Deputizing the Banks

By Kenneth Cline

The USA Patriot Act dramatically ratchets up the cooperation required of banks in the war against money laundering and terrorism.

When President George W. Bush signed the USA Patriot Act on October 26, 2001, he launched an aggressive campaign to crimp the funding sources of the terrorist organization that toppled the World Trade Center and attacked the Pentagon.

The president also dramatically increased the obligations of financial institutions to assist law enforcement in this cause. Although banks already had some responsibility for monitoring customer accounts for potential criminal activities, the new law ratchets up that responsibility to a new level of intrusiveness. In effect, financial institutions have been deputized in the fight against terrorism.

The seriousness with which the authorities view all this was driven home last November when Manhattan-based Broadway National Bank pleaded guilty to a three-count felony indictment and agreed to pay a $4 million fine for failing to maintain an effective anti-money laundering program. A few months previously, the Office of the Comptroller of the Currency ordered Trustco Bank N.A. of Glenville, N.Y. to shore up its AML program and directed Trustco to appoint a special committee of directors to ensure compliance.

To find out how banks can avoid being singled out for similar violations of the Patriot Act, Banking Strategies interviewed a panel of experts, including Ed Cook, first vice president and security group manager, Bank One Corp., Chicago; Jerry LiVigni, vice president and training officer, ethics and compliance, with Paris-based BNP Paribas; and James Schwartz, vice president, Bank of New York Co. Inc. Representing law enforcement was Nelson Chen, director of the El Dorado Task Force, U.S. Customs Service, New York City.

Our roundtable discussion found the three bankers worried about the requirements to conduct more extensive, and potentially adversarial, investigations of their own customers. As Cook put it, "You're asking employees to play a risk management role that goes well beyond traditional concerns such as credit. We're all committed to doing it, but it's clearly not a comfortable place to be."

One thing that will help is improved training. Institutions need to create training programs that reach down to the branch level, where employees are taught to recognize suspicious activity patterns, question certain customers if possible and refer matters to higher levels when necessary. "Nobody's asking bankers to be investigators," says Chen, the Customs Service investigator. "The object rather is to approach these situations with a little common sense and ask those extra questions."

We spoke with the four during BAI's Money Transfer conference, which was held in New York City last October.

Banking Strategies: How does the USA Patriot Act change the way law enforcement and financial institutions handle money-laundering situations?

Chen: Speaking from the law enforcement side, the Act gives us a lot of new tools. For example, we can seize correspondent bank accounts. Before, you could never seize an account within a foreign financial institution. You had to work through that country's authorities. Under the Patriot Act, as long as there's a balance in that account and probable cause, we can go ahead and seize the money.

Of course, you still need to obtain a civil forfeiture order from a judge, which is not necessarily easy to get. We also have to obtain the concurrence of the departments of Treasury and Justice, which don't take such matters lightly. Nobody wants to strong-arm other countries or banks. Treasury certainly looks at the impact a seizure of money would have on that country.

LiVigni: From the regulatory perspective, it used to be fine for banks to honor the letter of the regulation. I think all of us are finding that now you have to focus more on the spirit of the law.

Every financial institution, in some form, has to adopt an anti-money laundering program that has policies, procedures and controls. A senior person must be named to head the program. Specialized training is needed, as is a separate internal audit program.

Schwartz: From a bank compliance standpoint, this definitely raises the bar. There are new crimes and new penalties, as defined by the Patriot Act. We've moved away from a sort of compliance checklist mentality to reputational risk management. It's real serious stuff.

In the Patriot Act, by the way, there's a requirement that examiners evaluate anti-money laundering programs as part of their consideration of mergers and acquisitions. It's analogous to the Community Reinvestment Act. So if you're not taking anti-money laundering seriously, your strategic options will be impaired. That really emphasizes the importance of doing this right.

The Act also casts a wider investigatory net over the financial services industry by requiring broker/dealers and securities firms to play by the same set of rules as the banks.

Cook: The legislation formed a system that permits banks to share information, whether with law enforcement or other financial institutions. We can do that earlier in the process than before and across a broader range of activities. It really speeds up the investigation process. Now you're seeing us respond within days and weeks, rather than months and years, but still within a structured and proper framework.

