It’s Time to Rethink the Mission Behind BSA/AML Regulations

The Anti-Money Laundering Act of 2020 marks a sweeping change in AML legislation – including some of the most significant changes ever made to the Bank Secrecy Act of 1970. This is a good step forward, albeit tardy by a decade or so, but it’s heartening to see federal officials taking AML seriously.

While there are several good and positive elements within the act – the whistleblower program is critical, as human intelligence remains key to discovery of hidden malignancies in the banking system – there’s also a lot more room for growth.

Ultimately, for all the positives of these new changes, they still fail to tackle one of the biggest issues: the mission of AML regulation needs to change from being purely a compliance – or worse, an analytical issue – to instead focus on why AML is a moral imperative to preventing the arbitrage of the financial system to facilitate some of the most heinous human rights and criminal violations.

Good changes too slow?

The program to reward those who report possible AML violations is a great start, but as a recent Wall Street Journal article pointed out, so far it’s been slow to get off the ground. Part of the slowness has to do with how the rewards system is set up. Still, it’s good to see the feds taking some stronger steps here.

Within the new regulations is the Corporate Transparency Act (CTA), which is intended to combat the use of “shell companies” as havens for money laundering and other illicit activity. It creates a registry and requires millions of domestic and foreign companies registered to do business in the U.S. to disclose information about their beneficial owners.

This is a positive step, and it certainly helps with corporate transparency, but frankly, it’s late.

The United Kingdom established a beneficial ownership registry back in 2016 as part of strengthened AML regulations. And under the CTA, the secretary of the treasury won’t have to implement these reporting requirements until a year after the rules were passed – that will be Jan. 1, 2022.

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has suggested that the final regulations will give affected entities additional time in which to come into compliance. It should be noted also that leadership changes at the Treasury Department and the FDIC might help focus on new, more innovative, and more aggressive discovery and interdiction.

In the meantime, the number of shell companies has gone through the roof during the COVID-19 pandemic. The lockdowns didn’t stop the bad guys from selling drugs or perpetrating other crimes – it just meant that they wound up with piles of cash that they haven’t been able to launder through the channels they normally would use due to business closures and lockdowns. As a result, they started buying small, distressed businesses such as restaurants for cash.

With impressive identity theft volumes, the yet-to-be understood bribery holes created by the rush to digitization during COVID-19, and the proliferation of new financial instruments like de-centralized finance, cryptocurrency and NFTs, the adversaries of the market have evolved extraordinary quickly over the last year. We can’t wait another 20 years for a major piece of legislation; fixing the cadence and focus of regulatory oversight is desperately important.

Addressing the human rights issue

On the positive side though, the new AML regulations are solid steps and at the federal level, there really seems to be energy to combat money laundering. But how do we get this down to the examiners’ level quickly to add energy across the entire market? Acts like this tend to take a lot longer than they should to get to the individual banks. And once the legislation gets down to the individual examiner, the requirements are already outdated. For instance, when an act like BSA says something is required immediately, that typically means it will take a year, such as in the case of CTA.

The reality is that bad actors are always steps ahead; the regulations are always going to be behind. For example, de-centralized finance, Bitcoin and NFTs are accelerating in malfeasance; electronic payments and open banking all offer massive exposures to the system.

The biggest problem with many of these approaches to regulations is that they still ultimately treat money laundering as a compliance issue and not what it really is: a moral and human rights issue. It needs to be treated as such. Failure to address it aggressively fuels and facilitates some of the most heinous criminal behavior.

A disconnect remains in which regulations are often treated as the focus, as just a case of needing to check the boxes for compliance without understanding the full ramifications of money laundering. The rule of the law should not be the objective; the spirit of the law – the mission of the law – should be. AML officers, compliance leaders, and FIU leaders have an incredibly impactful role on the adversaries that exploit the system.

What needs to change

Mindset is important; it shouldn’t just be about regulators trying to prevent money laundering (and in turn, the crimes it facilitates). Banks need to consider themselves as true stewards of the integrity of the system and the standards a society holds itself to. These are not small firms; they are almost countries in themselves. Culture and tone from the top are therefore materially impactful to the societies they operate in. Banks should be the leaders of innovation and crime discovery, not simply the executors of abstract regulations that are often outmaneuvered before they are implemented.

At the same time, regulatory authorities should be stimulating innovation, discovery and learning from the market. It should be a collective endeavor, a mission involving technology, banks, and regulators working together against a common group of foes.

Banks shouldn’t be afraid they’ll be penalized for discovering new attacks or risks. They should be stimulated to do this, with regulators acting as the catalyst for such activities and as a clearing house for the market of such innovations. It’s a reversal of the traditional compliance model, but only through such partnerships can the system arm itself effectively against those that exploit the financial system’s fragmentation, opacity, and lack of coordination.

It should be less about the rule of law and instead, the spirit of the law should be the driving motivation. We now have the technologies to stop modern crime. We have the ability to create real change. When it comes to AML, human and sex trafficking, the narco-economy and rogue state actions, it should be much less about keeping the regulator happy against some abstract requirements and more about the constituents of the system. It should be about making sure our banking system isn’t exploited as a facilitator of some of the worst actions of humanity.

When we rely on the regulators to tell the banks how to catch the bad guys instead of the banks catching the bad guys and then telling the regulators how it was done, we hamstring the entire system and indeed, give our adversaries the ability to institutionalize many of the risks we’re trying to stop.

Beyond compliance

The BSA and the Anti-Money Laundering Act of 2020 contain many provisions that are welcome and even progressive, including the whistleblower program and the streamlining of reporting. There’s no denying that this is a great step. But it took so long to get there and there are still several shortcomings, mainly the cadence and singular focus on individual banks rather than stimulating systemic focus, innovation, and synchronization.

We need to go deeper into recognizing and understanding that AML and the financial facilitation of crime is about far more than just regulation and compliance. These activities fuel real and terrible crimes – human trafficking, sexual exploitation, slavery, terrorism, targeting vulnerable communities and the hard drug trade.

And that’s why the mindset needs to shift to preventing and mitigating financial crime as an issue of human rights; it's a societal issue, not just one of compliance or analytics.

By Simon Moss, CEO, AyasdiAI