ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING

COMPLIANCE CHALLENGES IN COMMUNITY BANKS

by

Kimberly Silva

A Capstone Project Submitted to the Faculty of

Utica College

December 2017

in Partial Fulfillment of the Requirements for the Degree of

Master of Science in Financial Crime Management





ProQuest Number: 10688856




All rights reserved

INFORMATION TO ALL USERS
The quality of this reproduction is dependent upon the quality of the copy submitted.

In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.






ProQuest 10688856

Published by ProQuest LLC (2017 ). Copyright of the Dissertation is held by the Author.


All rights reserved.
This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.


ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
© Copyright 2017 by Kimberly Silva

All Rights Reserved

ii
 Abstract

Financial institutions are responsible for multiple financial crime related compliance activities

collectively known as anti-money laundering (AML) compliance. AML compliance is applicable

to almost every department of the financial institution (FI), making it complex to manage, and

requiring staff with varying skill sets and experience.

AML compliance requirements in community banks are the same as in larger banks.

Proportionately, the costs of maintaining AML compliance can be greater than in their larger

counterparts. Community banks play a vital role in the health of the U.S. economy, and their

collective success is essential to a healthy financial system. The challenge for these smaller

institutions is to maintain robust AML regulatory compliance in a rapidly evolving global

environment at the beginning of the next technological revolution.

The purpose of this research was to explore the specific challenges facing smaller FI’s,

and examine program changes and enhancements that could result in increased compliance

effectiveness and cost efficiencies.

The outcome of the research is a recommendation to remediate, but not enhance, existing

programs, and to allocate resources in preparation of new regulations and technology.

Keywords: Financial Crime Management, Dr. Kyung-Seok Choo, artificial intelligence,

blockchain, regtech, fintech.

iii
 Acknowledgments

Thank you to Dr. Choo, and the faculty and staff at Utica College for an enlightening and

enjoyable two years. Thank you, and best wishes to my cohort colleagues, especially MJ Noe

and John Flynn, for your friendship and support. My sincere gratitude to attorney Stephen R.

Ucci for his gracious time and exceptional talents as my second reader. Most of all, much love

and appreciation to my wonderful sons, Benjamin and Jonathan, for their patience,

understanding, and support throughout this professional and personal journey.

iv
 Table of Contents

List of Illustrative Materials............................................................................................... vi

Statement of Problem...........................................................................................................1
Banking System and Community Bank Characteristics ................................................2
Relevant Regulatory Agencies.......................................................................................3
AML/CTF Compliance Requirements...........................................................................4
Current Regulatory Landscape and Proposals ...............................................................6
Technology Challenges and Advancements ..................................................................8
Literature Review...............................................................................................................10
Financial Crimes Enforcement Network (FinCEN) ....................................................10
Artificial Intelligence (AI) ...........................................................................................11
Global Fight on Financial Crime .................................................................................14
Anti-Money Laundering Software ...............................................................................15
Blockchain Technology ...............................................................................................16
AML Compliance ........................................................................................................18
Regulatory Landscape ..................................................................................................20
Staffing.........................................................................................................................22
Enforcement Actions ...................................................................................................24
Discussion of Findings.......................................................................................................27
Compliance ..................................................................................................................28
Technology ..................................................................................................................28
Staffing.........................................................................................................................31
Enforcement .................................................................................................................31
Recommendations and Conclusions ..................................................................................33
Objective ......................................................................................................................34
Process .........................................................................................................................34
Assessment and Remediation ......................................................................................36
Landscape ....................................................................................................................37
Program Evolution .......................................................................................................38
Conclusion ...................................................................................................................40
References ..........................................................................................................................41
Appendix ............................................................................................................................46
Appendix A – Acronyms and Abbreviations .....................................................................46

v
 List of Illustrative Materials

Figure 1 – FinCEN Suspicious Activity Report, March 1, 2012 – December 31, 2016....14
Figure 2 – Typical week of a compliance officer in 2017 ................................................24
Figure 3 – Project Management Process............................................................................34

vi
 Anti-Money Laundering and Counter Terrorism Financing Compliance Challenges in
Community Banks

Compliance with anti-money laundering and counter terrorism financing (AML/CTF)

regulatory requirements has proven to be an expensive, inefficient endeavor for the nation’s

community banks. The burden imposed by the Dodd-Frank Wall Street Reform and Consumer

Protection Act of 2010 (Dodd-Frank), has forced community banks to reduce product and service

offerings, and has increased bank consolidations. Budget constraints are influencing staffing

decisions, and increasing the regulatory risks that lead to penalties and fines. Potential changes in

the regulatory landscape, if implemented, will decrease current capital requirements, but not

impact AML/CTF compliance directly (Burnet, 2015). Technology advancements have the

potential to create efficiencies in AML/CTF monitoring, but are not readily available in the

marketplace (Bajpai, 2017). Community banks play an important role in the economy, servicing

a large portion of the country’s small businesses, and underwriting a significant portion of

agricultural lending (Treasury, 2017).

The purpose of this research was to evaluate and discuss the challenges faced by

community banks in complying with AML/CTF regulations. The research begins by describing

where community banks fit within the United States banking system, followed by an overview of

the primary regulatory agencies charged with oversight and enforcement. A summary of

AML/CTF compliance activities and technology challenges provides an understanding of the

breadth and complexity of the program within financial institutions. Current proposals for

regulatory changes, and efforts to improve the efficiency of compliance monitoring software are

examined for their impact on AML/CTF compliance.

The research utilized included a U.S. Department of the Treasury report, trade group

proposals and statements, white papers produced by law firms and advisory firms, news articles,

1
and industry blog postings. The research encompassed a range of perspectives and

recommendations, including enhancing the data provided to the Financial Crimes Enforcement

Network (FinCEN) for analysis by law enforcement and intelligence professionals, and using

advancements in artificial intelligence (AI) to replace compliance staff. The intended benefactor

of this research is senior management and compliance leadership within community banks,

whose responsibilities include maintaining current AML/CTF compliance while positioning their

institutions for future regulatory and technology changes.

U.S. Banking System and Community Bank Characteristics

The U.S. banking system is classified into eight segments, segregated by size and

type. Regional and mid-sized banks represent approximately 31%, or $6.7 trillion, in assets.

Community banks and credit unions account for $2.7 in total assets. For simplicity throughout

the project, regional, mid-sized, and community banks will be referred to as community banks.

These community banks have a more simplified structure than the eight U.S. global

systematically important banks (G-SIB) banks that represent approximately 50% of total

depository assets. Overall representation of U.S. G-SIB’s has decreased from 58% in 2008,

highlighting the increasing impact of community banks on the U.S. economy. The capital ratios

of community banks are often equal to or higher than G-SIB institutions, and community banks

are structured to predominately provide depository services, consumer and business lending, and

agricultural lending in rural areas (Treasury, 2017).

