To view or print PDF content, download the free Adobe Acrobat Reader.
PREPARED REMARKS OF JAMES H. FREIS, JR. DIRECTOR, FINANCIAL CRIMES ENFORCEMENT NETWORK U.S. DEPARTMENT OF THE TREASURY DELIVERED AT THE FLORIDA INTERNATIONAL BANKERS ASSOCIATION'S 12TH ANNUAL ANTI-MONEY LAUNDERING COMPLIANCE CONFERENCE MIAMI, FL FEBRUARY 23, 2012
It is a pleasure to be back for the third time speaking at this FIBA conference. When I first spoke here four years ago, I discussed the important partnership between the government and the financial industry in fighting illicit financial activity, and in particular the many ways FinCEN provides feedback to help direct resources to the areas of greatest risk1. Two years ago, I addressed trade finance and money laundering, as well as how fraud and money laundering are interconnected, and FinCEN's ongoing work to combat fraud.2
Today I would like to address a number of international issues, in particular recent developments with the Financial Action Task Force (FATF) Recommendations (a subject of the speech here by my predecessor, FinCEN Director Bill Fox, seven years ago3 ) as they relate to FinCEN's responsibilities, and in the Egmont Group of financial intelligence units (FIUs) (which was a subject of the speech here by my former deputy, Bill Baity, five years ago4 ). In all these areas, you will see that we have come a long way, and yet our efforts to mitigate the risks of financial crimes must continue to address changing criminal behavior.
In a world where financial transactions and markets are increasingly global, criminals seek to exploit any weakness in our international anti-money laundering/counter-terrorist financing (AML/CFT) framework. While you often hear emphasis upon the importance of a strong public-private partnership in our AML efforts here in the United States, it is more critical than ever to ensure these efforts extend - and continue to evolve - internationally.
Over the past generation, an international consensus has emerged as to the importance of AML/CFT efforts, both across responsible government agencies, and with the vigilance of the financial sector to protect itself and its customers against financial abuse. The FATF Recommendations embody important aspects of the global consensus as well as aspirations in the AML/CFT area. So let me turn to them as they apply to FinCEN's mutually reinforcing responsibilities as AML/CFT regulator and as the FIU of the United States.
FATF - Revised Recommendations
The FATF recently undertook a comprehensive review of the 40+9 Recommendations, with the goal to maintain stability in the standards, but also recognizing the need to address deficiencies and bring the standards more up-to-date with evolving financial, law enforcement, and regulatory environments around the world.5
In October 2010, FATF began a public consultation as part of its first phase of reviewing the Recommendations.6 FATF published its first consultation paper as a result of this review in February of last year.7 A second consultation phase took place between June and September 2011,8 with the revised FATF Recommendations being released publicly this past week, on February 16.9
The United States continues to be a leader not only in the development of global financial standards, but in our efforts to effectively implement them. Thus, while our overall national effort to combat money laundering and terrorist financing will undoubtedly continue to evolve as we seek ways to be more effective and efficient, I will try to put into context how some of the revisions to the FATF Recommendations parallel the approach we are pursuing here in the United States, and specifically at FinCEN.
Overview of Relevant Changes
Perhaps the first thing you will notice with respect to the revised FATF Recommendations is the integration of the formerly distinct "Special Recommendations on Terrorist Financing" into the body of the 40 Recommendations. This reflects the global recognition of the complementary efforts and tools needed to combat money laundering and terrorist financing, since the issuance of the originally eight Special Recommendations soon after the events of 9/11 over a decade ago.
That said, the financing of terrorism remains a serious concern for the international community and remains a major focus of the FATF standards and a number of uniquely focused CFT recommendations remain independent. As you are aware, in particular under Title III of the USA PATRIOT Act of 2001, the AML framework in the United States was extended to include combating terrorist financing. For FinCEN, we include the AML and CFT efforts together as part of our broader regulatory and analytical efforts to combat a broad range of financial crimes.