We're also seeing law enforcement use technology better, which can only be a benefit to both groups. For example, a system was rolled out recently by the Treasury Department's Financial Crimes Enforcement Network, or FinCEN, that allows us to file Suspicious Activity Reports, or SARs, electronically.

Banking Strategies: Does the Act require banks to take a more "forensic" approach to their internal investigations? Do banks now have an obligation to dig in and ask more questions of their customers?

Schwartz: The Patriot Act increases the level of due diligence required of financial institutions. A few years ago, there was a failed attempt to require more due diligence; the industry pushed back enough to kill it. Now, enhanced due diligence is back under the name of "Customer Identification Program," or CIP.

Speaking as a compliance officer, I think it lifts us to a whole new level of focus. But mercifully, the implementation has been postponed for about six months. I find that merciful because the law has been drafted with a flexibility that can translate into vagueness. The burdens for reporting and tracking will be very great.

Banking Strategies: So there's more paperwork for banks?

Schwartz: We've already seen some of that this year in the tracking of our foreign correspondent banks. And looking ahead, we're concerned about the CIP. As Sec. 326 of the Act is written today, you have to verify the identity not only of account holders, but also of all individual signatories on an account, regardless of how many.

There's also the problem of verifying the identity of foreign nationals. Your typical bank platform person has no idea how to determine whether an Algerian or French passport is valid.

Chen: I understand, and agree with, a lot of what you're saying. But law enforcement, certainly in the money-laundering arena, has a new outlook. It's not Big Brother pointing his finger at you. If there's any confusion about what you should or should not be reporting, don't hesitate to pick up the phone.

Schwartz: I'm just saying the industry has been deputized in a certain sense, and with that comes new responsibilities.

Banking Strategies: Are bankers qualified to be good investigators?

Cook: That's what we're all struggling with. You have to be able to incorporate both the spirit and the very specific requirements of the legislation, and institutionalize those in the front lines of your organization so employees can repetitively perform the necessary tasks. You can give customer representatives as much guidance as possible, but you sure can't expect them to be investigators.

So it's necessary to add a safety net that allows you to second guess what's going on with transactions and account openings. And you do that with experts. You can't expect the average frontline employee to have the time or skill for investigative activities.

It's an escalation process. In our organization, we're doing all kinds of things to forensically investigate customers and cooperate with law enforcement to get the rest of the story, if you will.

Schwartz: In a certain sense, the requirements aren't new. Banks have been required to perform investigations and monitor activities for years, which result in SARs and Customer Transaction Reports, or CTRs, which report cash transactions exceeding $10,000 a day.

In the back office, banks collect data and capture behavioral patterns and then identify aberrations in those patterns. On the front lines, they train the branch people and account officers who touch the customer directly.

To comply with the Patriot Act, we need to heighten employee awareness of these issues so they ask the commonsense questions that weren't asked in the past. If something appears curious, you ask questions rather than let it slide. If the answers don't make sense, you either need to ask more questions yourself or refer the matter to someone who's better trained. That's why training is so vitally important in the whole process.

Chen: No one's asking for an investigation with a bow tied around it, or I'd be out of a job. There's a little thing called probable cause, and you have to try a person before a judge and jury of their peers.

But Jim's comments are 100% on point. It's all common sense. Nobody's asking bankers to be investigators. The object rather is to approach these situations with a little common sense and ask those extra questions. If you have a customer in the garment industry, say, who's been depositing checks for years and then all of a sudden starts coming in to deposit cash, you should ask: "What's going on with your business?" If it smells bad, it usually is bad. If it smells bad to you, file the SAR and let us determine whether there is something going on.

LiVigni: One sample red flag is when a customer doesn't care about charges. No matter the client, they all care about fees. But money launderers, by contrast, are more than happy to pay whatever fee is required so they can do what they need to do.

Banking Strategies: Doesn't this more aggressive probing fundamentally alter the relationship between banks and their customers?

Schwartz: From a customer service perspective, it is tough to ask those questions. But I don't have a problem with the spirit and intent of the new requirements. What has frustrated some banking organizations is a concern that they might put themselves at a competitive disadvantage if the guy across the street doesn't ask the same questions.

