Posted by Brian Monroe - bmonroe@acfcs.org 11/04/2021
ACFCS Cryptocrime Workshop Takeaways Day Two: With crypto value surge, pandemic scams, ransomware attacks, more banks, exchanges reporting on aberrant activity
The skinny:
- In this piece, the team at AI-technology innovator Symphony AyasdiAI looks at recent updates of U.S. anti-money laundering rules and questions if the country is still keeping pace with growing criminal laundering threats, and the activities generating them, like drug and human trafficking.
- Financial institutions must change their perspective to fully play their role in spotting and preventing money laundering, realizing that illicit groups are exploiting the gap between the bank requirements to deliver on regulatory objectives, and those efforts largely missing the mark.
- Financial institutions, regulators and law enforcement must come together, rather than, in some cases, being at odds with each other and pulling banks in both directions in-between. Why? AML is more than compliance. These crimes devastate whole communities, making AML not just about checking off compliance boxes on a list of requirements, it’s about helping to protect human beings.
Anti-money laundering legislation got a much needed, but tardy upgrade with The Anti-Money Laundering Act of 2020, the biggest change in the field in the last two decades since the seminal U.S.A. Patriot Act in 2001.
It made massive changes to the Bank Secrecy Act of 1970, signaling a serious effort by federal officials to take anti-money laundering (AML) seriously by shifting from solely satisfying regulatory objectives to creating “effective” compliance teams generating “highly useful” and “relevant” intelligence for investigators.
These would be further informed by focused, shifting defined “priority areas,” released by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), both broad generators of illicit income, like corruption and cyber-enabled fraud, but also attuned to the actions and reactions of international threat actor groups.
This also included adding stronger whistleblower program provisions, which is critical, given that human intelligence remains key to the discovery of hidden criminal and financial malignancies in the banking system.
Yet, though there are several powerful elements within the Act, there’s also a lot more room for growth.
Ultimately, for all the positives of these new changes, they still fail to tackle one of the biggest challenges: AML regulation’s mission needs to change from being mostly a compliance – or worse, an analytical – issue.
Instead, it needs to focus on a moral imperative to prevent our financial system from being used to facilitate some of the worst human rights and criminal violations.
Progress at a glacial pace
This year’s annual defense-spending bill included a whistleblower program to reward tipsters who report possible AML violations.
It’s a great start, but as a recent Wall Street Journal article pointed out, so far, it’s been slow to gain momentum. Part of the slowness is related to how the rewards system is set up.
Still, it’s good to see the feds taking some stronger steps here.
What many consider the centerpiece of the AMLA is the Corporate Transparency Act (CTA). It’s intended to combat the use of “shell companies” as havens for money laundering and other illicit activity.
It establishes a registry and requires millions of domestic and foreign companies registered to do business in the U.S. to disclose information about their beneficial owners.
Though the CTA is laudable, and necessary, as corporate opacity is a magnet for criminal groups of all stripes, some say it is also late to the party.
A beneficial ownership registry has existed in the United Kingdom since 2016, as part of strengthened AML regulations.
And under the CTA, the secretary of the treasury won’t have to implement these reporting requirements until a year after the rules were passed: Jan. 1, 2022.
And there is a school of thought that says beneficial ownership does not necessarily help in the detection of crime, given the near impenetrable opacity that has been created over the last three decades.
It’s an interesting hypothesis, and one we at AyasdiAI are seeking to test over the next year or so.
FinCEN has suggested that the final regulations will give affected entities additional time in which to come into compliance.
In all, these would be welcome leadership changes at the Treasury Department and the Federal Deposit Insurance Corp. (FDIC), one of the federal banking regulators, might help focus on new, more innovative, and more aggressive discovery and interdiction.
Simultaneously, since the pandemic began, there’s been a surge in the number of shell companies.
Lockdowns didn’t stop the bad guys from selling drugs or perpetrating other crimes – it just meant that they wound up with piles of cash that they haven’t been able to launder through the channels they normally would use due to business closures.
So instead, they started buying small, distressed businesses for cash. Ownership remained, but control was lost creating a complex discovery and detection problem.
Additionally, the adversaries of the market continue to evolve extraordinarily quickly with rising identity theft volumes, the yet-to-be understood bribery holes created by the rush to digitization during COVID-19, and the proliferation of new financial instruments like de-centralized finance, cryptocurrency and NFTs.
We can’t wait another two decades for a major piece of legislation. Fixing the cadence and focus of regulatory oversight is desperately important.
What, why, where and how: From rules to results
Federal regulators recently updated U.S. banking laws with the Anti-Money Laundering Act of 2020.
It includes important provisions, including a whistleblower program. However, such progress is too slow to match the pace of criminals who are laundering money as the result of and to further finance their harmful activities.
