There can be no AML professional who is not aware of the constant reminder by regulators and policymakers of the need for an improved “culture of compliance.” Enforcement actions and agency speeches have long bemoaned the second-class status of compliance in the financial sector.
So it should come as no surprise when this theme is communicated.
But in a guidance document?
Yet the U.S. Treasury Bureau, the Financial Crimes Enforcement Network (FinCEN) has done just that in Monday's guidance, "Advisory to U.S. Financial Institutions On Promoting A Culture of Compliance." (FIN-2014-A007)
Song and challenge remains the same
And the challenge for all of us is the age-old issue of communication.
The cynics among us—and our meetings would have to be held in stadiums—would question whether this “guidance” will be used for formal regulatory criticisms. But to be fair, FinCEN does say in a footnote that the “advisory does not change any existing expectations or obligations under BSA/AML requirements.”
Only time will tell.
As for the substance of the issuance, the impact will only be felt if compliance officers get this document in front of their boards of directors, the banks’ lines of business, and even the shareholders.
If it seems I am staking out a middle position, I am. Guidance today worries me. But this theme is both essential and relevant to the entirety of the financial sector.
Key elements of the guidance
It is important that FinCEN points out that a poor culture of compliance impacts financial institutions of all sizes. We have heard anecdotes from the industry about disengaged senior managers at institutions from small community banks to large multi-nationals, so engagement is the first hurdle.
Therefore, the commitment needs to be visible to the entire staff. One clear example called out in the guidance is the need for periodic AML/BSA training for leadership, “tailored to their roles.”
Those same leaders need to allocate appropriate resources to AML and be very aware of the state of AML compliance within the institution.
This last point places the onus on Compliance for proper and frequent communication to leadership.
Returning to the financial aspect of banking, the guidance also directs that compliance should not be compromised by revenue interests—a major issue is several recent enforcement actions.
There is a related reference in that section to governance—an area identified by several of the other banking agencies as in need of overhaul. Takeaway from the guidance here is to review your governance structure!
Information sharing is another theme that the AML community has been grappling with for many years.
Frankly, some of the counterintuitive regulations on sharing have prevented effective communications, so the government’s position here is less than pure. But we all agree that information is power.
The guidance correctly urges sharing throughout an organization and uses the rather old example of the fraud prevention function and AML function communicating with one another. This should have been done long ago, in my opinion.
There is also an important directive regarding having the legal department sharing subpoenas with the compliance department so that risk ratings can be reconsidered and possible suspicious activity reported.
As mentioned at the beginning of the guidance, FinCEN points to appropriate staff and resources, including the correct technology for monitoring and reporting.
Another aspect of improving the culture of compliance is to ensure that there is unbiased, independent testing of AML compliance with NO conflicting business interests—an excellent goal that will clearly improve the institution’s overall response to money laundering and financial crime.
What’s missing from the guidance
Returning to my point on cynicism, the last section of the guidance seems incomplete.
While there can be no denying the value of some BSA/AML reports, the value of all has not been close to being completely proven.
If I had drafted the last section of the guidance regarding communicating to senior managers the value of reports, I would have focused instead on the value to society of having financial institutions be partners with law enforcement to deter, report, and prevent money laundering.
Boards of directors and senior management teams need to know there is a clear role for the private sector. However, there must be recognition by the government that regulatory requirements and law enforcement utility are not always the same thing.
Tone at the top is an admirable goal—but tone in the government cannot be ignored either.
* “Everybody’s Talkin” is actually a Fred Neil song, covered over 100 times, and for me the best version is by Stephen Stills, not Harry Nilsson’s more popular hit version.
John Byrne’s views are his own and not necessarily those of the American Bankers Association.
- M&T Bank, Bank of America, and Keycorp Bank Double Down on Criticism of LIBRA
- Applying Security Across Heterogeneous IT Systems
- Beyond Wells Fargo: Can High Performance and High Standards Co-exist?
- Credit Suisse Group AG Board Set to Make Decisions Surrounding Spying Scandal
- Lessons Learned from Capital One’s Breach: What Banks Need to Know About Data Security in the Cloud