AML Reporting: Investigation Is the Key
BY DAVID CARUSO
No longer able to rely mostly on former law enforcement agents, financial institutions need to strengthen the training of their own anti-money laundering investigators.
In the years after 9|11, filing accurate and timely Suspicious Activity Reports (SARs) became a priority for banks and effective investigation is the key to effective ALM compliance. However, hiring retired law enforcement agents as suspicious activity investigators has become increasingly problematic as costs rise and the talent pool becomes shallower. Consultant David Caruso advises banks to upgrade the training of their in-house investigators with hands-on training that simulates real-world conditions.
The most difficult task in anti-money laundering (AML) compliance is filing complete, accurate and timely Suspicious Activity Reports (SARs). Investigating and reporting suspicious activity properly is the one aspect of AML compliance that, if solved, makes all other aspects solvable. If investigations were easy, regulatory enforcement actions would be rare, not common as they now are.
The financial services industry has collectively spent hundreds of millions of dollars installing, tuning, testing and supporting software systems designed to detect suspicious transaction activity. Yet, while some systems work better than others, they all fail to compensate for the growing scarcity of skilled and experienced investigators. Costs are rising as the talent pool of former law enforcement agents depletes.
Since AML compliance requirements are here to stay, banks will need to put more emphasis on hiring and training their own investigators. But simply providing a good background on laws and regulations is not enough. In order to train investigators possessing the necessary skills, institutions will need to offer simulated training similar to that required of pilots, i.e., hands-on training that simulates real-world conditions.
New Regulations
While AML compliance has been with the banking industry for decades, emphasis on adequately filing SARs evolved through three stages.
The first occurred in the mid-1990’s, when the Treasury Department replaced criminal referral forms with SARs. Even then, many institutions went years without filing a SAR and those that did were much more likely to file them for matters involving traditional fraud, such as check kiting or forgery, rather than for AML purposes.
The second stage came after the terrorist attacks of September 11, 2001, when SARs began to pour into the Financial Crimes Enforcement Network (FinCEN). Some institutions had a low threshold for what they considered suspicious and thus many hundreds of thousands of SARs were filed. Meanwhile, the regulatory agencies and their examination staff were learning the elements of the new Patriot Act law and trying to understand the torrent of new regulations raining down from Treasury.
The third and current stage of SAR filing, which began in 2004, is the “post-Riggs” stage, where the failure to file SARs is the most significant of all Bank Secrecy Act (BSA) failures and will lead to severe criticism and likely informal or formal enforcement actions. In the most egregious cases, civil money penalties are issued. Earlier this year, for example, American Express Co. was fined $60 million.
In 2004, it was revealed that Washington, D.C.-based Riggs National Corp. had failed to identify suspicious activity related to the Saudi Embassy, the leaders of the government of Equatorial Guinea and former Chilean general and president Augusto Pinochet. Several congressional com-mittees criticized banking regulators for being slow to identify the failures and neglecting to address them with the necessary severity once they were identified. It's not surprising that suspicious activity identification subsequently became the central focus of BSA examinations.
The largest banks have long had fraud investigation departments typi-cally led by and staffed with former law enforcement agents from the FBI and Secret Service, for example. As AML requirements grew over the years, one of three things occurred. One, the fraud departments shunned the work of suspicious activity identification because it lacked the characteristics of more “traditional” financial crimes such as check fraud, forgery and kiting. Two, because the BSA is a compliance regulation, the responsibility for adherence was placed upon a compliance department that rarely reported to the same executive as the fraud department. As a result, when the BSA compliance requirements around suspicious activity identification grew, the compliance department naturally sawThe largest banks have long had fraud investigation departments typically led by and staffed with former law enforcement agents from the FBI and Secret Service, for example. As AML requirements grew over the years, one of three things occurred. One, the fraud departments shunned the work of suspicious activity identification because it lacked the characteristics of more “traditional” financial crimes such as check fraud, forgery and kiting. Two, because the BSA is a compliance regulation, the responsibility for adherence was placed upon a compliance department that rarely reported to the same executive as the fraud department. As a result, when the BSA compliance requirements around suspicious activity identification grew, the compliance department naturally saw this as its purview, along with the traditional policy and procedural requirements of the BSA. Three, in very rare instances, a bank's existing fraud and loss prevention department did take on AML transaction monitoring and investigations.
In most cases, institutions opted, either willingly or by default, to appoint a new group of staff to investigate potential money laundering and terrorist financing. Most of these groups report to a compliance chief. As with their creation and operation of fraud departments, the country's largest banks have sought out and, in most cases, hired former law enforcement agents to manage and staff senior positions in these investigation units. While these agents almost always lack experience in the BSA regulation and examination process, they are well versed in the elements of investigation, case documentation and case management.g from fellow institutions. However, that is no longer likely to lead to much success as current employers are likely to match competitive offers.
