The Financial Crimes Enforcement Network (FinCEN) has intensified its fight against money laundering for the last few years. But in this endeavor, the regulator relies on companies to establish solid anti-money laundering (AML) programs to detect illicit conducts and if they don’t have one, they can face hefty fines. FinCEN imposed more than $600 million in fines for AML violations in just 14 months (from January 2021 to March 2022).
FinCEN has provided guidance about how an AML program should be to meet the requirements established in the Bank Secrecy Act (BSA). This includes having policies and procedures in place, a well-trained compliance team with enough resources, a chief compliance officer for AML issues and most importantly to have “an appropriate risk-based procedure for conducting ongoing customer due diligence (CDD).”
For this last element, the CDD, FinCEN provides little additional information, and it lets companies decide how to build a robust CDD process. In this regard, FinCEN guidelines say that financial institutions “must establish policies, procedures, and processes for determining whether and when, on the basis of risk, to update customer information to ensure that customer information is current and accurate.” Furthermore, the regulator doesn’t require specific information to be collected or that financial institutions use a specific method or categorization to establish a customer risk profile.
This flexibility for companies to design a robust CDD process may become a liability if the regulator considers a company’s efforts insufficient. With an increasing number of digital transactions, companies are using more digital tools to build their CDD processes. FinCEN doesn’t require companies to use digital or manual tools insofar as the AML program bring successful results.
However, recent enforcement and advocacy actions may suggest a preference for automated and digital tools for identification, verification and monitoring customer risk profiles.
In 2021, FinCEN fined CommunityBank of Texas with $8 million for violations of the BSA. Essentially, the bank didn’t have a good CDD process that allowed to identify and change the risk profile of some customers.
Interestingly, in the consent order, FinCEN explained that “the Bank performed CDD, in part, through its automated AML monitoring system. Under that system, the Bank assigned its customers a risk rating score based on a variety of risk factors, which it obtained through questionnaires for businesses and individuals.” This automated part of the CDD process didn’t pose any problem to the regulator and in fact, FinCEN praised the system for having the capacity of detecting suspicious activities, but due to some human deficiencies, the system didn’t generate the results. “The Bank’s automated AML monitoring system had the functionality to generate monthly worklist items, such as ‘High Risk Reports’ that could provide information about account activity for high-risk customers. Despite this ability, AML staff did not generate such reports during the ordinary course of business.”
In the end, the regulator found that the bank didn’t have an adequate AML program not because the technology failed to detect suspicious activities but because the AML staff didn´t report or monitor all the alerts produced by the automated system.
On the advocacy front, this week, on Tuesday (April 5), FinCEN and the Federal Deposit Insurance Corporation (FDIC) named three teams of experts in a Tech Sprint that will help measure the effectiveness of digital identity proofing, the process used to collect, validate, and verify information about a person. The teams will present their solutions to a panel of government judges. The teams need to work on a scalable, cost-efficient, risk-based solution to measure the effectiveness of digital identity proofing to ensure that individuals who remotely (i.e., not in person) present themselves for financial activities are who they claim to be.
“It is critical that financial institutions have reliable ways to identify their customers, particularly in our increasingly digital world,” said Him Das, the acting director of FinCEN.
Read also: FinCEN’s AML Probes Identify Customer Due Diligence Deficiencies