Print
E-MailV. Gerard Comizio and Michael T. Gershberg are partners and Nathan S. Brownback is an associate at Fried, Frank, Harris, Shriver & Jacobson LLP. This post is based on their Fried Frank memorandum.
On December 3, 2018, the federal banking regulators [1] and the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued a joint statement (the “Statement”) [2] encouraging banks to adopt innovative technological approaches to comply with the requirements imposed on them pursuant to the Bank Secrecy Act (“BSA”) and other anti-money laundering (“AML”) laws and related regulations. [3] The Statement does not impose any new obligations, but instead provides some degree of regulatory comfort for banks that seek to reduce costs and/or improve their compliance systems by trying new approaches to meet their BSA/AML compliance obligations, provided they continue to comply with BSA/AML requirements in accordance with their safety and soundness obligations.
The Statement is consistent with the general deregulatory trend in Congress and among many federal agencies in recent years, as explained in a 2017 Treasury report on regulatory recommendations for banks and credit unions, along with several follow-up reports that discussed reducing regulatory burden on financial services companies of many types. [4] Congress has also taken up the deregulatory baton, passing, in May 2018, the Economic Growth, Regulatory Reform and Consumer Protection Act, the first significant deregulatory piece of legislation amending the Dodd-Frank Act. [5] As another example, the Department of Justice (“DOJ”) announced in May 2018 that it would require its various components to coordinate internally and with other agencies when imposing multiple penalties on a single company arising from the same misconduct in order to avoid excessive “piling on” of penalties. [6] In November 2018, the DOJ announced that it would loosen criteria for companies facing investigations—criminal or civil—to receive credit for cooperating with the DOJ, such that companies would generally have to identify those “substantially” involved in the conduct under investigation. [7]
Key Takeaways from the Statement
In the Statement, the Agencies expressed the view that bank innovation, both in the sense of developing new technologies and in finding new applications of existing technologies, has an important role to play in improving BSA/AML compliance, and that the Agencies prioritize their role in fostering private sector innovation in this area. [8]
The Agencies welcome the fact that some banks have developed financial intelligence units dedicated to BSA/AML compliance; in some cases, employing artificial intelligence and digital identity technologies to achieve compliance goals, such as risk identification, transaction monitoring, and suspicious activity reporting. Often, a necessary step for a bank to develop and deploy new technologies and techniques is to test them in a pilot program. In the Statement, the Agencies provide regulatory comfort—though not formal safe harbors—for such bank pilot programs in at least three ways:
- “[P]ilot programs in and of themselves should not subject banks to supervisory criticism even if the pilot programs ultimately prove unsuccessful”;
- “[P]ilot programs that expose gaps in a BSA/AML compliance program will not necessarily result in supervisory action with respect to that program”; and
- “[I]mplementation of innovative approaches in banks’ BSA/AML compliance programs will not result in additional regulatory expectations.”
The Agencies emphasize that banks remain subject to BSA/AML compliance requirements in accordance with their general safety and soundness obligations while developing, implementing, and conducting a pilot program. They also say that each bank should “prudently evaluate” when to consider a pilot program successful enough for the bank to adopt the technologies tested in the pilot program as part of its “baseline” BSA/AML program. The Statement encourages banks to discuss any pilot programs with their appropriate regulator early on in the program’s development. [9]
Action Plan
As always, banks should be evaluating and updating their BSA/AML compliance measures on an ongoing basis. We, and the Agencies, are aware that many banks are developing new approaches to compliance through regulatory technology, or “RegTech.” For example, analytics, prediction models, and advanced computing technology may allow banks to improve compliance outcomes while simultaneously reducing time spent producing required BSA/AML reports, as well as lowering other BSA/AML-related compliance costs.
In light of the Statement, banks already considering changes or enhancements to their BSA/AML compliance programs should consider setting up formal pilot programs to test the new programs or technologies. Also, banks should consider contacting regulators to discuss any such changes and enhancements, and should also consider contacting legal counsel for assistance in evaluating current BSA/AML compliance and/or planning discussions with their federal banking regulators regarding implementing new pilot programs.
Endnotes
1The Board of Governors of the Federal Reserve (the “Board”), the Federal Deposit Insurance Corporation (the “FDIC”), the National Credit Union Administration (the “NCUA”), and the Office of the Comptroller of the Currency (the “OCC”), and, collectively with FinCEN, as defined below, the “Agencies”). (go back)
2Agencies, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (Dec. 3, 2018).(go back)
3Among other things, banks must create a system of internal controls to assure ongoing BSA/AML compliance, conduct ongoing monitoring of customers and transactions, and file certain reports, including suspicious activity reports, when relevant conditions are triggered.(go back)
4U.S. Dep’t of the Treasury, A Financial System That Creates Economic Opportunities: Banks and Credit Unions (June 2017); see V. Gerard Comizio and Nathan S. Brownback, Treasury Issues Report on Banks Proposing Significant Dodd-Frank Act Changes in Response to Trump Executive Order on Core Principles of Financial Regulation (June 28, 2017). Follow-up reports issued by Treasury between October 2017 and July 2018 covered capital markets, asset management, insurance, nonbank financial companies, innovation, and fintech.(go back)
5Pub. L. No. 115-174, 132 Stat. 1296 (2018).(go back)
6Deputy Attorney General Rod Rosenstein Delivers Remarks to the New York City Bar White Collar Crime Institute (May 9, 2018).(go back)
7Deputy Attorney General Rod Rosenstein Delivers Remarks at the American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2018); see also Sally Q. Yates, Memorandum re: Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015) (the Yates memo, amended by the DOJ as described in the Rosenstein statement of November 29, 2018).(go back)
8However, the Agencies also indicate that they will not “penalize or criticize” a bank that chooses not to innovate in this area, as long as its BSA/AML compliance programs are effective and commensurate with its risk profile.(go back)
9Other items of note in the Statement include the fact that each Agency already has or has plans to establish an office or project to support innovation and serve as a point of contact for banks to discuss innovation related to regulatory compliance. FinCEN, in particular, is launching an innovation initiative involving outreach to banks and other financial institutions to set times to discuss relevant current and future products, services, and applications.
FinCEN also announced in the Statement that it will “consider requests for exemptive relief under 31 CFR 1010.970 to facilitate the testing and potential use of new technologies and other innovations, provided that banks maintain the overall effectiveness of their BSA/AML compliance programs.”(go back)
