Deputizing financial institutions: How to make AML surveillance

Deputizing financial institutions: How to make AML surveillance
programs more useful to law enforcement (Part I)
May 06 2014
Robert M Axelrod
This two-part series proposes that banks and other financial institutions operating in
the United States be allowed and helped to alter their current approach to recognizing
and reporting suspicious activity in the course of their anti-money laundering (AML)
programs, so as to support law enforcement more directly in the fight against crime.
The first installment examines the current AML practice and discusses how financial
institutions could take a more proactive role. The second installment will outline a
process for initiating such changes, as well as a model for improved interactions
between financial institutions, regulators, and law enforcement, focused on ferreting out specific criminal activity.
The goal of such reforms would be to improve the alignment between AML efforts and the core crime- and terrorismfighting objectives that motivated the underlying statutes and regulations in the first place.
Most financial institutions are obligated to file Suspicious Activity Reports (SARs) within 30 days of receiving information
(about a known individual or entity) that establishes suspicious activity that may relate to a violation of the law or whose
explanation is not reasonably apparent (and hence "suspicious") in light of the known circumstances regarding the
subject and the surrounding financial transactions. (See 31 CFR Section 1020.320 for specific SAR requirements.) The
failure to file SARs in a timely manner is a criminal violation and is the source of a substantial part of civil and criminal
AML enforcement actions. Firms have, accordingly, developed exceptionally large and complex surveillance models and
elaborate applications, and they have amassed sophisticated and numerous staff to sift through transactional and
related data to determine whether a SAR must be filed.
The surveillance obligation, however, is framed in terms of mere suspicion. While reducing crime and facilitating the
investigation of criminal activity are no doubt a large part of the policy basis, there is no legal requirement to find
significant criminal activity or even to actually facilitate any investigation. In other words, missing criminal activity that is
staring you in the face represents a failure to file a SAR, but there is no specific penalty for failing to take a proactive
role to recognize significant criminal activity and to go beyond merely identifying activity that is broadly defined as
If we seek, however, to emphasize and encourage the identification of significant criminal activity, including terrorist
activity, and/or the facilitation of actual investigations, then three strategic initiatives may be envisioned:
1. A feedback mechanism that would allow financial institutions to track the performance of their AML programs
based on their utility to law enforcement;
2. A regulatory credit framework with incentives for institutions to increase the volume of serious crimes
detected; and
3. Leveraging the entrepreneurial nature inherent to FIs.
Feedback to financial institutions
There is currently no formal regulatory category for labeling "good" or "serious" SARs, as opposed to merely adequate
ones. Additionally, there exists no recognition or disincentive regarding SARs, whose filing may be required under the
current definition of suspicion, that are actually not productive for law enforcement. Thus, assuming that institutions had
a strong incentive to ferret out crime, or things that law enforcement could use to reduce crime, then they would wish to
evaluate the SARs they filed in terms of how useful they were. This would include getting a sense of how many of their
SARs were useful and how many were relatively useless.
That awareness, however, would require the delivery of systematic feedback from law enforcement about the hit-rate of
their SARs, defined in terms of how frequently the reports actually helped. This is not currently provided.
Consider this hypothetical situation: Bank A and Bank B each file 1,000 SARs per year regarding their comparable
correspondent banking businesses. If law enforcement were to keep data over time as to which SARs it considered
useful (we can use whatever barometer is selected and whatever timeframe) and then shared that information with the
banks at a generic level, it could drive change and improve effectiveness. For example, if the data showed that only 100
of Bank A's SARs were useful, the bank could initiate reforms, such as retraining its investigative personnel. It could
then use the subsequent feedback to evaluate the success of that initiative.
Moreover, law enforcement or regulators could compare Bank A to Bank B and discover that Bank B filed a substantially
greater number of useful SARs, because of certain differences in the structure of Bank B’s monitoring rules and the fact
that their investigators were more experienced. Regulators could then channel that knowledge into specific guidance for
Bank A. Under the current status quo, however, Bank A would not have the systematic SAR feedback information
necessary to improve the usefulness of its AML program. (It is, of course, recognized that feedback to financial
institutions needs to be at a high enough level to avoid jeopardizing the confidentiality of SARs, but program-wide results
gathered over several years should not be problematic in that regard.)
Feedback would allow Bank A and Bank B to identify what elements, over time, had been effective in their surveillance
programs. Additionally, if the feedback were specific enough, it would also provide better insight as to the true risk
profiles of their specific business models. For example, if a preponderance of the really useful SARs related to Ponzi
schemes or identity theft, then specific business line training and specific product offering changes may be determined
in response. With further guidance from regulators on AML program elements that worked best, Bank A may also be in
a better position to defend its SAR-filing level as appropriate, even if it is low compared to Bank B.
The regulatory impact of failing to file SARs, including the failure to file them in a timely manner, can be calamitous for
firms. By contrast, a firm's provision of materially beneficial help to law enforcement does not result in a better regulatory
standing for that firm in the context of potential future regulatory action. The requirement to enforce against SAR
violations currently trumps any gauzy goodwill that a firm might have accrued with a particular law enforcement agency
because of the usefulness of its prior SARs.
