Anti-Money Laundering
Issues Concerning Depository Institution Regulatory Oversight
Gao ID: GAO-04-833T June 3, 2004
The U.S. government's framework for preventing, detecting, and prosecuting money laundering has been expanding through additional pieces of legislation since its inception in 1970 with the Bank Secrecy Act (BSA). The purpose of the BSA is to prevent financial institutions from being used as intermediaries for the transfer or deposit of money derived from criminal activity and to provide a paper trail for law enforcement agencies in their investigations of possible money laundering. The most recent changes arose in October 2001 with the passage of the USA PATRIOT Act, which, among other things, extends antimoney laundering (AML) requirements to other financial service providers previously not covered under the BSA. GAO was asked to testify on its previous work and the ongoing work it is doing for the Senate Committee on Banking, Housing, and Urban Affairs on the depository institution regulators' BSA examination and enforcement process.
In recent years, GAO has issued a number of reports dealing with regulatory oversight of anti-money laundering activities of financial institutions. In 1998, GAO issued a report regarding Treasury's Financial Crimes Enforcement Network's (FinCEN) role in administering the BSA, which updated information on civil penalties for BSA violations. One focus was the Secretary of the Treasury's 1994 mandate to delegate the authority to assess civil money penalties for BSA violations to federal banking regulatory agencies. GAO noted that this delegation had not been made and said that FinCEN was concerned that bank regulators may be less inclined to assess BSA penalties and may prefer to use their non-BSA authorities under their own statutes. Also in 1998, GAO reported on the activities of Raul Salinas, the brother of the former President of Mexico. Mr. Salinas was allegedly involved in laundering money from Mexico, through Citibank, to accounts in Citibank affiliates in Switzerland and the United Kingdom. GAO determined that Mr. Salinas was able to transfer $90 - $100 million between 1992 and 1994 by using a private banking relationship structured through Citibank New York in 1992 and effectively disguise the funds' source and destination, thus breaking the funds' paper trail. In 2001, GAO issued a report on changes in BSA examination coverage for certain securities broker-dealers. At the time, there was no requirement that all broker-dealers file Suspicious Activity Reports (SARs); however, brokerdealer subsidiaries of depository institutions and their holding companies were required to file SARs and were examined by banking regulators for compliance. GAO determined that with the passage of the 1999 Gramm-Leach-Bliley Act, these broker-dealers were no longer being examined to assess their compliance with SAR requirements. However, with the passage of the USA PATRIOT Act and the issuance of a final rule that was effective on July 31, 2002, all broker-dealers were required to report such activity. GAO is currently studying the depository institution regulators' BSA examination and enforcement process for the Senate Committee on Banking, Housing, and Urban Affairs. The objectives include determining how the regulators' risk-focused examinations assess BSA compliance, the extent to which the regulators identify BSA and AML violations and take supervisory actions, and the consistency of BSA compliance examination procedures and interpretation of violations across regulators. GAO plans to determine whether and to what extent regulators curtailed BSA compliance examinations and the bases for these decisions. GAO plans to track supervisory actions taken to correct violations identified. GAO will also examine the ramifications, if any, of the lack of delegation of authority to assess BSA compliance penalties by Treasury to the banking regulators, as mandated by statute. GAO will meet with government and industry officials to gain their perspective on the BSA compliance examination process.
GAO-04-833T, Anti-Money Laundering: Issues Concerning Depository Institution Regulatory Oversight
This is the accessible text file for GAO report number GAO-04-833T
entitled 'Anti-Money Laundering: Issues Concerning Depository
Institution Regulatory Oversight' which was released on June 03, 2004.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the U.S. Senate Committee on Banking, Housing, and Urban
Affairs:
United States General Accounting Office:
GAO:
For Release on Delivery Expected at 9:30 a.m. EDT:
Thursday, June 3, 2004:
Anti-Money Laundering:
Issues Concerning Depository Institution Regulatory Oversight:
Statement of Davi M. D'Agostino, Director:
Financial Markets and Community Investment:
GAO-04-833T:
GAO Highlights:
Highlights of GAO-04-833T, a report to the Chairman, Senate Committee
on Banking, Housing and Urban Affairs
Why GAO Did This Study:
The U.S. government‘s framework for preventing, detecting, and
prosecuting money laundering has been expanding through additional
pieces of legislation since its inception in 1970 with the Bank Secrecy
Act (BSA). The purpose of the BSA is to prevent financial institutions
from being used as intermediaries for the transfer or deposit of money
derived from criminal activity and to provide a paper trail for law
enforcement agencies in their investigations of possible money
laundering. The most recent changes arose in October 2001 with the
passage of the USA PATRIOT Act, which, among other things, extends
anti-money laundering (AML) requirements to other financial service
providers previously not covered under the BSA. GAO was asked to
testify on its previous work and the ongoing work it is doing for the
Senate Committee on Banking, Housing, and Urban Affairs on the
depository institution regulators‘ BSA examination and enforcement
process.
