A Key Task in Complying with the USA Patriot Act: Monitoring "Suspicious" Activity - Brintech
Print Friendly! Email This Article! Discuss NOW!
A Key Task in Complying with the USA Patriot Act: Monitoring "Suspicious" Activity
By Ken Proctor, Director of Risk Management, Brintech, Inc.
"Suspicious" may not necessarily mean the same thing to all people. An activity that may seem suspicious to an auditor or examiner may not raise the same red flag with a community bank executive, or even another examiner. Therein lies a key problem in complying with new requirements of the USA Patriot Act. All banks were to have established anti-money launder programs by April 24, 2002, a deadline that passed over one year ago. Yet many banks are still struggling with the daily processes and procedures of monitoring customer activity, and many have discovered that defining, identifying, and monitoring "suspicious" activity is a more difficult task than they thought it would be.
Although the American Bankers Association (ABA) attempted to convince regulatory authorities that many banks already had programs adequate to Section 352 of the USA Patriot Act; however, the regulators clearly disagree. While some argument remains whether the need for a new and improved process is clearly spelled out in the Act, regulators have nevertheless increased their focus on whether banks have adequate anti-money laundering policies, procedures, staffing, tools and training. After that, however, the requirements are not always so easy to follow.
First, financial institutions are not specifically required to "profile" customers; in other words, they do not have to create a benchmark at the beginning of the customer relationship for what "normal" account activity should be. That said, banks find it challenging to determine what "suspicious" activity looks like if "normal" activity is not clearly defined. And even if a financial institution does profile customers, the automated tools in place in most financial institutions are woefully inadequate and inappropriate to the task of identifying "suspicious" activity.
Despite these challenges, however, there are some simple steps banks can take to comply with Section 352 of the Patriot Act.
Step One - Review training programs for all employees, management and directors. From video and computer-based training to live training, all employees must have a general understanding of the requirements of the Bank Secrecy Act, the USA Patriot Act, and all related anti-money laundering regulations. Directors and senior management must fully understand the requirements of -- and the potential personal risk of failing to comply with -- these regulations. Most importantly, provide comprehensive training to those managers and employees directly responsible for the implementation of these programs. These employees are crucial to the Bank's success, and they must fully understand not only the legal and regulatory requirements, but also how to use the various systems and tools employed by the Bank as part of its anti-money laundering and suspicious activity monitoring effort.
Step Two - Review the account opening process and your "know your customer" procedures. In addition to adequate procedures, make sure employees have appropriate resources available to confirm the validity of customers' identification. The best procedures without the practical tools to carry them out will be inadequate both practically and from a regulatory perspective. The ABA's recently publication, "Identification and Verification of Accountholders," provides guidance in this area.
Step Three - Develop an integrated anti-money laundering program - The objectives of the Bank Secrecy Act, USA Patriot Act, OFAC and Anti-Money Laundering guidelines are relatively similar and involve similar tasks and personnel. Each requires the appointment of an experienced, qualified individual to be responsible for compliance, including establishing appropriate controls, independent testing and training. The most efficient way to implement these programs is to develop integrated processes and procedures, and one of the best ways to accomplish functional processes and procedures is to have an experienced officer accountable for establishing them.
Step Four - Evaluate the structure and staff of the organization dedicated to monitoring suspicious activity. Check that sufficient resources are being dedicated to this effort, and that they have appropriate experience. Ensure that they thoroughly understand the stages of money laundering - placement, layering, and integration - and are familiar with current trends in suspicious activity and money laundering. Be creative with your training. Local law enforcement can be a great source for materials or speakers that can help your staff learn to spot suspicious activity.
Step Five - Evaluate the tools used to monitor suspicious activity. Many banks are relying on kiting suspect, significant balance change, and large transaction reports to help them identify suspicious activity. Generally speaking, such tools are simply inadequate for this purpose. Instead, banks require a system that either: (1) compares current activity to a profile to identify suspicious activity or (2) "learns" what "normal" activity is based on a customer's unique activity and alerts the Bank when current activity substantially deviates from that "norm."
While there are undoubted challenges to even understanding, let alone adequately complying with, suspicious activity reporting requirements, there are steps that banks can take. Creating more efficient ways to spot and report suspicious activity will not only protect the bank from increased transaction and reputation risk, but it will also proactively address the compliance risk that can result in severe civil, criminal, and monetary penalties.
Brintech provides financial services organizations with increased profitability and efficiency, ROI maximization of technology investments and improved regulatory review performance. These results are achieved through management consulting and advisory services in the areas of Financial and Operational Performance Enhancement; Risk Management; Strategic Planning; and Technology Selection, Management and Planning. Contact John Matheny at Brintech 800-929-2746 or at jmatheny@brintech.com or visit http://www.brintech.com .
First published on BankersOnline.com 9/2/03