Home / Banking Strategies / It’s no secret: The Bank Secrecy Act needs a major overhaul

It’s no secret: The Bank Secrecy Act needs a major overhaul


“Illicit actors,” notes says Scott Swanson, a financial crimes investigator with a big-four accounting firm, “run around the Bank Secrecy Act like it is a chained, aged, and toothless junk yard dog.”

If that sounds like hyperbole, consider all the talk about Russian meddling in the 2016 presidential election and one crucial detail largely overlooked by the mainstream media: how the Russians allegedly tap danced their way around the BSA.

An indictment handed up by special prosecutor Robert Mueller charges the Russians with creating a circuitous route to hide funding for their massive disinformation operation.

That operation required about $1.2 million a month at its peak and the indictment alleges the Russians used 14 bank accounts to hide transactions. They used stolen identities to open bank accounts that helped them create PayPal accounts. The mechanism supposedly streamed funding to sustain their dirty work. And buy social media advertising on Facebook. And create buttons, signs and other supplies for rallies set up by fake organizations created to stir up trouble.

To one financial investigator, the ability of the Russians to hide their money so easily is the latest example of how the 48-year-old Bank Secrecy Act—created to ensure financial institutions assist U.S. government agencies in detecting and preventing money laundering—fails to halt a lot of nefarious traffic.

Says Swanson, whose firm used to serve as a Pentagon contractor that worked with U.S. intelligence agencies to break up jihadi funding networks: “The act that was supposed to stop this is dated.”  

Bank benefits and foibles

Enacted in 1970, the Bank Secrecy Act requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. Banks must keep records of cash purchases of negotiable instruments; file reports of daily aggregate cash transactions exceeding $10,000; and maintain records to enable transaction reconstruction if necessary. In doing so, a paper and audit trail is maintained.

These records and reports, according to the Federal Financial Institutions Examination Council, have “a high degree of usefulness in criminal, tax or regulatory investigations or proceedings.”

Though updated over the years—including with the USA PATRIOT Act enacted in the wake of 9/11—the BSA “is extraordinarily inefficient, outdated and driven by perverse incentives,” said Gregory Baer, president of the Clearing House Association, in recent testimony to the Senate Banking Committee, which is considering a law to bolster the act.

Baer pointed out that the present system “is geared towards compliance expectations that bear little relationship to the actual goal of preventing or detecting financial crime, and fail to consider collateral consequences for national security, global development and financial inclusion. Fundamental change is required to make this system an effective law enforcement and national security tool and reduce its collateral damage.”

Baer’s Senate testimony follows a February 2017 Clearing House report stating that “the current anti-money laundering/combating the financing of terrorism statutory and regulatory framework is outdated and thus ill-suited for apprehending criminals and countering terrorism in the 21st century.”

Despite its flaws, the BSA has been a benefit to law enforcement and financial investigators, said Dennis M. Lormel, President and CEO of DMI Associates, during his Senate Banking Committee testimony.

In 28 years as an FBI Special Agent, Lormel created and led the bureau’s Terrorist Financing Operations Section after 9/11. “I experienced first-hand the value BSA data brought to investigations,” he testified. The BSA system “is not broken. The system is fraught with many inefficiencies, but it works.”

‘Bad guys know how to work this’

The Russians are far from alone in figuring out how to sidestep the BSA, says Swanson, who set up phony companies worldwide where fake business structures could enable and obscure the people behind it.

To fool the bad guys.

And, as it turns out, the banks.

“My job was also to identify them by reverse engineering how a front company would operate in that particular town or region,” he says, referring largely to Shiite jihadi groups working with Iran, and their lethally troublesome commandos.

“I understand how to build front companies so it looks like a duck and walks like a duck,” says Swanson, who lives in Chicago. “I understand how to do it for counterterrorism purposes, and how to recognize Hezbollah or the Iranian Qods Force.”

More than 100 front companies help North Korea move money to finance Kim Jong-un’s nuclear and ballistic missile weapons programs, he says. And jihadi groups and cartels also move funds despite the BSA. Swanson has seen first-hand how financial institutions ignore BSA’s rules to ferret out the ill-gotten profits of jihadis, drug smugglers, human traffickers and other bad actors.

As example of how banks ignore BSA reporting requirements, Swanson highlights the case of Dutch-owned Rabobank in California. In January, the bank agreed to forfeit $368 million for allowing Mexican drug cartels to wash tens of millions of dollars despite BSA requirements.

The BSA, says Swanson, “lays out a general framework. Guidance. It provides the spirit of how financial institutions should behave. So is it fair to say BSA could be more explicit to address current vulnerabilities? Or do banks just want more explicit rules so they can go right up to the line with firm left-and-right boundaries?” 

The biggest blanks, says Swanson, involve what are known as Suspicious Activity Reports, or SARs.

“Without greater context stringing more pieces together, agencies aren’t going to catch the criminals,” he says. “Bad guys know how to work this. The line in the sand from the BSA is dated and ineffective to catch real big fish criminals because the landscape has evolved dramatically.”

And, he adds, digitally.

“It should also now address the digital banking landscape,” he contends “Fraud, cyber, and AML have converged. But the policies and procedures, as well as monitoring systems, aren’t typically integrated to connect some of the dots.”

Bipartisan backing for BSA revision

Help may be on the way.

New legislation working through both chambers of Congress—called the Counter Terrorism and Illicit Finance Act—would create the most significant change to the BSA since the Patriot Act. Among other things the legislation would modernize the Currency Transaction Reports (CTRs) threshold to $30,000, and update the Suspicious Activity Report (SAR) threshold to $10,000, according to a House Financial Services Committee report.

It would also require the Secretary of the Treasury to review current Bank Secrecy Act (BSA) reporting requirements and propose changes to ensure that information provided to law enforcement is of a “high degree of usefulness.” One positive of this effort (though perhaps not some finished draft of the bill) is that it enjoys bipartisan support on Capitol Hill.

The bill also calls for information sharing between financial institutions under an existing voluntary program to combat illicit finance, money laundering and other Specified Unlawful Activities, and provide safe harbor protections for the sharing of such information. This section also permits a domestic financial group to share SARs with its foreign branch or affiliate under certain circumstances.

And in May, a new provision kicks in that would require banks to adopt due diligence procedures to identify and verify a legal entity customer’s beneficial owner at the time a new account is opened, says Daniel Stipano, a partner with the Washington D.C. office of the Buckley Sandler law firm.

The new rule does two things, Stipano says: “First, it requires banks and other covered institutions to verify the identity of all beneficial owners of a legal entity. That gives more transparency to who is behind it.”

Second, the new rule introduces certain customer due-diligence standards by requiring institutions to know the nature and purpose of accounts opened—and monitoring them for suspicious transactions while updating customer information at account openings.

The BSA may be old and flawed, says Stipano. “But we shouldn’t scrap it. It generates a tremendous amount of extremely useful information for law enforcement.”

That established, “It needs to be modernized, though. We still have systems using 20th Century technology and approaches to deal with 21st Century problems.”

Want more Banking Strategies? Sign up for our free newsletter!

Howard Altman covers the military and national security for the Tampa Bay Times. He has won more than 50 journalism awards and his work has appeared in the New York Times, Daily Beast, Philadelphia magazine, the Philadelphia Inquirer, New York Observer, Newsday and many other publications around the world.

If you enjoyed this article, check out: Innovation superhighway: Nine leaders map the fast lanes to financial services success and Eliminating customer apathy and driving engagement