What GAO Found:
In recent years, GAO has issued a number of reports dealing with
regulatory oversight of anti-money laundering activities of financial
institutions. In 1998, GAO issued a report regarding Treasury‘s
Financial Crimes Enforcement Network‘s (FinCEN) role in administering
the BSA, which updated information on civil penalties for BSA
violations. One focus was the Secretary of the Treasury‘s 1994 mandate
to delegate the authority to assess civil money penalties for BSA
violations to federal banking regulatory agencies. GAO noted that this
delegation had not been made and said that FinCEN was concerned that
bank regulators may be less inclined to assess BSA penalties and may
prefer to use their non-BSA authorities under their own statutes.
Also in 1998, GAO reported on the activities of Raul Salinas, the
brother of the former President of Mexico. Mr. Salinas was allegedly
involved in laundering money from Mexico, through Citibank, to accounts
in Citibank affiliates in Switzerland and the United Kingdom. GAO
determined that Mr. Salinas was able to transfer $90 - $100 million
between 1992 and 1994 by using a private banking relationship
structured through Citibank New York in 1992 and effectively disguise
the funds‘ source and destination, thus breaking the funds‘ paper
trail.
In 2001, GAO issued a report on changes in BSA examination coverage for
certain securities broker-dealers. At the time, there was no
requirement that all broker-dealers file Suspicious Activity Reports
(SARs); however, broker-dealer subsidiaries of depository institutions
and their holding companies were required to file SARs and were
examined by banking regulators for compliance. GAO determined that with
the passage of the 1999 Gramm-Leach-Bliley Act, these broker-dealers
were no longer being examined to assess their compliance with SAR
requirements. However, with the passage of the USA PATRIOT Act and the
issuance of a final rule that was effective on July 31, 2002, all
broker-dealers were required to report such activity.
GAO is currently studying the depository institution regulators‘ BSA
examination and enforcement process for the Senate Committee on
Banking, Housing, and Urban Affairs. The objectives include determining
how the regulators‘ risk-focused examinations assess BSA compliance,
the extent to which the regulators identify BSA and AML violations and
take supervisory actions, and the consistency of BSA compliance
examination procedures and interpretation of violations across
regulators. GAO plans to determine whether and to what extent
regulators curtailed BSA compliance examinations and the bases for
these decisions. GAO plans to track supervisory actions taken to
correct violations identified. GAO will also examine the ramifications,
if any, of the lack of delegation of authority to assess BSA compliance
penalties by Treasury to the banking regulators, as mandated by
statute. GAO will meet with government and industry officials to gain
their perspective on the BSA compliance examination process.
www.gao.gov/cgi-bin/getrpt?GAO-04-833T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Davi M. D'Agostino at
(202) 512-8678 or dagostinod@gao.gov.
[End of section]
Mr. Chairman and Members of the Committee:
I appreciate this opportunity to be here today to discuss a number of
issues concerning federal depository institution regulators' oversight
of financial institutions for Bank Secrecy Act (BSA) compliance and our
ongoing work for this committee on this matter.[Footnote 1] The U.S.
government's framework for preventing, detecting, and prosecuting money
laundering has been expanding through additional pieces of legislation
since its inception in 1970 with the Bank Secrecy Act.[Footnote 2] The
purpose of the BSA is to prevent financial institutions from being used
as intermediaries for the transfer or deposit of money derived from
criminal activity and to provide a paper trail for law enforcement
agencies in their investigations of possible money laundering. Over the
years, the BSA has evolved into an important tool to help deter money
laundering, drug trafficking, terrorist financing, and other financial
crimes. The most recent changes arose in October 2001 with the passage
of the USA PATRIOT Act, which, among other things, contains expanded
provisions to prevent, detect, and prosecute terrorist financing and
international money laundering at depository institutions and extends
anti-money laundering (AML) requirements to other financial service
providers previously not covered under the BSA.[Footnote 3]
Congress amended the BSA in 1994 to require federal financial banking
regulators to develop enhanced examination procedures and training to
improve the identification of possible money-laundering schemes at
financial institutions under their supervision.[Footnote 4] Federal
banking regulators regularly assess compliance with BSA and related AML
requirements during safety and soundness or compliance examinations
using examination procedures that are consistent with their overall
risk-focused examination approach. Under the risk-focused approach,
those activities judged to pose the highest risk to an institution are
to receive the most scrutiny by examiners.[Footnote 5] In examining
depository institutions for BSA compliance, the regulators' examination
procedures are to serve as a tool for determining whether depository
institutions (1) have developed AML programs and procedures to
adequately detect, deter, and report unusual or suspicious activities
possibly related to money laundering; and (2) comply with the technical
recordkeeping and reporting requirements of the BSA.
