On behalf of FinCEN Director Kenneth Blanco and the other 290 men and women at FinCEN, I want to thank the International Monetary Fund (IMF), the Union of Arab Banks (UAB) and the Federal Reserve Bank of New York for making FinCEN a part of today’s dialogue.
My remarks today will be brief. First, I want to talk to you about the importance of a strong culture of compliance and what it means in the context of national and global security. Second, I want to talk to you about FinCEN’s authority under Section 311 of the USA PATRIOT Act and the creation of a new division at FinCEN.
Culture of Compliance
Whenever I am in this building, I think of my colleagues here who reflect on the horrors of 9/11. Whether you are a regulator or a member of the financial sector, whether you work in the United States or elsewhere, you have spent a considerable amount of time working on ways to make our world more secure in the aftermath of that day. I want to devote most of my remarks to something that is often overlooked in the context of national security: it is what we refer to as a culture of compliance.
About five years ago, FinCEN first provided some additional focus on the importance of an institution’s culture when it comes to anti-money laundering (AML) safeguards and reporting. The following six principles were highlighted in FinCEN’s 2014 Guidance on establishing a Culture of Compliance:
- Financial Institution Leadership Should Be Engaged
- Compliance Should Not Be Compromised By Revenue Interests
- Information Should Be Shared Throughout the Organization
- Leadership Should Provide Adequate Human and Technological Resources
- The Program Should Be Effective and Tested By an Independent and Competent Party
- Leadership and Staff Should Understand How Bank Secrecy Act (BSA) Reports are Used
Much of what we list in our notions of a culture of compliance is based on years of experience working with our U.S. financial institutions, and is rooted in common understandings of how businesses work here within the context of our own financial and legal system. It is not just understanding the BSA that underpins a culture of compliance. It is also understanding the broader culture of compliance that we are fortunate to have here in the United States. It is based on things that we grow up understanding:
- The belief that individuals can make a difference
- The notion that “if you see something, you say something”
- Notions of workplace accountability and workplace protections
- Systems of checks and balances
- Respect for the rule of law
- The ability to question authority
- Belief in our judicial system
- The belief that law enforcement protects people, rather than subjugates them
- The understanding that no system is perfect, and that we can always work to make our system better
All of these concepts and more—things that we sometimes take for granted in the United States—underpin what FinCEN calls a culture of compliance.
Institutions operating in different environments globally may not have the same underpinning that we have. For example, we say, “If you see something, say something,” but we have to acknowledge that there are places in the world where that is not the norm. People in many jurisdictions may do the opposite because “saying something” gets them in trouble or puts them in danger. And even if they don’t have fear, they may not know where to go to report something, or they may not believe that it will make a difference.
There are places with less distinction between public- and private-sector activities or between sovereign and private-sector wealth. And there are places where there is simply less trust between the government and the people, or more skepticism of the government’s ability to protect the integrity of its financial system.
This is not meant to be a criticism of other jurisdictions. No system is perfect and every system is in a perpetual state of evolution. FinCEN and its regulatory colleagues are in the midst of identifying necessary regulatory reforms to make our own system better. We are also right now in an evolutionary state with respect to ways in which our financial sector is dealing with new technologies and new payment systems, such as those that involve virtual currency.
On that point alone, as an aside, let me take this opportunity to emphasize that, consistent with what was confirmed recently at FATF and underscored here today by my colleague Acting Principal Deputy Assistant Secretary Paul Ahern, actors working in these new systems for moving value are subject to the same AML principles and requirements as other financial institutions. Social media and messaging platforms and others now focusing on the establishment of cryptocurrencies cannot turn a blind eye to illicit transactions that they may be fostering. To the extent that the financial sector chooses to move forward with the opportunities that some of these emerging systems present, we are not going to allow it to slide backward on the protections and appropriate transparency that we have collectively worked so hard to weave into the financial system. We will judge emerging financial institutions on whether and how they make their systems resilient to and report on money laundering, terrorist financing, sanctions evasion, human and narco-trafficking, and other illicit activity.
Appropriately addressing emerging payment systems is just one example of the many challenges that we all face. Every AML regime faces challenges all the time. As I was saying earlier, instead of this being a critique of other jurisdictions, it is meant to be an upfront discussion with the highly accomplished and highly professional colleagues here today. It is meant to acknowledge the fact that differences in legal and governmental environments can have an impact on the comfort levels of financial institutions that are supposed to be reporting suspicious transactions to their jurisdictions’ equivalents of FinCEN. Differences in legal and governmental environments can also have an impact on how financial intelligence is used and the risks for misuse of the information.
In places with such different environments, how can we talk about a culture of compliance? We have financial institutions present today that operate in the United States, in the Middle East, and globally. How does what we talk about here in the United States with respect to a culture of compliance get translated in other jurisdictions? Does it get discussed or does it get dismissed?
As we work together to create a global financial system with greater resilience to illicit activity, it is important for us to discuss how promoting a culture of compliance in the AML context can work to the benefit of institutions outside of the United States. It is also important for us to discuss ways to foster such a culture of compliance in jurisdictions with different types of governments and legal systems.