The integration of the 40 + 9 Recommendations afforded not only the opportunity for changes to the substance of the Recommendations, but an opportunity to try to improve the overall clarity of the standards and reduce duplication. For many of us, this will entail a bit of a learning curve, as we familiarize ourselves with the new numbering scheme. FinCEN's own experience underscores the value of and success in an analogous effort to streamline and promote clarity in our regulations, and thereby facilitate increased effectiveness in their implementation. March 1, 2012 is the one-year anniversary of the effective date of FinCEN's regulations in a new Chapter X of Title 31 of the Code of Federal Regulations.10 We have consistently heard positive feedback from the financial industry about our transparent effort in adopting these changes, and the logic behind the reorganization has led to an easy integration of our more recent rules. So I am sure we will come to appreciate the revised format of the FATF Recommendations, just as we have done with the FinCEN regulations, even before we become familiar with the revised numbering system.
With respect to the broader substantive changes to the FATF Recommendations, let me briefly mention the following. The sanctions framework has been updated, in particular to take into consideration the framework that has been developed in conjunction with United Nations Security Council Resolutions regarding terrorism and terrorist financing. Also, a new standard has been included with respect to sanctions related to the proliferation of weapons of mass destruction. Serious tax crimes have been included among predicate offenses for money laundering. As we have long observed in the United States, serious tax crimes can be closely related to significant money laundering.
Some other changes may seem quite subtle and will come as no surprise to U.S. financial institutions. For example, the new Recommendation 15 (formerly Recommendation 8) with respect to the impact of new technologies, clarifies that financial institutions should conduct an AML/CFT risk assessment prior to the launch of new products, business practices, or the use of new or developing technologies.11 I hope that within the United States financial institutions have already understood this expectation.12
FinCEN's October 2011 issue of the SAR Activity Review - Trends, Tips & Issues, includes an article assessing Remote Deposit Capture (RDC) risks.13 The article contains an analysis of RDC risks related to fraud and other financial crimes as indicated in bank SAR filings and summarizes past regulatory guidance. The article also notes commonalities in two recent civil money penalty enforcement actions taken by FinCEN against two banks that highlighted potential risks associated with the initial adoption of new technologies or use of those technologies to provide innovative products and services. Among the common elements identified were a "failure to identify and assess the compliance and operational risks associated with RDC prior to implementation." 14
One other example of a less extensive change to the Recommendations that I will nonetheless mention for the international audience here today is a more explicit statement that financial groups should be required to implement group-wide AML/CFT programs, including policies and procedures for sharing information within the group for AML/CFT purposes.15 Efforts at implementation can hopefully be informed, in part, by the Egmont Group's multi-year project, in which FinCEN was closely involved and resulting in the publication in February 2011 of a white paper entitled "Enterprise-wide STR Sharing: Issues and Approaches."16 The Egmont Group continues to welcome financial industry feedback and input on the issues raised in the white paper.
I now would like to provide more detail about a few of the specific changes to the FATF Recommendations as they relate to the work of FinCEN and as relevant to our audience today.
The Risk-Based Approach
The very first Recommendation under the revision is itself new - a clear statement that countries should clearly identify, assess, and understand risks and take action and apply resources to mitigate those risks. The Recommendation's risk-based approach is further echoed in its expectations placed upon regulated financial institutions and designated non-financial businesses and professions to assess and mitigate AML/CFT risks. These changes formally integrate the direction that FATF has taken over the past five years, with the issuance of guidance on the risk-based approach, for various industry sectors.17
The risk-based approach is well established here in the United States. Eight years ago, one of my predecessors as FinCEN Director, Bill Fox, described the U.S. regulatory approach as follows:
Our approach to this regulatory regime is "risk-based" not rule based. We believe strongly that compliance must be risk-based in order to fairly and effectively regulate the panorama of industries represented under the BSA umbrella. A risk-based system is a challenge for both the regulated industry and the regulator. For the regulated industry, this "risk-based" system demands that financial institutions evaluate their business, including their products, distribution channels, customer base, etc., and assess their vulnerabilities to money laundering. These businesses must, then, take appropriate steps to focus compliance resources on minimizing the greatest risks. Compliance is not a "check-the-box" exercise, but rather requires financial institutions to exercise their judgment, as informed by our guidance and assistance.18
Shortly after I joined FinCEN five years ago, as part of launching our efficiency and effectiveness efforts, one of the first initiatives was "matching risk-based examination to risk-based obligations."19 In fact, I have mentioned the risk-based approach in each of my previous speeches before this conference. In my opening remarks two years ago, I summarized feedback to financial institutions as "an essential part of our risk-based approach: directing our collective resources where they will be most productive for AML/CFT purposes." 20 We thus support and welcome further global implementation of risk-based approaches.
