Agencies encourage innovation in BSA/AML compliance

Key points:

• Five federal agencies released a joint statement encouraging Banks (as defined below) “to consider, evaluate, and, where appropriate, responsibly implement innovative approaches” to meet their BSA/AML compliance obligations.
• The agencies will not take action against Banks that opt not to pursue innovative approaches, or implement pilot programs that prove to be unsuccessful, or that expose activities not identified by their existing program, provided the existing program is otherwise effective.
• When replacing or augmenting existing BSA/AML processes with a more innovative approach, Banks must consider relevant risk factors (e.g. information security, third-party risk management, customer notifications and privacy), and also ensure no gaps are created in meeting existing obligations.

On December 3, the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) and the federal depository institution regulators (the Federal Reserve, the FDIC, the NCUA, and the OCC) issued a joint statement encouraging banks and credit unions (collectively, Banks, and as defined in the Bank Secrecy Act regulations in 31 CFR 1010.100(d)) “to consider, evaluate, and where appropriate, responsibly implement innovative approaches” to meet their Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) compliance obligations.
The agencies recognize that innovation can help Banks better identify and report money laundering, terrorist financing, and other illicit financial activity, while potentially improving the efficiency of their BSA/AML compliance programs and enabling them to further maximize the use of their compliance resources. The agencies will not advocate a particular method or technology for meeting BSA/AML compliance obligations, but recognize that the industry is becoming increasingly sophisticated in their approaches, innovating in the areas of risk identification, transaction monitoring, and suspicious activity reporting, which can enhance their mission.

Pilot Programs should not expose Banks to supervisory criticism

The agencies recognize that pilot programs are an important means of testing and validating the effectiveness of innovative approaches to promote more effective BSA/AML compliance, yet understand that such programs may be unsuccessful or may identify suspicious activity that would not have been identified under existing processes. In this regard, the agencies state they will:

• Not subject Banks to supervisory criticism for an unsuccessful pilot program
• “Not automatically” assume the Bank’s existing processes are deficient because a pilot program exposes more than the existing BSA/AML compliance processes do
• Assess the adequacy of a Bank's compliance processes independentof the results of a pilot program
• Not increase regulatory expectations based on a Bank’s use of innovative approaches in BSA/AML compliance
• Not “penalize or criticize” those institutions that choose not to pursue innovation.
   

Risks in pilot programs

The agencies note that Banks must not compromise the effectiveness of their existing BSA/AML programs, and must continue to meet all regulatory obligations when pursuing innovative approaches and pilot programs. Innovative approaches must be tried and tested to ensure they are sufficiently developed to replace, or preferably improve, existing BSA/AML processes without creating program gaps or exposing the Bank to additional risk. Risk factors that must be considered include: information security, third-party risk management, and compliance with other applicable laws and regulations (such as customer notifications and privacy). Management should also discuss their evaluations with the Bank’s respective regulators.

Early engagement can promote understanding

The agencies recommend early engagement between Banks and regulators to promote a better understanding by regulators of the innovative approaches the Banks are piloting or implementing, and the regulators continue to explore additional methods to encourage innovation. For example, FinCEN will consider granting exceptions under 31 CFR 1010.970 (Exceptions, exemptions, and reports) to facilitate the testing and potential use of new technologies and other innovations. Separately, FinCEN is launching various outreach efforts to enhance its ability to respond to innovation and new technologies, understand the related risks, and encourage discussion of regulatory principles, processes, and expectations.
The joint statement is the second release from a BSA/AML working group established by Treasury’s Office of Terrorism and Financial Intelligence and the federal depository institution agencies. It follows an October joint statement on sharing Bank Secrecy Act resources (see KPMG Regulatory Alert here).

For more information please contact Teresa Pesce.