Main Content

For The Record: Time for an AML Reboot

Despite significant resources dedicated to stopping illicit financial transactions, perverse incentives have created an AML/CFT regime that is inefficient.

By Greg Baer

Imagine an army where officers are not evaluated based on how they or their units behave in battle, or how well they lead their troops. Rather, the officers are considered for promotion based on audits of the punctuality of their expense reports, and whether supplies are accounted for and documented with 100% accuracy. Any reporting or documentation errors result in confinement to base, extensive retraining, and reduction in pay.

The auditors also track unit casualties, with any casualty resulting in demerit, demotion or court martial for the responsible officers. The auditors do not have sufficient seniority or clearance to be briefed on the battles that have occurred, or read any after-action reports. Thus, their audits reflect only the losses suffered by the unit itself, not the casualties it inflicted upon the enemy.

What sort of an army would this system produce? Certainly, one hesitant to take risk. While a patriotic desire to defeat the enemy would remain strong, officers would know that outside-the-box thinking would result in audit lapses, and eventually end their careers. Promotion would come for those who adhered to the rules, and excelled at paperwork. This army inevitably would end up being led by a George McClellan, not a Ulysses S. Grant. Morale among the troops would plunge.

Welcome to the U.S. anti-money laundering /counter-terrorism financing regime, circa 2016. It is a system in which banks have been deputized to act as quasi law-enforcement agencies. Their AML compliance staffs collectively represent a force somewhere between the size of the ATF and the FBI, spending billions of dollars each year to investigate and report crime. However, in talking to senior executives at banks large and small, I have never heard a single one complain about how much money they spend. Rather, they complain about how much of that money is wasted. And that waste derives from a series of perverse incentives embedded in an archaic system.

From a public policy perspective, any rational approach to AML/CFT law enforcement would be risk-based, devoting the great majority of resources to detecting the most dangerous financial crimes and illicit activity. However, as described by Bob Werner of HSBC, the former head of the U.S. Financial Crimes Enforcement Network (FinCEN), we have seen a move by large banks away from risk-based approaches, because banks are not rewarded for successfully uncovering money laundering or providing valuable service to the law enforcement, defense or intelligence communities. Such acts generally are unknown to the bank examiner evaluating their performance or the Justice Department official deciding on a fine for some unrelated transgression. Rather, the key obligation of banks under the current AML regime is a requirement to file suspicious activity reports (SARs), which originated in 1992 as a way for banks to provide leads to law enforcement. In the current regulatory and enforcement climate, compliance officers at banks have powerful incentives to file numerous SARs, because those defensive SAR filings protect them in the event that one of the companies or individuals involved ultimately commits some type of crime. But that defensive approach greatly increases the ratio of noise to signal – or, in an analogy one frequently hears, simply adds more hay to the search for the AML/CFT needle. 

Furthermore, banks receive almost no meaningful feedback on how those SARs are used, or which ones proved useful to law enforcement. In the 1970s, when few reports were filed, those that did generally received serious law enforcement attention, and feedback was less. Now, with banks employing tens of thousands of people and using computer monitoring to flag potentially suspicious activity, hundreds of thousands of SARs are being filed every year. Feedback therefore would be extremely useful – particularly for the work of people like Gary Shiffman, the founder of a data analytics company, who uses big data technology to analyze data from across the industry to find criminal patterns. 

Meanwhile, the pressure on banks to maintain perfect AML/CFT procedures is unrelenting. Procedural lapses, even those of no consequence, can endanger the careers of those involved. Because examiner criticism endangers the ability of the bank to expand, pressure for 100% accuracy is intense. One senior AML executive recently said, “I can’t remember the last time I tried to catch a bad guy; I spend all my time filing reports with regulators.” Worse yet, several others have reported that their own efforts to construct novel approaches to detecting illegal behavior have resulted in examiner criticism – because such innovative approaches lacked sufficient documentation, and therefore were not auditable.

The sources of this self-defeating set of perverse incentives are not difficult to discover: the unpopularity of banks; the politicization of agency enforcement actions; a movement at the Justice Department away from a “justice-based” model to a “leveraged-based” enforcement model; and Congressional hearings where both banks and their examiners are excoriated for real or perceived shortcomings.

Indeed, the plight of bank examiners is worth considering. From a political perspective, they can only do wrong. They are excluded when the bank they examine is working real cases with law enforcement, national security or intelligence community officials. But if something goes wrong – if a corrupt official or organization turns out to be a client of the bank they examine – then they are held to account. Thus, from an examiner and banking agency perspective, the best possible outcome is for the banks they supervise to “de-risk” – that is, retreat from high-risk jurisdictions abroad and high-risk businesses domestically. They have no reason to internalize the business loss suffered by the bank from de-risking, nor the loss to national security when the intelligence community loses the ability to monitor overseas jurisdictions as illicit finance moves to shadow markets, nor the human suffering in countries cut off from correspondent banking, money remittances, or other access points to the global financial system. Contrast this state of affairs with the cooperative, more innovative approach in the United Kingdom, described herein by Tom Keatinge, Director of the Centre for Financial Crime and Security Studies at the Royal United Services Institute.