The AML/CTF regulatory requirements of community banks are not scaled relative to the

size of the institution or the products and services it offers. “A recent survey released by the

American Bankers Association found that more than 46 percent of American small banks

surveyed said that due to regulatory compliance burdens, they had to reduce their product

2
offerings, including loan and deposit accounts. The survey also found that customer service had

suffered because of higher compliance costs, as community banks struggle to comply with fewer

staff and much smaller budgets (Trulio, 2015).” A 2017 Accenture report found that 89% of

financial services executives anticipate increasing compliance department expenses in the next

two years.

Low interest rates contribute to budget constraints, and as an operational cost center,

compliance staffing and budgets are often one of the first areas reduced. The recent financial

crisis weakened the financial strength of some community banks, further diverting funding of

compliance activities. Electronic banking innovations and new services create compliance risks

that are not being fully integrated into the AML/CTF program. As a result, although AML/CTF

compliance has not changed, the risk of compliance failures has increased (Macro, 2013).

Relevant Regulatory Agencies

There are five federal banking regulatory agencies that oversee AML/CTF

compliance in U.S. based financial institutions. The Board of Governors of the Federal Reserve

System (FRB) oversees state-chartered banks that are part of the Federal Reserve System, as well

as several types of holding companies. The Office of the Comptroller of the Currency (OCC)

regulates federally charted banks. Federally chartered banks contain the word National, or the

characters N.A., in their bank names. The Federal Deposit Insurance Company (FDIC) regulates

federally charted banks not overseen by the FRB. The Consumer Financial Protection Bureau

(CFPB), created as part of Dodd-Frank, is responsible for consumer protection of financial

services and products. The National Credit Union Administration (NCUA) oversees federally

chartered credit unions (Protiviti, 2017). AML/CTF compliance in credit unions is not included

this research.

3
 The Internal Revenue Service (IRS) provides oversight of nonprofit, governmental, and

other entities, like money service businesses (MSB), that are subject to oversight and regulation

pursuant to the Bank Secrecy Act (BSA), not covered by other federal regulatory agencies.

Agencies delegated authority over the securities market, broker-dealers, commodity futures, and

the options markets include the Securities and Exchange Commission (SEC), the Commodity

Futures Trading Commission (CFTC), and the Financial Industry Regulatory Authority

(FINRA), among others specific to housing, gaming, and other non-depository activity (Protiviti,

2017).

AML/CTF Compliance Requirements

Investigation and enforcement of suspected money laundering and terrorist financing

activities is conducted by the applicable government agency, and may include multiple agencies.

Within each agency, there are individual offices that have authority and jurisdiction over

specified areas of investigation. For example, the Financial Crimes Enforcement Network

(FinCEN), the Office of Foreign Assets Control (OFAC), the Office of Terrorism and Financial

Intelligence (TFI), and the Office of Terrorist Financing and Financial Crimes (TFFC), are all

offices within the U.S. Department of the Treasury (Treasury, 2015).

Other Departments that may participate in AML/CTF investigations include (Treasury, 2015)

• Department of Justice (DOJ)

• U.S. State Department

• U.S. Office of the Director of National Intelligence (ODNI)

• U.S. Department of Homeland Security (DHS)

• U.S. Department of Commerce

• U.S. Department of Defense (DOD)

4
 • U.S. Department of Energy (DOE)

• U.S. Postal Service (USPS)

The Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-

Money Laundering Examination Manual, last updated in 2014, is the guidance utilized by

financial institutions in complying with AML/CTF and OFAC requirements. The manual

outlines the standards, requirements, and expectations of a compliant AML program. It provides

guidance on risk management and the appropriate report forms. To ensure clarity and

consistency, the manual is also the framework for bank examiners (Protiviti, 2017).

Banking regulations in the United States exist to deter and detect money laundering and

terrorist financing activities within financial institutions. Information collected by banks provides

information to law enforcement officials and aids national security policies. The FFIEC exam

manual, which contains the procedures necessary to be compliant with requirements, has

numerous components. Programs and services that come under examination include (FFIEC,

2014)

• Customer Identification (CID)

• Customer Due Diligence (CDD)

• Suspicious Activity Reporting (SAR)

• Currency Transaction Reporting (CTR)

• Foreign Correspondent Account Recordkeeping, Reporting and Due Diligence

• Funds Transfer Recordkeeping

• International Transportation of Currency or Monetary Instruments Reporting

• Office of Foreign Assets Control

• Politically Exposed Persons (PEP)

5
 • Payable through Accounts

• Automated Clearing House Transactions (ACH)

• Pouch Activities

• Bulk shipments of Currency

Current Regulatory Landscape and Proposals

The viability of community banks is important to the economy. Federal Reserve

Governor Daniel Tarillo stated in a 2009 speech that over 75% of agricultural, and 50% of small

business loans originate from community banks (Lux, 2016). In his June 2017 report regarding

Executive Order 13772, U.S. Treasury Secretary Steven T. Mnuchin stated that compliance

burdens have contributed to the slow recovery of community banks. “Requirements of Dodd-

Frank are overseen by multiple regulatory agencies with shared or joint rule-making

responsibilities and overlapping mandates. This complicated oversight structure has raised the

cost of compliance for the depository sector, particularly for the mid-sized and community

financial institutions. The Treasury is recommending that community banks be exempted from

the risk-based capital requirements imposed on the G-SIBs (Treasury, 2017).

A February 2017 report compiled by The Clearing House, a trade group that advocates

regulatory, public policy, and legislative issues on behalf of large and G-SIB’s, is suggesting that

the burden for monitoring AML/CTF should largely rest with FinCEN. The report contends that

current AML/CTF programs are ineffective in reducing criminal activity, and suggests numerous

revisions for consideration and further study. The same report supports pending legislation

requiring the reporting of beneficial ownership at the time of incorporation, instead of the point

of account opening, to deter the creation of anonymous companies.

6
 In its 2017 report, the Clearing House identified core problems with the existing

AML/CTF framework, that if addressed would substantively change compliance programs

within financial institutions. The report contends that a primary driver of a financial institutions

compliance is motivated by reputation and compliance risk, rather than national security. As a

result, banks are de-risking perceived high risk accounts, pushing criminal transactions towards

developing and underserved countries and communities less equipped to monitor activity. The

report also states privacy rules and lack of centralization limit the quality of data and prevent

optimal information sharing.

Congress is taking a more involved role in AML/CTF compliance. In December 2016, a

U.S. House Financial Services Committee Task Force to Investigate Terrorism Financing made

numerous recommendations to enhance interagency efforts, which include improving

information flow between the banking industry and government agencies, and better leveraging

the information contained in SAR’s. As a result of the Task Force recommendations, a

Subcommittee on Terrorism and Illicit Finance was created to assist in the efforts to end terrorist

financing. Enforcement is a continued focus by regulatory agencies like FinCEN and the OCC.