The regulators also have a variety of enforcement tools to address
noncompliance. They can take increasingly formal supervisory actions
that range from moral suasion or informal discussions with the
institution's management to written agreements, civil money penalties,
and cease and desist orders.
The recent imposition of several large civil money penalties on
depository institutions has increased concern about industry compliance
with and government enforcement of the BSA. My statement today will
focus on the banking regulators' approach for ensuring compliance with
BSA and AML program requirements. Specifically, I will discuss (1)
recent enforcement actions taken against depository institutions for
BSA violations, (2) inspectors general reports assessing the
regulators' examination work and enforcement activities, and (3) issues
raised in some of our past work on money laundering and ongoing work on
BSA examinations and enforcement for the Committee.
To address these objectives, we reviewed consent orders and other
documents pertaining to selected enforcement actions, recent Department
of the Treasury (Treasury) and Federal Deposit Insurance Corporation
(FDIC) Office of Inspector General reports, past GAO reports, and
documents related to our ongoing BSA work for this Committee.
Summary:
In the last few years and as recently as last month, the financial
regulators and the courts have taken actions against a number of
depository institutions for significant BSA violations. Recent
enforcement actions show that various types of depository institutions-
-including banks, thrifts, and credit unions--have had BSA violations.
These enforcement actions also raise the issue of the timeliness of the
identification of BSA violations and enforcement actions taken by the
regulators. For example, in 2000, Banco Popular de Puerto Rico was
charged with violating the BSA's suspicious activity reporting
requirement, paid a civil money penalty of over $20 million, and
received a deferred prosecution. In this case, an individual who was
later convicted of money laundering offenses had deposited over $21
million at this bank, but the bank had not investigated nor reported
this activity to law enforcement until several years after the
suspicious activity had begun. The bank's regulator expanded its
examination scope for BSA compliance four years after the deposits
began. More recently, Riggs Bank was assessed a $25 million civil money
penalty for BSA violations including failure to maintain an effective
BSA compliance program and failure to monitor and report large
transactions involving foreign embassies. Although Riggs' regulator
deemed the bank to be systemically deficient in 2003 and the bank
entered into a consent order, the bank was not in full compliance with
the consent order in 2004 and was subsequently assessed the penalty.
Recent reports of the Treasury's and Federal Deposit Insurance
Corporation's Offices of the Inspector General (FDIC IG) assessing the
regulators' examination work and enforcement activities have raised
questions about potential gaps in the consistency and timeliness of the
regulators' activities to monitor and follow-up on BSA violations. For
example, in its March 2004 report the FDIC IG concluded that FDIC
needed to strengthen its follow up processes for BSA violations.
In recent years, we have done work addressing money laundering issues
regarding a variety of activities and financial institutions, such as
securities broker-dealers, private banking, and Russian entities. We
are currently studying the depository institution regulators' BSA
examination and enforcement process for this committee. Our primary
objectives are to determine how the regulators' risk-focused
examinations assess BSA compliance, the extent to which the regulators
identify BSA and AML violations and take supervisory actions, and the
consistency of BSA compliance examination procedures and interpretation
of violations across regulators. We plan to determine whether and to
what extent regulators curtailed BSA compliance examinations and the
bases for these decisions. We also plan to, among other things, track
supervisory actions taken to correct violations identified.
Background:
The Financial Recordkeeping and Currency and Foreign Transactions
Reporting Act, commonly referred to as the Bank Secrecy Act, passed by
Congress in 1970, requires that financial institutions file certain
currency and monetary instrument reports and maintain certain records
for possible use in criminal, tax, and regulatory proceedings. As a
result, the BSA helps to provide a paper trail of the activities of
money launderers for law enforcement officials in pursuit of criminal
activities.
Congress has amended the BSA a number of times to increase the
effectiveness of the regulators' efforts. For example, the initial BSA
reporting system did not include provisions for separate money
laundering charges against those who had not satisfied reporting
requirements. Thus, Congress enacted the Money Laundering Control Act
of 1986, which made money laundering a criminal offense separate from
any BSA reporting violations.[Footnote 6] This act created criminal
liability for individuals or entities that conduct monetary
transactions knowing that the proceeds involved were obtained from
unlawful activity and made it a criminal offense to knowingly structure
transactions to avoid BSA reporting. The 1986 act also directed the
regulators (1) to issue regulations that require the financial
institutions subject to their respective jurisdiction "to establish and
maintain procedures reasonably designed to assure and monitor the
compliance of such institutions;" (2) to review such procedures during
the course of each examination of such financial institutions; (3) to
issue cease and desist orders to ensure compliance with the
requirements; and (4) to assess civil money penalties for failure to
maintain such compliance procedures.[Footnote 7]
In 1992, Congress increased the penalties for institutions and their
employees who violate the BSA and authorized the regulators to take
additional supervisory actions for such violations. More specifically,
the Annunzio-Wylie Anti-Money Laundering Act authorized the federal
banking regulators to revoke an institution's charter if it was
convicted of money laundering and, in certain circumstances, to issue
removal and prohibition orders against individuals charged with BSA
offenses. As authorized by this act, in 1996, Treasury issued a rule
requiring that banks and other depository institutions use a Suspicious
Activity Report (SAR) form to report activities involving possible
money laundering. Institutions file these forms with the Financial
Crimes Enforcement Network (FinCEN) at Treasury.
