ResourcesPractical guidance and standards for financial crime compliance practitioners

The Wolfsberg Group c/o Basel Institute on Governance Steinenring 60 | 4051 Basel, Switzerland

February 14, 2022

Via Electronic Submission

Financial Crimes Enforcement Network, Policy Division, P.O. Box 39, Vienna, VA 22183.

Re: Docket Number FINCEN-2021-0008

Dear Sir/Madam,

The Wolfsberg Group (the Group) welcomes the opportunity to comment on ways to modernise anti-money laundering and countering the financing of terrorism (AML/CFT¹) regulations and guidance in the United States. The Group is an association of thirteen global banks, founded in 2000, which aims to develop frameworks and guidance for the management of financial crime risk.² In recent years, the Group’s strategic focus has been on enhancing the effectiveness of global AML/CFT programmes. The Group has published several recent papers on the topic of effectiveness.³

The Group commends the U.S. government for the steps it has taken over the last several years to make the U.S. AML/CFT regime more effective and efficient. Specifically, we believe the Anti-Money Laundering Act of 2020 (the AML Act) and its requirement to establish national AML priorities was a significant step in achieving that objective. In order to achieve the benefits associated with focusing on national priorities, we believe it is essential that the U.S. government make two significant regulatory changes: (1) establish a definition for an effective AML/CFT program; and (2) align the Suspicious Activity Reporting (SAR) regulations with the national AML priorities. We also recommend several additional changes to regulations and guidance in order to modernise the AML/CFT regime.

Establishing a Definition for an Effective AML/CFT Program

Defining the ultimate goals of the U.S. AML/CFT regime is essential to making it more effective and efficient. Today, while there is a requirement that U.S. Financial Institutions (FIs) have an AML/CFT program, the Bank Secrecy Act (BSA) and its implementing regulations do not define what those programs should achieve. In the absence of defined AML program goals, supervisors tend to examine FIs almost exclusively on the basis of technical compliance rather than focusing on the practical element of whether AML/CFT programs are effective, based on performance against defined goals.

In December 2019, the Group published a Statement on Effectiveness that outlined what we believe are the key elements of an effective AML/CFT programme (The Wolfsberg Factors):⁴

1. Complying with AML/CFT laws and regulations
2. Providing highly useful information to relevant government agencies in defined priority areas
3. Establishing a reasonable and risk-based set of controls to mitigate the risks of an FI being used to facilitate illicit activity

In September 2020, FinCEN proposed a similar definition in an Advanced Notice of Proposed Rulemaking (the Effectiveness ANPRM), defining an “effective and reasonably designed” AML/CFT program as one that:⁵

• “Identifies, assesses, and reasonably mitigates the risks resulting from illicit financial activity – including terrorist financing, money laundering, and other related financial crimes – consistent with both the institution’s risk profile and the risks communicated by relevant government authorities as national AML priorities;
• Assures and monitors compliance with the recordkeeping and reporting requirements of the BSA; and
• Provides information with a high degree of usefulness to government authorities consistent with both the institution’s risk assessment and the risks communicated by relevant government authorities as national AML priorities.”

The Group believes adopting a definition of effectiveness, similar to the Wolfsberg Statement on Effectiveness or FinCEN’s proposed definition, is essential to modernising the U.S. AML/CFT regime for the following reasons:

• Both definitions refocus the regime around outcomes. Specifically, whether FIs are mitigating risks consistent with their risk profile in alignment with actionable national priorities and, crucially, whether the information they are providing to government agencies is highly useful. These factors are rarely considered in the evaluation of an FI’s AML/CFT program today.
• A clear definition provides a roadmap for supervisors to assess and FIs to demonstrate the effectiveness of an AML/CFT program. Where an FI can demonstrate that it has complied with applicable AML/CFT laws and regulations, designed its program to provide highly useful information to government agencies, and implemented a reasonable and risk-based set of controls to prevent and detect financial crime, this is strong evidence of the FI’s effectiveness.
• It gives FIs a framework to identify and stop/scale back practices that are ineffective and reallocate resources to more effective use. For example, today, FIs spend significant time and resources on activities that are considered “expectations” of an AML/CFT program but are not required by law or regulation. These “expectations” are sometimes written in non-binding guidance, sometimes unwritten, or simply a reflection of the views of an individual examiner or auditor. Unless these activities lead to highly useful information for government agencies or help the FI materially prevent, detect, or deter actual crime, these “expectations” are often counterproductive to an effective AML/CFT program. Yet, because there is no definition of an effective AML/CFT program, there is no framework for constructive debate around such expectations. For example, the AML/CTF regime should support FIs’ ability to change or stop transaction monitoring (TM) rules that result in a low conversion rate of alerts to SARs, for FIs to focus resource on higher value rulesets and activity. The Group wishes to highlight the importance of establishing a mechanism for raising and resolving barriers to an effective AML/CFT program and any unintended consequences with government and supervisors. These may include interpretation of law, regulations, and guidance.
• Critically, it provides a foundation for the U.S. government to define shared outcome-focused goals for the AML/CFT program against which measures may be designed, measured, and evaluated.