In 2016, failure to file accurate and timely Suspicious Activity Reports (SARs) resulted in

multiple enforcement actions (WilmerHale, 2017).

The specialized nature, high liability, and increasing demand for trained professionals has

driven up the cost of recruiting and retaining staff on stagnant or decreasing budgets. Jack Kelly

of Compliance Search Group in New York stated in a 2014 Thomson Reuters article that,

“Hiring has gone up across the board…from senior level to junior level and everything in

between.” In April 2017, a regulation proposed by the New York Department of Financial

Services took effect requiring compliance officers to certify that the financial institution

7
maintains a functional transaction monitoring system. Modeled after portions of Sarbanes-Oxley,

the legislation includes adherence to OFAC requirements as well as AML/CTF compliance, and

allows for criminal penalties if the certification is intentionally incorrect or false. While the

federal government does not impose the same regulations, the Justice Department is increasing

its efforts against corporate misconduct by seeking to hold seeking to hold executives and

compliance officers accountable. A federal district court upheld the independent liability of

compliance professionals and CEO’s for failure to monitor compliance conduct, and willfully

violating AML/CTF programs requirements (WilmerHale, 2017).

Technology Challenges and Advancements

Banks employ a variety of transaction monitoring systems, and recordkeeping systems.

As with other areas of technology, programs become outdated quickly, different versions of the

same software may no longer be compatible, and not all vendor programs can be bridged and

merged. The result is legacy software that is not integrated across the enterprise, increasing both

the cost of information technology, and the risk of not identifying transactions that should be

reported. Storing data is less expensive than migrating and integrating it, which may result in a

decision not to move it to a new platform. Assimilating accumulated data becomes an expensive

and complex project requiring skilled personnel, scope planning, reviewing, cleaning, and

verifying the information. Even with modern migration tools, data sometimes cannot be merged

accurately (Winkler, 2016).

In October 2016, FinCEN issued an advisory to financial institutions, providing guidance

on relevant information to gather and report on cyber-events and cyber-enabled crimes. The

guidance represents additional information gathering responsibilities for financial institutions.

The merging of cybersecurity and AML/CTF compliance efforts is a new approach that

8
regulators are advocating. Previously, compliance activities in these two areas have been

managed by separate staff and departments. (Wilmer Hale, 2017).

A 2017 report by Boston Consulting Group states that regulatory changes that financial

institutions track has tripled to an average of 200 per day since 2011 (Bajpai, 2017). Advances in

regulatory technology, known as regtech, utilizes artificial intelligence technology to mine

transactions without human error, ethical considerations, or emotion. IBM’s Watson has the

potential to cross check fields of data, customer files, and transactions, reducing time and labor

now spent finding potential compliance concerns. As with other technologies, the software is

only as reliable and accurate as its programming and utilization by humans. Compliance will

evolve into a mixture of human and artificial intelligence (Crosman, 2016).

9
 Literature Review

Financial Crimes Enforcement Network (FinCEN)

In order for community banks to develop compliance programs that provide relevant,

quality data in the fight against financial crime, a thorough understanding of FinCEN, the

Financial Crimes Enforcement Network is necessary. FinCEN is a bureau of the U.S.

Department of the Treasury. The Bank Secrecy Act (BSA) is the nation’s most comprehensive

Federal anti-money laundering and counter-terrorism statute. The Treasury Department has

delegated the implementation, oversight, and enforcement of the BSA to FinCEN. Congress

authorizes FinCEN to share information with other local, state, federal, and international

agencies. The mission of FinCEN is to safeguard the financial system and the country’s national

security by protecting it from money laundering and other illicit activity. In addition to issuing,

interpreting, and enforcing regulations, FinCEN collects, processes, and protects the information

it receives from community banks and other organizations. There are eighty SAR review teams

across the country, coordinated through the U.S. Attorney’s offices in the U.S. Department of

Justice (DOJ). Distributed by geographical jurisdictions, the teams review all SARs received.

The information is accessible by law enforcement agencies across the government, and is shared

with foreign financial intelligence units and international AML/CTF counterparts. FinCEN

serves as the financial intelligence unit for the United States within the global community.

FinCEN’s database is one of the largest repositories of information that is available to domestic

law enforcement. FinCEN collects both the SAR and the CTR reports that community banks file.

A currency transaction report (CTR), FinCEN Form 112, is filed with FinCEN when a

currency transaction of more than ten thousand dollars is processed through a financial

institution. For CTR purposes, currency is defined as the coin or paper legal tender of the country

10
of issuance. A Suspicious Activity Report (SAR), FinCEN Form 111, is filed when suspicious

activity, or potential suspicious activity, is detected. The SAR has five sections; subject

information, information about the dates and type of suspicious activity, information about the

financial institution reporting the activity, and a narrative of the suspicious activity (FinCEN).

In July 2016, FinCEN began requiring financial institutions to identify and verify the

beneficial owners of legal entity customers, with an applicability date of May 11, 2018.

Beneficial owners are the individuals who own or control the legal entity customers of a

financial institution (FinCEN). The Office of the Federal Register, which is the daily journal of

the United States Government, reports that FinCEN published Regulatory Impact Assessment 80

FR 80308 in December 2015 citing annualized quantified costs from the beneficial ownership

requirement between $148 and $287 million (Federal Register, page 29398).

Artificial Intelligence (AI)

Artificial Intelligence (AI) is a form of machine learning where the machine has the

ability to refine and improve its performance on a given task without exact directions on how to

accomplish it. With AI, the software learns by its own examples, rather than being programmed

for a specific purpose. Supervised machine learning systems are trained with examples, and the

more data and examples it encounters, the more accurate the outcomes are. The outputs from the

analysis serve as a feedback loop for the software, allowing it to refine its algorithms, and is

referred to as learning. AI uses behavior based analytics instead of rules based searches and is

now being utilized to aid in the fight against financial crime. AI can reduce staffing costs in

financial institutions, and increase the quality of data being provided to law enforcement

(Brynjolfsson, 2017).

11
 Unlike humans, an AI enabled AML program automatically and continually mines data

for trends, abnormalities, and relationships. It adapts its environment as it receives feedback,

learning and changing to reach better conclusions. Artificial intelligence can monitor large

volumes of non-linear data and numerous variables, uncovering sophisticated schemes. Unlike

manual systems, which operate independent of each other, multiple sources could be scanned as

a singular data set, increasing the probability of uncovering matches. Unstructured data and

information from external sources could potentially be pooled with existing data, providing a

depth of insight and analysis not available under current AML scanning programs (Brynjolfsson,

2017).