Congress amended the BSA again in 1994, with The Money Laundering
Suppression Act, to require that financial regulators develop enhanced
examination procedures and training to improve identification of money-
laundering schemes at financial institutions under their supervision.
Accordingly, the federal banking regulators adopted a core set of
examination procedures to determine whether an institution has the
necessary system of internal controls, policies, procedures, and
auditing standards to assure compliance with the BSA and implementing
regulations. The procedures also require examiners to review an
institution's internal audit function, procedures, selected
workpapers, records, reports, and responses. Based on the results,
examiners may conclude the examination or continue with expanded
procedures, which might include transaction testing and review of
related documentation. This act also directed the Secretary of the
Treasury to delegate to appropriate federal banking regulatory agencies
the authority to assess civil penalties for BSA violations. In May
1994, the Secretary delegated this authority to FinCEN but, to date,
this delegation has not been made to the banking regulators.
In October 2001, Congress again amended the BSA through passage of the
USA PATRIOT Act, specifically through Title III of this act. The
passage of the USA PATRIOT Act was prompted, in part, by the September
11, 2001, terrorist attacks in Washington, D.C. and New York City,
which in turn enhanced awareness of the importance of combating
terrorist financing through the U.S. government's AML efforts. Title
III expanded the scope of the BSA to include organizations not
previously covered, such as securities brokers, insurance companies,
and credit card system operators. Among Title III's provisions are
requirements that financial institutions covered by the act:
* Establish and maintain AML programs;
* Identify and verify the identity of customers who open accounts;
* Exercise due diligence and, in some cases, enhanced due diligence
with respect to all private banking and correspondent accounts;
* Conduct enhanced scrutiny with respect to accounts maintained by or
on behalf of foreign political figures or their families; and:
* Share information relating to money laundering and terrorism with law
enforcement authorities, regulatory authorities, and financial
institutions.
Title III also added activities that can be prosecuted as money
laundering crimes and increased penalties for activities that were
money laundering crimes prior to enactment of the USA PATRIOT Act.
Examination procedures of the federal banking regulators are expected
to conform to PATRIOT Act amendments to the BSA and regulations issued
by the Treasury.
Recent Actions Taken against Depository Institutions for BSA Violations
Highlight Deficiencies in AML Programs at Some Institutions:
In the last few years and as recently as last month, the federal
banking regulators and the courts have taken actions against a number
of depository institutions for significant BSA violations. In addition
to deficiencies at the institutions themselves, issues raised in these
cases included the timeliness of the identification of BSA violations
and enforcement actions taken by the regulators. To illustrate, I will
discuss three different cases at three different types of depository
institutions.
Banco Popular de Puerto Rico:
In the first case, a bank was charged with BSA violations of suspicious
activity report requirements and received a deferred
prosecution.[Footnote 8] In 2000, the U.S. Department of Justice
(Justice) charged Banco Popular de Puerto Rico, a bank subsidiary of a
diversified financial services company serving Puerto Rico, the United
States, and Latin America, with failing to file SARs in a timely and
complete manner--in violation of the BSA.[Footnote 9] According to
Justice, from 1995 through 1998, an individual, who was later convicted
of money laundering offenses, deposited approximately $21.6 million in
cash into an account at Banco Popular. Justice indicated that a number
of branch employees were aware of the suspicious activity, but that the
bank failed to investigate the account for over 2 years from the date
the account was opened, and also did not report the suspicious activity
to FinCEN until 1998 as required by the BSA.
Although the Federal Reserve Bank of New York (FRBNY) conducted four
examinations of Banco Popular from 1995 through 1998, the examinations,
based on procedures used at the time, did not contain any criticism of
the bank's BSA compliance policies or procedures. In 1999, 4 years
after the individual first began laundering an undetermined amount of
money through Banco Popular, FRBNY expanded the scope of the bank's
regularly scheduled safety and soundness examination as a result of
information it received from a U.S. Customs Service drug investigation.
Based on AML compliance problems identified during the examination,
FRBNY developed a supervisory strategy that led to a written agreement
containing numerous remedial actions. Banco Popular also entered into a
deferred prosecution agreement with Justice, FinCEN, and the Federal
Reserve; and agreed to a civil money penalty of over $20 million.
