently provided. Consider this hypothetical situation: Bank A and Bank B each file 1,000 SARs per year regarding their comparable correspondent banking businesses. If law enforcement were to keep data over time as to which SARs it considered useful (we can use whatever barometer is selected and whatever timeframe) and then shared that information with the banks at a generic level, it could drive change and improve effectiveness. For example, if the data showed that only 100 of Bank A's SARs were useful, the bank could initiate reforms, such as retraining its investigative personnel. It could then use the subsequent feedback to evaluate the success of that initiative. Moreover, law enforcement or regulators could compare Bank A to Bank B and discover that Bank B filed a substantially greater number of useful SARs, because of certain differences in the structure of Bank B’s monitoring rules and the fact that their investigators were more experienced. Regulators could then channel that knowledge into specific guidance for Bank A. Under the current status quo, however, Bank A would not have the systematic SAR feedback information necessary to improve the usefulness of its AML program. (It is, of course, recognized that feedback to financial institutions needs to be at a high enough level to avoid jeopardizing the confidentiality of SARs, but program-wide results gathered over several years should not be problematic in that regard.) Feedback would allow Bank A and Bank B to identify what elements, over time, had been effective in their surveillance programs. Additionally, if the feedback were specific enough, it would also provide better insight as to the true risk profiles of their specific business models. For example, if a preponderance of the really useful SARs related to Ponzi schemes or identity theft, then specific business line training and specific product offering changes may be determined in response. With further guidance from regulators on AML program elements that worked best, Bank A may also be in a better position to defend its SAR-filing level as appropriate, even if it is low compared to Bank B. Incentives The regulatory impact of failing to file SARs, including the failure to file them in a timely manner, can be calamitous for firms. By contrast, a firm's provision of materially beneficial help to law enforcement does not result in a better regulatory standing for that firm in the context of potential future regulatory action. The requirement to enforce against SAR violations currently trumps any gauzy goodwill that a firm might have accrued with a particular law enforcement agency because of the usefulness of its prior SARs. Unless regulations allow some flexibility to credit firms for being useful, one should not expect the most coherent effort toward providing useful SARs in this regard from those institutions. Policymakers can create appropriate incentives through a number of initiatives. For example, they could establish explicit mitigating elements in civil or criminal enforcement guidelines. Alternatively, they could create a law enforcement clearing house regarding the firms that have been more useful, including a framework for keeping regulators informed. They could even devise a system akin to carbon/pollution credits for those firms that are particularly effective at helping law enforcement. It would be important for the enforcement mitigation features of these incentives to move from the general high effectiveness of the AML surveillance program to a specific set of shortcomings, rather than being limited to the specific failure at issue. The point here is to generate some credit for an FI that has been successful at assisting law enforcement. In effect, the FI would, in a limited way, be able to score some points with a good program and use them against lapses that may inevitably occur. Another aspect of these incentives, combined with the feedback described above, would be the ability to evaluate and then, as appropriate, allow institutions to cut back on the filing of defensive SARs (i.e. those SARs that lack subjective suspicion but are filed as insurance against future regulatory criticism for not filing). Establishing usefulness as a criteria would also encourage firms to allocate their investigative resources accordingly. Leveraging entrepreneurship Because firms are required to help law enforcement with suspicious activity surveillance and reporting programs, they are sometimes said to have been "deputized" by the regulations. The regulations, in turn, delineate what the firms must do to carry out this role. However, we should not lose sight of the fact that a bank is a bank, a mutual fund is a mutual fund, a broker is a broker, and even a casino is a casino, above all, rather than a surrogate law enforcement agency. These entities are businesses, driven by businessmen, who are generally revenue-motivated. If the reward feature of filing useful SARs is properly exploited, then the entrepreneurial nature of these entities will kick in. Let firms compete within their peer groups to have a better score. Let them ennoble the investigator that does more to identify sophisticated schemes and files SARs that are better than merely sufficient—even though going the extra mile takes more time and resources—as opposed to the investigator that methodically churns out "file-able" SARs, but who never finds the golden needle in the haystack. Businesses are competitive, but SAR-filing is not, at present. If effective SARs (i.e., the ones that are