Money launderers using the banking system are like cockroaches infesting a New York City apartment-they've been around for centuries, they're hard to get rid of, and they scurry away when the lights are turned on.
Recent Congressional hearings have shed light on how a panoply of money launderers, embezzlers, drug traffickers, scam artists and other miscreantshave taken up residence underneath the floorboards of many financial institutions. Now, banks face the prospect of increased regulatory, legislative and market pressure to take proactive steps to stop these criminals from abusing the global financial system.
"Our banks are gatekeepers," said Senator Carl Levin, D-Mich., ranking minority member of the Senate Permanent Subcommittee on Investigations, which is examining international money laundering. "They've got to be much more careful about opening that gate and allowing access to our systems." (For more on Levin's views on money laundering, see sidebar on page 28.)
Unfortunately for banks, guarding this gate is easier said than done, as money laundering remains hard to detect. According to a 1995 report from the now-defunct Office of Technology Assessment, only about one out of 2,000 wire transfers involves money laundering. The job of distinguishing a criminal transaction from a legitimate one is tricky and expensive for banks and law enforcement agencies. "You've got hundreds of thousands, even millions of transactions going through your bank, and you're trying to figure out which ones are the problems," said John Daly, president of Miami,Fla.-based Americas Software. "It's a huge math problem."
Although criminals have diverse motives, they generally want the same thing-unfettered access to the global financial system. To gain entry, criminals gravitate toward doing business at the biggest institutions, where they have the best chance at passing undetected. "You need to have a bank that can churn out $10,000 checks without thinking," said a member of Levin's staff, citing the example of Swiss American Bank, licensed in Antigua and Barbuda, which in 1998 and 1999 sent millions of dollars of Internet gambling proceeds through correspondent accounts with Bank of New York and Chase Manhattan Bank, among others.
But money laundering isn't just an issue for money center banks. Faced with tighter controls imposed by big banks, criminals will simply seek other means of entry to the financial system. "Even [a bank] in Pocatello, Idaho, has a correspondent banking relationship [with other banks around the world]," said Charles Intriago, publisher of Money Laundering Alert , a Miami-based newsletter. "This is one issue that [banks] can't duck."
Monitoring a Solution
Since financial institutions can't avoid money laundering issues, many are turning to wire transfer monitoring technology to make it harder for criminals to ply their trade. "Everybody is just getting their feet wet with these monitoring programs," said Joann Patross, anti-money laundering/bank secrecy act officer at Mellon Financial Corp., which is replacing a homegrown system with OFAC filtering software (see sidebar page 26) and will soon implement BSA Reporter, both from Prime Associates, Clark, N.J. "It's an industry in its infancy."
Five years ago, wire transfer monitoring systems were thought to be unworkable. "In general, there are no experts or data to make the use of knowledge-based systems feasible for detecting money laundering through wire transfer monitoring alone," according to the Office of Technology Assessment's 1995 report. At that time, the division chief of the U.S. Treasury's Financial Crimes Enforcement Network described the problem as "looking for a needle in a stack of other needles."
Still, when Republic Bank of New York turned to a monitoring system, it found a bunch of rather large needles in its pincushion. In August 1999, Republic Bank went live with an in-house anti-money laundering system that paired beneficiaries and originators of wire transfers. Shortly afterwards, the bank discovered unusual activity flowing through its accounts from the Bank of New York and a number of Russian banks. The resulting money laundering scandal, which made headlines around the globe, brought bankers face-to-face with the reputational risk inherent in providing access to the global financial system.
Bankers, once skeptical of the prospects for effective wire transfer monitoring software, began to take a harder look at the tools available. One example is SearchSpace, which offers artificial intelligence engine using machine learning and pattern recognition techniques to form a profile of the usual business activities for bank clients. Application plug-in "Sentinels" provide specific monitoring capability over consumer banking, correspondent banking and broker-dealer activities.
Unusual transactions are automatically brought to the attention of a bank officer, who need not be an expert in sophisticated data mining techniques. The system tracks the officer's response to each alert, providing an audit trail as well as deterrence against the kind of insider shenanigans that befell Bank of New York, now one of SearchSpace's clients.
Other clients include Barclays Bank, Bank of Scotland, Royal Bank of Scotland, Natwest, the London Stock Exchange, Archipelago and Lloyd's of London.
Best of all, the same system can serve as the basis for a customer relationship management package. Marketing and compliance departments "both fundamentally require the exact same information," said Konrad Feldman, CEO of SearchSpace. Therefore, systems looking for compliance, fraud and money laundering issues are also in the position to seek out marketing and sales opportunities.