These activities include human and drug trafficking, sexual exploitation, terrorist financing, rogue sovereign state activities, pedophilia and frankly some of the worst evils facing our society.
These crimes devastate whole communities, making anti-money laundering (AML) not just about checking off compliance boxes on a list of requirements, it’s about helping to protect human beings.
Financial institutions must change their perspective to fully play their role in spotting and preventing money laundering.
Are they complicated? No, definitely not.
But they are being arbitraged by a cabal of illicit groups exploiting the gap between the bank requirements to deliver on regulatory objectives, and those efforts largely missing the mark, outfoxed by the dynamic and sophisticated actions of creative and crafty criminal adversaries.
The spirit of the law
There really seems to be energy to combat money laundering at the federal level.
But how do we get this down to the examiners’ level quickly to add energy across the entire market?
Regulatory updates, amendments and full Acts like the AMLA tend to take a lot longer than they should to get to the individual banks.
And in some cases, once the legislation gets down to the individual examiner, the requirements are already outdated.
Unfortunately, criminals have little to no lag time, which means regulations will always be behind.
De-centralized finance, Bitcoin, and NFTs are accelerating; electronic payments and open banking all offer massive exposures to the system.
The central issue with many regulatory approaches is that ultimately, they still treat money laundering as a compliance issue and not what it truly is: a moral and human rights mission.
What happens much of the time is that financial institutions focus on just the regulations, taking a check-the-boxes compliance approach without understanding the full ramifications of money laundering.
The rule of the law shouldn’t be the objective, the spirit of the law should be.
AML officers, compliance leaders and financial intelligence unit (FIU) leaders have an incredibly impactful role on the adversaries that exploit the system.
They can be astonishingly impactful, especially when system-wide collaboration is used to challenge the “portfolio” approach that organized criminals so readily rely on.
A change in perspective
Perspective is essential when thinking about AML.
Banks must consider themselves as stewards of the integrity of the financial system and the standards a society holds itself to.
These aren’t small firms, some are almost countries in themselves.
Culture and tone from the top have a material impact on the societies they operate in – and a culture of compliance, or lack thereof, has been a reoccurring theme in high-profile AML and sanctions enforcement actions, some that has soared into the billions of dollars.
Banks must be the leaders of innovation and crime discovery, not simply the executors of abstract regulations that are often outmaneuvered before they are implemented.
Meanwhile, regulators should be stimulating innovation, discovery, and learning from the market – not stifling change because it shifts power and control away from examiners.
They should be the Product Management of the fight against financial crime – synthesizing ideas, breakthroughs, information and propagating that to the constituents of the market, a duty because of the unique perspective regulators have to see the best and worst across banking groups large and small.
Regulations are not a competitive issue.
They are frameworks to allow the system to have integrity and balance. So, it needs to be a collective endeavor, involving technology, banks, and regulators working together against a common group of highly sophisticated and agile foes.
Banks need to stop fearing they’ll be penalized for discovering new attacks or risks.
At the same time, regulators should act as the catalyst for innovation and as a clearinghouse for collective ideas that increase the effectiveness of the system and its constituents.
That may feel to many to be the reverse of the traditional compliance model, but only through such partnership can the system arm itself effectively against those that exploit the financial system’s fragmentation, opacity and lack of coordination.
The spirit of the law must be the prime motivator, rather than the letter of the law.
We now have the technologies to first discover, then disrupt and maybe someday stop criminal exploitations of the banking system. Sure, that may seem naïve, but we now have the tools and ability to create real change.
So it comes to money laundering, human and sex trafficking, the narco-economy and rogue state actions, it should be much less about keeping the regulators happy against some abstract requirements and more about the constituents of the system.
It’s more about ensuring our banking system isn’t exploited as a facilitator of some of the worst actions against humanity.
The top-down method of regulators making decisions about how financial institutions should catch the bad guys, instead of the banks catching the bad guys and then telling the regulators how it was done, isn’t working.
Such a backwards dynamic hamstrings the entire system and gives adversaries the ability to institutionalize many of the risks we’re trying to stop.
From Compliance to Caring
Streamlined reporting, a cash-for tips whistleblower program and other provisions are a great step forward for AML efforts.
But it took so long to get here, and there are still several shortcomings, mainly the cadence and singular focus on individual banks rather than stimulating systemic focus, innovation and synchronization.
The goal: a true harmony and partnership between the public sector and private sector, banks, regulators and law enforcement working together in truth, trust and transparency against a common enemy – all organized criminal groups and their tainted financial lifeblood.
Money laundering facilitates serious crimes against real human beings, such as slavery, the illicit drug trade, sexual exploitation and terrorism.
Merely ticking the boxes to meet minimum compliance is insufficient to meet these threats. We need a rapid upgrade not just of regulation but of mindset to help uphold human rights and human dignity.