Unless regulations allow some flexibility to credit firms for being useful, one should not expect the most coherent effort
toward providing useful SARs in this regard from those institutions.
Policymakers can create appropriate incentives through a number of initiatives. For example, they could establish
explicit mitigating elements in civil or criminal enforcement guidelines. Alternatively, they could create a law enforcement
clearing house regarding the firms that have been more useful, including a framework for keeping regulators informed.
They could even devise a system akin to carbon/pollution credits for those firms that are particularly effective at helping
law enforcement.
It would be important for the enforcement mitigation features of these incentives to move from the general high
effectiveness of the AML surveillance program to a specific set of shortcomings, rather than being limited to the specific
failure at issue. The point here is to generate some credit for an FI that has been successful at assisting law
enforcement. In effect, the FI would, in a limited way, be able to score some points with a good program and use them
against lapses that may inevitably occur.
Another aspect of these incentives, combined with the feedback described above, would be the ability to evaluate and
then, as appropriate, allow institutions to cut back on the filing of defensive SARs (i.e. those SARs that lack subjective
suspicion but are filed as insurance against future regulatory criticism for not filing). Establishing usefulness as a criteria
would also encourage firms to allocate their investigative resources accordingly.
Leveraging entrepreneurship
Because firms are required to help law enforcement with suspicious activity surveillance and reporting programs, they
are sometimes said to have been "deputized" by the regulations. The regulations, in turn, delineate what the firms must
do to carry out this role. However, we should not lose sight of the fact that a bank is a bank, a mutual fund is a mutual
fund, a broker is a broker, and even a casino is a casino, above all, rather than a surrogate law enforcement agency.
These entities are businesses, driven by businessmen, who are generally revenue-motivated.
If the reward feature of filing useful SARs is properly exploited, then the entrepreneurial nature of these entities will kick
in. Let firms compete within their peer groups to have a better score. Let them ennoble the investigator that does more
to identify sophisticated schemes and files SARs that are better than merely sufficient—even though going the extra
mile takes more time and resources—as opposed to the investigator that methodically churns out "file-able" SARs, but
who never finds the golden needle in the haystack. Businesses are competitive, but SAR-filing is not, at present. If
effective SARs (i.e., the ones that are useful to law enforcement) are rewarded in a meaningful way, then the business
nature of financial institutions will focus on generating effective SARs, just as it does on generating large revenues.
If these three strategies can be employed, firms are more likely to produce better information for law enforcement. They
would better understand when they are successful in this regard, and to correlate what they are doing to be successful.
Additionally, law enforcement and regulators would work together to reward successful FIs, though there would have to
be some regulatory and communication changes to make the rewards operational. Finally, with incentives and
knowledge better aligned, firms would unleash their entrepreneurial strength to create value in the way that successful
businesses have always done to improve productivity.
In Part II of this article, we will discuss how specific interactions between law enforcement, regulators, and firms can
initiate change in this regard.
Robert Axelrod is a director of the Deloitte Forensic practice of Deloitte Financial Advisory Services LLP ("Deloitte FAS").
Axelrod specializes in projects addressing financial transactions in regulatory and compliance contexts, including antimoney laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry,
specifically addressing b anks, insurance companies and b roker dealers.
Deputizing financial institutions: How to make AML surveillance more
useful to law enforcement (Part II)
May 07 2014
Robert M Axelrod
Part I of this series identified three strategies for enhancing the usefulness of suspicious activity reports (SARs) filed by
financial institutions: creating incentives, providing feedback, and harnessing entrepreneurship. This article will outline a
process for introducing such changes, while describing improved model interactions between firms, regulators, and law
enforcement. The ultimate goal of these proposals is to improve the ability of firms to help law enforcement agencies
detect, prevent, and punish criminal activity.
The U.S. Treasury Department's authority to promulgate SAR regulations incorporates the standard that the results have
a "high degree of usefulness" for criminal prosecutions (31 U.S.C. 5318(g)). If there is a desire for law enforcement to
work with financial institutions to "tune" their collaborative activities, after years of abundant SAR filings, then it would
certainly be consistent with, if not dictated by, this authority. SAR regulations could be changed to accommodate a new
direction, once that direction gains a consensus based upon an analysis of past experience.
The current regulations have set a standard of reporting anything suspicious, without creating a process to prefer reports
more likely be useful. While this approach addresses the fact that financial institutions cannot investigate as
comprehensively as law enforcement—and the fact that sometimes just the seemingly inexplicable nature of an event
can lead law enforcement to discover something important—there is enough experience now with the current SAR-filing
process to reconsider priorities.
How has it worked? Even if a relatively low level of suspicion is theoretically attractive, can we now ask what SARs and
what approaches by financial institutions have generated the most value for law enforcement, then incentivize law
enforcement, firms, and regulators accordingly? If we can better guide firms to file more useful SARs, as opposed to
more compliant ones, then we should consider the data now at our disposal to create such a direction.