Despite the revenue-enhancing potential for transaction monitoring systems, cost remains a significant issue for banks. Because reputational risk is more difficult to quantify than other risks, the decision on what to spend on monitoring systems is itself a gamble. Systems for monitoring money-laundering threats are costly, although not prohibitively so-ranging from $100,000 to $4 million, according to sources, depending on institution size and transaction volume. Major vendors include Americas Software, Dallas-based Atchley Systems, Prime Associates and SearchSpace.
Jim Richards, director of the financial intelligence unit at FleetBoston Financial, ticked off a few ways to measure the success of an anti-money laundering program: staying out of Congressional reports; being mentioned by Congressional investigators as having a good program; and not being named by the media as a central figure in a major money laundering case. These benefits are valuable, said Richards, "not only with the public, but for the reputation that you develop with the regulatory agencies."
While banks are often stingy about offering up details on their anti-money laundering programs, they shouldn't be shy about calling in regulators to report unscrupulous activity. "It's the failure to report this stuff that gets the banks in trouble; it's not the fact that it was there," said Richards. "Careers are broken over stuff like this," he added.
To better safeguard against money laundering, FleetBoston Financial went beyond third-party technology and formed a dedicated reputational risk group, the Financial Intelligence Unit, or FIU, within its operational risk division in 1999. The FIU's 21 employees are split evenly between a centralized profiling and monitoring group, a financial analysis group, and an investigations and reporting group. "We're not compliance-we're not writing policies or drafting procedures or doing training," said Richards. "We understand money laundering. That's all we do."
The FIU uses what Richards calls the most underutilized anti-money laundering tool available today: the "invisible web" of publicly-available databases from around the country and the world. "I can go in with your name, and a rough address-it'd probably take me a couple of minutes-but I can find your birthday," said Richards. "With your birthday, I could then probably find your birth certificate. With that, I have your mother's maiden name, and off I go." Using automated invisible web searches, the FIU can verify the existence of counterparties and the legitimacy of their business activities.
After creating an inventory of all the data available to the bank, both inside and outside its walls, the FIU brings relevant information into a Microsoft SQL Server database for further mining, manipulation and analysis. Richards likened the project to a CRM initiative. "A bank will say, 'We can't do it,' but they've done it for marketing."
But this approach has its limitations, especially where correspondent accounts are concerned. Foreign financial institutions with correspondent accounts at U.S. banks essentially resell the capabilities of the latter to its own clients. As a result, money launderers can use the banking services of U.S. banks without revealing their identities. To crack down on these abuses, in November 1999 Deutsche Bank's risk team began using db-Tracker, an internally-developed, account-based monitoring system that identifies unusual correspondent account activity.
The system first assigns each account a risk tolerance score. For correspondent banks, the score is based on several factors: country of origin; management and ownership changes; government connections of the bank's senior management; adverse regulatory history; and expected transaction flow based on client-provided data and the bank's own analysis.
The system then calculates the seasonally-adjusted average monthly volume and dollar value of transactions over the past year. Whenever account activity exceeds historical levels by an amount based on the bank's risk tolerance score, an investigation is triggered. "We would look at 10%-15% of the transactions in a high-volume account in a given month, to see if they are consistent with what we would expect this client to do," said Tom Obermaier, head of risk management at Deutsche Bank's Global Cash Services division.
Obermaier's responsibilities include smoothing ruffled feathers when unusual activity is found to have a legitimate business purpose. "Our [bank] clients are cooperative in our efforts, but some may at first be surprised when we question them about their activity," he said. "I explain precisely what Deutsche Bank does, why our role exists, and how not only are we protecting the bank's interests, but also theirs."
Other systems at Deutsche Bank support Know Your Customer policies by tracking the stages of the process and assuring that relationship managers properly complete the requisite documentation and reviews. Furthermore, pilot programs over the past few months have moved towards putting clients' documentation online. "When we need to review documents for whatever reason [i.e., anti-money laundering or credit purposes], we have to go find the documents," said Obermaier. "We're starting to put that all on an image archive."
Deutsche Bank programmers are also working on artificial intelligence algorithms to spot known patterns of suspicious activity, basing their efforts on compliance software from a major vendor. "That's really where the future of technology is, and that's where a substantial amount of Deutsche Bank's efforts are right now," said Obermaier.
