- Payments: Establish an international payments database and improve the quality of payment instructions
- Investments: Require private investment funds to maintain AML programs and report their investors and investment positions
- Supervision: Rationalize the supervisory architecture, especially for broker-dealers and money transmitters
- Cooperation: Enhance international cooperation between supervisors
- Beneficial Ownership: Report beneficial ownership of companies and real estate
The United States’ anti-money laundering (AML) regime began with the goal of tracking the movement of physical cash to aid law enforcement investigations in the 1970s, has expanded since then to encompass an array of national security threats including transnational terrorism, and to a certain extent has adapted to the predominance of electronic banking. Yet the practice of AML has not caught up to policymakers’ demands that financial institutions track activity as diverse as kleptocracy and corruption, weapons proliferation, or foreign political interference in a contemporary environment of near-frictionless cross-border flows of funds.
The U.S. AML regime of 2018, undergirded by the Bank Secrecy Act (BSA), requires banks and other “covered financial institutions” to maintain a risk-based program to detect suspicious activity.These programs involve, among other things, conducting customer due diligence, monitoring transactions, and filing suspicious activity reports. When the regime functions at its best, financial institutions provide information to the government that gives early warning of threats to U.S. national security. When the regime functions poorly, though, the United States and its financial sector are exposed to a wide variety of threats, and malicious behavior is enabled, including hostile acts by foreign states, malicious cyber activity, weapons proliferation, terrorism, and transnational organized crime.
The AML regime has evolved significantly from its primordial incarnation, but that evolution is incomplete. For the AML regime to fulfill its promise as a core element of the national defense, it must reorient from a focus on supporting investigations after crimes have occurred toward a focus on identifying threats and facilitating their preemption. “Anti-money laundering” is no longer an apt description of the regime, because it captures only a fraction of the tasks that policymakers have given to it. The system is better thought of as a full-spectrum counter-illicit finance (CIF) regime, with threat recognition and interdiction and support for U.S. sanctions programs among its explicit goals.
To fully transition from an AML regime to a full-spectrum CIF regime, the United States should take a holistic approach that prioritizes greater transparency, the exploitation of big data, and rationalization of the regulatory architecture in the interest of greater efficiency.
The benefits of reform would be further multiplied should the United States succeed in working with the European Union and other partners to cement these reforms as international standards that are adopted universally. Collective action would both make reform “stickier” (even if the U.S. financial system declines in international importance over the long term) and make less likely the prospect that, motivated by a desire to avoid greater transparency and oversight, large-scale economic activity would shift to comparatively non-transparent, poorly regulated jurisdictions. This brief presents the five areas that represent that greatest potential return on reform.
Payments are the simple and logical place to begin. U.S. banks process trillions of dollars in payments per day, including about half of cross-border funds transfers worldwide. Illicit financial facilitators purposely work across multiple institutions and jurisdictions to stymie criminal investigation or regulatory oversight. An international payments database would allow the U.S. government to harness its informational advantage through link analysis and the combination of multiple data sets. According to a Treasury Department report to Congress, when Treasury made available to the FBI a select set of four million international wire transfers, the Bureau was able to “expand its understanding against Russian-linked offshore financial networks, identified a variety of new FBI targets, and enhanced FBI understanding of existing investigations.”
Congress granted the Treasury Department explicit authority to construct a cross-border payments database in 2004, but, despite feasibility and impact studies and a proposed rule in 2010, Treasury has yet to implement this critical tool. In 2018, technology would make an international payments database straightforward and cost-effective. Treasury would rely almost exclusively on transactional records provided by the large New York banks that handle the vast majority of international payments, records that these banks are already required to maintain under existing rules. Treasury would merge the reporting streams and make the database available to the appropriate U.S. government agencies. Canada and Australia already have their own cross-border databases and have emphasized their importance to powering illicit finance investigations. The United Kingdom and the European Union should do the same for pound sterling and euro payments.
Successful implementation of the cross-border payments database, while a major success in and of itself, would also unlock two related benefits. First, it would present an opportunity to improve wire transfer standards to ensure that more details be included in the instructions; current rules permit inconsistent, incomplete information, which creates a gap for illicit actors to exploit. Second, with the database in place, dollar-clearing banks acting solely in an intermediary capacity would not need to file certain suspicious activity reports, which would significantly reduce their compliance burden without compromising the information available to the government. Under the current regime, intermediary banks dedicate substantial resources to investigating payments that do not involve their customers, often relying on publicly available information to determine whether a transaction is suspicious. The government is better suited to doing this work.
