Why AML compliance today is like hunting the great white shark
Still of Richard Dreyfuss, Roy Scheider and Robert Shaw in Jaws
“We’re going to need a bigger boat”
When Chief Brody (played by Roy Scheider) pointed out this obvious fact in “Jaws,” we knew that the characters’ challenge to capture the shark is more difficult than first thought. In our own AML world, the economic crisis, congressional focus on regulatory structure, and the overall need to simply stay afloat (sorry, bad pun!) means that we need to enlarge our focus beyond AML regulatory proposals, and examination results.
No matter what the size of your financial institution, a process to follow emerging risk in AML compliance necessitates a focus on more than final rules or laws.
Financial institutions need to expand their AML oversight to cover “guidance,” speeches, and even congressional testimony. T hat’s because all have the potential to test our AML mettle. Today, we’ll cover guidance.
“Nobody’s right if everybody’s wrong”
Guidance is an interesting term in the regulatory world. It is, by some definitions, a “directional” recommendation by the government based on exam results, civil penalties, or some other policy decision.
So much for the theoretical.
In practice, financial institutions get tested regarding their compliance “gaps” versus issued guidance, too.
This presents many problems for the industry, because guidance is typically an agency position that does not have the benefit of a public comment process, but that can still result in negative exam ratings.
Thus, the questions are simple:
• Can we ignore guidance? No.
• Should we completely implement without assistance as to interpretation? No.
• What process will work? That depends.
A perfect example of this dilemma occurred in 2008. That year the Comptroller’s Office issued both a consent order to Wachovia Bank and an OCC bulletin addressing the same issue on the same day.
While the bank did not admit or deny the OCC findings, the consent order pointed out that, among other things, consumers were harmed in connection with the relationships of payment processors and direct telemarketers with Wachovia. (Go to the OCC website to read the order.)
On the same day, (April 24, 2008) the OCC distributed to its examination staff and the general public a “Risk Management Guidance,” that was designed to national banks for “due diligence, underwriting, and monitoring of entities that process payments for telemarketers and other merchant clients.” Read the guidance The OCC considers these entities a “high risk” and instructed banks in a number of ways, including :
“In the event a bank identifies fraudulent or other improper activity with a processor or a specific merchant client of the processor, the bank should take immediate steps to address the problem, including filing a Suspicious Activity Report when appropriate, terminating the bank’s relationship with the processor, or requiring the processor to cease processing for that specific merchant.”
As institutions grappled with the four corners of the document, OCC examiners were quickly asking banks to perform “gap analysis,” or at least an update, on any implementation progress.
Guidance becomes rule without process
The problem was not with the importance of risk management for payment processing.
The issue is what type of flexibility there is for banks in the areas of due diligence, account monitoring, and SAR reporting. Since the guidance was published without comment, many bankers had questions as to scope and coverage. Here is where it is important to have empathy for the examiner that is given the same guidance, and may also have questions regarding how much flexibility is to be given to the regulated.
Some bankers and their counsel advise against raising issues with guidance, due to a mistaken notion that the institution is opening itself to regulatory criticism by presenting areas of challenge to a guidance document. I call this the “ostrich syndrome.”
Other bankers run with the guidance, sounding internal alarms that the regulatory sky is falling, and, of course, looking for scapegoats to blame for not seeing the guidance in advance. (That’s a rather insane criticism, if you ask me. However, we will look at emerging risk processes next month.)
On the other hand, working with your examiner is always a solid strategy.
In the case of this guidance, several banks took advantage of strong relationships with examining staff and Washington headquarters to ask for, and receive, conference calls so questions could be asked and operational issues raised.
Communication always trumps stampeding
Going directly to implementation without a strategy or communication can only lead to confusion and potential unwarranted criticism.
As always, in the regulatory world, it all revolves around communication.
While it is easy to criticize the regulators and create division, I have found the federal agency representatives and their examining staff craving two-way communication.
As far as assessing AML compliance challenges from statements of agency officials, congressional testimony, or government reports, such as those from the Government Accountability Office, I’ll have more to say about that in coming blogs.
Remember, Brody did get the shark, in the end.
But it wasn’t easy.
About John Byrne, CAMS Byrne leads Condor Consulting LLC, a Washington, D.C., area financial services consulting firm specializing in regulatory management, AML, privacy, and a vast array of financial institution compliance related issues. He has written extensively on AML issues for 25 years and has appeared on television and testified before many congressional committees on AML-related policy issues. Prior to the creation of his firm, John was the Global Regulatory Relations Executive at Bank of America. Previously, he worked for the American Bankers Association for 22 years and was responsible for ABA's lobbying, regulatory, and educational efforts on money laundering, and other compliance issues. He received the ABA's Distinguished Services Award and was also the first private sector recipient of the “Director's Medal for Exceptional Service” from the Treasury Department's Financial Crimes Enforcement Network (FinCEN). Byrne can be e-mailed at
. His web page can be found at www.thecondorconsultingllc.com
Compliance Officers: Don't miss ABA BJ's online coverage of ABA's 2009 Regulatory Compliance Conference. Click here
Community Bank Compliance Officers: Be sure to check out our other compliance blog, "Lucy and Nancy's Common Sense Compliance." Lucy Griffin and Nancy Derr-Castiglione, ABA BJ contributing editors, address compliance challenges with the smaller bank in mind. Check it out!
For ABA Member Banks Only: Get regular compliance news updates with ABA's Compliance Source E-Letter
ABA member-bank employees have access to almost three dozen ABA news and information e-bulletins on important industry topics. One e-bulletin, THE Compliance Source, is dedicated to becoming your source for compliance information in the electronic world. Compliance Source is published each Monday throughout the year. In this changing regulatory environment, every compliance professional should subscribe THE Compliance Source. It will link you to recent compliance developments and alert you to upcoming compliance events. In addition to regular sections on "What's New in Review" and "On the Compliance Horizon," THE Compliance Source will have rotating sections including analysis of compliance issues by ABA staff in the "ABA Reports" section.
For a sample newsletter, click here.
To subscribe, click here