Once the definition is established, supervisors should encourage FIs to identify practices that are not required by law or regulation, do not lead to the production of highly useful information to relevant government agencies, and/or are of little financial crime risk management value to the FI. Then, following an appropriate risk-based evaluation and under appropriate governance, these practices could be stopped/scaled back, and resources employed more effectively and efficiently on areas that have increased value from a financial risk management perspective, are focused on the defined AML/CFT priorities that are applicable to their institution, and are highly useful to law enforcement.

Aligning SAR Regulations with the National Priorities

As part of the AML Act, the U.S. Congress amended the BSA to say that AML/CFT programs should, among other things, be “risk-based, including ensuring that more attention and resources of financial institutions should be directed toward higher-risk customers and activities, consistent with the risk profile of a financial institution, rather than toward lower-risk customers and activities.”⁶ Congress further amended the BSA to require that the U.S. Secretary of the Treasury establish national AML/CFT priorities.⁷ When the associated implementing regulations are established, FIs will be required to incorporate these priorities into their AML/CFT programs and supervisors will be required to examine FIs based on how they have done so.⁸ Taken together, these AML Act amendments to the BSA are a significant step towards a truly risk-based approach where institutions allocate their resources based on the applicability of national priorities to their institutions.

However, to achieve this risk-based approach, we believe FinCEN must re-examine the SAR regulations. The current SAR requirements in the U.S. are very broad, do not prioritise any type of suspicious activity over another and do not provide a framework for FIs to focus on AML/CFT priorities. To cover the broad array of potentially suspicious activity, FIs spread their time and resources thinly across a wide spectrum rather than focusing on specific priorities that are applicable to their institution. While attempting to provide broad “coverage,” in practice it means that FIs spend the majority of their time and resources reporting on frequently occurring, but relatively lower-risk activity without any apparent connection to the AML/CFT priorities (such as low dollar fraud or cash structuring when there is no apparent indication the cash was generated from criminal activity).

To be more effective, and fulfill the Congressional mandate, we believe FinCEN should modernise the SAR regulations to enable FIs to devote their attention and resources on higher-risk activity aligned to national AML/CFT priorities that are sufficiently granular for FIs to act upon. It is essential that government and supervisors accept that prioritising certain areas will necessarily mean de-prioritising others. The risk-based approach is not a zero-tolerance concept. Where an FI has reasonably focused on higher risk areas in line with its assessment of the threats it faces, an undetected weakness in a lower risk area is not by default an indication of program failure, but rather a natural extension of the implementation of a risk-based approach. In future, this would mean that FIs may not be filing SARs on all of the same activity that they are filing on today. It could even mean that FIs are filing fewer SARs overall or that certain reporting is done through automated feeds (potentially delivered to government agencies more quickly than today) rather than resource-intensive human investigation. Nevertheless, we believe modernising the SAR regulations will result in better quality, more useful information going to the government in the areas it cares about the most and will enable FIs to manage their financial crime risk better thus helping to protect the U.S. financial system and make our communities safer.