After mandating that more uniform information be included in wire transfer instructions under what are known as the Recordkeeping and Travel Rules, FinCEN would rely on federal banking agencies, who are the primary examiners of depository institutions, to verify during annual reviews that banks work with their correspondent account customers to adhere to enhanced standards. A gradual approach of retrospective examination of overall program compliance would be the recommended course of action for several years, as opposed to a hard and fast prohibition on processing any transactions that did not meet the enhanced criteria. Beyond improving the quality of the information in the cross-border payments database, full transparency in wire transfer instructions could help stamp out illicit activity in its own right. It is entirely possible, if not likely, that illicit facilitators exclude from payment instructions details that would be useful to investigations; they may even work with complicit management at foreign financial institutions to hide illicit activity by burying it in phony “bank-to-bank” transactions coded as MT 202 SWIFT messages instead of using the MT 103 or MT 202 COV formats as required by the Society for Worldwide Interbank Financial Telecommunication. As it stands, U.S. regulations leave the country short of full compliance with international standards on wire transfers, such as the Financial Action Task Force (FATF)’s Recommendation 16 or the Wolfsburg Group Payment Transparency Standards.
While the United States welcomes foreign investment and should continue to do so, the government should also be aware of significant foreign purchases of U.S. assets. Currently, that is not always the case. The two main forms of investment are “direct investment,” such as the outright purchase of a private company or the building of a manufacturing plant, and “portfolio investment,” which typically refers to the purchase of publicly traded securities such as stocks or bonds. Foreign direct investment (FDI) is tracked by the Commerce Department via surveys of U.S. companies and is frequently subject to review by the recently reformed Committee on Foreign Investment in the United States (CFIUS) on a case-by-case basis, particularly when there is the risk of the transfer of sensitive technology or exposure of military and defense secrets. The most comprehensive monitoring of portfolio investment is conducted jointly by the Treasury Department and Federal Reserve Bank of New York via an annual survey of U.S. financial institutions.
FDI questionnaires attempt to identify the nationality of the individuals investing in U.S. businesses, not just the country of registration of the legal entity used to own the stake, although the surveys intentionally anonymize the names of individual owners. These surveys are mandatory but self-reported, and thus inherently prone to non-compliance. This is particularly so when the companies questioned are non-public, non-financial entities not subject to regular examination, making it difficult to verify the accuracy of the information they provide. Treasury and the New York Fed’s annual survey of foreign stock and bond ownership, by contrast, largely questions regulated financial institutions, but it suffers from “custodial bias,” meaning the survey responses often reflect the jurisdictions where securities are legally held (such as Belgium, the Cayman Islands, Luxembourg, and Switzerland) rather than the identities or even nationalities of the people who own them. In short, we do not know who owns what when it comes to direct and portfolio investment alike. In the medium term, the United States should consider revamping its FDI and portfolio investment surveys to capture better the real owners of U.S. companies, U.S. equity, and U.S. debt. Although determining the true owners of U.S. securities held in the name of a foreign broker-dealer or institutional investor may sound challenging, Norway already has the ability to do so for stocks or bonds registered there.
A distinct but related area for reform is the manner in which securities broker-dealers are currently expected to carry out their AML program obligations. They must identify and conduct due diligence on their customers, including foreign broker-dealers, but not on their customers’ customers. Therefore, if Foreign Brokerage 1 executes a trade in the United States with U.S. Investment Bank A through an intermediary with an account at the large investment bank, Foreign Broker 2, Investment Bank A has no obligation to vet Foreign Broker 1.
The same principle applies to correspondent banking, with one important difference. When it comes to payments, dollar-clearing banks generally know who is involved in the transaction as the original remitter and the ultimate beneficiary (with the caveats noted in the “Payment Instructions” box above). In securities markets, Foreign Broker 2 is generally not expected to disclose the identity of Foreign Broker 1 on whose behalf it executes the trade with Investment Bank A (let alone the identity of Foreign Broker 1’s client). This is problematic.
While comprehensive transparency of foreign investment is a long-term project, the immediate priority should be U.S. private investment funds such as hedge funds, private equity firms, and venture capital firms, which manage $12.5 trillion in assets and are already regulated by the Securities and Exchange Commission (SEC). They are among the most sophisticated investors and an appealing vehicle for a foreign actor with malign intent, for example one seeking to interfere in an election, cultivate inappropriate political influence, or engage in complex financial crime.
There are large volumes of money originating in authoritarian countries such as China, Russia, and Saudi Arabia circulating among private investment funds. Many investors from those countries have established management firms that they own or control here in the United States. Many more take stakes using private funds managed abroad or by passively investing in U.S. funds as limited partners. A Wall Street Journal analysis of commercially available information concluded that the Saudi government has been the largest Silicon Valley startup funder since mid-2016, investing at least $11 billion. Commercial data are incomplete, and the total Saudi investment would likely be much higher if non-reported and non-governmental investments were counted.
