BSA in a Fintech World 

There are two areas that will always be among the “hot topics” when it comes to compliance.  The first is an institutions’ system for compliance with the requirements of the Bank Secrecy Act/Anti-Money laundering (“BSA/AML”) laws.   Regulated financial institutions have been well aware of the fact that a well-developed system for compliance is a critical component of ongoing operations.  A second area that is becoming increasingly important is the use of technology to transact business by financial institutions.  This area is often known as “fintech”.   Although fintech is often a broadly used term, there are generally accepted definitions such this one offered by Fintech magazine:   

Financial technology, also known as FinTech, is a line of business based on using software to provide financial services. Financial technology companies are generally startups founded with the purpose of disrupting incumbent financial systems and corporations that rely less on software.[1]

PayPal, Apple Pay and Venmo are just a few examples of popular software applications that allow consumers to transfer money to one another with a just a few relatively easy steps.    

As the number of firms that offer variations of fintech transactions grow, so does the need for a financial institutions’ BSA/AML system to adapt.  

The Heart of BSA/AML- CIP and KYC

Although there are numerous components that make up a strong and complete BSA compliance program, the heart of all programs is the ability of the financial institution to know complete information about its customers.   The two components of the BSA program that perform this function are the Customer Identification program (“CIP”) and the Know Your Customer (“KYC”) programs.  The CIP program is made up of the policies and procedures established by an institution for the purpose of collecting identifying information about their new customers.  The FFIEC BSA manual details the requirements of the CIP regulation and notes that at a minimum, a financial institution must obtain the following information before opening an account:

·         Name

·         Date of birth for individuals.

·         Address.

·         Identification number.[2]

 

There are well established rules for the types of identification that are considered acceptable.  The goal of the CIP program must be that a financial institution has to establish with a reasonable certainty that the person who is attempting to open an account is who they say they are.  For business accounts, the requirements are the same although the form of identification takes on different forms e.g., name would be the legal name of a business and identification number would be the tax identification number.  

Once the identity of a customer is established; the KYC portion of a compliance program comes into play.  Depending on the types of transactions that the customer says that they will conduct additional information is necessary.  For example, if the customer is a flower shop, then information about how long they have been in business, who their customers are, how the flowers are sold and the means for payment, etc. are all pieces of information that are necessary for a financial institution.  Using this information, the financial institution can keep transactions conducted by the customer in context.  In other words, if the flower shop sells mostly orchids, it is reasonable that there would be wires to regions of the country where orchids are grown.  

It is through CIP and KYC that all of the information that gathered on a client is filtered.   Individual transactions may or may not be considered suspicious based upon the KYC and CIP obtained about a client.  Using the flower shop example above, wires or ACH activity to war-torn regions of the world would seem at least very unusual for orchids.  

CIP and Unintended Consequences

The need for complete CIP and KYC has been at the heart of a delicate balancing act for financial institutions and the customers that they serve.  The FDIC separates people who do not use banks to fully serve their financial needs into two distinct categories. The unbanked have no ties to an insured economic institution. Essentially, they have no checking or savings account and no debit or ATM card. Meanwhile, the underbanked do use some of these services – often a checking account – but they also used alternative financial options within the past year. 

When customers are the “unbanked” and “underbanked” communities, the issue of complete documentation of identification can be tricky.  These customers may not have complete or traditional documentation available. For many institutions, the clash between the desire to serve underbanked and unbanked and the need for complete documentation has created an unintended consequence.    The law of unintended consequences is defined as:

The law of unintended consequences is the outgrowth of many theories, but was probably best defined by sociologist Robert K. Merton in 1936. Merton wrote …a treatise which covers five different ways that actions, particularly those taken on a large scale as by governments, may have unexpected consequences. These “reactions,” may be positive, negative or merely neutral, but they veer off from the intent of the initial action.”

 

In the case of BSA, the desire to monitor and mitigate risk had the unintended consequence of shutting out entire industries that often are critical to unbanked or underbanked communities.  MSB’s such as combination grocery stores and check cashers often serve as the bank and remittance service for migrant workers and expatriates of other countries.  When the local bank makes a decision to stop proving services to these entities, the customers of the MSB are forced into transactions with entities that are completely underground.  

Fintech to the Rescue? 

Fintech companies have developed many products that allow customers to have many of the same services and abilities as a bank account.  Digital wallets for example, allow customers to receive payroll, reload debit cards, payment bills and purchase gift cards among other things.   These platforms also allow customers to send wires, ACH’s or other transfers.  

 

The very nature of fintech relationship is often that the customer and the provider are not in physical contact with one another.  The identification process is completed through various means such as texts to telephones, IP address verification and scanned copies of documents.   The ability of fintech companies to discern fraud and detect unauthorized use of an account has become increasingly adept.    

The development of fintech products gives financial institutions that opportunity to reach out to customers that have been largely overlooked due to BSA/AML concerns.  The time has come to reconsider the possibilities.

For a detailed review of how Fintech can improve overall Community Reinvestment Act performance, non-interest income and BSA/AML compliance please go to www.vcm4you.com and fill out the “Contact Us” form

---

[1] FinTech – A definition by FinTech Weekly https://www.fintechweekly.com/fintech-definition 

[2] See FFIEC BSA examination manual – Customer Identification Program- Overview

 Why ARE There BSA/AML Regulations?

 

 

 

As anyone in compliance can attest, there are myriad consumer compliance regulations.  For financial institutions, these regulations are regarded as anything from a nuisance, to the very bane of the existence of banks.  However, in point of fact, there are no bank consumer regulations that were not earned by misbehavior in the past.  Like it or not these regulations exist to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to encourage your staff to understand why these regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have designed a series of blogs that from time to time throughout the year, will address these questions about various banking regulations.  We call this series “Why is there….” 