Learning from OFAC
The spread of anti-money laundering software within banks might follow the pattern seen with prior technology-based compliance initiatives, such as with software used to satisfy regulations from the U.S. Treasury's Office of Foreign Assets Control, or OFAC.
Compliance with OFAC, as with the Bank Secrecy Act and anti-money laundering statutes, depends on monitoring wire transfers. Since the mid-1990s, banks have had to check wire transfers against a list of sanctioned entities maintained by OFAC and blow the whistle when a match comes through. If, however, a bank inadvertently lets a transaction from a sanctioned entity through, the next bank down the line can call them to task on it, putting the sender at risk of having assets frozen.
As a result, banks are now avid users of OFAC compliance software. "Automation in OFAC came through the money center banks," said Dave DeMartino, vice president of sales and marketing at compliance software vendor Prime Associates, Clark, N.J. "Other banks, which did not have OFAC filtering, were releasing transactions that had OFAC violations in them. [The money center banks] were stopping them and reporting them to OFAC." Adoption of anti-money laundering software is likely to proliferate in a similar fashion, he said.
OFAC's list of sanctioned entities includes individuals, corporations, banks from countries under economic blockade, and even ships. OFAC procedures are mainly used to apply political pressure against those involved in activities such as terrorism.
Observers point out the limitations of the OFAC list. "If we got a wire from a Swiss bank, and they got it from a Cuban bank, then I think you might see that show up somewhere," said industry consultant Nelson Everhardt, a former senior vice president and corporate compliance executive at Bank of America, Charlotte, N.C. "But if we got it from a Swiss bank and they got it from a German bank and they got it from a French bank and so on and so forth, it might be harder to catch."
He added, "In a wire transfer, you can only look at what's there." - Ivan Schneider
Leading the Crusade Against Money Laundering
As ranking minority member of the Senate Permanent Subcommittee on Investigations, Senator Carl Levin, D-Mich., has led the push to educate bankers, regulators and law enforcement agencies about the role of correspondent banking services in international money laundering.
Senator Levin spoke about his efforts with BS&T associate editor Ivan Schneider
BS&T: What should bankers do to educate themselves and their organizations about money laundering?
LEVIN: Well, we have to first identify the problem, and that means to take a look at where the banks have been misused by money launderers for their own purposes.
We focused on a couple of areas. First, the importance of private banks taking precautions against accepting corrupt funds. Secondly, in the correspondent banking area, it's really a matter of being particularly leery of correspondent accounts that come from high-risk areas.
Our banks are gatekeepers, essentially. They've got to be much more careful about opening that gate and allowing access to our systems.
BS&T: What role will technology have for banks acting as gatekeepers?
LEVIN: A large role. It's essential that new technologies be used and further technologies be developed in order to identify the deposits which are suspect, to look for instances and for patterns of deposits.
When you've got a couple hundred thousand wire transfers per day coming into a large bank, maybe involving even a trillion dollars a day, you cannot do that except through technology.
BS&T: Do banks have an obligation to buy the best anti-money laundering systems available?
LEVIN: I don't know. We leave that up to the regulators, whether it's to buy the best that money can buy or to buy one that is reasonably able to identify the suspicious patterns. Whatever that standard is, it should be a pretty strict standard, because we really want banks to use technology. I don't know whether the regulators should go so far as to require the best, because that may then start an argument over which is the best, whereas we really want to be focusing on excellent, available technologies - even if there may not be agreement as to what the one best one is.
BS&T: On the legislative side, what's the status of your 1999 bill [S.1920 - Money Laundering Abatement Act]?
LEVIN: We're revising it because we've learned a lot about how criminals launder money through their correspondent accounts, so we're looking to introduce an improved version at some point in the near future.
BS&T: Do you expect any opposition?
LEVIN: Well, there's always opposition. It's always a contest between those that see a need to clamp down on an evil, such as money laundering, and those who have to implement it, who need something to be practical and to be realistic and to be achievable. There's a built-in contest there, and you hopefully end up with a balance.
We would just prohibit shell banks altogether, for instance, and then have much tighter procedures for deposits in these high-risk areas. Hopefully, we'll get a procedure that allows the seizure of assets in correspondent accounts with the same standards as [those for] domestic accounts.
We're going to need the cooperation of the banking industry. It's not in anybody's interest that our banks launder dirty money. It's not in our banks interest-they don't want to be part of it, and hopefully they'll cooperate with us in crafting a bill.
But in any event, we've got to make sure that America's banks, which are the premier banks in the world, are not misused by money launderers.