The brazenness of strategic Chinese acquisitions of sensitive technologies was the driving force behind the recent expansion of CFIUS. As a recent report by the U.S. trade representative pointed out, “China directs and unfairly facilitates the systematic investment in, and acquisition of, U.S. companies and assets by Chinese companies to obtain cutting-edge technologies and intellectual property and generate the transfer of technology to Chinese companies.” But it is not just China. The Russian billionaire Vladimir Potanin set up a U.S. private equity firm that purchased a U.S. cloud storage company that holds the contract to store Maryland’s statewide list of eligible voters. The private equity firm’s cloud storage companies also hold contracts with the Departments of Defense, Labor, and Energy. A number of other Russian billionaires have similarly focused on U.S. investments. The sanctioned Russian businessman Viktor Vekselberg was indirectly the largest client of a New York private investment firm, and the owners of Russia’s Alfa Group co-founded a private investment firm that opened a U.S. office and made over $2 billion of investments in the United States.
Managers of private investment funds – unlike other financial institutions such as banks, broker-dealers, insurance companies, and mutual funds – are exempt from AML program obligations, although Congress called for Treasury to extend such requirements in 2001. The good news is that Treasury proposed a rule to impose AML obligations on private fund managers in 2015, which it should finalize as soon as possible. To complement Treasury’s AML requirements, the SEC should require these fund managers to report confidentially the identities of their investors and the nature of their investments, neither of which is currently collected.
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) is the country’s AML supervisor, promulgating regulations under the Bank Secrecy Act, issuing guidance, and imposing penalties for violations. In practice, though, “federal functional regulators” such as the Office of the Comptroller of the Currency (OCC), the SEC, or the Commodity Futures Trading Commission (CFTC) examine financial institutions for compliance with their AML obligations. It makes sense for FinCEN to delegate examination authority to these agencies both because they know the inner workings of big institutions best and because FinCEN employs only a few hundred people, while these larger agencies employ thousands. Delegation to the federal functional regulators has in a certain sense worked well, as these agencies are well-staffed, high-functioning, and willing to impose large fines. For over a decade, there has not been a major money laundering incident at a large U.S. bank on the scale of scandals at BCCI, Bank of New York, Riggs, or HSBC over a decade, all of which the Senate’s Permanent Subcommittee on Investigations studied in forensic detail.
At the same time, there are significant weaknesses in the current U.S. supervisory architecture. First, it is overly complex. At the largest U.S. financial institutions, activity related to deposit-taking and lending is typically supervised by the OCC; large swathes of business, including investment banking and securities and derivatives trading, are under the jurisdiction of the SEC and CFTC; and the holding company on top of the bank is supervised by the Federal Reserve, which also has the authority to assess enterprise-wide risk management. Coordination among agencies can be cumbersome. This supervisory fragmentation means any given federal regulator may not be able to identify AML violations across all business lines within a financial holding company, notwithstanding the Federal Reserve’s enterprise-wide role. Second, the SEC and CFTC in turn delegate much of their responsibility for AML examination to two “self-regulatory organizations,” the Financial Industry Regulatory Authority and the National Futures Association. Private sector organizations simply cannot fill the shoes of a government agency, no matter how competent and professional they may be. Therefore, AML examination of broker-dealers and futures commission merchants should be the sole province of the SEC and CFTC.
The former chief counsel of FinCEN has wisely called for an arrangement “that includes closer collaboration between FinCEN and the federal functional regulators and greater authority for FinCEN to establish BSA examination and enforcement priorities across these agencies and similarly to control interpretations of BSA rules.”FinCEN should also more actively direct targeted AML examinations when it becomes aware of the possibility of concentrated illicit activity (its core area of expertise), and it should staff joint AML examination teams with federal functional regulator colleagues. Congress will need to boost FinCEN’s budget to enable these changes.
The most glaring problem of all, though, concerns the supervision of money services businesses (MSBs), including money transmitters that specialize in sending remittances internationally. This industry is far-reaching, but it lacks a federal functional regulator entirely. The operations of these businesses are licensed and regulated at the state level, though MSBs are required to register with FinCEN and have AML program obligations. Examinations are conducted by state regulators and the Internal Revenue Service. Such an arrangement has long been suboptimal. It has now become a major liability, because the role that MSBs play in consumer and commercial payments is increasing with the advent of cryptocurrency and the rise of “fintech” companies. Cryptocurrency exchanges, online payments companies, and other fintech firms have decided to operate within the MSB framework, though the OCC’s FinTech Charter offers an alternative to the MSB regulatory regime. MSB activity must be brought under the auspices of an existing federal functional regulator, or Congress will have to create a new one.
