by Paul J. Nockels, C.P.A.

A year after the tragic events of September 11, 2001, financial institutions continue to enhance their Anti-Money Laundering ("AML") programs to achieve and monitor compliance with heightened governmental and industry regulations designed to deter, detect, and punish terrorists that use the U.S. and world financial markets. However, automating procedures that would normally be manually performed with extensive human interaction and analysis has proven to be quite challenging as the depth and complexity of these regulations and financial transactions expand.

Regulatory Background

On October 26, 2001, President Bush signed the "USA PATRIOT Act" (the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001), which amends, among other things, the Bank Secrecy Act (the "BSA") and imposes significant new AML requirements on all "financial institutions," as defined by the BSA. These financial institutions include a wide variety of organizations handling financial transactions, including banks, trust companies, credit unions, securities broker-dealers, futures commission merchants, certain investment vehicles, and even casinos and auto dealerships.

Many financial institutions, such as banks, bank holding company-owned organizations, and securities broker-dealers, have been subject to requirements under the BSA since 1996 to report certain transactions and "suspicious activities" and, accordingly, already have AML programs in place. However, these entities must now expand these programs to include additional due diligence requirements and enhanced customer identification standards. Other financial institutions that have not previously been subject to the BSA must now develop AML programs to achieve compliance.

Various industry regulators and intermediaries in the United States and abroad are also amending their respective regulations to generally require affected financial institutions to establish or enhance AML programs to be "reasonably designed" to achieve compliance with the applicable federal requirements.

The Basics of Money Laundering

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origin of funds from illegal activities in such a way that these funds appear to have come from legitimate sources or constitute legitimate assets.

Money laundering general follows three stages;

1. the "placement" stage, where cash from criminal activities enters the financial system, is converted to financial instruments, and deposited into accounts at financial institutions;
2. the "layering" stage, where the funds are transferred or moved into other accounts or other financial institutions to further separate the proceeds from their criminal origin; and
3. the "integration" stage, where the funds are reintroduced into the economy and used either to purchase legitimate assets or further fund criminal or illegitimate activities.

Banking and trading accounts maintained by financial institutions for customers are typical vehicles used to launder illicit funds and to execute financial transactions that help obscure the origin of funds. For more information on money laundering, including common methods and trends, visit the Financial Action Task Force on Money Laundering website at http://www1.oecd.org/fatf/

Ingredients of AML Programs

AML programs must include, at a minimum:

1. the development, implementation and maintenance of appropriate AML policies, procedures and controls;
2. the designation of a compliance officer responsible for implementing and monitoring the day-to-day operations and controls of the program;
3. an ongoing training program for appropriate personnel; and
4. an independent testing function to be conducted by internal personnel or a qualified outside party.

Since the laws in this area change rapidly and the extent and complexity of financial transactions and money laundering techniques continuously evolve, AML programs must be periodically reviewed and updated accordingly. Also, any significant changes in systems, products, or customer business must include review and modification to AML programs.

Designing and Enhancing AML Systems

The magic for many financial institutions is to effectively utilize existing technology resources to automate certain AML procedures and controls that would otherwise require high degrees of human intervention and logic.

Certain AML procedures and controls may not lend themselves to full automation, particularly for those required for new customers and/or accounts. For example, financial institutions must perform certain procedures to ensure that the organization takes reasonable steps to verify the identity of the owner of an account before transacting business with that customer. These include inquiry about the source of the customer's assets and income, as well as the customer's purpose and intended use of the account(s). Also, financial institutions are prohibited from establishing or maintaining a "correspondent account" in the United States for an unregulated foreign shell bank. Certain of these AML procedures may require due diligence procedures performed by a human being to be effective.

On the other hand, other AML procedures for new accounts may be fully automated. For example, financial institutions must verify that they are not prohibited by law to do business with new prospects by comparing them to the "SDN List" (Special Designated Nationals and Blocked Persons) maintained by "OFAC" (the Department of Treasury's Office of Foreign Asset Control) (see http://www.ustreas.gov/ofac for more information on these requirements). Certainly, specific data may be automatically compared to data from the SDN list on an initial (and ongoing) basis.

The extent of initial and ongoing due diligence and surveillance of an account and/or customer should be tailored based on their overall risk profile. Accounts and/or customers that would generally be classified as high risk would include foreign private banking customers, international correspondents' accounts, and entities from certain geographic locations that are more vulnerable to money laundering. "High risk" customers would also include those that exhibit an unusual level of concern for secrecy, particularly with regard to their identity, type of business, or source of assets. These might also include customers that are unconcerned with risks, fees or other costs associated with their accounts, or who are acting as an agent for another entity or individual and are evasive about this party's identity. In addition, these would include customers that exhibit an unusual concern regarding the firm's compliance with government reporting requirements and the firm's AML procedures.

"Online" financial institutions that generally limit physical meetings and discussions with prospective or existing customers must take extra care in developing and maintaining their AML program. Without the normal opportunity to have physical interactions, these firms may be required to obtain additional and/or different information to replace the effectiveness of human interactions. AML programs must also include procedures to detect and cause the reporting of "suspicious activities" through the filing of "SARs" (Suspicious Activity Reports) to the FinCEN (the Financial Crimes Enforcement Network ("FinCEN"). Suspicious activities may occur in a customer account at any time and, therefore, systems must be in place to monitor activities in order to detect unusual behavior. Financial and recordkeeping systems may be designed or tailored to specifically search for and identify unusual behaviors and/or "high risk" activities for further follow up. These would include unusual wire transfer activities, such as those involving an unexpected or extensive number of transfers by a particular account and transfers involving certain high risk countries. These would also include transactions that have no business or apparent lawful purpose, are unusual to the customer, or lack any reasonable explanation. Clearly, complete and accurate recognition of suspicious activities requires familiarity with customers, and their business practices, activities and patterns. Therefore, the extent of automation in this area is challenging and requires careful planning and maintenance to replace the laborious, yet subjective, human intervention and evaluation.

Many financial institutions, such as certain securities broker-dealers and introducing brokers, introduce their customer accounts to other financial institutions. However, both organizations (the introducing firm and the carrying firm) are required to have AML policies and procedures covering these common customer accounts. For efficiency and effectiveness, these organizations should coordinate efforts under written agreements to confirm compliance with their respective obligations. Effective monitoring is useless without timely and effective follow-up and investigative procedures. Appropriate personnel must be notified to evaluate unusual or high risk activities and determine any required reporting requirements to FinCEN and/or other regulatory agencies.

The Price of Non-Compliance

The price of non-compliance could be painful. Violation of the AML laws can lead to severe civil and criminal penalties. Also, a person or entity that either knew or was willfully blind to the fact that transactions involving illegally obtained funds can be criminally prosecuted for assisting or facilitating money laundering transactions.

Although maintaining compliance with federal and other regulations may be a key motivator for designing and implementing effective AML programs, a larger motivation for high profile financial institutions may be brand asset protection. A financial institution would hate to discover, and infinitely worse, for the public to discover, that they were maintaining accounts and handling assets for members of the Al-Qaeda network.

About the Author

Paul J. Nockels, C.P.A. is a senior manager with American Express Tax & Business Services. Mr. Nockels provides accounting, tax and consulting services to various financial services organizations regulated by the Securities and Exchange Commission, the Commodity Futures Trading Commission, and other regulatory organizations. Mr. Nockels may be reached at 312-634-4623 or paul.j.nockels@aexp.com