Customer Due Diligence and Beneficial Ownership
The new Recommendation 10 (formerly Recommendation 5) seeks to clarify the Customer Due Diligence (CDD) measures regarding the identification and verification of customers and beneficial owners, both with respect to individuals as well as legal persons and legal arrangements, by using a risk-based approach.21 Many countries, including the United States, have been looking at ways to more consistently and effectively address the areas of CDD and beneficial ownership.
In 2008, FinCEN submitted a survey to industry to solicit feedback on how and when financial institutions obtain and retain beneficial ownership information. The survey results indicated certain inconsistencies in financial institutions' understanding of requirements related to collecting and maintaining beneficial ownership information both within and across industries. In March 2010, FinCEN, jointly with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission, and in consultation with staff of the Commodity Futures Trading Commission, issued Beneficial Ownership Guidance to clarify and consolidate existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships. 22
FinCEN is currently developing an advance notice of proposed rulemaking (ANPRM) to solicit public comment on a wide range of questions pertaining to the development of a CDD regulation that would clarify, consolidate, and strengthen existing CDD obligations for financial institutions and incorporate the collection of beneficial ownership information into the CDD framework.23 This effort will be in furtherance of the broader Treasury Department plan to enhance the transparency of legal entities with respect to beneficial ownership consistent with international standards, which additionally involves working with Congress to promote legislation that enhances transparency of legal entities in the company formation process. We look forward to receiving industry input in response to our forthcoming ANPRM.
Politically Exposed Persons
The specific area of CDD that receives a lot of attention is with respect to senior foreign political figures, as defined by our regulations, in the United States. Globally, people most often refer to politically exposed persons or "PEPs," with the most significant risk being related to public corruption. It is a sad truth that some degree of corruption occurs in both advanced and emerging economies, as those who hold positions of influence and power might be tempted to use their influence for personal gain. Whether it is a simple bribe to an official, or the siphoning of millions of dollars of oil revenue, almost all cases of corruption share a common trait: money - sometimes in staggering amounts - is moving.
FinCEN dedicated the May 2011 SAR Activity Review - Trends, Tips & Issues to the topic of combating corruption.24 The Review provides a compilation of various information and guidance available to assist financial institutions with the preparation and filing of SARs possibly related to corruption. Some of the recurring questions addressed are determining who is a PEP, what the risks are, and what transactions may involve the proceeds of corruption. That publication includes an article on behalf of the Florida International Bankers Association among those describing industry perspectives and experience in addressing the challenges of identifying and mitigating risks involved with PEPs. For those of you here who have not reviewed this publication, I encourage you to visit our Web site and do so.
The FATF revisions specifically now include in the Recommendations that financial institutions should identify domestic politically exposed persons, on a risk basis in addition to the existing requirement to identify foreign politically exposed persons. On this issue, I would like to refer you to the guidance that we published in the aforementioned SAR Activity Review, especially the following excerpt:
As part of an account opening procedure or ongoing monitoring activity, financial institutions may identify domestic political figures. As with all products and services offered by a financial institution, those used by domestic political figures must be incorporated into a financial institution's AML program as appropriate. If transaction activity does not coincide with account expectations or stated purpose, with either a domestic or foreign political figure, the financial institution may wish to increase its due diligence. 25
Thus while in the United States, we have specific enhanced due diligence obligations with respect to private banking accounts for senior foreign political figures,26 under the risk-based approach, the focus a financial institution places on a customer should be commensurate with the risk posed by the customer.
Money Value Transfer Systems
FATF's new Recommendation 14 (formerly Special Recommendation VI) reiterates the importance of jurisdictions registering money value transfer systems. Specifically, the recommendation notes:
Countries should take measures to ensure that natural or legal persons that provide money or value transfer services (MVTS) are licensed or registered, and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations. Countries should take action to identify natural or legal persons that carry out MVTS without a license or registration, and to apply appropriate sanctions.27
The primary point that I wanted to highlight is the fact that the changes have increased emphasis on the component, previously in the interpretive note, that countries should proactively try to reach and educate industry on registration requirements for money value transfer systems (which would be a subset of money services businesses (MSBs) under FinCEN's regulations), and take enforcement action as appropriate. Increasing appropriate transparency into the financial industry, particularly that participants are known to regulators, is a prerequisite to be able to promote efforts to mitigate misuse of the financial system.