Identifying what works
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has the initial necessary data – the filed
SARs – to begin identifying what has worked. It would need to collect from law enforcement some index of the useful
SARs. That task can perhaps be best accomplished prospectively. Once law enforcement has complete data and
analysis, there are existing venues with applicable stakeholders -- such as the Bank Secrecy Act Advisory Group
(BSAAG), FinCEN’s reporting processes, or FinCEN’s interaction with other regulators -- where law enforcement could
identify the nature of successful surveillance processes.
It may be useful in this regard to include in SAR forms, or in post-SAR queries, greater detail on how a financial
institution came across the information (e.g., with what monitoring rule) as contrasted with (but not in lieu of) the current
emphasis on what has been found to be suspicious.
By identifying the factors surrounding which SARs are truly productive and how the activity in question is identified, law
enforcement could establish better, and cost-saving, guidelines for when defensive SARs need not be filed. Of course,
analysis may ultimately show that some kinds of activity are more deserving of conservative breadth than others.
Jump-starting the focus, with terrorism financing
A principal, current regulatory motivation for SARs is the fight against terrorism financing. The number of terrorismrelated SARs is relatively small, compared to the overall population of SARs, and thus provides a good place to start.
SAR forms have long required that the filer designate whether the activity deemed suspicious relates to terrorism. Law
enforcement, which has kept records of its terrorism financing investigations and prosecutions, can therefore match
(confidentially) those operations to all the terrorism-labeled SARs filed by major banks. It can then judge which banks
have been more effective than others in this regard.
The criteria for such a comparison can include the number of hits, the frequency of those hits per number of SARs filed,
their frequency relative to a bank’s transactions, or other parameters. Law enforcement and regulators can then put
together a responsive factor analysis to understand what kinds of program elements drive the filing of useful SARs in the
terrorism-financing landscape.
For example, analysis may show that the information which best supported terrorism investigations was, in fact, not
recognized by firms as being related to terrorism, but rather some other problematic activity. One can then look to
compare the best and the worst (in terms of effectiveness) and draw some inferences about what monitoring rules or
other surveillance approaches are used, what populations of transactions are consulted in investigations, how
investigators are trained, the level of interaction with law enforcement, and other characteristics.
None of this analysis will require the disclosure of a particular terrorism investigation. Because terrorism-related SARs
have generally been given such high priority by law enforcement, backward-looking data may be relatively accessible.
Cooperation on particular TF investigations between firms and law enforcement is relatively common and well known.
What has not occurred, however, is guidance or conclusions regarding surveillance and program characteristics arising
as a result. Achieving that outcome would be one likely fruit of a formal, data-centric approach.
Alternatively, law enforcement could consider working with criminal activity data that is already public. By virtue of
mitigating problematic confidentiality implications, the use of public information could be particularly suitable for
promoting more of a two-way interaction. For example, if law enforcement targeted drug cartel activity, it could not only
look at the terrorism-financing processes set forth above, it could also take information from successful prosecutions
and use it to isolate financial institution data on cartel-related parties that is contemporaneous with the prosecuted
criminal activities.
By analyzing the transactions executed by those parties, authorities could identify certain characteristics, or "tells," that
distinguish drug-relative activities from other transactions.
This would be a cooperative process between law enforcement and financial institutions to identify new typologies by
mining existing data, which would improve the ability of firms to detect future criminal activity. More specifically, this
process could be used to educate firms about the "tells" of particularly resourceful malefactors, such as third-party
money-launderers, who presumably exploit the fragmentary nature of the surveillance endemic to the financial institution
There already exists a current counterpart for this proposed arrangement, under Section 314(a) of the USA Patriot Act
(PDF), under which the government distributes lists of persons or entities and asks firms for reports on the presence of
recent transactions, irrespective of whether the transactions appear suspicious.
If queries were made with respect to earlier transactions arising out of known (and presumably no longer confidential)
criminal activity, and there were more knowledge shared with the firms, then the institutions would learn more rapidly
how better to recognize suspicious activity.
If the regulatory framework gave financial institutions incentives to sharpen their focus on finding criminal activity, and if
law enforcement provided feedback regarding the success of that effort, then the financial services industry could
become a more useful ally in the fight against crime.
Wouldn’t it be an advantage to see what works best in the endgame of criminal investigation? Financial institutions,
regulators, and law enforcement could then better evaluate AML surveillance programs, and financial institutions could
make a more intelligent (and transparent) allocation of resources about terrorism financing and other criminal activity.
Financial institutions might then be put in a position to proactively accomplish their mission in a relatively transparent
way and harness regulatory scrutiny around aiding law enforcement, giving the regulatory and law enforcement
communities a more direct way of identifying successful AML programs.
Such arrangements might also provide a mechanism for law enforcement and regulators to reinforce the success of
financial institutions. That might provide a constructive way to normalize the incentives for financial institutions.
Finally, putting the firms in a position to more directly accomplish core AML goals and be recognized for success is
likely to enhance the breadth and depth of personal efforts at the firms for effective recognition and reporting of potential
criminal activity.
Robert Axelrod is a director of the Deloitte Forensic practice of Deloitte Financial Advisory Services LLP ("Deloitte FAS").
Axelrod specializes in projects addressing financial transactions in regulatory and compliance contexts, including antimoney laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry,
specifically addressing b anks, insurance companies and b roker dealers.