Polish and Slavic Federal Credit Union:
In another instance, FinCEN assessed penalties against a credit union
for currency transaction reporting violations. In January 2000, FinCEN
assessed civil money penalties of $185,000 against the Polish and
Slavic Federal Credit Union, located in Brooklyn, New York, for willful
failure to file Currency Transaction Reports (CTR) and improperly
granting an exemption from CTR filings in violation of the BSA.
FinCEN determined that between 1989 and 1997, the Polish and Slavic
Federal Credit Union willfully failed to file numerous CTRs for
currency transactions in amounts greater than $10,000.[Footnote 10]
FinCEN also reported that the credit union, through the actions of its
former management and board of directors, improperly exempted one
customer from CTR filings. The customer, the former chairman of the
credit union's board of directors and owner of a travel agency and
money remitter business, did not qualify for the CTR filing exemption,
according to FinCEN. The remitter made over 1,000 currency deposits in
excess of $10,000 but no CTRs were filed. FinCEN further reported that
the credit union, through its former general manager and former board,
failed to establish and maintain (1) an adequate level of internal
controls for BSA compliance, (2) an effective BSA compliance program,
(3) BSA training for credit union employees, and (4) an effective
internal audit function.
NCUA, the regulator of the Polish and Slavic Federal Credit Union, took
a series of enforcement actions against the credit union beginning in
January 1997 to compel compliance with the BSA. However, FinCEN's
report also indicates that NCUA's enforcement actions began about 8
years after the violations began. In April 1999, NCUA removed the
credit union's board of directors and imposed a conservatorship based
on the credit union's failure to establish adequate internal controls,
including controls for BSA compliance.
Riggs Bank N.A.
Last month, OCC and FinCEN assessed a $25 million civil money penalty
against Riggs Bank, N.A. for numerous BSA violations, including failure
to maintain an effective BSA compliance program and to monitor and
report transactions involving millions of dollars by the embassies of
Saudi Arabia and Equatorial Guinea in Washington, D.C.
Since 1987, OCC has required each bank under its supervision to
establish and maintain an AML compliance program and specified four
elements that banks were required to satisfy.[Footnote 11] However,
FinCEN reported that Riggs was deficient in all four elements required
by the AML regulation. FinCEN found that Riggs willfully violated the
suspicious activity and currency transaction reporting requirements and
the AML program requirements of the BSA. Specifically, Riggs failed to
establish and maintain an effective BSA compliance program because it
did not provide (1) an adequate system of internal controls to ensure
ongoing BSA compliance, (2) an adequate system of independent testing
for BSA compliance, (3) effective training for monitoring and detecting
suspicious activity, and (4) effective monitoring of BSA compliance by
the BSA officer.
In July 2003, OCC entered into a consent order with Riggs, in which
Riggs was directed to, among other things, correct AML internal control
deficiencies and referred the Riggs case to FinCEN. According to a
Riggs' filing with the Securities and Exchange Commission, in April
2004, OCC classified Riggs as being in a "troubled condition" for
failing to fully comply with the July 2003 consent order. Due to
additional BSA violations by Riggs National Corporation (the bank's
holding company), in May, OCC and the Federal Reserve, respectively,
issued a supplemental consent order and a cease and desist order,
requiring extra corrective actions. OCC and FinCEN cited the
corporation for deficiencies in risk management and internal controls.
Although OCC deemed Riggs to be systemically deficient in 2003 and the
bank entered into a consent order with OCC, Riggs was not in full
compliance with the consent order in 2004 and was subsequently assessed
the penalty.
In addition to the three cases discussed above, published reports of
BSA violations at other banks have increased concerns about bank
noncompliance with the BSA and timely oversight and enforcement by the
federal banking regulators. For example, in 2003, the Department of
Homeland Security's Bureau of Immigration and Customs Enforcement (ICE)
reported that the Delta National Bank & Trust Company pled guilty in
U.S. District Court to charges that it failed to file a SAR in
connection with a transaction made in 2000 between two accounts at the
bank. As part of the plea agreement with the government, the bank
agreed to forfeit $950,000. In 2002, Broadway National Bank pled guilty
to three felony charges for failing to report suspicious banking
activity in the 1990s, according to ICE. The prosecutors determined
that more than $120 million was illegally moved through the bank. The
bank was fined $4 million.
Inspectors General Reports Highlight Areas of Improvement Needed in the
BSA Examination Process:
Recent Treasury and FDIC IG reports assessing the regulators'
examination work and enforcement activities have raised questions about
potential gaps in the consistency and timeliness of the regulators'
monitoring and follow-up on BSA violations.