In 2005, FinCEN, along with the Federal banking regulators, issued guidance to the depository industry as to the minimum expectations for banking this industry.28 In part, if a bank determines that an MSB in not appropriately registered with FinCEN, it should provide such information through a SAR. FinCEN then analyzes these SAR filings on potentially unregistered MSBs and contacts the individual businesses to determine whether the entity should be registered.29 Over the past two years, FinCEN has taken a number of enforcement actions for failures to register as an MSB.30 Note that FATF separately emphasized in its revision to Recommendation 27 regarding the need for adequate powers to ensure compliance with AML/CFT requirements, as follows:
Supervisors should have adequate powers to supervise or monitor, and ensure compliance by, financial institutions with requirements to combat money laundering and terrorist financing, including the authority to conduct inspections. They should be authorized to compel production of any information from financial institutions that is relevant to monitoring such compliance, and to impose sanctions, in line with Recommendation 35, for failure to comply with such requirements. Supervisors should have powers to impose a range of disciplinary and financial sanctions, including the power to withdraw, restrict or suspend the financial institution's license, where applicable.31
FinCEN is furthering its efforts in identifying unregistered MSBs through an Advisory released last week, highlighting that foreign -located MSBs doing business in the United States fall under the purview of FinCEN's regulations as amended last year.32 I highlight the FATF change in this area primarily to let financial institutions know that the information you provide on potentially unregistered MSBs is a central part of FinCEN's strategy to achieve the objectives of this standard.
Financial Intelligence Units
Let me turn my comments now away from the regulatory expectations upon financial institutions to the changes to the FATF Recommendations that directly impact FinCEN's other responsibilities in its capacity as the FIU of the United States. As stated in FATF's press release announcing the revised Recommendations, one of the main changes is "Better operational tools and a wider range of techniques and powers, both for the financial intelligence units, and for law enforcement to investigate and prosecute money laundering and terrorist financing." 33
Reflecting the Evolving Nature of FIUs
In a previous speech describing the history of the development of FIUs over the past few decades, I noted how rare it is that international law prescribes that countries should organize specific agencies to carry out particular sovereign functions, and further to witness a concerted effort to establish FIUs and help them become operational.34 United Nations resolutions recognize the critical role for FIUs to play in fighting transnational organized crime and combating corruption.35 The FATF Recommendations have come a long way from the early references to a "national central agency" for receiving financial transactions reporting.
The establishment of the Egmont Group of FIUs in 1995 led to the promulgation of operational standards and expectations. As a reflection of the growing importance of FIUs, consider that the Egmont Group's membership has expanded from just 15 FIUs in 1995, to 53 in 2000, to 127 in 2011, with additional jurisdictions preparing to join later this year. During the past 17 years, the Egmont Group has developed mechanisms for the rapid exchange between FIUs of sensitive information across borders. The Egmont Group members have agreed upon a common framework for information exchange. This framework begins with a shared vision - an internationally accepted definition - of an FIU that serves as a national, central authority that receives, analyzes, and disseminates disclosures of financial information, particularly suspicious transaction reports (STRs) to combat money laundering and terrorist financing.36
That Egmont definition of an FIU was incorporated as one of the more significant revisions of the FATF Recommendations in 2003. The most recent revisions draw further upon the Egmont practices as well as aspirations for the role strengthened FIUs should play in global AML/CFT efforts of the future. As noted in the second Consultation Paper leading to development of the new Recommendations, previous work to update texts of other Recommendations relating to "law enforcement agencies," made it clear that the role of law enforcement agencies could not be considered in isolation from that of the FIU.37 It was also noted that the then current standard relating to FIUs (Recommendation 26 and its interpretive note), did not adequately describe the role and functions that an FIU should have.
Regarding the role of the FIU, Recommendation 26 previously stated that:
Countries should establish a FIU that serves as a national centre for the receiving (and, as permitted, requesting), analysis and dissemination of STR and other information regarding potential money laundering or terrorist financing. The FIU should have access, directly or indirectly, on a timely basis to the financial, administrative and law enforcement information that it requires to properly undertake its functions, including the analysis of STR. 38
As noted in the Consultation Paper:
The proposed changes take into account the standards of the Egmont Group of FIUs and focus therefore on the core functions of such units: receipt and analysis of STRs and other information, and dissemination of the results of that analysis. The revised standard takes into account the different types of FIU (administrative, law enforcement or judicial) and is intended to apply to all of them.