The customer onboarding process is presently comprised of static, pre-defined checklists

and requirements. The intuitive power of AI could create additional risk and identity related

questions based on customer responses. In addition to verifying the true identity of the new

customer, an AML system driven by AI could detect links to other parties including ultimate

beneficial owners, PEPs, and sanctioned entities. The KYC file can be transformed into a

comprehensive view of the customer that more easily red flags questionable transactions

(Brynjolfsson, 2017).

When conducting name search matches, current systems look for common alternatives

based on the existing rules based system. Linguistic matches are limited to the linear

programming of the software. Incorporating additional attributes results in expanded linguistic

search capability, achieving the objectives of law enforcement. Current systems do not

incorporate other customer information that may aid transaction monitoring. Benford’s analysis,

indicators of encrypted messages, and duplicate invoices are all examples of information that is

analyzed and added to the customer profile. Systems that learn and adapt as methods and tools of

12
conducting unlawful behavior evolves will more accurately uncover information valuable to law

enforcement (Brynjolfsson, 2017).

A powerful benefit of AI for the AML compliance programs of community banks is the

reduction in false positives. Current suspicious activity monitoring methods require human

analysts to look at every transaction prompted by the systems rule based system. Individuals and

organizations perpetrating financial crimes use complex placement and layering tactics to evade

rules-based monitoring. Artificial Intelligence can more easily identify connections across

customers, product lines, and business services. It can also search additional data fields like

telephone numbers, geographical identifiers, and IP addresses to improve the quality of the

outcomes. When the quality of suspicious activity alerts improves, reducing false positives, it

reduces staffing needs within the bank, and allows for a higher quality of analysis. In its March

2017 SAR Stats Technical Bulletin, FinCEN reported that in excess of 958,000 suspicious

activity reports were filed in 2016 by depository institutions. As David McLaughlin, CEO and

founder of QuantaVerse writes in a recent post for the Association of Certified Financial Crime

Specialists, “To conduct such analysis, AI systems utilize agents which are highly specialized

algorithms responsible for collecting and interpreting data, modeling behaviors, detecting

anomalies, inferring relationships, and identifying issues.” David also comments that AI allows

investigators to move to spending their time analyzing actual suspicious activity.

13
Global fight on financial crime

Criminals, including terrorists, human and arms traffickers, drug dealers, and organized

criminals, use the banking system to disguise the origin of their funds and to give it the

appearance of legally gained assets. Money laundering techniques have become increasingly

sophisticated, but typically have three stages; placement, layering, and integration. The United

States Department of State defines these stages by the following definition: Placement – the

proves of placing, through deposits, wire transfers, or other means, unlawful proceeds into

financial institutions; Layering - the process of separating the proceeds of criminal activity from

14
their origin through the use of layers of complex financial transactions, and Integration – the

process of using an apparently legitimate transaction to disguise the illicit proceeds. Advances in

technology and globalization of the financial services sector has made money laundering an

increasingly global threat. Money laundering impacts national security, equitable commerce, the

integrity of the financial system (Department of State). The Financial Action Task Force (FATF)

cites a report by the United Nations Office on Drugs and Crime estimating that in 2009, money

laundered as a result of proceeds from drug trafficking and organized crime was 2.7% of global

gross domestic product (GDP). U.S. currency is a commonly held currency globally because it is

anonymous, often easier to exchange for local currency, and where political and economic

instability exists is held for security against inflation (NLMA).

Anti-money laundering software

Technavio, a leading market research company with global coverage, published a research report

entitled, Global Anti Money Laundering Software Market 2016-2020. The report, which

analyzes emerging trends and leading third party vendors, made the following statements on the

status of AML software: “The deployment of AML software is an expensive process, as it has

defining requirements and its implementation takes a long time. This increases the criticality of

the process because once the deployment begins, it becomes very costly to make any

changes. It also requires expensive additional infrastructure, complex programming,

and extra time and money to ensure data integration and data quality. Most AML

software vendors charge additional fees for software updates, which include improved

features. Some vendors force end-users to purchase updates by refusing to provide

technical support if they have not purchased the latest version”. A lack of cross-functional

collaboration within organizations dilutes the ability to achieve business goals, and decreases

15
valuable operational insight. The report cites the financial and banking sector as the major end-

users of AML software due to the high regulatory scrutiny and responsibility. It also lists

community banks among the most vulnerable to money laundering and financial crime risk

(Technavio, 2016).

Blockchain technology

Blockchain is one form of Digital Ledger Technology (DLT). A distributed ledger is a

decentralized database controlled by multiple users referred to as nodes. A blockchain is the

individual digitally timestamped data and transactions, put together in blocks, also timestamped

(IOSCO, 2017)). “A research report from Goldman Sacks offers a concise summary,

explaining the core concept of how the consensus mechanism functions on a blockchain:

1) It is a database containing transactions between two or more parties, where the

copies of this database are replicated across multiple locations and computers

being the nodes.

2) This database is made of “a chain of blocks”, with each block containing data

such as the details of the transaction – the seller, the buyer, the price, the contract

terms and other relevant details.

3) The transaction detail contained in each block is validated by all nodes in the

network via an algorithm called “hashing”. The transaction is validated if the

result of hashing is confirmed by all nodes.

4) A block is added to the chain of prior transactions only if such is validated.

(IOSCO, 2017)

In a 2017 article for Medium.com, Chami Akmeemana, the Fintech advisor for the

Ontario Securities Commission, describes some of the potential benefits of blockchain to

16
financial institutions. “All transactions are documented immutably on the distributed ledger

providing a comprehensive, secure, precise, irreversible, and permanent financial audit trail.”

Akmeemana goes to on describe the cost savings to financial institutions, and the benefits to law

enforcement. As part of their AML regulatory compliance requirements, banks must perform

KYC searches for all new accounts. Over time, if client data relevant to KYC searches is secured

on the blockchain, banks would be able to utilize one verified source to fulfill the AML

requirement. The indelible records on the blockchain can be monitored and overseen by

regulators (Akmeemana, 2017).

A bank’s customer information, including KYC and other relevant AML documents, are

usually stored in multiple, fragmented systems. Sharing client information within the individual

institution, and among other financial institutions can reduce the time and cost of onboarding

new customers. The indelible nature of blockchain allows for increased transaction transparency.

Storing transactions on the blockchain allows regulators, law enforcement, and examiners access

to original transaction details (IOSCO, 2017).