FinCEN and other regulators need to raise this discourse with our global counterparts. In the United States we continue to look for ways in which we can improve how our financial sector and law enforcement can work together to combat illicit activity. And recognizing that we all have different legal and governmental structures, we need to explore with our counterparts concepts that could underpin a culture of compliance in their own jurisdictions.
All businesses need to be concerned about their reputations. And business professionals everywhere need to be concerned about their personal reputations. Reputational risk, personal honor, family honor, institutional pride, national pride—these are potentially the foundations for a culture of compliance in other jurisdictions that may not have the same underpinnings as those that support our own notion of a culture of compliance.
Focusing on AML and adopting an AML culture can have positive effects on other aspects of a business’s operations. The six principles of a culture of compliance that I mentioned earlier: engaged leadership; revenue not trumping compliance concerns; information sharing; sufficient resources; independent testing; and understanding of purpose… They make good business sense as well as good compliance sense.
Conversely, failure to focus on these six principles can have a negative effect. Just as FinCEN and other regulators should talk to financial institutions about the need for cultures of compliance, we should also to talk to them about the risks that they run within their institutions and jurisdictions if an AML compliance culture is not fostered. Much is at stake when a business anywhere puts its reputation at risk. As we get better about sharing information between and among mindful governments and mindful industry actors, those that are less mindful about identifying and thwarting illicit activity will stick out.
311 and New FinCEN Division
This brings me to our regulatory actions under Section 311 of the USA PATRIOT Act and some recent changes at FinCEN. I am happy to have with me today Matt Stiglitz, the Associate Director who heads FinCEN’s newest division, the Global Investigations Division (GID). FinCEN created this new division to provide more focus on the use of FinCEN’s authorities for targeted information collection efforts and the investigation of problematic jurisdictions, financial institutions, classes of transactions, and types of accounts posing primary money laundering concerns.
All of you are familiar with the purpose and impact of FinCEN’s 311 actions, which we use to identify “primary money laundering concerns” and propose prophylactic rules to address them. A 311 finding and rulemaking is not a sanction, but rather a protective measure to address money laundering risks posed to the U.S. financial system by other states, foreign financial institutions, or one or more classes of transactions or types of account. 311 actions are designed to protect our own financial institutions, but the findings we present also benefit non-U.S. financial institutions.
We appreciate that the vast majority of financial institutions are good corporate citizens, wanting to contribute to the integrity of the global financial system. In this regard, look at Matt Stiglitz and his team at FinCEN as champions helping to shed light on situations of concern.
Much of the information that they use to identify institutions and areas of concern comes from targeted information collections under FinCEN’s authorities, but there are other sources as well, including FinCEN’s regulatory and financial intelligence unit counterparts in other jurisdictions.
When we were making the case for creating a new division, we focused not just on increasing our capacity to do more of what we have already been doing, but also to be able to do things that have not been done before. You may have noticed that I specifically mentioned “classes of transactions and types of account” twice in reference to potential bases for a 311 action. To date, FinCEN has used the 311 statutory authority only with respect to jurisdictions and financial institutions, and has yet to identify any class of transactions or types of account as a primary money laundering concern.
In thinking about the changing landscape in the financial sector, particularly with respect to the potential for greater disintermediation, it makes perfect sense for us to consider appropriate use of our statutory authorities to highlight concerns with respect to certain classes of transactions or types of account, in addition to the historical focus on financial institutions and jurisdictions. Where situations warrant, we can use these tools to further protect the U.S. financial system from primary money laundering concerns.
I want to end by sharing a story that I recently shared with a group of U.S. state regulators and money transmitters. It’s about a conversation that had a big impact on me, and I want to use it to remind you of the importance of what we are doing here.
As part of my job, I sometimes visit other countries. One time I was in a jurisdiction that was considered to be rife with corruption at all levels. I had the opportunity to meet with bankers, government officials, journalists, and others. In one conversation, we talked candidly about the levels of corruption that people dealt with and whether and how they might address it.
One person told me it was a way of life, the only thing they knew. It was what they had grown up with. I asked that person, ‘if it is what everyone grows up with, at what age in a child’s life does a parent have to explain what corruption is and why it’s accepted?’ In other words, when does a child typically witness their first shakedown or need to bribe someone and ask their parents about it?
After reflecting for a few moments, the person suggested that it was when children were around 8 years old. I suggested that maybe a way to begin to break the cycle of corruption was to get public officials and community leaders to focus on that fact—having to have such conversations with their children at such a young age.
After that, I came home and reflected. We raise children here in an environment where we generally do not have to have that discussion. We do have to talk to our children about injustices—some that are addressed and some that have yet to be addressed. But we shouldn’t have to have conversations about endemic corruption, particularly at such a young age, because we have a system both in the government and in the private sector that is able to identify and thwart corruption.
As regulators and as bankers, and as part of an important global community, isn’t that what we should want everywhere? To have children grow up in places where they have faith in their system? Where their parents can have faith in the financial sector in particular, and the efforts to protect its integrity? Here we are today, as a group of regulators and bankers. I believe we have the collective ability and responsibility to justify the faith that people want to have in us.
I look forward to the rest of the day’s discussions. I hope that Matt and I can meet as many of you as possible. Please don’t hesitate to introduce yourselves.
Thank you for your attention.
###