Additional Recommendations to Modernise the AML/CFT Regime

• Automated SAR Filing: As noted above, FIs spend a significant amount of time reporting on frequently occurring, but relatively lower-risk activity without any apparent connection to the AML/CFT priorities. If FinCEN continues to require this reporting after reconciling the SAR regulations with the national priorities, FinCEN should move expeditiously to comply with the requirements of Section 6202 of the AML Act and establish alternative streamlined, automated reporting processes for SARs on this lower-risk activity.
• Re-evaluation of the SAR form: In line with the recommendations to align the SAR regulations to the national priorities and potentially to automate filings on lower-risk activity, we believe that FinCEN should re-evaluate the SAR form itself. For example, while the SAR form has a number of boxes to check for different types of suspicious activity, it does not include all of the priority areas. In addition, it is not clear that all the information required on the form is highly useful to government agencies. FinCEN should re-evaluate all required information and either confirm that it is highly useful or remove the requirement.
• Continuing Activity Reports: Where a SAR is filed, FinCEN guidance requires FIs to re-review the activity within 90 days and file a continuing activity report (CAR) when the suspicious activity continues. Because most SAR filings are on frequently occurring, lower-risk activity, FIs spend significant time re-reviewing this activity and filing CARs. FinCEN should revise its CAR guidance so that FIs can take a risk-based approach (under appropriate governance) and focus CARs on SARs aligned to national priorities. In specific instances where a CAR would be useful to law enforcement outside of the priority areas, law enforcement could reach out to the FI and the FI could review the activity and file the CAR if appropriate. The effectiveness and efficiency of such CAR filing could be enhanced through more streamlined reporting or automation (e.g., through an API).
• ‘No-SAR’ Documentation: Today, FIs may spend as much or more time documenting a “no-SAR” decision as they do when a SAR is filled. This is a result of “expectations” from examiners and auditors. The excessive time spent on “no-SAR” documentation is not required by law, does not result in highly useful information to government agencies, and does not help the FI detect, prevent, or deter financial crime. Therefore, FinCEN, in consultation with the federal functional regulators, should clarify that a detailed description of the investigation and decision-making process is not required for each “no-SAR” and instead be clear that a short, concise statement documenting its justification is sufficient.
• CTR Reporting and Aggregation: As part of the Currency Transaction Reporting (CTR) requirements, FIs must review and aggregate cash transactions by or on behalf of the same person across accounts and businesses lines to determine whether the $10,000 threshold for reporting has been met. The time and resource burden of this aggregation is significant. We recommend that FinCEN revisit its CTR regulations to: (1) allow cash transaction data to be sent directly to FinCEN in an automated fashion, eliminating the need to file a CTR in the way it is done today; and (2) eliminate the aggregation requirement. Providing the information in this way would allow FinCEN to aggregate cash deposits across FIs. This more holistic view of the depositor’s activity is likely to be of higher value to FinCEN since sophisticated criminal organisations will often spread their cash deposits across multiple FIs. If FinCEN is concerned that eliminating the existing aggregation requirement would result in the loss of highly useful information, it could consider a threshold lower than $10,000. Allowing automation and eliminating aggregation by individual FIs would not only allow FIs to reallocate resources to higher-risk priority areas but also allow FinCEN and law enforcement to receive information on cash transactions much faster and in more effective way.
• Government Feedback on Reporting: We believe that there is a correlation between the level of feedback from the government to FIs on SAR reporting and the effectiveness of the AML/CFT regime. Today, government feedback to FIs on their SAR filing is limited. Greater feedback, particularly specific feedback on specific SARs to the filing FI, will allow FIs to focus on areas that are highly useful, train their systems that leverage machine learning and artificial intelligence better, and give FIs an indication of information that is not useful so that resources can be reallocated to more useful areas. FinCEN should take whatever steps it can under its regulations, guidance, or other authorities to increase the feedback to FIs to strengthen the feedback loop.
• Intelligence Sharing in Priority Areas: While the establishment of national AML priorities was a significant step in the right direction, the priority areas are very broad. An FI, for example, could not cover all aspects of drug trafficking, one of the identified national priorities. Therefore, we believe the government should expand upon the use of existing intelligence sharing mechanisms (i.e., FinCEN Exchange; 314(a)) and/or create new mechanisms to share actionable information on the key threats within each priority area. The more specific the intelligence shared, the more effective the response will be from the financial sector. Unfortunately, the information shared through public advisories is often too broad or too vague to be really useful. That is why we recommend that the government use these non-public forums to share more detailed information without putting criminals on notice of government’s interest. As with the priorities themselves, the additional intelligence should be time bound, so that after a certain period of time the government will either re-confirm the significance of the intelligence or allow FIs to reallocate resources dedicated to that intelligence to other areas so that FIs can aim to be focused on the most important and current threats.
• Incentivising Effective Use of 314(b): Among the most effective regulations in the U.S. AML/CFT regime are those promulgated under Section 314(b) of the USA PATRIOT Act (314(b)). The ability to share information between FIs and amongst multiple FIs as “associations of financial institutions” has enabled FIs to provide more actionable information to law enforcement leading to arrests, convictions, sanctions, and asset seizures as well as enabling the FIs to mitigate their own financial crime risk better. As part of its effort to modernise the AML/CFT regime, the government should look for ways to further incentivise FIs to participate in this type of impactful information sharing and collaboration including an evaluation of how an FI uses the 314(b) process in its AML/CFT program.
• Changes to the CDD Rule: We understand that changes to the current Customer Due Diligence (CDD) Rule are being addressed through rulemaking related to the Corporate Transparency Act. The Group believes that changes to the CDD Rule’s account-based triggers, the requirement to collect expected activity at account opening, and reconciling the beneficial ownership requirements under the CDD rule with the requirements in the Corporate Transparency Act are necessary to maximise effectiveness.

Supervisory Support

As FinCEN previously noted in its Effectiveness ANPRM, supervisory support is critical to making the AML/CFT regime more effective. Supervisors must focus their examinations on the definition of effectiveness and the national priorities. This transformation of the examination process will create the necessary incentives for FIs to redesign their AML/CFT programs and reallocate resources to more effective use. Underpinning this approach would be the creation of metrics to measure both system-wide effectiveness and the effectiveness of a FI’s AML program. An emphasis on defined outcomes, away from process, would redeploy supervisory efforts from focusing primarily on technical compliance, which may yield limited value in effectively identifying and deterring financial crime, to allow FIs to prioritise resource on tackling high risk activity.

Conclusion

By establishing a definition for an effective AML/CFT program, aligning the SAR regulations with the national priorities, and taking additional steps to modernise the AML/CFT regime, the U.S. government can realise greater benefit from the focus on national priorities and make the regime more effective and efficient. Modernising AML/CFT regulations in this way will enable FIs to be more effective in detecting and deterring criminal activity, thereby helping to make our communities safer. At the same time, these changes will reduce friction on innocent customers and help the government achieve its financial inclusion objectives. The Group remains committed to collaborating with policy makers, supervisors, law enforcement agencies, and other stakeholders around the world to continue to develop the focus on effectiveness.

Sincerely

Alan Ketley
Executive Secretary