On October 12, 2017, the Exchange Commission Investor Advisory Committee of the

Securities and Exchange Commission held a meeting that included a discussion on the impact of

blockchain and other distributed ledger technologies on the securities markets. Jeff Bandman,

the former Commodity Futures Trading Commission (CFTC) FinTech advisor, presented a

future scenario where regulators would oversee activities instead of entities. On September 12,

2016, the House of Representatives passed H.Res.835 – 114 Congress (2015-2016) “Whereas
th

blockchain technology with the appropriate protections has the fundamentally change the manner

in which trust and security are established in online transactions through various potential

17
applications in sectors including financial services, payments, health care, energy, property

management, and intellectual property management…”

In January 2017, FINRA joined the blockchain dialogue with its Report on Distributed

Ledger Technology. Among its comments is that the level of transparency on the blockchain is

only as clear as the information made available. Similar to the IOSCO report, FINRA recognizes

the need to safeguard proprietary information and personally identifiable information (PII). The

report also points out that private networks have the potential to keep transactional and strategic

information private or anonymous, creating an unfair advantage.

AML Compliance

In banks of any size, sound and effective compliance is mandatory. The Society of Corporate

Compliance and Ethics defines compliance management as, “a complex responsibility requiring

measurement and reporting against a dynamic and seemingly endless array of rules, agreements,

standards, regulations, and legislations.” The primary guidance for AML compliance is the Bank

Secrecy Act (BSA), including amendments by the USA PATRIOT Act. Financial institutions

subject to the BSA must create, institute, and maintain AML programs designed to reasonably

deter money laundering and terrorist financing. A financial institutions BSA/AML compliance

program outlined in the FFIEC manual must meet the following minimum requirements:

• A system of internal controls to ensure ongoing compliance

• Independent testing of BSA/AML compliance

• Designation of a BSA compliance officer responsible for managing the BSA compliance

program

• Training for appropriate personnel

18
Although not one of the four BSA/AML program pillars, A Customer Identification Program

(CIP) is also mandatory (FFIEC).

Internal controls look at the various AML risks that exist within each business line and

function of the bank. As the risk profile of the bank changes, the internal controls are adjusted.

structure, complexity and sophistication of the internal control program should be commensurate

to the size, risks, and complexity of the bank. The policies, procedures, and processes, which

dictate the controls, monitoring systems, and reporting of the BSA/AML program are risk-

based. Independent testing is conducted through the audit function. Auditors can be internal or

external to the bank. Many banks maintain both an internal audit team, and an outside audit firm.

AML compliance is one of the few functions within a bank that is applicable to every section of

the enterprise. Traditionally, audits were risk based and used samples because it would be cost

prohibitive to test every transaction and procedure. Better technology and an increased use of

data analytics have increased the scope that an audit can cover, resulting in more accurate

findings. Audits begin with written documentation of the scope of the engagement, procedures

performed, testing conducted, and a report of findings. Included with the audit are all relevant

supporting documentation and work papers (FFIEC).

The Board of Directors is responsible for ensuring that the bank has a qualified,

competent BSA Compliance Officer. The BSA Compliance Officer must understand all the

financial institutions products and services, customer demographics, potential money laundering

and terrorist financing risks, as well as the BSA regulatory requirements. To accomplish the

tasks designated to the BSA Compliance Officer, the Board of Directors must ensure that the

department is adequately staffed and funded, that the BSA Compliance Officer has requisite

authority and directly reports to the Board of Directors, or a designed committee of the board.

19
Training specific to the responsibilities of the job function must be provided on an ongoing basis

and include new developments and changes to the BSA and related regulations. Banks must fully

document their training program. Training materials, dates and content of training, and

attendance are all required to be documented and available to regulatory examiners (FFIEC).

Regulatory landscape

In 2016, the law firm Wilmer Cutler Pickering Hale and Dorr LLP, special counsel to

The Clearing House, prepared written suggestions from industry experts on improving the

framework of the current AML/CTF regulatory system. Among the participants were law

enforcement experts, national security, regulatory, and domestic policy officials, as well as

fintech CEO’s and AML/CTF leadership from major financial institutions. Their position is that

the largest banks collectively spend billions of dollars annually to deter, detect, investigate, and

report financial crime and provide less than optimal results to aid law enforcement efforts. They

posit that reallocating the financial resources invested would potentially provide significant

increases to intelligence and enforcement agencies, and refocus dollars to the nation’s efforts of

working with the economies of developing countries.

In defense of their argument, the group listed the following partial list as core problems

with the existing AML/CTF framework:

• Lack of priority: Bank examiners are the primary compliance auditors, leading banks to

prioritize adherence to policies and procedures over results. It proposes that FinCEN

assemble an examination team for the largest financial institutions, relieving current

examination authorities of the task. The FinCEN examination team would create a more

cooperative relationship between the applicable banks and law enforcement, establishing

trust and embracing innovation. The centralized FinCEN examination team would be

20
 funded through appropriation or assessments to the banks. A multi-agency advisory

group associated with the examination team would serve as a conduit to the existing

regulators who would continue to examine the remaining institutions.

• Beneficial ownership reporting: The collection of beneficial ownership information

would be collected and provided to FinCEN, law enforcement, and applicable

stakeholders at the point of formation. Changes in beneficial ownership would also be

directly reported. Financial institutions would access and rely on the central database

when conducting account opening and ongoing customer due diligence.

• FIU roles: The Financial Intelligence Units (FIU) teams within banks are often staffed

with experienced former law enforcement officials. The constraints of the current

framework diminish the value they can provide to law enforcement. Additional latitude

to would give FIUs the latitude to address immediate threats and better assist law

enforcement.

• Primary purpose; compliance and enforcement are causing banks to de-risk, which runs

counter to their goals of global commerce and financial inclusion.

• Outdated SAR: The content of the current SAR should be evaluated for relevance and

usefulness. Technical resources exist to more accurately and fully analyze financial data

and suspicious activity. Inclusion of additional data can be mined in conjunction with

existing SAR information to better detect illicit activity.

• Opposing goals: Compliance is assessed by rigid audit standards which discourage

innovation that could lead to better quality information for law enforcement.

Standardization is important for consistency, but not at the expense of pertinent

information.

21
 • Information sharing barriers; the current system prevents information sharing of criminal

activity that is conducted across diverse geographical areas and financial institutions.

The suggestion was that the use of the 314(b) safe harbor, which allows information

sharing under specified circumstances, be broadened to aid in the investigation of

suspicious activity prior to filing the SAR.

• Inefficiencies; resources spent on duplicative or unnecessary tasks could be redeployed

towards more useful tasks. (Clearing House, 2016)

Staffing

Regulatory agencies require that financial institutions employ qualified professionals to

maintain the organizations BSA/AML program. In addition to a minimum of a Bachelor’s

degree, many financial institutions prefer candidates with one of a number of professional

certifications. Certifications demonstrate a higher level of proficiency and technical knowledge.

