In order to enter an airline terminal and board a plane in the United States, you are required to show proof of identity and pass physical and personal data screenings. Sometimes, the screening process is escalated in order to mitigate the risks of ill-intentioned persons gaining access to an airplane. These screening and prevention activities are performed by the Transportation Security Administration (TSA) and overseen by the Department of Homeland Security (DHS), and have been mostly effective in increasing the safety of air travel. They also happen to emulate customer onboarding requirements for financial institutions with regards to documentation, verification and access.
What if we treated access to domestic financial institutions similarly to how we treat air travel security? Is there a better way to mitigate the risks of ill-intentioned persons gaining access to the financial tools they need to fund and profit from their illicit activities?
We operate in a complex financial system attempting to prevent bad actors from laundering money, funding terrorism and financing other nefarious activities while providing vital banking, payment and economic services. Financial institutions (FIs, a generic term we will use throughout this article for simplicity) are subject to multiple levels of oversight and regulation. The Financial Crimes Enforcement Network (FinCEN), Office of the Comptroller of the Currency (OCC), Office of Foreign Assets Control (OFAC), Federal Deposit Insurance Corporation (FDIC), Federal Financial Institutions Examination Council (FFIEC) and other agencies maintain authority to levy fines, impose mandates and significantly impede operations for FIs that are generally making good faith, costly efforts to comply with anti-money laundering (AML) / Bank Secrecy Act (BSA) regulations. “BSA/AML compliance expectations have increased each year… and they are expected to continue to increase for the foreseeable future” (Dunne, 2014). Meanwhile, there is a strong appetite for an overhaul of regulation, including a call to “stop delegating its authority to examine large, complex financial institutions for Bank Secrecy Act (BSA) compliance to the federal banking agencies and other regulators” (Wolf, 2017).
Additionally, costs of client onboarding and due diligence are increasing due to disjointed tools and information systems across industry, data quality and volume, and time (not to mention frustrating documentation requirements for customers). A 2016 global survey estimated annual costs of $60–500 million dollars per financial institution, an increase of 22 percent from 2015 (Thomson Reuters, 2016). 100 percent of the know your customer (KYC) and due diligence responsibility hangs around the figurative necks of FIs and their risk and compliance leaders. That responsibility and cost are only going to become more burdensome as globalization trends increase, and the array of financial tools with minimal validation and immature regulation expands (i.e., tech payments, cryptocurrency). Those burdens get passed to the mostly law-abiding users of those tools and can slow economic expansion.
If we break down AML compliance efforts into large subgroups of prevention, detection, training and testing, we can then focus more sharply on prevention — always the least costly method in any compliance project if done correctly. For example, the fundamental difference between AML and OFAC is the timing of the requirements along the transaction timeline. Specifically, there may be an early point solution (ergo, less costly) to centralize the collection of and simplify FI access to customer and beneficial ownership data, key tenets of money laundering prevention.
In order to reduce overall industry onboarding and customer due diligence costs, concentrated risk and illicit financial activities, a possible solution would be to create a TSA-type government agency called the Financial Access Verification Authority (FAVA). FAVA would be responsible for the following activities:
- Creating and maintaining a centralized database of all persons and entities cleared to conduct business with domestic FIs
- Receiving and processing applications of persons and entities requesting to conduct business with domestic FIs
- Collecting Customer Identification Program (CIP) / customer due diligence (CDD) / enhanced due diligence (EDD) information (similar to what is required by regulation for FIs)
- Updating databases with relevant information acquired through suspicious activity reporting (SARs), OFAC sanctions, criminal records, FI monitoring reports (transactions, updated data), etc.
- Maintaining persons and entity risk ratings
- Cleared: low risk / moderate risk
- Cleared: high risk / permissible
- Non-cleared: non-permissible
- Granting special license for single-event permissions of non-cleared entities / persons
- Investigating and assessing beneficial ownership
- Investigating and assessing correspondent banks abroad
- Conducting periodic file reviews and risk assessments every 12 to 36 months (based on risk profiles)
Funding of this agency can be achieved by levying a special corporate tax for FIs at an ultimate cost savings for them. For instance, if we use the low-end $60 million cost of onboarding figure referenced previously (Thomson Reuters, 2016), we can cut that figure to some tax rate that reduces that cost to $10 million per year per FI. Then using only the 800 FIs surveyed in that same poll, we end up with a minimum of $8 billion available to operate the FAVA (data infrastructure, personnel, etc.). As a comparison, FinCEN’s proposed 2017 budget is just over $115 million dollars (FinCEN, 2016).
Implementation of this agency and its activities can be achieved through a phased, rolling startup that would launch (one year), begin application processing and clearing, and then set an effective date (about five years) by which all entities and persons would be required to be cleared for FI access. For the purposes of this short concept essay, we will leave these complex details open for debate elsewhere.