The proposed interpretive note emphasizes the analysis function - including both operational and strategic - and indicates that the FIU should be able to obtain additional information from reporting entities as needed to perform this function properly. The note also incorporates more detail into the standard in such areas as access to and dissemination of information, information security, confidentiality, operational independence, undue influence and membership in the Egmont Group.
The revised FATF Recommendations concerned with law enforcement and FIUs have been expanded significantly. The revisions clarify the role and functions of the operational agencies responsible for combating money laundering and terrorist financing, and set out the range of investigative techniques and powers which should be available to them.
New FATF Recommendation on FIUs
Rather than just mentioning the changes to the recommendation with respect to FIUs, let me try to illustrate a few of the points by way of reference to some of the AML/CFT efforts more familiar to financial institutions. In this way, I hope to provide more insight into some of the work of FinCEN (outside the regulatory context) and other FIUs as part of the broader partnership between government and industry in AML/CFT matters. I hope that this adds a further, complementary dimension to the feedback theme of my speech before this conference four years ago.
The new FATF Recommendation 29 (formerly Recommendation 26) now states as follows:
Countries should establish a financial intelligence unit (FIU) that serves as a national centre for the receipt and analysis of: (a) suspicious transaction reports; and (b) other information relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis. The FIU should be able to obtain additional information from reporting entities, and should have access on a timely basis to the financial, administrative and law enforcement information that it requires to undertake its functions properly.39
The most prominent changes are the increased emphasis on analysis as the core function of FIUs, and on access to relevant information - in particular the new element that the FIU be able to obtain additional information from reporting entities. The accompanying interpretive note has been greatly expanded from a simple statement that an FIU "should consider applying for membership in the Egmont Group" together with references to some of the Group's guiding documents. The revised interpretive note more definitively endorses the Egmont Group ("should apply"), but also attempts to explain the core mandate and functions of FIUs (drawn in significant part from the practices of the Egmont Group). As stated in the interpretive note, the FIU is part of and plays a central role in a country's AML/CFT operational network, and provides support to the work of other competent authorities.
Regarding an FIU's analytical functions, the revised interpretive note now states: "FIU analysis should add value to the information received and held by the FIU."40 The interpretive note underscores the importance of FIUs conducting both operational analysis focusing on particular targets of investigative interest, and strategic analysis, to identify money laundering and terrorist financing related threats and vulnerabilities.41 The note draws upon the Egmont definition of analysis, which describes different stages and forms of analysis, including reflecting the differing volumes of reports a particular FIU might receive.42 The note further incorporates the Egmont practice of encouraging the dissemination of the results of the FIU's analysis both on a "spontaneous" (i.e. proactive) basis such as referrals for law enforcement investigation, as well as in response to requests for analysis to support existing law enforcement investigations.
The different types of analysis are reflected in components of FinCEN's mandate and practice, including to "identify possible criminal activity to appropriate Federal, State, local, and foreign law enforcement agencies;" "support ongoing criminal financial investigations and prosecutions;" and "determine emerging trends and methods in money laundering and other financial crimes." 43
Additionally, while information technology and analytical software are an essential part of the process, the interpretive note recognizes that "such tools cannot fully replace the human judgment element of analysis." The necessity of combining an appropriate balance of a sufficient number of well trained individuals together with the right tools and access to information is something well understood by financial institutions in their own AML/CFT efforts, especially those institutions that have a dedicated in-house analytical unit, sometimes known as the institution's "financial intelligence unit." 44 Particularly in identifying, analyzing, and reporting suspicious activity, financial institutions have consistently reaffirmed to FinCEN the importance of trained staff in addition to IT tools.45
Access to Information
Of course, the quality of an FIU's analytical output depends not only on its IT and human resources, but in great part upon the quality and quantity of the range of information and data sources to which it has access. Under the revised FATF Recommendation and its interpretive note, FIUs are expected to have access to the following categories of information: reports required as part of the country's AML/CFT framework; additional information from reporting entities that can be obtained by the FIU on an as needed basis; and a broad range of other data from public, private, and other governmental sources.