useful to law enforcement) are rewarded in a meaningful way, then the business nature of financial institutions will focus on generating effective SARs, just as it does on generating large revenues. If these three strategies can be employed, firms are more likely to produce better information for law enforcement. They would better understand when they are successful in this regard, and to correlate what they are doing to be successful. Additionally, law enforcement and regulators would work together to reward successful FIs, though there would have to be some regulatory and communication changes to make the rewards operational. Finally, with incentives and knowledge better aligned, firms would unleash their entrepreneurial strength to create value in the way that successful businesses have always done to improve productivity. In Part II of this article, we will discuss how specific interactions between law enforcement, regulators, and firms can initiate change in this regard. Robert Axelrod is a director of the Deloitte Forensic practice of Deloitte Financial Advisory Services LLP ("Deloitte FAS"). Axelrod specializes in projects addressing financial transactions in regulatory and compliance contexts, including antimoney laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry, specifically addressing b anks, insurance companies and b roker dealers. THOMSON REUTERS GRC | © 2011 THOMSON REUTERS. ALL RIGHTS RESERVED CONTACT US DISCLAIMER TERMS & CONDITIONS PRIVACY STATEMENT ACCESSIBILITY RSS TWITTER GRC CONNECTS LINKEDIN Deputizing financial institutions: How to make AML surveillance more useful to law enforcement (Part II) May 07 2014 Robert M Axelrod Part I of this series identified three strategies for enhancing the usefulness of suspicious activity reports (SARs) filed by financial institutions: creating incentives, providing feedback, and harnessing entrepreneurship. This article will outline a process for introducing such changes, while describing improved model interactions between firms, regulators, and law enforcement. The ultimate goal of these proposals is to improve the ability of firms to help law enforcement agencies detect, prevent, and punish criminal activity. The U.S. Treasury Department's authority to promulgate SAR regulations incorporates the standard that the results have a "high degree of usefulness" for criminal prosecutions (31 U.S.C. 5318(g)). If there is a desire for law enforcement to work with financial institutions to "tune" their collaborative activities, after years of abundant SAR filings, then it would certainly be consistent with, if not dictated by, this authority. SAR regulations could be changed to accommodate a new direction, once that direction gains a consensus based upon an analysis of past experience. The current regulations have set a standard of reporting anything suspicious, without creating a process to prefer reports more likely be useful. While this approach addresses the fact that financial institutions cannot investigate as comprehensively as law enforcement—and the fact that sometimes just the seemingly inexplicable nature of an event can lead law enforcement to discover something important—there is enough experience now with the current SAR-filing process to reconsider priorities. How has it worked? Even if a relatively low level of suspicion is theoretically attractive, can we now ask what SARs and what approaches by financial institutions have generated the most value for law enforcement, then incentivize law enforcement, firms, and regulators accordingly? If we can better guide firms to file more useful SARs, as opposed to more compliant ones, then we should consider the data now at our disposal to create such a direction. Identifying what works The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has the initial necessary data – the filed SARs – to begin identifying what has worked. It would need to collect from law enforcement some index of the useful SARs. That task can perhaps be best accomplished prospectively. Once law enforcement has complete data and analysis, there are existing venues with applicable stakeholders -- such as the Bank Secrecy Act Advisory Group (BSAAG), FinCEN’s reporting processes, or FinCEN’s interaction with other regulators -- where law enforcement could identify the nature of successful surveillance processes. It may be useful in this regard to include in SAR forms, or in post-SAR queries, greater detail on how a financial institution came across the information (e.g., with what monitoring rule) as contrasted with (but not in lieu of) the current emphasis on what has been found to be suspicious. By identifying the factors surrounding which SARs are truly productive and how the activity in question is identified, law enforcement could establish better, and cost-saving, guidelines for when defensive SARs need not be filed. Of course, analysis may ultimately show that some kinds of activity are more deserving of conservative breadth than others. Jump-starting the focus, with terrorism financing A principal, current regulatory motivation for SARs is the fight against terrorism financing. The number of terrorismrelated SARs is relatively small, compared to the overall population of SARs, and thus provides a good place to start. SAR forms have long required that the filer designate whether the activity deemed suspicious relates to terrorism. Law enforcement, which has kept records of its terrorism financing investigations and prosecutions, can therefore match (confidentially) those