The Bank Secrecy Act (BSA) of 1970 is a U.S. law targeted to fight money laundering – the illicit practice of making illegally obtained monies appear “clean” by filtering said funds through a series of transactions designed to give the appearance that the monies came from legitimate activities. In the decades since, the BSA has been bolstered and enforced by the implementation and oversight of better defined and ever-evolving anti-money laundering initiatives and programs.
By 1987, regulators were examining financial institutions’ Anti-Money Laundering compliance programs for proper and effective implementation. After September 11, 2001, the BSA was amended to incorporate provisions from Title III of the USA Patriot Act. The BSA laws originally required businesses to keep records and file amendments primarily used by law enforcement agencies to detect and deter money laundering, both domestic and abroad. After the Patriot Act revisions, however, the laws expanded to include monies given to fund terrorism.
The actual threat of money laundering is made up of three basic tenets—placement, layering and integration. The process of successfully inserting “dirty” money into the financial system without detection is known as placement. This can be accomplished in a number of ways including the division of large sums into smaller, less conspicuous amounts as well as depositing the refund from a cancelled insurance policy or purchasing multiple cashier’s checks or money orders from one financial institution to deposit into others.
Once the money enters the financial system undetected, layering moves it through complex transactions which vary and confuse the paper trail. Money wiring is often used to quickly convolute the transaction path. Moved money must appear “clean,” and integration achieves this through means such as investment securities, foreign trusts, and the purchase then resale of real estate.
In order to combat money laundering, every organization must have an AML Compliance Program in place. While this program is customized to each organization, it must include the four original pillars established by the FinCEN as well as the fifth more recently added pillar.
The Five Pillars of AML Compliance Programs Mandated by the US Financial Crimes Enforcement Network
- Compliance Officer
- Internal Policies, Procedures and Controls
- Ongoing Training of Employees
- Independent Review for Compliance
- Customer Due Diligence
The designation of a compliance officer provides oversight and management of the AML program. A proper compliance officer is equipped with the knowledge to hold the company accountable to up-to-date standards and regulations. While this designee may fill other roles in the company, regulators expect assigned compliance officers to commit significant time to compliance. That length of time is dependent on the organization’s size and operation structure.
Implementing internal controls requires established, well-defined policies and procedures within the organization. An institution’s risk profile will dictate the depth and scope of its policies and procedures, but a standard and acceptable system of internal controls would include clearly defined roles and responsibilities for each area of the financial institution.
Consistent, scheduled employee training should focus on the institution’s AML program and each employee’s role within the construct. Customized training for unique roles is necessary to appropriately address individual needs, while a core training should be available to every employee throughout the institution. As the industry and AML regulations change and evolve, so too should training programs. Regular review and revision of curriculum promotes knowledgeable, compliant teams and initiatives.
Independent or third-party review of an institution’s AML Compliance Program provides an objective analysis of the program and assures the program is operating effectively and in alignment with its purpose. Internal controls, trainings and policies must all be reviewed for compliance with current regulations, and record keeping should be analyzed for accuracy and inclusion of important compliance aspects.
Added much later to round out the institution’s internal workings, customer due diligence broadens oversight and develops a risk profile specific to the customer journey. By continuously monitoring transactions on a risk basis and maintaining refreshed customer information, customer due diligence centers on regulation. While this requires further oversight on the part of the company, this fifth pillar was designed to lay the groundwork for oversight and detection of inconsistency within the customer life cycle. At a real, and functional level, Rich Ehrenreich, an AML attorney who specializes in international AML law adds this, “An effective AML/BSA compliance system isn’t just required by law, it’s smart business. Consumers are becoming more socially responsible with their everyday choices, from clothing purchases, to brands they admire (or don’t), to where they bank. An effective compliance system may not attract new customers, but an ineffective system can result in hefty regulatory fines, disruption to services, and the kind of negative publicity that can drive away customers and sink a financial institution. That’s why it’s smart business for companies to invest in their compliance infrastructure – people, systems, cybersecurity, education, and independent oversight.”
As financial systems have evolved with technology, the need for cybersecurity components and frequent review threaten to upend AML programs. Compliance-based systems can lose sight of new and looming threats, and FinCEN continues to call members of the global financial community to monitor and evaluate for necessary change and improvement.