What’s the problem?
Recently, James Freis, director of FinCEN, made a statement that relates here:
“I want to emphasize that financial institutions can benefit by leveraging their fraud resources with their AML efforts and starting to take advantage of the significant efficiencies that I see being available rough this leverage … While they are often viewed as separate criminal enterprises, acts of fraud and acts of money laundering are interconnected: the financial gain of the fraudulent activity ultimately needs to integrate into the financial system. Therefore money laundering is often a malignant and pernicious product of fraud.”
FinCEN Director Freis promotes a concept that is obvious to law enforcement professionals worldwide. For example, former Los Angeles Police Chief, William Bratton, said it best:
“The choice between fighting crime and fighting terrorism is a false one.”
He was making the point that terrorist organizations finance themselves with the proceeds of a wide range of criminal activity. FinCEN reports a nearly even split between Suspicious Activity Reports (SARs) for fraud and those for money laundering, belying the perception that regulators focus primarily on AML.
While many small- to mid-size banks have effectively integrated fraud and AML programs, many large financial institutions continue to house AML and fraud in separate “silos,” despite evidence of significant overlaps:
• Distinct components often run different detection software on the same account opening and customer transaction data.
• SAR filing responsibilities often reside within several different bank components.
• Fraud and AML investigators often independently investigate the same cases, as evidenced by multiple SAR filings describing the same core incident.
• Many financial institutions maintain separate fraud and AML watch lists.
As a result of the financial crisis, many financial institutions seek greater efficiencies in their fraud and AML functions “to do more with less.” The increased incidence of financial crime, and the growing complexity and nexus between fraud and money laundering suggest a need to upgrade and streamline data integration and management processes. The issue of merging Fraud and AML functions is a matter of maximizing the bank’s return on investment in both areas. Many industry experts believe that the efficiencies, cost savings, loss reductions, and increased recoveries to be gained by integration will increase shareholder value at a time when protecting the bottom line has never been more heavily scrutinized.
Why does this problem matter?
A recent study by the FBI’s Terrorist Financing Operations Section confirmed that the majority of terrorist-financing investigations involved some variety of criminal activity.
Government prosecutions related to terrorism include a litany of financial crimes: tobacco tax fraud, cigarette smuggling, document fraud, credit card fraud, loan fraud, investment fraud, health care fraud, coupon fraud, drug trafficking, infant formula theft, stolen goods rings, identity theft, robbery, benefits fraud, copyright violations, and many others.
A Congressional Research Service study concluded that terrorist organizations and sleeper cells increasingly rely on criminal activity to finance their operations.
Paradoxically, as law enforcement resources were shifted to focus on terrorism after 9/11, the ability to prosecute the crimes that finance terrorism diminished. As investigative and prosecutorial thresholds for financial crimes increased, fewer individual fraud schemes were prosecuted. As a result, it is imperative that financial institutions aggregate losses by identifying fraud rings, rather than devoting their scarce resources to so-called “one-off” or lower priority cases.
Sadly, the collective law enforcement effort remains fragmented and lacks necessary coordination, with over a dozen federal agencies and countless state and local law enforcement departments frequently following the same criminals with independent investigations. This long-time dynamic perpetuates an environment where fraudsters do not fear prosecution and are, in fact, emboldened and more assertive than ever before.
With fewer resources devoted to the problem, fraud has become a low-risk proposition.
History behind the silos
Fraud and money laundering responses developed separately within financial institutions as distinct programs addressing different issues. The factors that contributed to this dynamic include the history of Bank Secrecy Act (BSA) enforcement strategies, the dramatic transformation of the financial services industry, and the role of technology in addressing fraud and money laundering.
The current regulatory scheme developed as a patchwork of responses to specific threats and political pressures.
For example, the impetus behind the original BSA in 1970 was organized crime and tax evasion [31 USC 5311 et seq.] With the War on Drugs in the 1980s, amendments to the BSA laws attempted to restrict cash movement by outlawing intentional cash transactions—creating the crime of structuring.