operations to all the terrorism-labeled SARs filed by major banks. It can then judge which banks have been more effective than others in this regard. The criteria for such a comparison can include the number of hits, the frequency of those hits per number of SARs filed, their frequency relative to a bank’s transactions, or other parameters. Law enforcement and regulators can then put together a responsive factor analysis to understand what kinds of program elements drive the filing of useful SARs in the terrorism-financing landscape. For example, analysis may show that the information which best supported terrorism investigations was, in fact, not recognized by firms as being related to terrorism, but rather some other problematic activity. One can then look to compare the best and the worst (in terms of effectiveness) and draw some inferences about what monitoring rules or other surveillance approaches are used, what populations of transactions are consulted in investigations, how investigators are trained, the level of interaction with law enforcement, and other characteristics. None of this analysis will require the disclosure of a particular terrorism investigation. Because terrorism-related SARs have generally been given such high priority by law enforcement, backward-looking data may be relatively accessible. Cooperation on particular TF investigations between firms and law enforcement is relatively common and well known. What has not occurred, however, is guidance or conclusions regarding surveillance and program characteristics arising as a result. Achieving that outcome would be one likely fruit of a formal, data-centric approach. Alternatively, law enforcement could consider working with criminal activity data that is already public. By virtue of mitigating problematic confidentiality implications, the use of public information could be particularly suitable for promoting more of a two-way interaction. For example, if law enforcement targeted drug cartel activity, it could not only look at the terrorism-financing processes set forth above, it could also take information from successful prosecutions and use it to isolate financial institution data on cartel-related parties that is contemporaneous with the prosecuted criminal activities. By analyzing the transactions executed by those parties, authorities could identify certain characteristics, or "tells," that distinguish drug-relative activities from other transactions. This would be a cooperative process between law enforcement and financial institutions to identify new typologies by mining existing data, which would improve the ability of firms to detect future criminal activity. More specifically, this process could be used to educate firms about the "tells" of particularly resourceful malefactors, such as third-party money-launderers, who presumably exploit the fragmentary nature of the surveillance endemic to the financial institution role. There already exists a current counterpart for this proposed arrangement, under Section 314(a) of the USA Patriot Act (PDF), under which the government distributes lists of persons or entities and asks firms for reports on the presence of recent transactions, irrespective of whether the transactions appear suspicious. If queries were made with respect to earlier transactions arising out of known (and presumably no longer confidential) criminal activity, and there were more knowledge shared with the firms, then the institutions would learn more rapidly how better to recognize suspicious activity. Conclusion If the regulatory framework gave financial institutions incentives to sharpen their focus on finding criminal activity, and if law enforcement provided feedback regarding the success of that effort, then the financial services industry could become a more useful ally in the fight against crime. Wouldn’t it be an advantage to see what works best in the endgame of criminal investigation? Financial institutions, regulators, and law enforcement could then better evaluate AML surveillance programs, and financial institutions could make a more intelligent (and transparent) allocation of resources about terrorism financing and other criminal activity. Financial institutions might then be put in a position to proactively accomplish their mission in a relatively transparent way and harness regulatory scrutiny around aiding law enforcement, giving the regulatory and law enforcement communities a more direct way of identifying successful AML programs. Such arrangements might also provide a mechanism for law enforcement and regulators to reinforce the success of financial institutions. That might provide a constructive way to normalize the incentives for financial institutions. Finally, putting the firms in a position to more directly accomplish core AML goals and be recognized for success is likely to enhance the breadth and depth of personal efforts at the firms for effective recognition and reporting of potential criminal activity. Robert Axelrod is a director of the Deloitte Forensic practice of Deloitte Financial Advisory Services LLP ("Deloitte FAS"). Axelrod specializes in projects addressing financial transactions in regulatory and compliance contexts, including antimoney laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry, specifically addressing b anks, insurance companies and b roker dealers. THOMSON REUTERS GRC | © 2011 THOMSON REUTERS. ALL RIGHTS RESERVED CONTACT US DISCLAIMER TERMS & CONDITIONS PRIVACY STATEMENT ACCESSIBILITY RSS TWITTER GRC CONNECTS LINKEDIN