Treasury's Office of IG:
The Treasury's IG issued a report in 2003 on BSA violations at
depository institutions and has a number of related audits in its
fiscal year 2004 work plan. In September 2003, the Treasury IG issued a
report on its review of OTS enforcement actions taken against thrifts
with substantive BSA violations. Among its findings, the report stated
that examiners found substantive BSA violations at 180 of the 986
thrifts examined from January 2000 through October 2002. OTS had issued
written enforcement actions against 11 of the 180 thrifts; however, in
5 of these actions, the IG reported that enforcement actions did not
address all substantive violations found, were not timely, or were
ineffective in correcting the thrifts' BSA violations. The IG further
reported that among 68 sampled cases, OTS relied on moral suasion and
thrift management assurances to comply with the BSA. In 47 cases (69
percent), thrift management took the corrective actions, but in the
other 21 cases (31 percent), thrift management was nonresponsive. BSA
compliance worsened at some of the 21 thrifts, according to the IG.
The IG made several recommendations including that OTS assess the need
for additional clarification or guidance for examiners on when to
initiate stronger supervisory action for substantive BSA violations and
time frames for expecting corrective actions from thrifts. OTS
concurred and stated that supplemental examiner guidance would be
provided for the first quarter of 2004.
The IG's fiscal year 2004 annual plan lists several related audit
projects including an assessment of OTS' BSA examinations, including
the new requirements under the USA PATRIOT Act.
FDIC IG:
I am pleased to be on a panel with the FDIC Inspector General and would
like to highlight some of his office's work to illustrate issues
recently raised regarding BSA examinations and enforcement. For
example, in March 2001, the IG reported on its review of the FDIC
Division of Supervision and Consumer Protection assessment of financial
institutions' compliance with the BSA. Among the IG's findings were
that FDIC did not adequately document its BSA examinations work; as a
result, the IG was unable to determine the extent to which examiners
reviewed regulated institutions' compliance with the BSA during safety
and soundness examinations.
The IG made several recommendations, including that FDIC reemphasize to
examiners and ensure that they follow (1) specific guidance related to
the documentation requirements of scoping decisions, procedures, and
conclusions reached during the pre-examination process when risk-
focusing BSA examinations; and (2) policy and instructions on how to
adequately document BSA examination decision factors and procedures.
With regard to both recommendations, FDIC stated it would reemphasize
its existing policies and guidance, specifically those policies
requiring examiner responses to all of the BSA core decision factors at
each examination. FDIC also stated that it had made revisions to its
BSA examination module.
In September 2003, the IG reported on its audit of FDIC's
implementation of examination procedures to address financial
institutions' compliance with provisions of Title III of the USA
PATRIOT Act. The IG concluded that FDIC's existing BSA examination
procedures covered the AML subject areas required by the act to some
degree and that its Division of Supervision and Consumer Protection had
advised FDIC-regulated institutions of the new requirements. However,
the IG reported that, for a number of reasons, the division had not
issued guidance to its examiners on the act's provisions that required
new or revised examination procedures. One of the report's
recommendations was that the division issue interim examination
procedures for those sections of the USA PATRIOT Act for which Treasury
had issued final rules. The division agreed with the recommendation.
In March 2004, the IG issued a report on its work to determine whether
the FDIC adequately followed up on BSA violations reported in
examinations of FDIC-supervised financial institutions to ensure that
they take appropriate corrective action. Among the IG's findings was
that, in some cases, BSA violations were repeatedly identified in
multiple examination reports before bank management took corrective
action or FDIC took regulatory action to address the repeat violations.
The IG concluded that FDIC needs to strengthen its follow-up processes
for BSA violations and recommended that FDIC's Division of Supervision
and Consumer Protection (1) reevaluate and update examination guidance
to strengthen monitoring and follow-up processes for BSA violations and
(2) review its implementation process for referring violations to
Treasury. The IG noted that FDIC has initiatives underway to reassess
and update its policies and procedures. Although it did not concur with
all of the IG's findings, in its response, FDIC concurred with the
recommendations.
GAO's BSA and AML Examinations and Enforcement Work:
In recent years, we have done work addressing money laundering issues
within the context of different activities and financial institutions
such as securities broker-dealers, Russian entities, and private
banking. We have also reviewed FinCEN's regulatory role.
Past Reports:
In 1998, we issued two reports regarding FinCEN's role in administering
the BSA.[Footnote 12] In both of these reports, we discussed the
Secretary of the Treasury's mandate to delegate the authority to assess
civil penalties for BSA violations to federal banking regulatory
agencies and noted that this delegation had not been made. One purpose
of this work was to update information on civil penalties for BSA
violations. We reported that one of the issues under discussion at the
time was whether violations would be enforced under BSA provisions or
under the banking regulators' general examination powers granted by
Title 12 of the U.S. Code. At that time, FinCEN officials told us that
they were concerned that the banking regulators might be less inclined
to assess BSA penalties and instead use their non-BSA authorities under
their own statutes.