Anti-money laundering practitioners across the board agree that information-sharing allows the government to communicate priorities and highlight emerging trends to industry, enhances financial institutions’ internal investigations, and makes it more difficult for illicit facilitators to exploit informational barriers between banks or jurisdictions. FinCEN has institutionalized government-to-industry information-sharing through its new FinCEN Exchange program, which builds on an earlier pilot. This program is a good starting point but meets only sporadically; FinCEN should continue to expand it. The United Kingdom’s Joint Money Laundering Intelligence Taskforce, by contrast, meets weekly.
When it comes to sharing financial intelligence between governments, there is a stark dichotomy. On the one hand, sharing between financial intelligence units (FIUs), which collect and analyze suspicious activity reports, is well-established and facilitated by the Egmont Group, a global grouping of FIUs that facilitates the international exchange of information derived from suspicious activity reports and related reporting.. The exchange of information under Egmont principles is designed to assist law enforcement investigations that involve multi-jurisdictional activity.
On the other hand, no equivalent process exists to facilitate the international sharing of information between financial supervisors for AML oversight purposes. Egmont could welcome supervisors under its umbrella, or supervisors could establish their own parallel body. More sharing of information among supervisors (for example, between the UK’s Financial Conduct Authority and the OCC or SEC) would also increase regulators’ confidence in other countries’ supervisory regimes and help them identify circumstances under which it would be appropriate to allow banks in one jurisdiction to rely on due diligence performed by banks in another jurisdiction. Cross-border reliance would create a powerful incentive for banks to share more information with each other because it would eliminate costly, duplicative investigations.
Finally, American banks are allowed to share financial intelligence among one another under Section 314(b) of the PATRIOT Act. Banks have taken advantage of this opportunity to positive effect, but Treasury can help increase the flow of information between banks by encouraging them to form geographic or functional consortia. FinCEN should also clarify or revise existing 314(b) guidelines to remove regulatory uncertainty about the limits of permissible sharing.
Beyond Financial Supervision
Looking at policy options beyond financial regulation, there are a number of areas for improvement. Transparency advocates have pointed accurately to the United States’ failure to impose AML obligations on intermediaries such as accountants, company formation agents, lawyers, and realtors, which puts the U.S. in breach of FATF standards. Anti-corruption activists have stressed, rightly, the deterrent effect of high-level money laundering prosecutions and successful asset forfeitures. These are worthy goals, but they present unique complications.
The low-hanging fruit consists of prohibiting the anonymous ownership of real estate and ending anonymous companies. Treasury has implemented a pilot program to track the purchasers of luxury residential real estate in several metropolitan areas by issuing Geographic Targeting Orders to title insurance companies, which are required to identify the owners of companies or other legal entities used to buy a house or condominium. This program should be scaled up nationwide and made permanent, which can be done by regulation. It is important to note that a foreign person can wire money to a property owner to buy a residence in the United States without the use of a U.S. bank account on either end of the transaction, making it simplest to obtain real estate ownership information through title insurance rather than through banks.
Last but not least, end the ability of illicit actors to form anonymous companies whose owners are unknown to the government. An impressive array of actors supports such a move, from law enforcement and national security veterans to labor unions and the financial services industry, not to mention the Treasury Secretary and the Delaware Secretary of State. Anonymous companies are the go-to device for people seeking to hide their proverbial ill-gotten gains, and ending them will force bad actors to work harder. Companies are formed at the state level, and reform requires Congressional legislation. Members of Congress have introduced a number of bills to end anonymous companies, none of which have passed. The most straightforward model would require an individual forming a company to report his or her ownership directly to FinCEN as part of a confidential registry. Law enforcement and approved personnel at covered financial institutions would have access to the database, which would both ease criminal investigations and reduce the compliance burden on banks seeking to verify their customers’ identities.
A counter-illicit finance regime asks wider-ranging questions than an anti-money laundering regime. When the policy goal is to prevent or prosecute drug trafficking, the rules understandably focus on reporting bulk cash movements. But today’s policy imperatives are more diverse, ranging from targeting complex foreign corruption schemes to understanding the purchase of strategic assets by authoritarian regimes, so policymakers require a more sophisticated toolkit. The five areas of reform set forth above would improve transparency and supervision, create operational and investigative efficiencies, and aim to ameliorate, where possible, the compliance burden on financial institutions. These reforms would expand the size and scope of financial intelligence, greatly strengthening the hand of the government. However, it will be critical to ensure that strict restrictions on access and exploitation remain in place to protect privacy and civil liberties. Best practices that emerge from these reforms should be embedded in global standards, leading to more widespread adoption. Eliminating financial crime will remain impossible, but a decisive shift in the balance of power is within reach.