There are numerous certifications that provide expertise in AML. An internet search of job

descriptions posted by the top ten U.S. financial institutions yielded the following as most sought

after certifications:

• CAMS – Certified Anti-Money Laundering Specialist

• CFCS - Certified Financial Crime Specialist

• CFE – Certified Fraud Examiner

• CIA – Certified Internal Auditor

• CPA – Certified Public Accountant

• CRCM – Certified Regulatory Compliance Manager

22
Each of them requires study materials, an examination, and continuing education to maintain the

certification. Industry practice is to pay a portion or the full cost of achieving and maintaining

certification, adding to the overall cost of AML compliance.

For the eighth year, in early 2017 Thomson Reuters conducted a global survey on the cost

of compliance and the anticipated challenges for the upcoming year. A notable trend is that

budgets, staffing size, and salaries for senior compliance positions has either flattened, or grown

at a slower rate. In the report, Ed Sibley of the Central Bank of Ireland writes, “In the context of

looming fintech disruption, we may be in an era of “peak compliance officer”; this the

automation of aspects of compliance (such as know your customer (KYC) and regulatory

reporting) will result in threats to compliance officers’ jobs…..We need to be alive to the

disruptions that are coming, to be flexible and adaptive and recognize that successful

implementation of new technologies can drive significant efficiencies and greater robustness.”

The Thomson Reuters reports cites that 15% of a compliance officer’s typical week is

spend analyzing regulatory developments. “Other compliance tasks” taking up 68% of time,

include areas potentially eased by changes in technology, such as:

• Compliance monitoring and training

• Project management of regulatory implementation projects

• Assessing regulatory solutions

• Recruitment and retention of skilled compliance staff

The report indicates that Brexit, the Trump presidency, and impending EU reforms have

made a period of expected calm uncertain again. Compliance officers can expect a pause in

policy implementation to be to be filled with increased regulatory supervision, making review

and shoring up of their existing programs a worthwhile endeavor. A byproduct of increased

23
compliance function automation is greater board involvement and awareness. For both

compliance teams and boards, the volume and pace of regulatory change, and more intense

supervision were top concerns in 2017.

Cost of compliance 2017 report

Enforcement Actions

On February 16, 2017, FinCEN imposed a $7 million civil penalty against Merchants

Bank of California, N.A. for violations pursuant to the BSA. The violations outlined by FinCEN

were:

• Failure to establish and implement an adequate AML program

• Internal controls that did not meet the level of complexity and risk of the bank

• Failure to ensure the BSA Officer had sufficient independence and authority

• Inadequate training of personnel

24
The enforcement action states that bank leadership impeded investigation of suspicious activity,

and threatened employees with dismissal. Merchants did not have an appropriate due diligence

program for its high-risk money service business (MSB) customers, foreign correspondent

accounts, or internal controls for its remote deposit capture services. The bank failed to ensure an

independent audit commensurate with its risk profile. For a period of nine months, Merchants

had no BSA officer on staff, and delegated the responsibilities to business development

executives. Training of employees was not tailored to the specific responsibilities of the staff,

which FinCEN states led to a failure to identify suspicious activity. The gaps in Merchant Banks

AML compliance program resulted in billions of dollars of suspicious activity not being

reported, or not being reported within the filing deadline.

On November 1, 2017, FinCEN imposed a $2 million civil penalty against an

independent community bank in Pharr, Texas, for violations of the Bank Secrecy Act. dispelling

questions about whether small banks receive AML regulatory compliance scrutiny. Lone Star

National Bank (Lone Star) failed to comply with section 312 of the USA PATRIOT ACT, which

details due diligence requirements in correspondent banking relationships. “Lone Star plainly

failed to ask obvious due diligence questions in connection with its foreign bank account

relationship, and did not follow up on inconsistencies in answers to the questions that it did ask,”

said FinCEN Acting Director Jamal El-Hindi”. “Smaller banks, just like the bigger ones, need to

fully understand and follow the 312 due diligence requirements if they open up accounts for

foreign banks. The risks can indeed be managed, but not if they are ignored.” FinCEN

specifically points out that the size of an institution is irrelevant in assessing compliance with the

BSA. The action further evidences the U.S. governments continued aggressive enforcement of

AML and other financial crime laws, reiterating the sentiments of the U.S. Treasury Department

25
in February 2017. There is no indication that rollbacks of Dodd-Frank will lessen enforcement of

AML/CTF regulations.

26
 Discussion of Findings

In recent years, the challenge of combating financial crime has grown substantially. A

more technologically connected global economy has opened doors to conducting business in

high risk geographies, and given criminals more methods of disguising their ill-gotten gains and

funneling money to all corners of the world. Financial institutions are tasked with mitigating

risks within their institutions and complying with continually revised and expanded regulations

imposed to meet the growing threats.

Banks have responded to these challenges and regulations by increasing staffing,

investing more money into parameter-based transaction monitoring systems, and adding internal

controls. These responses have largely been reactive and piecemeal; resources are deployed to

the weakest areas, with new vulnerabilities presenting themselves in different areas of the

organization, and the cycle repeating itself without strategic intent. The outcome is a poorly

designed and functioning AML compliance department that adds risk and cost to the bank, and

provides substandard value to law enforcement. Redundancies created by the practice of

overlaying resources to whichever vulnerability has the most risk at a point-in-time adds to the

cost of compliance.

Compounding the challenges community banks face are the unknowable changes in

regulations and technology. It can be said with confidence that criminals will continue their

efforts of exploiting the financial system to aid their illicit activities. It is also safe to presume

that the United States and the global community will remain steadfast in their commitment to

fighting these crimes. However, if FinCEN alters the reporting structure for SARs or CTRs, or

changes the information it gathers, it will change the technology, staffing, and liability structure

of the banks. Likewise, if technology becomes robust and reliable enough to take over tasks now

27
done by humans, the community banks will need to allocate their compliance dollars differently.

Given that technology, staff, and regulations comprise almost the totality of an AML compliance

program, remediating and streamlining programs, and preparing for the future becomes more

onerous.

Compliance

The non-AML capital requirements imposed by Dodd-Frank have forced many

community banks to set aside working capital, and to divert funds to revenue generating

activities and away from AML compliance efforts. Regulations that continue to increase in

volume and complexity create additional current expenditures in staffing and technology that

may not be useful long enough to cover the cost of onboarding. Banks are not strategically

managing and refining their AML compliance programs, resulting in patchwork style programs

that are less effective and don’t use resources efficiently. The June 2017 Treasury report that

recommends exempting community banks from the risk-based capital regime implementing the

Basel III standards would be a welcome relief, but there is no assurance that liberated funds will

be used to shore up compliance programs.

