Derisking and Outdated CTR Thresholds: AMLA 2020 Seeks to Address Persistent AML Challenges

The Anti-Money Laundering Act of 2020 is the most comprehensive set of reforms to U.S. anti-money laundering laws since the passage of the USA PATRIOT Act in 2001.  The Act contains some important changes and enhancements that should have an immediate and long-lasting impact on anti-money laundering. Gibson Dunn litigation partner and anti-money laundering expert Matt Biben joined me for a two-part special edition of the Fraud Eats Strategy podcast. This is a recap of episode 2.

Defensive SAR filing is when an organization tries to overcompensate for criticisms that they received from regulators that they are not filing enough SARS. The thinking behind defensive SAR filing is that a quantitative response is appropriate when in fact what the regulators are looking for is something that is both qualitative and quantitative. Defensive SAR filing is a knee-jerk response to negative regulatory feedback that ultimately results in information being shared with law enforcement that is of no value and doesn’t add to the accumulated knowledge and information that is vital to law enforcement’s efforts to investigate criminal money laundering and terrorist financing.

In every financial institution, there are tensions between when to file and when not to file.  There is also tension as to what to do after a SAR has been filed, including what is referred to inside banking institutions as “derisking your book”.  That means exiting client relationships because of SAR filings, law enforcement interest or heightened internal scrutiny. While it might seem logical to consider exiting a customer relationship for these reasons, derisking can have some very real and negative consequences.  The new statute is trying to strike a balance between the interests of the bank, law enforcement including the Department of Justice, and efforts at keeping people in the financial system. In fact, unbanked people or those on the financial margins of society suffer as a result of their lack of access to traditional banking relationships and sometimes are forced to resort to the use of Hawala or loan sharks to meet their family’s financial needs. 

Derisking is nothing new. In discussing it, Matt reminded me of the Riggs National Bank scandal.  Riggs was a Washington, D.C.- based bank that dated back to 1836. It was famous for banking 23 U.S. presidents and their families, financing the Mexican American War in 1847, and lending the U.S. Government money to purchase Alaska.  In 2005, Riggs had a huge issue relating to money laundering about the many foreign embassies, embassy personnel and politically exposed persons who were involved in suspicious transactions but for which the bank was not filing SARS or filing accurately. The scandal brought the topic of banking of foreign embassies into focus and overnight, those banking relationships became radioactive causing many institutions to attempt to disassociate themselves from foreign embassies and embassy personnel, inviting them to take their banking business elsewhere. Shortly after, the Federal Reserve and the U.S. Department of State convened a meeting with several large institutions and excoriated them about the national importance of banking embassies and that was it was in the national interest that the banks not throw all of these customers out.  An extreme example perhaps but it serves to illustrate the potentially far-reaching negative consequences of “derisking”.

When the PATRIOT Act was passed in 2001, Bitcoin and virtual currencies were the stuff of science fiction movies. No one had conceptualized those things and the law certainly didn’t contemplate virtual currencies. Twenty years later, cryptocurrencies are here to stay, banks and regulators will need to adapt. AMLA 2020 has brought cryptocurrency and other non-traditional forms of value transfer into focus. The rise of Bitcoin and other non-traditional value transfers has become more widespread, and accepted and traditional banks are cautiously moving into areas such as cryptocurrencies custody and exchange. The government is increasingly concerned that criminals will turn to these mediums to try to launder money. Indeed, it seems like organized crime and cybercrime organizations discovered cryptocurrencies before the rest of us.  As recently as November of 2020, the DOJ seized over a billion dollars’ worth of Bitcoin tied to drug sales and other illicit activities on the Silk Road Marketplace before they shut it down.

AMLA 2020 includes language that expressly defines financial institutions and money transmitting business as those engaged in the exchange or transfer of value that substitutes for currency. This solidifies the position the government has previously taken that the BSA applies to cryptocurrency.

Suspicious Activity Reports are what banks use to submit reports of potential illicit activity detected within their institutions to FinCEN, which maintains a law enforcement information sharing repository of SARs that have been filed. Outside of the banks and their obligation to report suspicious activity to FinCEN, SARs are supposed to be kept strictly confidential. In September 2020, it was revealed that a large volume of SAR filings had been leaked to the International Consortium of Investigative Journalists the same group that broke the Panama Papers story. They ultimately released it publicly, which gave a window into some particularly horrifying money laundering activity, some of which involved well-known and notorious figures. It also reminded the public of how critical it is to keep the information contained in a SAR confidential. Despite all of this increased scrutiny around SAR security, AMLA 2020 has proposed a pilot program in which SAR information could be shared outside of the US. This is part of the law designed to address a practical issue with which multinational banks have been struggling in which a bank’s right-hand may not know what its left hand is doing. Before the change in the law, multinational banks were forbidden from sharing information about suspicious activity outside of the U.S. even within their institution.  It is intended to make the risks of a particular banking customer transparent to the entire institution and ultimately better position global banks to look at risks more holistically in a way that better reflects the speed and realities of international commerce.  This pilot program is the result of the regulators telling banks that they understand some of the challenges the industry has been facing and that this change is intended to alleviate some of them for the eventual benefit of both the banks and the regulators. It is the logical progression and maturation of anti-money laundering regulatory oversight. Years ago, one of the things that plagued banks was the lack of a persistent customer identifier for customers who had multiple banking products.  This made it very difficult for a bank to look at customers holistically based upon all of the products and activities identifiable with the customer.  This persistent identifier issue has become the norm and it has made anti-money laundering far less cumbersome.  The pilot project is an effort at extending this customer transparency concept to international affiliates who will now be able to factor SAR filings into their risk decision-making.   

Suspicious Activity Reports and Currency Transaction Reports (CTRs) are both important components of the US financial services regulatory enforcement framework and yet the monetary thresholds that require the filing of these two reports have not been adjusted in decades. AMLA 2020 includes language to address this long-overdue problem. The process for filing SARS and CTRs is the worst of both worlds.  Incredibly burdensome on the financial institution and it simultaneously buries the enforcers and the regulators with so much information that they don’t know what is of value and what is a drain on their precious time and resources. The threshold for CTRs was set at $10,000 in 1970. It has never been adjusted for inflation.  Had it been, that would be more than $60,000 today. This lack of indexing of inflation has resulted in an avalanche of CTR filings. There were over 16 million CTRs filed last year and over 2.7 million SARS filed in 2019.  AMLA 2020 requires the government to conduct formal reviews of the thresholds and determine whether they should be adjusted. It also requires the government to evaluate whether the filing process can be less burdensome on institutions and take steps to make filings that have a high degree of usefulness to the enforcers.

AMLA 2020 is an important andcomprehensive set of anti-money laundering reforms and its passage has or may have caused every institution’s AML BSA compliance program and the controls underlying them to be out of date or incomplete. At the very least, it should be a wake-up call that the goalposts have moved again. At a minimum, AML programs should be subjected to a hygiene check.  Whether it is performed in-house or by a third party, it is a good idea. If you want to avoid MRAs and worst that will come from not having done something about to the new legislation, there are aspects of the program that could benefit from being revisited such as risk assessment, internal escalation procedures and your internal oversight. It is helpful to ask who’s at the table, are they empowered and do you have the right disciplines across the three lines of defense?  Many organizations ask what the right interval is to perform a program review.  Annually?  Every two or three years or when someone significant has changed either internally or externally.   AMLA 2020 is that interval that should occasion everyone to take stock of their program.  

To hear part 2 of the full Fraud Eats Strategy podcast episode with Matt Biben,  click here.  

Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: