WASHINGTON — Bankers and other anti-money-laundering experts are more pessimistic than ever as they head into the new year, facing a raft of problems that many fear are only going to get worse.
Regulators and institutions appear far apart when it comes to so-called "de-risking," in which banks drop businesses for fear of enhanced regulatory scrutiny, even while policymakers are stepping up their scrutiny of terrorist financing prevention in the wake of recent attacks.
"There is no greater issue for the AML community in 2016 than addressing de-risking," said John Byrne, executive vice president at the Association of Certified Anti-Money Laundering Specialists. "Failure to do so will harm prevention of human trafficking, drug trafficking, terrorism and of course, financial inclusion."
Following is the state of play for anti-laundering issues in banking — and why many feel 2016 will be a challenging year.
The concerns over de-risking have grown worse during the past several years, as many banks conclude that accounts associated with certain businesses that are considered more susceptible to criminal activity are not worth the regulatory headache of keeping open. Yet it's unclear what the solution is — and regulators appear in no rush to clarify their views.
"What we have been struggling with is, how do we manage the expectations from examiners, from law enforcement?" Richard Small, an executive director with Ernst & Young, said at a recent yearend event sponsored by the ACAMS. "How do you manage that risk when you don't know what it is [regulators] want you to do and then challenge why you are doing business with these people or types of businesses without any indication they are doing anything wrong?"
Speaking alongside Small at the same event, John Wagner, a managing director in the regulatory and compliance practice at Deloitte, said "we have reached a tipping point" where banks may now need written documentation outlining how they decide which customer accounts they decide to maintain, close and or deny.
"The regulators are expecting formal policies and procedures from institutions and to lay out what their criteria is and you go to a more formalized approach," Wagner said.
He added that even if an examiner told a bank client that it can use an informal approach, he would advise it to formally document the bank's risk appetite for a particular customer.
"What is your risk appetite for that customer, for that industry and or that geography and all of that needs to be thought through before you go in and bank a particular client," Wagner said.
But Byrne, who was moderating the discussion between Small and Wagner, suggested that having a formal de-risking policy would likely "exacerbate the problem."
It's unclear, meanwhile, if regulators even believe the problem is real. The World Bank conducted two surveys in 2015 exploring the scope of de-risking and found that it is occurring, but said the extent remained unclear. For example, one of the surveys on money remittance companies received only 25 responses from the 3,000 banks that were invited to participate.
The survey on correspondent banking also found that de-risking was happening, with 15 of the 20 responding large international banks indicating that they had seen a decline in correspondent bank relationships between 2012 and mid-2015, while local and regional banks indicated there was only a slight decline. However, the report noted that the large international banks were surveyed because they were reported to have been cutting off correspondent bank relationships.
Acting Undersecretary Adam Szubin said in a November speech that "Treasury takes assertions of de-risking seriously, and we are working hard to identify and address the factors that lead U.S. banks to terminate relationships," but added that the limited response to the World Bank survey's still makes the problem difficult to pinpoint.
"Even after these initial surveys, we don't have a complete picture quite yet. We still need more and better data to help us measure changes in the correspondent banking environment, and to better understand the extent to which de-risking is happening and why," Szubin said.
But bankers are also concerned about a proposal from the New York State Department of Financial Services.
The state regulator issued a plan Dec. 1 that would hold the head of an institution's Bank Secrecy Act and anti-money-laundering program personally liable if it fails to meet expectations, particularly as it pertains to the transaction monitoring and filtering systems.
The agency said that after a number of investigations, it "uncovered (among other issues) serious shortcomings in the transaction monitoring and filtering programs of these institutions and that a lack of robust governance, oversight, and accountability at senior levels of these institutions has contributed to these shortcomings."
The goal of the DFS proposal is likely to have someone oversee the end-to-end implementation of the transaction and monitoring systems and also for institutions to dedicate more resources to those programs. But that can be challenging and expensive.
"One of the big issues I see is the communication between IT and compliance," said Alma Angotti, a managing director in the global investigations and compliance practice at Navigant. "Compliance thinks they are communicating what they need and IT thinks they are doing what compliance has asked them to do, but sometimes that is not the case."
She added that some institutions that have grown by acquisition might have several different transaction monitoring systems, making it difficult to put in place rules that work consistently across the different platforms.
Small suggested that if the DFS wants to rely on a single person being responsible for an institution's BSA/AML program it should make the chief executive or board of directors liable.
"As a compliance officer you don't have the kind of ability that I think others think they should have," Small said.
Wagner added that many of the decisions that are required to implement a properly functioning program, including a budget for staffing and other resources, are often not up to the compliance officer.
While the DFS proposal, which is still out for comment, would apply just to the state of New York, the department has a reputation for having a long reach because of its jurisdiction over many of the world's money-center banks. In the wake of the December mass shooting in San Bernardino, Calif., congressional lawmakers, including Rep. Maxine Waters, D-Calif., are also pursuing legislation that would strengthen BSA/AML requirements and hold bankers liable for programmatic breakdowns.
Policymakers are also increasingly worried by certain digital innovations, like virtual currency and marketplace lending, as well as the growth of prepaid cards as a money laundering threat.
The terrorists in the Paris attacks are reported to have had access to a Bitcoin wallet and used prepaid cards. Syed Rizwan Farook, one of the shooters in San Bernardino, also took out an unsecured loan from an online lender prior to the attack, according to media reports. It has left lawmakers and others asking if such new products are more susceptible to being utilized by terrorists.
"Terrorists are going to do whatever they can to exploit the financial system, and whether it is prepaid or if it's some kind of loan, they are going to take advantage of it," said Dennis Lormel, founder and president of DML Associates and a former chief of the FBI's financial crimes program.
However, he added that terrorists have a history of using prepaid cards and were using them when the U.S. first entered Iraq following the Sept. 11, 2001, attacks.
"I think the attacks in Paris now bring us back full circle where prepaids were part of the scheme," he said.
According to media reports, the European Commission plans to step up its regulation of prepaid cards and virtual currency.
However, Brian Knight, associate director for financial policy at the Milken Institute, cautioned against leaping to conclusions, and suggested that just because a product was used by terrorists does not necessarily mean it is easier for terrorists to use.
"Is this innovative technology opening up options or potential vulnerabilities? It is reasonable to ask that question, but I don't think it is reasonable to assume that it is," Knight said.
Jennifer Shasky Calvery, director of the Financial Crimes Enforcement Network, told reporters during an American Bankers Association conference that just because the terrorists used virtual currency does not necessarily mean it is a higher-risk product.
Speaking at the ACAMS event, Small, the former head of anti-money-laundering at the Federal Reserve Board, said some of the technology companies that provide financial services are realizing that they need to come under the regulatory fold.
"Some of these fintech companies that have said we are a technology company are starting to realize they need MSB licensing," Small said, referring to money-services businesses.
He also said that as their regulatory status changes from a technology company to a money-services business, they could be at risk of losing access to their bank accounts.
"Some of these smaller companies, if they get an MSB license — are they going to be in this position where banks are not going to want to bank them anymore. It is not the traditional MSB we are thinking about, but it is an MSB and there is a whole stigma that goes with that," Small said.