BSA- the Early Years-

Since the beginning of crime, there has been a need to hide the ill-gotten gains of criminal activity.  Early bad guys held their loot in caves.  Later, treasure chests provided a means of hiding criminal wealth.   However, despite the form that ancient loot took, the goal was and has always been to reduce assets to currency so that it can be used in exchange for other goods and services.   The need to take illicit assets or money and hide its source is known commonly as “money laundering”.  Criminals of all sorts engage in money laundering and have become exceedingly sophisticated in their pursuit of hiding the sources and uses of their money.  

Because the “bad guys’ continue to evolve, the history of the Bank Secrecy Act (“BSA”) and Anti-Money Laundering laws (“AML”) is one of ongoing change.  The laws that make money laundering illegal can be traced back to the Bank Secrecy Act of 1970.   Since the time the BSA was passed, there have been seven major legislative changes to the overall legislative scheme that covers this area.  These changes are;

 

·     Money Laundering Control Act (1986)

 

·     Anti-Drug Abuse Act of 1988

 

·     Annunzio-Wylie Anti-Money Laundering Act (1992)

 

·     Money Laundering Suppression Act (1994)

 

·     Money Laundering and Financial Crimes Strategy Act (1998)

 

·    Intelligence Reform & Terrorism Prevention Act of 2004

 

·    Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and  Obstruct terrorism

 

As technology has changed, so have the goals of many of the criminals that want to launder money.  In addition to drug dealers, there are terrorists, human traffickers, politicians and embezzlers, all of whom are developing ways to hide their cash. 

Money Laundering

What exactly is money laundering?  Well, FinCEN, which is the federal agency that is specifically charged with monitoring and preventing money laundering defines it this way; 

Money laundering is the process of making illegally-gained proceeds (i.e. "dirty money") appear legal (i.e. "clean"). Typically, it involves three steps: placement, layering and integration. First, the illegitimate funds are furtively introduced into the legitimate financial system. Then, the money is moved around to create confusion, sometimes by wiring or transferring through numerous accounts. Finally, it is integrated into the financial system through additional transactions until the "dirty money" appears "clean." Money laundering can facilitate crimes such as drug trafficking and terrorism, and can adversely impact the global economy.[1]

 

Put another way, when criminals conduct their business, they almost always do so in cash, for what should be obvious reasons.   As early as the 1970’s federal regulators realized that without some regulatory help, financial institutions would be used as tools for disposing of the cash received from crimes.  Criminals would simply deposit their money in the bank, wait a few days and then make legitimate withdrawals.   Once the cash was co-mingled with other deposits, there would be no way to tell which money came from real legitimate effort and which was the result of crime.   

Popular Schemes

Some of the more popular schemes for changing criminal cash into legitimate money include; 

 

·         Black Market Foreign Exchange:  In this enterprise, all of the participants are breaking one law or another.  On one end are importers of goods who do not want to pay the government rate for exchanging currency from US Dollars to the home currency (e.g. Peso’s).  These importers make a deal with a broker who is willing to import goods illegally.  The importer makes a deal with a criminal who has “dirty” US dollars.   The importer uses the “dirty” money to buy US goods and ships them to his own country.   The goods are then sold to the importers who pay the broker in local currency.  The criminal gets his money back in Pesos that are now “clean” 

·         Investing in Legitimate Businesses: Here a criminal buys all or part of a legitimate business and simply mixes his cash in with the earnings of that business.  This only works for business that already deal extensively in cash.  This is why gas stations, casinos, bars and check cashing stores are considered “high risk” for money laundering.  Because many professional service providers such as doctors and lawyers often take cash for payments, they are also considered “high risk”. 

·         Smurfing:  Sometimes a criminal will get a number of people working together to break up his cash deposits into small amounts.  This is called smurfing   

·         Structuring:  This is by far and away the most frequent form of attempted laundering.  Most people realize these days that a cash deposit above $10,000 has to be reported to the IRS.  Criminals have for years, tried to get around this limit by making deposits of smaller amounts on subsequent days. This is called structuring  

Over the years there have been many different schemes for trying to avoid detecting of money laundering.  In fact, there are simply too many to list here.  Suffice to say that there are criminal groups with nothing but money and time to try to figure out new and different ways to make “dirty” money clean.  

What is the Money Used For? 

There are many different uses for money once it has been laundered.  Some of the more onerous uses include:

 

·         Drug Dealing Activity

·         Human Trafficking

·         Terrorist financing

·         Tax evasion

·         Embezzlement

 

 As you can see, money that is laundered is used to fund extreme criminal enterprises.  This is why it critically important is that financial institutions do all that they can to lend a hand to legal authorities to stop money laundering. 

Each of the changes in BSA/AML laws were designed to improve the overall monitoring of cash and cash equivalent transactions.  For small financial institutions, the changes have been ongoing and significant.  As the regulations changed, the expectations of the regulatory bodies evolved.  Today, no self-respecting banker would consider operating without a full BSA/AML compliance program.   Moreover, very few banks can get away with a manual system for tracking and aggregating the transactions of their customers.   Today, a sound BSA/AML program includes software that helps bank staff aggregate and monitor transactions of its customers.  

 

 BSA/AML laws are really financial institution’s way of helping to keep the world a better, safer place.

---

[1] https://www.fincen.gov/news_room/aml_history.html  “History of Money Laundering Laws”