Also in 1998, we reported on the activities of Raul Salinas, the
brother of the former President of Mexico.[Footnote 13] Mr. Salinas was
allegedly involved in laundering money from Mexico, through Citibank,
to accounts in Citibank affiliates in Switzerland and the United
Kingdom. We determined that Mr. Salinas was able to transfer $90 - $100
million between 1992 and 1994 by using a private banking relationship
structured through Citibank New York in 1992 and effectively disguise
the funds' source and destination, thus breaking the funds' paper
trail. The funds were transferred through Citibank Mexico and Citibank
New York to private banking investment accounts at Citibank London and
Citibank Switzerland.
In October 2000, we reported on our work on suspicious banking activity
indicating possible money laundering conducted by certain corporations
that had been formed in the state of Delaware for unknown foreign
individuals or entities.[Footnote 14] We first identified an agent that
together with a related company created corporations for Russian
brokers and established bank accounts for those corporations. We also
reviewed SARs filed by three banks concerning transactions by
corporations formed by this agent for Russian brokers. We then
determined that from 1991 through early 2000, more than $1.4 billion in
wire transfer transactions was deposited into over 230 accounts opened
at two U.S. banks--Citibank and Commercial Bank. More than half of
these funds were wired from foreign countries into accounts at Citibank
and over 70 percent of the Citibank deposits for these accounts were
wire-transferred to accounts in foreign countries. Further, both of
these banks had violated BSA requirements regarding customer
identification. We concluded that these transfers raised concerns that
the U.S. banking system may have been used to launder money.
In 2001, we issued a report on changes in BSA examination coverage for
certain securities broker-dealers.[Footnote 15] At the time, there was
no requirement that all broker-dealers file SARs; however, broker-
dealer subsidiaries of depository institutions and their holding
companies were required to file SARs and were examined by banking
regulators for compliance. We determined that with the passage of the
1999 Gramm-Leach-Bliley Act, these broker-dealers were no longer being
examined to assess their compliance with SAR requirements, although
they were being examined for compliance with reporting currency
transactions and other requirements Treasury had specifically placed on
broker-dealers. However, with the passage of the USA PATRIOT Act and
the issuance of a final rule that became effective on July 31, 2002,
all broker-dealers were required to report such activity.
Ongoing Work:
In December 2003, the Chairman and Ranking Member of this Committee
requested that we conduct a review of the regulators' BSA examination
procedures and enforcement actions. In requesting this work, you cited
the Treasury and FDIC IG work that I discussed above. Among the major
questions you raised were:
* How do the regulators design, target, and conduct BSA compliance
examinations, including for the added provisions of the USA PATRIOT
Act?
* How many BSA violations have federal banking regulators identified
and taken action on over a several year time period?
* What consequences do the regulators' risk-focused examinations have
for identification and enforcement of BSA violations?
* What differences, if any, are there between enforcement of the BSA
through the regulators' general safety and soundness authorities and
enforcement of the BSA under the terms of the BSA itself?
* Are BSA violations consistently interpreted among the regulators,
Treasury, and depository institutions?
* How do BSA violations come to the attention of the regulators and
what other agencies are involved in resolving the violations?
* What is the relationship between Treasury and the banking regulators
in shaping examination policy and subsequent enforcement actions?
* Do the regulators have adequate resources for conducting BSA
compliance examinations, including the BSA provisions of the USA
PATRIOT Act?
We have begun doing this work for the Committee. In general, the major
objectives of our review are to determine:
1. How do the regulators' risk-focused examinations of depository
institutions assess BSA and AML program compliance?
2. To what extent do the banking regulators identify BSA and AML
program violations and take supervisory actions for such violations?
3. How consistent are BSA examination procedures and interpretation of
BSA violations across the banking regulators?
4. What resources do the federal banking regulators have for conducting
examinations of BSA and PATRIOT Act compliance?
As part of our review, and considering the IGs' findings, we are
examining the relevant BSA amendments and banking statutes,
regulations, and policies that address the authorities under which the
regulators and Treasury take supervisory action for BSA violations and
violations of their AML program rules. We are reviewing current
examination guidance and procedures that the regulators use for
determining compliance with the BSA, and related requirements used
during their regular and targeted examinations. We will also try to
ascertain the implications of "risk-focused" examinations for BSA
compliance and to determine whether and to what extent the regulators
curtail such compliance reviews in their examinations.
We are reviewing the reliability of the data systems used by banking
regulators to track bank examinations, including BSA compliance
examinations. We plan to obtain information on the bank examinations
performed by each banking regulator over the past 4 years and then
select a random sample to determine whether and the extent to which a
BSA review was conducted or curtailed and the bases for these
decisions. We also are obtaining information from the banking
regulators on the number of BSA examinations done over the past 4 years
and the number and nature of violations they identified. We plan to
select and analyze samples of their BSA examinations and supporting
workpapers to secure, in part, information on violations identified and
the areas of operation covered during the examinations. Additionally,
we plan to track supervisory actions taken by the regulators to correct
the violations they identified. Our analyses in this area will include
assessing the regulators' examination procedures for BSA and AML
compliance and the nature of violations and corresponding supervisory
actions. We will also review the examinations in our sample to
determine the extent to which the examinations reviewed policies and
procedures and then tested transactions to see if the policies and
procedures were implemented appropriately. We will also determine the
extent to which banking regulators vary in the way they conduct their
BSA examinations, cite banks for violations, and take enforcement
actions.