The 1992 Annunzio–Wylie Money Laundering Act, among other laws, strengthened BSA penalties and mandated the filing of SARs. These changes spurred banks to gradually develop more rigorous AML programs with progressively larger investments in AML specialists and processes geared towards detection and reporting of drug-related structuring and money laundering.
At the time, terrorism was not prominent as a national concern and knowing your customer was not, in fact, a formal obligation.
The passage of the USA Patriot Act in the wake of 9/11 set out specific responsibilities regarding enhanced customer due diligence; AML program requirements; and terrorist financing reporting requirements. Regulators swung into high gear and banks ramped up resource investments as AML soon became a multi-billion dollar industry. High-profile enforcement actions against ABN/Amro and Riggs Bank gained the attention of bank executives.
The media coverage of these cases and the urgency caused regulatory enforcement strategies to concentrate heavily on AML and did not focus on the regulatory aspects of the fraud programs or the coordination between the two components.
Financial crimes received renewed attention as a wave of Enron-style corporate fraud, identity theft, credit/debit card schemes, cyber attacks, health care fraud, and mortgage fraud caught the eye of legislators, the public, and law enforcement. Banks invested in fraud detection software and investigative resources to stem the tide of losses as regulators recognized the growing connection between fraud and money laundering.
Current obstacles to convergence
Experts agree that there is redundancy and overlap between fraud and AML programs but it is difficult to make the business case to justify additional expenditures of resources to solve this problem.
While intuition, experience, and logic tell us that risk reduction can be gained by integration, that is not enough. The financial savings of consolidating two or more components, thereby eliminating redundancy and inefficiencies can be significant, depending on the size of the organization. These savings can more than offset the expenses of consolidation and procurement of the necessary technology.
The larger and more complex the institution, the more formidable are the challenges and benefits associated with convergence. The larger the number of databases and applications, the harder it is to get funding and technical support to integrate AML/fraud case management, detection software, and analytics into the existing architecture.
The problem is most acute with merged financial institutions, where diverse processes and technology were cobbled together to form a patchwork of databases, automated processes, and organizational structures. As these consolidations took place, AML efforts became distinct compliance programs, while fraud programs were scattered throughout the institutions. (Fraud prevention and detection processes were usually imbedded within the line of business, while investigations could be located anywhere from the legal departments to audit or administrative operations.)
A combination of four factors—interstate banking dissolution of limitations on the bank products and, global nature of banking, and breathtaking advances in technology—combined to create an environment so complex as to hinder any consolidation of bank fraud and AML programs. During post-merger transitions, priority was placed on ensuring that the core businesses effectively integrated their people, processes, and technology. In service areas it was expedient to simply combine similar components, thus the respective programs got bigger and more distinct. Fraud components, especially, could be found in diverse locations throughout the institution.
Technology deployment in both the public and private sectors followed similar paths. After 9/11, government intelligence agencies were called to account for their inability to transcend inter-and intra-agency silos to “connect the dots.” (Editor: And, as recent events show, not for the last time, either.) In both sectors, as business needs arose and technology solutions evolved, each individual component satisfied those needs without the benefit of a cohesive technology acquisition plan. In the private sector, revenue goals and competition created an environment where no business leader could afford to wait for technology solutions. Thus very few financial institutions or government agencies were even discussing enterprise-wide architecture.
What can be done about it?
Rationalizing the move from traditional silo approaches to cross-channel approaches will require not only changes in technology and business processes but also breaking down cultural barriers.
AML staffers typically come from a banking industry background. Though they have moved into investigatory work, they are bankers by breeding.
On the other hand, anti-fraud investigators tend to come from law enforcement backgrounds.
The two backgrounds don’t always mesh. These human factors can be more powerful inhibitors than other challenges. Total convergence means the elimination of redundant positions and few stakeholders would intentionally initiate or contribute to their own demise.
To overcome the obstacles, there must be commitment and support at the highest levels. To accomplish this change, there must be a credible independent assessment of all financial-crimes-related components.