Turning to retired law enforcement can be helpful, but is by no means the solution it once was. The prospect of working long hours analyzing customer transactions trying to spot something suspicious is not necessarily the way many agents pictured retirement. It can also be a challenge to transition from 25 or more years in government service. While most former agents eventually do well in the financial services sector, it takes time for them to become acclimated to the highly automated environment in today’s AML departments. They may also consider some suspicious activity reporting to be “trivial” in comparison to the life-and-death issues they had become accustomed to in their former jobs.
Another burden facing institutions is keeping AML investigators up-to-speed on emerging regulatory concerns and priorities. For example, in the last year, there has been a spate of episodes involving the use of foreign and domestic shell companies to launder money. Experienced law enforcement agents will tell you that while not all shell companies are nefarious — most are not — all sophisticated money laundering schemes use shell companies.
So now AML compliance investigators have to understand why shell companies are so attractive to criminals. What are the signs of a shell company? What are the attributes of ownership or activity that make it suspicious? How does one go about identifying beneficial owners? The sooner AML investigators understand the answers the better, as all of these questions are being asked by regulators.
Many institutions encourage their staff to become certified in a field related to AML compliance. These programs are beneficial to the industry in that they provide a good background and foundation for general AML compliance. But institutions that believe being certified in laws, regulation and guidance makes someone a good investigator should reconsider. These programs are not designed to teach the elements of investigation nor do they devote much of their curriculum to how money laundering and terrorist financing schemes work and the level of sophistication of those plying this trade.
Simulation Training
So where do you find experienced suspicious activity investigators in an environment where the costs are high and the talent pool shallow? The simple answer is to train existing staff or hire staff with potential to become strong investigators. While the answer is simple, implementation is difficult.
An investigation is a series of complex thoughts, data and events strung together to tell a story. Even the most seemingly simple case requires analysis and associative memory use, that is, the ability to recall where you have seen similar events in previous investigations. And therein lies the key to good investigations - teaching people how to review events (both confirmable and those unable to be confirmed); decipher patterns; spot anomalies; recall related events or cases; process the information; draw a conclusion; and support that conclusion with evidence and a well-written report.
In other words, investigation is a skill; the skill is to spot things that are indicative of potential wrongdoing. Just as a structural engineer needs to spot things that may make a building unsafe, or a software developer needs to identify source code that will cause a program to seize up, an investigator needs to spot phenomena that suggest suspicious activity.
Also like an engineer or software developer, an investigator needs a certain amount of study in the principles of the field. In the case of an AML investigator, it’s the knowledge of FinCEN regulations and guidance. But as with any professional, an investigator only gets better through actual experience.
By conducting investigation after investigation, an investigator learns the nuances of how a small, cash-intense business may be structuring to avoid Currency Transaction Report (CTR) requirements and nothing else, compared to a business that portrays itself as cash-intense but also is a front operation for organized crime. Repeated investigations train an investigator to spot an anomaly in the beneficiary information on a wire transfer. Why, an investigator may ask, did this customer send 20 wires a month every month to businesses but this one wire to an individual? Maybe that is the clue that uncovers a corruption scheme. Maybe it's not, but only an experienced investigator is going to spot it and resolve it.
However, institutions may not have the time to wait for an inexperienced investigator to become experienced. Or they may not want to risk hiring someone who appears to have strong potential but ultimately disappoints. What to do?
Other professions face similar challenges and solve them through highly interactive simulation training. Pilots, for example, are required to regularly participate in flight simulation training where they have to take off and land in foul weather, fly after losing power to an engine and also simply perform routine duties on a normal, uneventful flight. Investigators should learn the same way.
The basis for simulated investigator training will be to recreate money laundering, terrorist financing and financial crimes scenarios like those actually occurring at institutions today. The system would be populated by transaction alerts similar to those generated from the numerous software-monitoring programs currently used by banks.
The trainees would have access to the same tools available to them in real life. These would include the simulated customer's complete transaction history; Customer Identification Program and other customer due diligence information; simulated deposits; wire transfer and imaging systems; public records databases; “bad guy” lists; and Internet resources. The trainee would then need to determine, based upon the information contained in these simulated systems, whether the matter that generated the alert is suspicious and would require a SAR.
The simulated training must be designed so that in order for users to satisfactorily complete a course of study (i.e. a case) they would have to conduct their investigation, write a report, populate a case file with supporting evidence and, when necessary, prepare a SAR according to the requirements and guidance issued by FinCEN and the Federal Financial Institutions Examination Council (FFIEC). A training officer, the trainee's supervisor or a peer, could then review the results of the simulated investigation to ensure that the required learning and improvement are taking hold.
While creating such a training program may appear to be an onerous burden, the investment could ensure that an institution is capable of conducting complete, accurate and timely investigations. Once that has been accomplished, the institution would substantially lower its AML compliance risk and thus greatly reduce the risk of expensive remediation and corrective efforts that always result when a regulator finds that an institution's suspicious activity investigation and reporting program is non-compliant.
Mr. Caruso is CEO of Centreville, Va.-based Dominion Advisory Group, which advises financial institutions on AML compliance.