In terms of reports, STRs, known under FinCEN's regulations as SARs, are the one common element in the reporting required to FIUs. This is logical, since one of the foundational elements of the aforementioned analysis expected of FIUs is to take the reports of suspicion from distinct financial institutions looking at discrete customers or transactions, and to analyze those in the context of the broad range of information available to an FIU, both public and nonpublic, to evaluate whether the activity may merit further investigation with law enforcement.
But the interpretive note now clarifies that reporting from regulated entities should include not only STRs/SARs, but other information such as cash transaction reports, electronic funds transfers reports, and other threshold based declarations or disclosures.46 In practice, most other FIUs currently receive, in addition to STRs/SARs, a range of reports analogous to one or more of the CTRs, 8300s, CMIRs, and FBARs currently received by FinCEN, as well as reports of cross-border electronic transmittals of funds, the collection of which is the subject of a FinCEN proposed rulemaking.47 In FinCEN's experience, a range of multiple types of reports as well as information from multiple filing entities can be useful both in tactical analysis supporting a specific criminal investigation as well as strategic analysis of trends or potential vulnerabilities.
The specific new provision of the Recommendation states that the "FIU should be able to obtain additional information from reporting entities as needed to perform its analysis properly."48 As an illustration, the interpretive note explains that the information that the FIU should be permitted to obtain could include information that reporting entities are required to maintain consistent with other relevant FATF Recommendations, specifically setting out requirements with respect to customer due diligence and beneficial ownership information, as well as recordkeeping requirements with respect to transactions.
Many, but not all, FIUs have broad authority to compel production of this or additional information from entities subject to AML/CFT requirements. An example of common usage of this authority by some FIUs is the following. If Bank A reports a suspicious transaction by Bank A's customer sending funds to (or receiving funds from) Bank B, the FIU might contact Bank B to seek further information relevant to analyzing the transaction for the FIU to learn either that there appears to be a reasonable basis for the transaction, or the alternative that it merits further investigation for possible money laundering. In a way, this can be analogized to the practice of U.S. financial institutions taking advantage of the safe harbor under FinCEN's regulations implementing Section 314(b) of the USA PATRIOT Act, allowing unaffiliated financial institutions to share information on a voluntary basis for the purpose of identifying and reporting possible money laundering.49 Criminals hope to hide their trails as they seek to launder the proceeds of crimes through several financial institutions; only by drawing the different pieces of information together can we expect to deter and detect criminal activity.
The final, broad category of data under the revised Recommendation is that the FIU "should have access on a timely basis to the financial, administrative and law enforcement information that it requires to undertake its functions properly."50 The interpretive note elaborates further: "In order to conduct proper analysis, the FIU should have access to the widest possible range of financial, administrative and law enforcement information. This should include information from open or public sources, as well as relevant information collected and/or maintained by, or on behalf of, other authorities and, where appropriate, commercially held data."51
With respect to FinCEN, the agency was founded 22 years ago with the intention of bringing together a broad range of data and information relevant to the deterrence and detection of financial crime. FinCEN's mandate is to bring together the AML/CFT reporting required under its regulations, together with "information regarding national and international currency flows;" "other records and data maintained by other Federal, State, local, and foreign agencies, including financial and other records developed in specific cases;" and "other privately and publicly available information." 52 As part of the FinCEN's ongoing efforts to modernize its information technology systems, FinCEN will continue to look for ways to more efficiently and effectively further this mandate to leverage its centralized collection and analysis of information across the broad range of law enforcement agencies it supports and to better use this information to enhance its rulemaking and regulatory efforts.
Additional FIU Requirements
If an FIU has the authority or competence, has sufficient resources including the right combination of people and analytical tools, and additionally has appropriate access to a broad range of data sources, what else does it need to perform its central operational role in a country's AML/CFT framework? Some of the remaining requirements detailed in the interpretive note reflect the unique nature of the FIU and the range of sensitive information it holds in the public trust.
The FIU should have appropriate security and confidentiality protocols with respect to its information and IT systems, personnel, and physical premises. The Egmont Group is currently undertaking a project entitled "Securing an FIU," led by FinCEN, which seeks to establish best practices in the aforementioned areas.53 Having a common understanding of minimal security protections is not only relevant within a country, but also an essential prerequisite to cross-border sharing of sensitive information to which I will turn in a moment.