With regards to process, FAVA would act as a central clearing house for FIs, a data depot for regulators and law enforcement, and a single point of contact for all persons and entities seeking access to the U.S. financial system.
- Centralizing KYC / CDD efforts within a single clearing agency has multiple potential benefits, including:
- Reducing the overall industry effort for onboarding and KYC / CDD efforts (instead of multiple banks conducting independent research on a single entity, FAVA conducts and clears those entities for each requesting bank)
- Banks focus their limited resources on monitoring, screening and reporting
- Reduced overall costs incurred by FIs and therefore customers
- Increased transparency: instead of a customer threatening to take their business to a different FI that might be less investigatory, the only recourse to access the U.S. financial system is to provide the required supporting documents (including beneficial ownership and EDD documents that bad actors are less likely to want to provide)
- Governing authorities have a single source to share information with instead of thousands of FIs
- Reduced customer attrition resulting from de-risking of improperly researched entities
- Focus on prevention versus catching bad actors (proactive)
- Transferred risk to the government agency, which oversees the financial system (shared risk overall versus concentrated risk)
- Reduced KYC risks for FIs, real estate, money service businesses (MSBs), foreign and domestic traders, etc.
- Agency works in coordination with counter-proliferation / export compliance agencies (information sharing for purposes of counterterrorism financing and the Global War on Terror)
- Increased independence for sales and client-facing persons: “Without a single point of authority for your onboarding program, there is no ‘champion’ that can take ownership of both customer engagement and the new household cross-sell process.” (Marous, 2015)
- Partnerships with global financial partners undertaking similar initiatives to screen suspicious entities (Ropes & Gray, LLP, 2017)
As with any significant change within a complex system, implementing the FAVA poses some risks that are not easily mitigated:
- Government agencies and programs tend to become bloated in cost, scope and authority over time. A strong charter with a clearly defined purpose and activities would be necessary.
- Implementation would likely be costlier than a fixed funding structure could support. Partnering with FIs in working through initial growing pains for the benefit of long-term success is vital.
- Structuring the funding burden in a manner that is fair to FIs of various customer populations and risk factors will be challenging.
- The phased growth of customer applications should not disrupt commerce to the detriment of individual business or the U.S. economy.
- The government has a poor history of maintaining data privacy, which must be accounted for and addressed (cross-border regulations, security breaches), though corporations have not fared much better with regards to cybersecurity issues.
- If scoped incorrectly, this agency could end up taking decision-making away from FIs as well as their ability to set their own risk profiles, which would be antithetical to the free market system.
Centralizing access to the U.S. financial system may create an effective clearing point for entities to submit key information and demonstrate that they are operating within the bounds of U.S. law and BSA regulation. If we are truly seeking to thwart bad actors from operating within the U.S. financial system and flaunting AML regulations, identifying, assessing and clearing all entities in an effective, consistent and cost-effective way is an essential first step.
As an alternative to the government model, is it possible to make this clearing agency private, voluntary, centralized and supported by industry with government oversight? In this alternative, the risk burden is still shared and the end state of lowered risk of illicit access may still be gained.
Does any centralized model potentially prevent FIs from opening accounts, or does it create an examination review point (sampling and testing) that could expand its scope?
How might a centralized clearing system disproportionately affect low-income individuals and their ability to access funds cheaply and quickly?
Dunne, K. M. (2014, March). The Expanded Expectations of Corporate Governance in BSA/AML and the Impact of the Audit Function. ACAMS, 20.
FinCEN. (2016). FY 2017 President's Budget. Washington DC: FinCEN. Retrieved from https://www.treasury.gov/about/budget-performance/CJ17/14.%20FinCEN%20FY%202017%20CJ.PDF
Marous, J. (2015, September 25). Busting the Top 5 Customer Onboarding Myths. Retrieved from The Financial Brand: https://thefinancialbrand.com/54531/new-customer-onboarding-myths-banking/
Ropes & Gray, LLP. (2017, February 2). Hong Kong Proposes Enhanced AML Obligations for Professionals and Beneficial Owner Registries for Hong Kong Companies. Retrieved from JD Supra Business Advisor: http://www.jdsupra.com/legalnews/hong-kong-proposes-enhanced-aml-94678/
Thomson Reuters. (2016, May 9). Thomson Reuters 2016 Know Your Customer Surveys Reveal Escalating Costs and Complexity. Retrieved from Thomson Reuters: https://www.thomsonreuters.com/en/press-releases/2016/may/thomson-reuters-2016-know-your-customer-surveys.html
Wolf, B. (2017, February 17). U.S. banks' anti-laundering revamp sees Treasury-run exams, support for 'utilities'. Retrieved from Thomson Reuters: http://www.reuters.com/article/bc-finreg-aml-revamp-idUSKBN15W2AF