Perverse incentives extend to rule writing as well. Writing a clear and public AML/CFT standard means accepting great responsibility. It means defining what is an acceptable approach to preventing money laundering and terrorist financing, and what is unacceptable. If a bank engages in conduct defined as acceptable and wrongdoing nonetheless occurs, then the regulator can be held accountable. A clear remedy here would be the establishment of safe harbors for banks that demonstrate they have thorough AML/CFT procedures – recommended here by Sharon Cohen Levin, former Chief of the Money Laundering a Asset Forfeiture Section of the U.S. Attorney’s office for the Southern District of New York. But creating a safe harbor requires the government to give up the ability to punish if something goes wrong, and suffer second guessing for it. On the other hand, abjuring clear rules and using enforcement action or private threats thereof (the latter protected from public scrutiny and awareness as “confidential supervisory information”) poses no such risks.

Think these issues through, and it is easy to understand the spectacle of Secretary of State John Kerry’s recent visit to the United Kingdom. The reason for his visit was frustration that, notwithstanding an agreement to lift sanctions on Iran, companies seeking to do business with Iran were having difficulty obtaining banking services. The stated goal of his visit was to “make clear that legitimate business, which is clear under the definition of the agreement, is available to banks as long as they do their normal due diligence and know who they’re dealing with. They’re not going to be held to some undefined and inappropriate standard.” The reaction of the banking community could be boiled down to “easy for you to say.” The Wall Street Journal put it more eloquently: “Some banks say that they have made up their minds on not doing business with Iran, in part because they have agreements in place with U.S. agencies that may take a different view than the official government stance on Iran.” In other words, Secretary Kerry need not have traveled to London: a trip down the street to the Justice Department and the bank regulatory agencies would have been more effective.

Or consider FIFA. Various FIFA officials have been indicted, or in some cases pled guilty to receiving bribes to award the World Cup to certain countries. The investigation was a tribute to the Justice Department and FBI, and a relief to soccer fans everywhere. But while public attention has moved on, the investigation of banks that processed the payments continues. No one would be surprised if the banks end up paying more in legal fees and fines than any of the bribe takers or bribe payers. Nor should they be surprised, of course, if U.S. banks decide to “de-risk” such organizations going forward. 

As Clay Lowery and Vijaya Ramachandran demonstrate graphically herein, AML/CFT-related fines on U.S. banks have increased exponentially over the past five years, and continue to do so. There can be no doubt that the billions of dollars in fines, coupled with supervisory restrictions on banks perceived as having subpar programs, have caused banks of all sizes to devote vastly more resources to AML/CFT processes. The ultimate, and really only important questions, are: have these resources, and the sanctions and regulatory regime that produced them, made our country safer and more prosperous, or less? And would a very different regime produce far better results?

That is a difficult question, with a complicated answer. While it is good to keep bad actors out of the financial system as a sanctions matter, does it benefit national security to keep bad actors in the system, where they can be monitored by regulated banks with sophisticated techniques? Or is it better to push illicit actors out to foreign banks or hawalas, where law enforcement has little line of sight and a much harder time tracking money movement? Is any law enforcement or counter-terrorism gain worth causing poverty in countries that harbor terrorists by using the blunt force of pressuring U.S. banks to “de-risk” those countries by ending correspondent relationships? Are the vast quasi-law enforcement resources of the banks better deployed marching in lock step, under rigid policies and procedures set by regulators, or by using idiosyncratic guerrilla tactics, emphasizing innovation? Should banks be filing more SARs under a low standard for what constitutes suspicious activity, or instead be filing fewer SARS under a higher standard focused on plausible evidence of serious wrongdoing?

Furthermore, it is somewhat odd that there is a continuing, heated political debate about U.S. trade policy, but that the considerable effects of AML/CFT rules are not part of that debate. Rightly or wrongly, those rules are serving as major impediments to trade finance, reducing exports and imports, and causing a retreat by U.S. banks and corporations behind our borders.

Unfortunately, in the public debate, there thus far has been little acknowledgment of these important tradeoffs. Fines and personal liability for compliance officers continue to increase; and banks are required to cast a wider net in investigating their customers, and their customers’ customers.

Fortunately, a remarkable group of foreign policy, development and technology experts – including the contributors to this issue – has been focusing on all these issues. Their goal is not to save banks money or embarrassment. Their goal is do what is best for our country. We at The Clearing House will do everything we can to assist them in their work, because the banks we represent – and more particularly the tens of thousands of individuals at those banks doing this work, many of whom are former military, intelligence or law enforcement officials – are desperate to innovate and investigate. They want to catch the bad guys too.

About the author: Greg Baer is President of The Clearing House Association and Executive Vice President and General Counsel of The Clearing House Payments Company. He oversees the legal, compliance, and litigation functions for the organization’s payments business and leads the strategic agenda and operations of the Association. Prior to joining TCH, Baer was Managing Director and Head of Regulatory Policy at JPMorgan Chase.