After upbeat congressional hearing, FinCEN could get help in information sharing, hiring, GTOs
Friday, May 5, 2017
Posted by: Brian Monroe
By Brian Monroe
May 5, 2017
The U.S. Treasury bureau responsible for administering the country’s anti-money laundering laws could get key congressional support for broader bank-to-bank information sharing rules, may have certain hiring provisions fast tracked, and could see its geographic targeting powers expanded to include wire transfers.
Those are just some of the issues focused on by more than a dozen key congressional leaders in a hearing this week highlighting the work of the Financial Crimes Enforcement Network (FinCEN). The hearing focused on FinCEN's ability to capture, analyze and disseminate AML data to banks, federal regulators, all levels of law enforcement and international financial intelligence unit (FIU) partners.
The hearing, titled “Safeguarding the Financial System from Terrorist Financing” before the House Committee on Financial Services, Terrorism and Illicit Finance subcommittee, is the first meeting looking at FinCEN’s efficiency, effectiveness and outcomes with the hundreds of millions of filings it stores within its massive database, and related privacy and civil liberty issues.
FinCEN Acting Director Jamal El-Hindi, who has been with the bureau since 2006, was the only witness. He covered a bevy of areas directly applicable to financial crime compliance teams, including the importance of taking a converged, holistic approach to tackling new challenges such as cyber-enabled frauds.
The various focal points for lawmakers covered the gamut, with questions exploring how to make FinCEN better at digesting data so that institutions can file less defensively and more thoughtfully – with the goal being fewer filings to “gum up the works." Other questions probed how the bureau can better spot homegrown terrorists or "foreign fighters" who wind up on battlefields in the Middle East in the ranks of ISIS.
The overall upbeat hearing also focused on whether Congress can do more to help FinCEN staff up some 70 unfilled positions already covered by appropriations or even boost its overall budget.
On the topic of supporting FinCEN, and the country’s law enforcement more broadly, lawmakers also highlighted how the U.S. still does not require company formation agents to capture beneficial ownership data.
As a result, that allows criminals to purchase real estate and launder money through anonymous shell companies. The ongoing attention to the issue may provide more fuel for the bureau to create rulemaking that closes what have been referred to as current “gaping holes” in AML defenses.
Many in attendance also called the agency’s work “important” as a nexus and “bridge” between the various U.S. stakeholders in the fight against financial crime: banks, regulators and law enforcement. Nearly every representative thanked FinCEN overall for its critical contributions to countering organized criminal groups, the corrupt and terror networks, with some profusely thanking El-Hindi personally.
Here are some key takeaways, congressional concerns and potential outcomes:
FinCEN’s filings figure is massive and growing every day
Currently, the bureau’s database of customer transaction report (CTR) and suspicious activity report (SAR) filings is currently pegged at more than 200 million with analysts receiving some 55,000 new filings each day from more than 80,000 financial institutions, including banks, money services businesses, broker dealers and other entities subject to AML rules and 500,000 foreign bank account holders.
The database is pinged by more than 10,000 law enforcement and government investigative bodies that engage in about 30,000 daily searches. FinCEN also has 70 analysts devoted to searching the database for broader trends, with the ability to do simple searches for names, addresses and the like, but also has the capacity for complex, layered searches.
“To combat our most significant money laundering and terrorist financing threats, FinCEN employs automated business rules to screen filings on a daily basis and identify reports that merit further review by analysts,” El-Hindi stated in prepared testimony.
“The rules range in complexity from traditional ‘watch list’ rules designed to identify known illicit actors to complex multi-variable weighted rule sets capable of identifying potential illicit activity.”
These algorithms search the reporting for key terms, entities, and typologies of interest daily, across six priority areas: transnational security threats; cybercrime; transnational organized crime; significant fraud; compromised financial institutions or third party money laundering; and data quality, benchmarking, and anomaly detection, he said.
The business rules “produce approximately 5,000 rule findings per month, pointing FinCEN analysts to specific filings for hands-on review and focusing their efforts on the filings most likely to be key to defending against priority threats,” according to El-Hindi. “This produces an important stream of timely financial intelligence for FinCEN analysts and external stakeholders.”
FinCEN, as part of an overall recent IT modernization effort, has increased the security for the data, adding two-factor authentication, and strengthened how it monitors approved users to ensure individuals aren’t searching for information for their own personal gain.