Key legal issues we will be examining are the ramifications, if any, of
the lack of delegation of authority to assess BSA penalties by Treasury
to the federal banking regulators, as mandated by statute in 1994. We
will examine enforcement of the BSA through the regulators' general
safety and soundness authority and enforcement under the terms of the
BSA itself to see whether there are differences, including
circumstances under which the regulators make referrals to Treasury and
law enforcement agencies.
In addition, we will meet with government officials at the federal and
state levels and from the banking and credit union industries to gain
their perspectives on the risk-focused BSA examination process and
post-examination follow-up activities. We have finished our initial
meetings with the federal banking regulators; and officials at the
Departments of Homeland Security, Justice, and Treasury, including
FinCEN. We will have follow-on meetings with them as well as with state
banking supervisors, and representatives from depository institutions
of various sizes to gain their views on the consistency of examiner
interpretation of potential BSA-related deficiencies and the
regulators' BSA examination procedures, and their own internal control
activities.
Mr. Chairman, this concludes my prepared statement. I would be happy to
respond to any questions that you or Members of the Committee may have.
GAO Contacts and Staff Acknowledgements:
For questions concerning this testimony, please call Davi M. D'Agostino
at (202) 512-8678. Other key contributors to this statement were M'Baye
Diagne, Toni Gillich, Barbara Keller, Kay Kuhlman, and Elizabeth
Olivarez.
FOOTNOTES
[1] The term "federal banking regulators" in this testimony refers
collectively to federal regulators of depository institutions,
including banks, thrifts, and federally chartered credit unions. The
federal banking regulators are the Federal Deposit Insurance
Corporation (FDIC), Board of Governors of the Federal Reserve System
(Federal Reserve), National Credit Union Administration (NCUA), Office
of the Comptroller of the Currency (OCC), and Office of Thrift
Supervision (OTS).
[2] Currency and Foreign Transactions Reporting Act, Pub. L. No. 91-
508, 84 Stat. 1305(1970).
[3] Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism Act. Pub. L. 107-56, 115
Stat. 272(2001).
[4] The Money Laundering Suppression Act of 1994, Pub. L. 103-325, 108
Stat. 2243(1994).
[5] U.S. General Accounting Office, Risk-Focused Bank Examinations:
Regulators of Large Banking Organizations Face Challenges, GAO/
GGD-00-48 (Washington, D.C.: January 24, 2000).
[6] 18 U.S.C. §§ 1956, 1957.
[7] Amendments to banking statutes authorized the regulators to review
institutions' BSA compliance procedures during examinations and take
supervisory actions for noncompliance. Section 8(s) of the Federal
Deposit Insurance Act (12 U.S. C. § 1818 (s)), Subsection 5(d) of the
Homeowners Loan Act of 1933 (12 U.S.C. § 1464 (d)(6), and Section 206
of the Federal Credit Union Act (12 U.S.C. 1786(q)).
[8] A deferred prosecution is a legal procedure whereby the prosecution
for an offense is deferred pending completion of corrective action.
[9] Title 31 USC 5318(g)(1) and 5322(b).
[10] 31CFR. §103.22 requires depository institutions to file CTRs for
currency transactions of $10,000 or more.
[11] The AML regulation, 31CFR §103.120, requires at a minimum that a
BSA compliance program provide for a system of internal controls to
ensure compliance, independent testing for compliance, training for
appropriate personnel, and a designated individual responsible for day-
to-day monitoring of BSA compliance.
[12] U.S. General Accounting Office, Money Laundering: FinCEN Needs to
Better Communicate Regulatory Priorities and Time Lines, GAO/GGD-98-18
(Washington, D.C.: Feb. 6, 1998); and Money Laundering: FinCEN Needs to
Better Manage Bank Secrecy Act Civil Penalty Cases, GAO/GGD-98-108
(Washington, D.C.: June 15, 1998).
[13] U.S. General Accounting Office, Private Banking: Raul Salinas,
Citibank, and Alleged Money Laundering, GAO/OSI-99-1 (Washington, D.C.:
Oct. 30, 1998).
[14] U.S. General Accounting Office, Suspicious Banking Activities:
Possible Money Laundering by U.S. Corporations Formed for Russian
Entities, GAO-01-120 (Washington, D.C.: Oct. 31, 2000).
[15] U.S. General Accounting Office, Money Laundering: Oversight of
Suspicious Activity Reporting at Bank-Affiliated Broker-Dealers Ceased,
GAO-01-474 (Washington, D.C.: Mar. 22, 2001).