The interpretive note also details that the FIU should be operationally independent, including the authority and capacity to make an autonomous decision on the analysis and dissemination of specific information. The FIU should have adequate resources to conduct its mandate effectively and be free from undue influence or interference.
The Role of FIUs in International Cooperation
While much of the foregoing discussion of FIUs has focused on the agency's central operational role within each country's AML/CFT framework, let me now turn to the unique role that FIUs play in the global context of sharing information with foreign counterparts in furtherance of law enforcement investigations. A major purpose for which the Egmont Group was established back in 1995, and still the foremost among its efforts today, is expanding and systematizing international cooperation in the reciprocal exchange of information for AML/CFT purposes.54
FATF Recommendation 40 also was revised, increasing the emphasis on the importance of international cooperation in AML/CFT matters.55 The core aspect of international cooperation, as described in detail in the new, extensive interpretive note, is the cooperation in the exchange of information for AML/CFT purposes, between FIUs, between financial supervisors, between law enforcement authorities, and also recognizing that due to the different organizational structures and competencies of agencies within a respective jurisdiction, effective cooperation may necessitate exchange of information among non-counterparts (sometimes referred to as "diagonal" cooperation). An important principle underscoring all exchange of information is having safeguards to maintain appropriate confidentiality of information. One specific aspect of this set out in the interpretive note is that "[e]xchanged information should be used only for the purpose for which the information was sought or provided," and any further dissemination by the receiving party shall be subject to prior authorization.
Much of this interpretive note draws heavily from the longstanding practice of the Egmont Group, particularly the "Principles for Information Exchange" which were adopted on June 13, 2001.56 In particular the latter conditions mirror the "Permitted Uses of Information" set forth in these Egmont Principles:
Egmont Resolution on the international exchange of information
For an FIU to become and remain a member of the Egmont Group, it must demonstrate both the specific legal authority as well as operational ability to effectively and securely exchange information with counterpart FIUs for AML/CFT purposes. Hence, this applies to the FIUs from 127 jurisdictions that are currently Egmont Group members, and we look forward to welcoming additional members at the Egmont plenary in a few months time. In the past calendar year, FinCEN exchanged information in furtherance of law enforcement investigations with over 100 counterpart FIUs from around the world.
This past year, the Heads of FIUs of the Egmont Group adopted a resolution on enhancing international AML/CFT information exchange through strengthening FIU channels in "diagonal" cooperation,57 which was prepared in the light of revisions to FATF Recommendation 40 and its interpretive note.58 The resolution recognized the desire and benefits of other authorities to exchange information internationally for AML/CFT purposes, yet noted that "Egmont Group FIUs nonetheless are fundamentally and uniquely different from other competent authorities in that the international exchange of information, also on behalf of other competent authorities, is at the very core of the FIU mission."
Taking into consideration the need to protect the confidentiality of sensitive information, the clear processes, authority, and capacity to exchange information, as well as a secure means in the form of the Egmont Secure Web (maintained by FinCEN), the Egmont Group FIUs agreed "that the best way to promote increased sharing of information for AML/CFT purposes in a secure manner is to strengthen FIU to FIU channels." The resolution created a presumption among Egmont Group FIUs that they would communicate and share information through FIU-to-FIU channels, even when supporting the needs of other competent authorities from the home jurisdiction or abroad.
I hope that these remarks are useful in providing an overview of some of the recently announced revisions to the FATF Recommendations as they relate to FinCEN's responsibilities and its central operational functions as the FIU of the United States. That role is perhaps less publicly known than its responsibilities as AML/CFT regulator. I hope that this elaboration provides you a greater understanding and appreciation for the framework we have established, both domestically and internationally, to ensure appropriate protection of sensitive information, in particular, information reported by financial institutions such as yours.
As I have said so many times, criminals don't respect the law; they certainly do not respect borders. All of you here today, and the broad membership of the Florida International Bankers Association coming from 18 countries spanning four continents, appreciates this well.
Keep in mind that however aspirational, the FATF Recommendations by their very nature set out minimum standards, which requires thoughtful implementation, taking into account the unique risks and circumstances in each jurisdiction. In the United States, and certainly at FinCEN, we hope to continue to be leaders in these global AML/CFT efforts. Our success will continue to depend on the fundamental partnership between the government and the financial industry. Thank you for your ongoing cooperation toward our shared goal of protecting the integrity of our financial system against criminal abuse.