Ellen Zimiles
CEO, Co-Founder
Daylight Forensic & Advisory
Just a year after the FFIEC agencies compiled their first AML/BSA exam manual, the 300-page volume ballooned to 450 pages in its second edition published this summer. That pace of change may stress banks but suits Ellen Zimiles, a bank fraud investigation consultant and a former federal prosecutor in New York under then - U.S. Attorney Rudolph Giuliani. Her advice to banks? Get on top of burgeoning trouble spots, learn high risk vulnerabilities, and most of all, read the manual.
What is the major stumbling block for banks in selecting a compliance solution for AML and the Bank Secrecy Act?
It is a minefield and it really depends on the size of the institution. There are certain premier transaction-monitoring systems out there that a large institution needs to have. But as you get down to certain levels, it becomes harder because a lot of the smaller institutions don't have the manpower or the resources to purchase [a system]. They may not have same need for the bandwidth and power that some of these systems can provide to them. As you get past top tier, it is very tough and it requires a lot of resources to make the right vendor solutions.
I've also found a lot of institutions don't have the greatest data. In doing these lookbacks, we have found real gaps in the way that data is maintained-just being able to identify bank-to-bank data has been difficult with many institutions.
Is the data issue because banks use different vernacular, or can't link data?
It comes up in all different ways. Sometimes information comes up in a truncated fashion. I've seen information coming from a wire that will say "1-2-3 Main Street, New 'blank.'" Is it New Jersey, New York or New Mexico? I've seen information that-because there's so much captured in the memo fields but not in the other fields-looks like a bank-to-bank but if you look further down...you might see something that says there's a third-party beneficiary in there. Because not all the data is captured, you get bad information.
What AML compliance trends are pushing banks today?
Being able to capture all the data properly. Another one is the risk ranking. Many have come up with different systems to do it going forward, but historically, looking at your current customer base and doing a risk-ranking, is very difficult and very time consuming. That risk ranking must be done because you're required to do an annual review of high-risk accounts. So how can you do that if you don't know which accounts are high risk?
[Banking examiners] don't tell you who is high risk or low risk. They don't tell you what countries are high risk and low risk. You have to sort of make those determinations on your own. I think the financial institutions would love to have more specific guidance on some of these things.
Isn't that lack of prescription what frustrates banks?
If [federal agencies] made a list of countries, if there weren't one list that at least financial institutions felt they could work off of, then I think there would be a lot more consistency. [But] some banks have 150 countries on a list, some have 17 as high risk. They really are looking for guidance for this, but it's very hard.
Examples?
Take the State Department's INCSR [International Narcotics Control Strategy] report: because the U.S. is largest buyer of illegal narcotics, the United States is on the list. You can't have every transaction within the United States being considered high risk- it's got about 70 countries on that list. If you're a foreign institution with a U.S. branch, and you're out of Eastern Europe, you may view some transactions with Eastern Europe low risk because you're used to them. That's where you're from and you have a different perspective.
Another is [type of] business. What's a high-risk business? The OCC views money service businesses-the money-transfer businesses-as high-risk. New York-state banking regulates those industries and doesn't view them as high risk. I don't think FinCEN views them as high-risk. A lot of institutions have a perfectly legitimate product that allows you to send your own wire transfers. If you're doing this risk analysis, it's pretty difficult because you have to look at products, services, type of customer and geography and mix them all together to really come up with who is a high-risk client.
The Florida Bankers Association and others argue high-risk AML assessments are cutting into legitimate trade finance work. Is that a fair argument?
Right. In the new version of the [AML/BSA] exam manual, there are several different areas that they focused on and updated. One is the risk assessment issue; another is ACH transactions, and they also have trade finance. They also gave some more guidance for SARS reporting, correspondent banking, and record keeping. They also incorporate some information from different money laundering threat assessments, relating to nominee incorporation services, etc.
Stored-value cards is another new up-and-coming issue. Anytime you make it easier to conduct a financial transaction, you make it easier to launder money. It's just a fact of life. Somebody walking in and out of an airport with $50,000 in cash-that can be sort of bulky. Coming in with a stored value card is nothing. They are trying to put limits on the amount of any stored value cards...but people can buy multiple stored value cards. There are some places you can buy them like you buy a phone card-so do you ask for identification for that? What's the standard for that? If you're paying for them in cash, what kind of information is required [for records keeping]- does your average cashier understand [a bank's] need for that?
Will the growing tide against tax shelters perhaps spur new types of regulation? How will this impact banks?
It could be a big issue for private banking. It's a big issue not just for banks, but [the manual] talks about hedge funds and where you're getting your money. There are issues on offshore asset tax havens, control and beneficial ownership, securities abuses, stock option abuses, or hedge-fund transfers. There's no way on some of this you're really going to be able to do it through transaction monitoring. It is the frontline bankers who have to understand this. And I don't know how many frontline bankers are reading these reports.
There was a case of a Ponzi scheme going on in the trust department of a bank. An investment manager was performing the Ponzi scheme, promising a 25 percent return on investment. What the government said is that on it's face, [the manager's supervisor] should have known that it was suspicious. No one in the back office... is going to see that information. The only one who had the opportunity to address that issue was that frontline relationship manager. So they have to appreciate that different scans are coming out, or the different ways they are exposing their employer to money laundering abuses. The best technology in the world may not stop some of this in the way the frontline bankers can.
How are private wealth managers are being challenged due to increasingly diverse portfolios?
The private bankers have to be all over this. Especially with hedge funds. That is where all the money goes. It is those relationship managers who spend their time trying to understand the client's business so they can know what other products and services to sell them to help them manage their money. But they also have to do it not just from the perspective of helping the client, but they also have to do it from the perspective of helping the bank.
I was doing training for one PCS group, and the head of the group said, look, anti-money laundering risk is like operational risk. If we can manage it right, then we don't to reserve as much. But if we don't manage this right, we have to reserve more. And if we reserve more, than that's money that gets taken away from incentive compensation and bonuses. And it was as though a light bulb went off over the heads of all the private bankers in the room. They got it, they sat up, and they listened for the next three and a half hours.
