The Financial Crimes Enforcement Network (FinCEN) has stepped up its fight against money laundering in recent years. But in this business, the regulator relies on companies to establish strong anti-money laundering (AML) programs to detect illicit behavior and if they don’t have it, they can face heavy fines. FinCEN imposed over $600 million in fines for AML violations in just 14 months (January 2021 to March 2022).
FinCEN provided guidance on how an AML program should be to meet the requirements set out in the Bank Secrecy Act (BSA). This includes having policies and procedures in place, a well-trained compliance team with sufficient resources, a compliance officer for anti-money laundering issues and, most importantly, having “a appropriate risk-based procedure for conducting ongoing customer due diligence (CDD)”.
For this last element, CDD, FinCEN provides little additional information, and it leaves companies to decide how to build a robust CDD process. In this regard, the FinCEN guidelines state that financial institutions “shall establish policies, procedures and processes to determine whether and when, based on risk, to update customer information to ensure that information about customers are up-to-date and accurate”. Moreover, the regulator does not require that specific information be collected or that financial institutions use a specific method or categorization to establish a customer risk profile.
This flexibility for companies to design a robust CDD process can become a liability if the regulator considers that a company’s efforts are insufficient. With an increasing number of digital transactions, companies are using more digital tools to build their CDD processes. FinCEN does not require companies to use digital or manual tools as long as the AML program works well.
However, recent enforcement and advocacy measures may suggest a preference for automated and digital tools for identifying, verifying, and monitoring customer risk profiles.
In 2021, FinCEN fined CommunityBank of Texas $8 million for violating the BSA. Essentially, the bank did not have a good CDD process to identify and modify the risk profile of certain customers.
Interestingly, in the consent order, FinCEN explained that “the Bank performed the CDD, in part, through its automated AML monitoring system. Under this system, the Bank assigned its customers a risk rating based on a variety of risk factors, which it obtained through questionnaires intended for businesses and individuals. This automated part of the CDD process caused no problem for the regulator and in fact FinCEN praised the system for having the ability to detect suspicious activity, but due to some human deficiencies the system did not generate the results. “The Bank’s automated AML monitoring system had the functionality to generate monthly worklist items, such as ‘high risk reports’ which could provide information on account activity for high risk customers. Despite this ability, AML staff did not generate such reports in the normal course of business. »
Ultimately, the regulator found that the bank lacked an adequate AML program, not because the technology failed to detect suspicious activity, but because AML staff failed to report or monitored all alerts produced by the automated system.
On the advocacy front, this week, Tuesday, April 5, FinCEN and the Federal Deposit Insurance Corporation (FDIC) named three teams of experts in a Tech Sprint that will help measure the effectiveness of digital identity verification , the process used to collect, validate and verify information about a person. The teams will present their solutions to a panel of government judges. Teams should work on a scalable, cost-effective and risk-based solution to measure the effectiveness of digital identity verification to ensure that people who show up remotely (i.e. not in person ) for financial activities are who they claim to be.
“It is essential that financial institutions have reliable means to identify their customers, especially in our increasingly digital world,” said Him Das, acting director of FinCEN.
Read also: FinCEN AML probes identify customer due diligence gaps