On December 3, 2018, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network (FinCEN), the National Credit Union Administration, and the Office of the Comptroller of the Currency (together “the agencies”), issued a joint statement encouraging banks to test and implement innovative approaches to meeting their Bank Secrecy Act/Anti-Money Laundering (BSA/AML) obligations. The agencies hope to harness private sector innovation to better protect the financial system from financial crime and to allow financial institutions to make better use of limited compliance resources. The agencies identify in particular risk identification, transaction monitoring, and suspicious activity reporting as obligations that can benefit from innovation. They also identify internal financial intelligence units, artificial intelligence, and digital identity technologies as innovations that can help advance AML programs.
To foster innovation without fear of criticism, the agencies have laid out policies for how they will interact with banks piloting new technologies.
- First, while the agencies may provide feedback, banks that pilot innovative technologies should not be subject to supervisory criticism for any failures in such pilot programs.
- Second, “pilot programs that expose gaps in current BSA/AML compliance programs will not necessarily lead to supervisory action.” For example, “when banks test or implement artificial intelligence-based transaction monitoring systems and identify suspicious activity that would not otherwise have been identified under existing processes, the agencies will not automatically assume that banks’ existing processes are deficient.”
- Third, the implementation of innovative approaches in banks’ BSA/AML programs “will not result in additional regulatory expectations.”
- Fourth, FinCEN will consider requests for exceptive relief under 31 C.F.R. § 1010.970 to promote the testing of new technologies, provided that banks maintain the overall effectiveness of their AML programs.
The agencies’ joint statement did make clear, though, that while innovation is critical to continued protection against money laundering and other financial crime actors, it is not an excuse to fail to comply with current BSA/AML requirements. Banks “must continue to meet their BSA/AML compliance obligations, as well as ensure the safety and soundness of the bank, when developing pilot programs and other innovative approaches.” In making such determinations, “bank management should prudently evaluate whether, and at what point, innovative approaches may be considered sufficiently developed to replace or augment existing BSA/AML processes.” Such a decision should also address other factors like third-party risk management, compliance with other applicable laws and regulations, and issues of customer privacy. Banks also are encouraged to engage early with regulators regarding such programs to promote the agencies’ understandings of these programs and as “a means to discuss expectations regarding compliance and risk management.” Each of the agencies has committed to establishing projects or offices to support engagement on the implementation of such innovations.
The joint statement comes against a backdrop of continued increases for many banks in the costs of operating compliant AML programs, and continued enforcement – such as the recent $598 million settlement with federal regulators of alleged AML violations by US Bank — emphasizing the need for greater resourcing of AML programs. This has led many banks to consider innovations that might make compliance more efficient and reduce costs, but also has led Congress to consider other measures, such as changing BSA reporting thresholds. The new statement appears to be an effort by the agencies to resolve this resource tension by favoring innovation. It complements another recent guidance document from the same agencies encouraging smaller banks to share compliance resources where possible.
A number of new products and services offer real opportunities for banks to improve their transaction monitoring and other AML processes, resulting in stronger programs and reduced cost. However, banks should ensure that pilot projects and other innovations do not compromise their ability to effectively operate their current BSA/AML compliance programs. One way this can happen is migrating from previous methods to new technologies before the latter have been properly tested. For example, money transmitter MoneyGram International recently was required to pay an additional $125 million penalty, and had its deferred prosecution agreement extended, for AML program failures that occurred after it transitioned to a new fraud interdiction system that turned out to be ineffective. Another way this can happen is if the resources needed to administer a pilot project take away from resources needed to operate existing aspects of an AML program. The agencies have made clear that while they will not necessarily subject any failed pilot programs to supervisory criticism, they will continue to scrutinize banks’ current processes for any deficiencies, and expect them to remain compliant while testing new methods.