GTOs are helping, but the powers have limitations
In recent years, FinCEN has been more willing to use some of their lesser-known powers, including what are called geographic targeting orders (GTOs). These are orders that can require certain entities that are or are not subject to AML rules to engage in certain activities to capture more details.
The latest spate of GTOs required certain U.S. title insurance companies to record and report the beneficial ownership information of legal entities making “all-cash” purchases of high-value residential real estate in these several key geographic areas.
In July 2016, FinCEN renewed the GTOs and extended coverage to additional areas in New York City, South Florida, California, and Texas. The GTOs, including the extended coverage, were renewed in February 2017.
But what some lawmakers found to be “problematic” and a “shockingly high number” was that at the time of the most recent renewal, “approximately 30 percent of the real estate transactions reported under the GTOs involved a beneficial owner or purchaser representative that also had previously been the subject of a SAR.”
Those figures could have been even higher, but the statutory authority for FinCEN to levy the GTOs is limited, only covering cash and monetary instruments, but not wire transfers.
As a result, some lawmakers mused if the U.S. Treasury Secretary could fix that by adding wires to GTOs, an idea El-Hindi agreed would be a benefit, along with requiring company formation agents to capture beneficial ownership details and make it available to law enforcement.
One lawmaker stated the GTOs should be extended to more areas and made permanent, while another noted that some states have created a “cadaster” system to track ownership data, which captures land ownership details, dates and transactions, but in some cases is only “available in the basement of some dusty courthouse.”
Patriot Act information sharing could be strengthened
In addition to bolstering the transaction types covered by GTOs, the hearing looked at how Congress could strengthen information sharing structures availed under sections 314(a) and 314(b) of the Patriot Act.
Under those prongs, FinCEN can query banks at large about certain individuals, companies or transactional tells, and banks can share information with each other on entities suspected of money laundering or terrorist financing.
But what isn’t spelled out currently and explicitly under section 314(b) – bank to bank sharing – is if the safe harbor provisions cover all predicate crimes for money laundering and other financial crimes, including fraud and cybersecurity incursions and breaches.
Congress mulled the benefits of extending section 314(b) sharing powers and protections, which could have manifold benefits, including banks identifying larger networked criminal, terror and cyber groups more quickly and, consequently, being able to send fewer, but more richly detailed, SARs to law enforcement.
FinCEN has funding for some positions, but has trouble filling them
FinCEN, which currently has full-time equivalent (FTE) positions for some 340 staffers, still has 70 of those unfilled at the moment in the intelligence analysis area who would look at AML data, chiefly due to the challenges in finding qualified candidates and getting them the proper security clearances, which can take as long as a year.
Right now, at least 35 of those vacancies are in the active or selection recruitment phases, with unknown timetables to get them onboard and trained.
One congressperson stated that was a “national security issue,” asking if FinCEN had “fast-track” authority to speed those hires up, in which El-Hindi responded FinCEN was not considered a national security agency, so didn’t have that ability as yet. The lawmaker stated he would look into “legislative action to get you covered.”
Convergence corner, covering the full spectrum
FinCEN is also trying to increase its coverage of cyber-enabled events, responses and recoveries, putting more pressure on banks to more adroitly merge and convergence their AML, fraud and cyber teams.
“The size, reach, speed, and accessibility of the U.S. financial system make financial institutions attractive targets to traditional criminals, cybercriminals, terrorists, and state actors,” according to El-Hindi. “These actors target financial institutions’ websites, systems, and employees to steal customer and commercial credentials and proprietary information; defraud financial institutions and their customers; or disrupt business functions.”
In 2016, FinCEN received “more than 60,000 cyber-related SARs describing a range of cyber-enabled financial crimes. Improved financial transparency and increased information sharing can help address the challenges posed in the cybersecurity domain.”
FinCEN noted that it issued an advisory in October 2016 to “raise awareness among financial institutions about the intersection between cyber and AML/CFT issues. The advisory clarifies how financial institutions should approach cyber issues” and “encourages coordination between AML and cybersecurity staff to mitigate risks.”
With those converged teams working in concert with each other, FinCEN and law enforcement, all sides can do some amazing things, El-Hindi said.
“Where U.S. businesses or financial institutions quickly alert law enforcement, FinCEN often has been able to work with its foreign counterparts to assist in the return of funds sent overseas by business email compromise schemes,” he said in his testimony.
“Over the past two years, with respect to the illicit overseas transfer of roughly $491 million brought to our attention, we have been able to help in the return of over $275 million.”