Cook: We all face that same issue. You're asking employees to play a risk management role that goes well beyond traditional concerns such as credit. We're all committed to doing it, but it's clearly not a comfortable place to be. Hopefully over time, we'll find a balance.

Banking Strategies: Are banks investing more in technology to help them comply with the new rules?

Cook: It's ironic that we're using a customer database originally developed for marketing purposes. Our company invested a lot in a corporate data warehouse and now we're able to leverage it for all kinds of risk management activities. Once you get the basic household and account relationship linking transaction monitoring in place, there's all kinds of things you can do from the security perspective.

Banking Strategies: As we've discussed, training is very important in all this. What steps are your respective institutions taking to get employees up to speed?

LiVigni: We started back in 1997 with the philosophy of training everybody here in New York and in our branches and agencies around the country, including our broker/dealer operation in Pennsylvania. And I do mean everybody ? back office and front office, clerks and administrative assistants.

Instilling awareness is vital. When employees spot something unusual, they should kick it upstairs to their manager or person in charge. For that, they need to know the names in the organization. We send out a list of go-to people.

But we don't want to create a Big Brother culture. The idea is to be able to identify what's unusual and then explain it. Your customer might be experiencing a seasonal change in his business. That could be reasonable. Only the people who deal with these issues on a daily basis can determine whether something unusual translates into something suspicious.

The general idea is to train everybody and then drill down to specifics. I've often sat down with the business heads and asked them about the vulnerabilities in their particular area. We then draw up a program of policies and procedures to address them.

Schwartz: Our current anti-money laundering training program has been in place for a couple of years now. It's divided into a basic course and an advanced course, and our goal is to put virtually everyone through both. Training is ongoing in the corporate bank and the branches.

Banking Strategies: Is comprehensive training harder for a large retail bank with lots of branches?

Cook: There's more complexity. At Bank One, our size and geographic dispersion forces us to use a lot of computer-based training to reach everybody. But we prefer to put experts in front of people. Doing the training in person has a bigger impact.

For one thing, employees provide specific examples of things they encounter in their workday that can be helpful to the trainers. And they are coached on whom to call when that unusual circumstance does occur.

In our security organization, we've noticed that whenever we see a dip in referrals, for check fraud or whatever, it's because we haven't been out to a banking center lately to reinforce the message. Referrals immediately pick up when you go back out there.

Banking Strategies: What does law enforcement do to help banks with their training?

Chen: In the New York area, the El Dorado task force, which I co-direct with the Internal Revenue Service, has an intelligence unit that analyzes between 1,800 and 2,000 SARs a month. By analyzing those SARs, we can identify the shortfalls.

Part of our job is to enlighten the banking community and the compliance officers on trends that we see, to help them train their employees. I encourage my people to go out and talk to bankers. I think my group has a great relationship with compliance officers.

Banking Strategies: How are bankers getting along with other regulators since the Patriot Act was passed?

LiVigni: The Federal Reserve's most recent examination of my institution was longer. Questions are more targeted, detailed and intense. I've been interviewed by Federal Reserve examiners who are anti-money laundering specialists and/or possess expertise on the Patriot Act.

Banking Strategies: So the regulatory/law enforcement environment is more serious?

Chen: We're always serious.

Look, if apparent violations surface, and it seems that certain banks are not asking questions, we're going to be there. It'll come out, especially in this New York area, where we're drilling down to find the dirt underneath the fingernails.

But I've also got to say that most of the bigger institutions do have very good programs. Maybe once in a while, you do have a stray banker. But in most cases, the banks will work with you. They just want to be left out of the headlines.

Banking Strategies: Do you find your own organization, the Customs Service, cooperating more with other federal agencies?

Chen: Yes, absolutely. I've been an agent for 20 years and back then, people didn't talk to each other. Nowadays, there's a lot more coordination and sharing of information. We're all pursuing a common goal, which is to put the bad guys in jail and stop terrorist financing.

Mr. Cline is senior editor of Banking Strategies.

Copyright © 2003 by Banking Strategies, published by BAI.

back to top