In place of true convergence, many institutions will default to a compromise solution. One example would be formation of a coordinating group for “governance” councils. Such efforts may have some usefulness in improving coordination, but they will generally preserve the status quo.
Achieving true convergence
True convergence is a consolidation of technology, human resources, and processes within one organizational component under one executive. Medium to large financial institutions may need a multi-generational plan that considers the size, complexity and breadth of the organization as well as the variety of products and services provided by the bank.
To build the business case and achieve the total integration of these programs there must be executive level sponsorship for the following steps:
1. Conduct a comprehensive inventory of processes, technology, databases, and organizational components involved in fraud and AML and identify components that:
• Run detection software on the same data bases
• Research the same information for investigations
• Interface independently with the same law enforcement agencies or the same lines of business
• Use the same or similar skill sets
2. Finalize the business case to gain senior executive mandate for change by quantifying the cost of:
• Maintaining and running redundant technology, software applications, and vendor licenses
• Overlapping processes, human resources, and executive oversight
• Criminal prosecutions, regulatory fines, and enforcement actions based on historical precedents
• Responding to internal and external regulatory audit findings that mandate remedial action when silos produce problems (e.g., inability to detect fraud rings across lines of business)
3. Create shared goals and metrics under one executive manager and identify opportunities to integrate management
• For example, consolidating AML and fraud-related technical and procurement support under the same manager may limit deployment of redundant or incompatible technology, prevent technology silos, and rationalize existing applications and software
• Migrating to a shared case-management system may integrate work flow management, automate “hand offs” between components, and offer a shared data base of historical and current red flags, alerts, claims resolution, investigations, SAR data, and watch lists
The most important benefit of fully integrating fraud and AML programs is reducing the compliance and regulatory risk that comes with failure to have a comprehensive view of all of your financial institution’s data.
Multiple components combing over the same transaction and customer data utilizing different tools and processes creates potentially fatal blind spots.
Of secondary importance is the elimination of redundant layers of management, investigators, support components, and technology. Reorganizing staff, processes, and technology involves significant cost savings.
Other benefits include having a single interface with regulatory authorities, reduced losses through enhanced ability to detect networked criminal activity, and a single enterprise view of fraud and AML. These benefits are clear, measurable and, if done correctly, attainable.
It should be noted that this goal cannot be reached overnight and will require focus and discipline. There will be overt as well as passive resistance. Transition is highly unlikely to take place without an independent outside assessment and a non-stakeholder executive management sponsor. The rewards will be a combination of increased efficiency, reduction of regulatory risk, loss avoidance and increased recoveries, and the creation of a well-trained and sustainable workforce. The staff will be comprised of subject matter experts, who have advanced their skills from working basic fraud cases to the most complex money laundering matters, rendering them capable of quickly identifying when these violations intersect.
These benefits increase shareholder value, protect the institution and place it within the letter and spirit of the BSA and subsequent laws and regulations. More importantly, they give financial institutions an infinitely greater capability to prevent the financial system from being exploited by terrorists and criminals.
About the authors
John Byrne, www.ababj.com’s blogger on anti-money-laundering and fraud issues, is a nationally known regulatory and legislative attorney with more than 25 years of experience, much of it at the American Bankers Association. He last served at ABA as director of the Center for Regulatory Compliance. Afterwards he worked at Bank of America as Global Regulatory Relations Executive and then as head of his own consulting firm. He is now executive vice-president of the Association of Certified Anti-Money Laundering Specialists. His blog, “AML, Fraud, and Other Things,” can be found at www.ababj.com
Chris Swecker has 30 years of experience in law enforcement, national security, legal practice, corporate security, and risk management. In 2006 he retired from a long career with the Federal Bureau of Investigation. That career culminated in his final position of Executive Assistant Director (acting), the third-highest executive position in the bureau. Swecker also served as the FBI’s on-scene commander in Iraq in 2003, where he led a team of agents investigating terrorist financing. From 2006 to early 2009 he served as Bank of America’s Chief Security Officer.