Technology

Rapid advances in technology might work against community banks in the near term. If

the bank does not keep pace with the convenience based products of their competitors, they risk

losing customers. When they do add programs and services, they must create and implement the

related policies and procedures, training, controls, testing, and software. Onboarding of new

programs includes conducting a risk assessment of the service or product, and creation of AML

controls and protocols that match the level of risk. This process can be lengthy and should be

completed prior to launching the product or service. Technology provides opportunities to

launch new
28
products and services more rapidly than ever, including through new platforms like mobile

payments, adding complexity to an already cumbersome compliance program.

AML compliance technology is not optional, even for the smallest community banks.

Banks that purchase basic compliance programs need to employ experienced staff to compensate

for the lack of intuitive features. More sophisticated systems are costly, and require educated and

experienced staff to maximize its features. To maintain the working order of the software,

purchasing banks must also invest in upgrades and support programs.

Inefficient, parameter-based systems require banks to manually review high-risk accounts

and transactions, requiring teams of investigators. The implementation of new monitoring

systems often leads to a jump in false positive reports until the calibration of the system is

corrected. Too many reports or too few reports expose the financial institution to additional

unnecessary cost, to regulatory sanctions, and fails to meet the original objective of identifying

potential financial crime. Banks who have merged, or acquired other banks to achieve economies

of scale, partially due to the cost of compliance, bring with them legacy systems that are not

integrated with the existing systems. Systems that do not bridge information limit the ability to

automate processes like transaction monitoring and due diligence where the cost of staffing

could be offset. Software vendors frequently market programs as a panacea for the industry’s

woes. They are less forthcoming about the multitude of hurdles that often accompany new

technology.

New technologies like artificial intelligence and digital ledger technology represent both

a challenge and an opportunity. The probability that these disruptive technologies will become

mainstream is certain. The uncertain question is how quickly they become a cost effective

investment for community banks. Larger institutions with more financial resources

29
have already started implementing both AI and DLT into their AML programs. These banks

have the ability to run new and old AML technologies concurrently, and absorb the expensive

learning curve and adjustments that are inherent in adopting new technology.

New technologies often take time to deliver a return on the investment. Similar to new

products and services, new technologies that increase the ease, speed, and accuracy of

transactions are an essential investment to remain competitive but increase costs and operational

challenges in the short term. Incorporating new technologies brings additional costs, challenges,

etc when data needs to be transitioned from one platform to another. Despite technological

advances, legacy systems often do not bridge well with new programs. Additional costs need to

be budgeted for transition experts to ensure that the data is moved completely and accurately.

New technology also requires retraining of staff, along with updating of policies, procedures and

processes. Integration of AI will substantially alter the effectiveness of data analysis and reduce

the manual labor involved, but will require investments of time, capital, and effort to master to a

place where it is useful and reliable.

One of the considerations when examining the use and impact of new technologies is that

they are presented in a stand-alone manner. The potential of AI is tremendous and its potential

applications are limitless. However, a community bank needs to complete many steps before it

becomes an asset to the AML department. What tasks is AI best used for? Who is responsible for

designing and implementation? The IT department may need to contract an external consultant to

install the software. That consultant would need to work closely with the BSA officer and AML

staff to assure that the AI is delivering the expected output. The output needs to be monitored,

adjusted, and tested to provide affirmation that the output is accurate and complete. Both

technology and AML staff need to fully understand how the AI works. If the community bank

30
makes any changes to products, services, or risk tolerance, the AI needs to be altered to account

for the changes. So, although AI, or any other technology, like blockchain, holds the promise of

greater productivity and information, it is still linked to the humans who manage it, and the other

software and hardware that it interacts with.

Staffing

The skills AML staff needs are evolving with the advances in technology. As criminals

discover new ways to circumvent existing deterrents in the financial system, staff need updated

education and tools to detect threats. The roles of AML staff will change in the future as well.

Analysts and investigators will move from monitoring the transactions within in the bank to

monitoring the software and AI that the bank uses. If technology can mine data and transactions

more thoroughly, it will change the information that gets sent to FinCEN. It is not known where

the balance of data mining and information analysis will be between banks and FinCEN in the

future. If technology replaces some of the tasks currently completed by humans, job functions

may be consolidated, necessitating retraining and additional training. AML staff need to

intimately understand how new products and services work on the various platforms available.

Conveniences like remote deposit capture were not available twenty years ago. Financial

institutions like Merchants Bank in California neglected to address the risks of remote deposit

capture and were penalized by regulators for the deficiency.

Enforcement

With the changing of government administrations and political parties come different

perspectives about regulations that directly and indirectly impact AML compliance. Changes in

capital requirements for community banks will alleviate some of the financial pressure smaller

institutions currently. This may result in funds being allocated to increase compliance. The funds

31
may be allocated towards new programs, services, locations, or technology. Each of those

changes has an impact on AML compliance. Each requires the AML department to look at

policies, procedures, risk, staffing and technology. Any rollback of regulations designed to

stimulate business activity and investment introduces new risks that have to be addressed by the

AML compliance team. Changes in tax law to create incentives for companies to domicile in the

United States change the money flowing through financial institutions. Immigration law, social

unrest, health care policy; they all impact the attitudes and behavior of financial institution

customers.

What does not change is the commitment to fight global financial crime, terrorist

financing, and money laundering. There are no policy changes, political parties, or business

incentives that alter the desire to protect our nation from those that wish to do us harm; it is a

bipartisan agreement. Within sixty days of assuming office, the current administration clearly

articulated its intent to maintain and strengthen current AML related rules. It may consider

alternative ways to combat financial crime, but it will not loosen regulations to achieve

administrative objectives. As a result, community banks must maintain robust programs that are

flexible enough to meet change and demand.

32
 Recommendations and Conclusions

The only certainty in AML compliance is that given the pace of technology in an

increasingly global economy, community banks need to evolve in order to thrive. There is no

singular solution to improving AML compliance within community banks. Inefficiencies and

redundancies, understaffing and compliance gaps, outdated or segmented technology, and lack of

support and resources are among the challenges currently facing community banks. The future

holds the promise of technologies that reduce long term costs and mitigate risk. The unknown

variables are how quickly new technologies come to market with the features and functionality

that community banks need, and if the price point will be cost prohibitive. How can smaller

financial institutions remediate or maintain existing programs, streamlining where possible, and

take a proactive approach to a future that cannot reliably predict when products will be available,

what capacities they will offer, and how much the capital investments will be?

Today’s society has become accustomed to easily identifiable answers, and readily

available solutions. One of the reasons community banks are in their current predicament of

patchwork systems and processes, and programs is because of their reactive approach to changes

in AML compliance. Reactive management strategies are almost always more expensive, yield

subpar performance, and are ill equipped to navigate unexpected circumstances. The

recommended course of action for community banks is a phased in, multi-step and fluid process

that maintains current AML compliance programs, and creates responsive, flexible, proactive

departments able to meet the approaching changes in technology. This requires thoughtful

planning, diligent monitoring, and real-time adjustments as information becomes available.

