Amy S. Matsuo
National Leader, Regulatory Insights, KPMG US
On December 3, the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) and the federal depository institution regulators (the Federal Reserve, the FDIC, the NCUA, and the OCC) issued a joint statement encouraging banks and credit unions (collectively, Banks, and as defined in the Bank Secrecy Act regulations in 31 CFR 1010.100(d)) “to consider, evaluate, and where appropriate, responsibly implement innovative approaches” to meet their Bank Secrecy Act/ Anti-Money Laundering (BSA/AML) compliance obligations.
The agencies recognize that innovation can help Banks better identify and report money laundering, terrorist financing, and other illicit financial activity, while potentially improving the efficiency of their BSA/AML compliance programs and enabling them to further maximize the use of their compliance resources. The agencies will not advocate a particular method or technology for meeting BSA/AML compliance obligations, but recognize that the industry is becoming increasingly sophisticated in their approaches, innovating in the areas of risk identification, transaction monitoring, and suspicious activity reporting, which can enhance their mission.
The agencies recognize that pilot programs are an important means of testing and validating the effectiveness of innovative approaches to promote more effective BSA/AML compliance, yet understand that such programs may be unsuccessful or may identify suspicious activity that would not have been identified under existing processes. In this regard, the agencies state they will:
The agencies note that Banks must not compromise the effectiveness of their existing BSA/AML programs, and must continue to meet all regulatory obligations when pursuing innovative approaches and pilot programs. Innovative approaches must be tried and tested to ensure they are sufficiently developed to replace, or preferably improve, existing BSA/AML processes without creating program gaps or exposing the Bank to additional risk. Risk factors that must be considered include: information security, third-party risk management, and compliance with other applicable laws and regulations (such as customer notifications and privacy). Management should also discuss their evaluations with the Bank’s respective regulators.
The agencies recommend early engagement between Banks and regulators to promote a better understanding by regulators of the innovative approaches the Banks are piloting or implementing, and the regulators continue to explore additional methods to encourage innovation. For example, FinCEN will consider granting exceptions under 31 CFR 1010.970 (Exceptions, exemptions, and reports) to facilitate the testing and potential use of new technologies and other innovations. Separately, FinCEN is launching various outreach efforts to enhance its ability to respond to innovation and new technologies, understand the related risks, and encourage discussion of regulatory principles, processes, and expectations.
The joint statement is the second release from a BSA/AML working group established by Treasury’s Office of Terrorism and Financial Intelligence and the federal depository institution agencies. It follows an October joint statement on sharing Bank Secrecy Act resources (see KPMG Regulatory Alert here).
For more information please contact Teresa Pesce.