33
Objective

The literature and findings in this report describe how community banks play a vital role

in the nation’s economy. The burden of compliance costs and requirements have hindered these

banks in two significant ways. Existing products and services have been downsized, and new

offerings have been delayed. AML compliance risk has increased because of failure to maintain

adequate program, exposing the banks to financial penalties and reputation risk. A rapidly

advancing leap in technology presents both opportunity and challenges. Enforcement actions

demonstrate that the size of a bank is irrelevant in assessing whether the institution has an

adequate AML compliance program. The objective is for community banks to remediate

deficiencies in their existing programs, and concurrently prepare for significant changes of

unknown scope and timing.

Process

The specific steps in achieving the stated objective begin with a comprehensive

assessment of the current AML program. There are numerous important components to this

portion of the process, and the results inform the resources needed to prepare for the future. The

assessment is followed by a plan of work to correct current weaknesses within AML compliance.

A survey of the competitive and anticipated regulatory landscape of AML compliance creates a

framework that is ideally developed as the corrective plan of work in implemented. Here too,

there are multiple possibilities to consider, and a forecast with ‘what if’ and ‘if then’ scenarios

should be included. In order to maintain a pliable, resilient AML compliance program, it is

essential for examination and integration of changes in the regulatory and technology landscape

to be an iterative process.

34
 An experienced, dedicated project manager should be designated, and be the central point

of contact (POC). The POC manages the transition process, coordinates tasks, sets priorities, and

spearheads communication with stakeholders. The POC is a trusted, objective broker in the

transition process. Sharing responsibilities and a group effort strategy does not work in

restructuring projects. The POC can be internal or external to the organization. If the POC is

internal, sufficient time must be allocated and dedicated to the process. Often internal staff carry

a full work load and are not specialists in both project management and AML compliance. The

involvement of an external consultant is limited to the project, and ends once the objectives have

been met and the internal staff are properly trained. The transformation will be incremental and

last over a period of years, so a permanent part-time or long-term contract engagement would be

a cost-effective solution. This point of contact (POC) is educated about the future of AML

compliance, and intimately understands the bank, its clients, and its culture. The POC will

inform and educate the board, and craft the transition process.

Understanding by senior leadership and the board of the dynamic, evolving nature of

AML compliance, and acceptance of presently unknown variables, is required.

35
https://image.slidesharecdn.com/projectmanagementprocess-140202232043-

phpapp01/95/project-management-training-in-indonesia-project-management-process-10-

638.jpg?cb=1391741398

Assessment and Remediation

In his book on enterprise risk management, James Lam reminds us of the business adage

that you cannot manage what you cannot measure. He adds to that, stating, “you cannot measure

what you cannot define”. A comprehensive assessment of the AML compliance program looks

at wide swath of areas including staffing hierarchy and roles, department structure and

evolution, internal processes and policies, communication, equipment, internal review protocols,

risk

36
tolerance and risk management strategies, internal audit findings, board engagement, ethical tone

and corporate culture, and training. It provides an inventory and risk profile of the existing

program, and reveal redundant and unproductive program elements. Each area examined

represents an essential role in the success of the department so an accurate assessment of their

competence is needed to form the foundation of next steps. The template for correcting

deficiencies and addressing vulnerabilities in the compliance program begins with a remediation

plan comprised of a scope of work, responsibility assignments, timeframe, budget, and

communication plan. It is a project within the overall project. Execution of this stage will have

short term and long term goals.

Landscape

The next step is to examine the competitive and regulatory landscape. The needs

of the individual community bank will differ by geography, client base, size of the institution,

and competition. The urgency of refining and transforming the compliance program will partially

depend on the status of neighboring banks. A rural bank with limited competition can have a

different strategy than a community bank in a condensed, competitive market in the Northeast.

Understanding the strategic goals of the community bank will allow the POC to design an AML

program that aligns with the future. A bank that intends to grow its commercial real estate

programs and engage in foreign correspondent banking will face more regulatory risk than one

that relies on local depository accounts. It is important for the POC and the Chief Compliance

Officer to be included in the strategic discussions of the community bank. Their input informs

decisions around staffing, capital investments, risks to the institution, and budget. Best practices

in AML compliance require the compliance program to be independent, adequately funded, and

have the necessary authority to carry out its function. Direct participation will strengthen the

37
boards understanding that management of AML compliance will include uncertainty and point of

time response.

Program evolution

Community banks need to embrace the future and lay the groundwork for its arrival.

Having an in depth understanding of what lies ahead is critical to incorporating it successfully

within the bank. As this report has shown, technology does not integrate quickly, easily, or

inexpensively. Looked at independently, software performs the tasks marketed by the

developers. However, it often does not work as seamlessly when bridged to existing programs. It

takes extensive research, time, and planning to avoid unnecessary errors. The Chief BSA officer

should begin looking at potential changes in regulations, technology, services, and business

opportunities with an eye towards its alignment with bank objectives. The Chief BSA officer

should engage in conversation with senior leadership and the board to discuss how various

decisions and directions impact AML compliance. This will help avoid costly, reactive decisions

born from a lack of planning, and mitigate compliance risk. Industry conferences, vendor

webinars, and trade organization white papers are all good starting points in acquiring new

knowledge. Eliminating solutions that don’t align with the banks goals will narrow the field of

information that needs to be researched. Each potential solution should be viewed from the lens

of how it would operate within the bank, either in conjunction with, or as a replacement to,

existing technology. Feedback from departments outside of compliance should be gathered and

given consideration. Secondary costs like training and maintenance should be included into the

integration budget.

It is expected that budget projections will change as new information is available. The

bank should maintain the original budget and supporting documentation and all subsequent

38
budgets. Reviewing the changes in budgets provides valuable insight into the rationale behind

decisions and the factors that prompted changes. This information is beneficial during the

project, and as a historical document for future leadership that details the reasoning for overall

strategic decisions. The roll out of new processes and systems should be run in parallel to

existing programs until it is confirmed that it is functioning properly, and has been evaluated,

measured and adjusted as needed. The test roll out process should be repeated until the bank is

confident that all adjustments have been made.

As the role of compliance evolves, staff will need new and different skills. To be

successful, employees need to clearly understand what is expected of them, and their progress

should be reviewed with relevant feedback that encourages continual improvement. Other

method of transforming culture within the AML compliance program so it becomes more

dynamic and fluid is to get everyone involved in discussion at some level, validating their role on

the team. An inclusive workplace will foster communication, encourage transparency, and

inspire innovation. The staff who use the technology on a daily basis are a valuable source of

input. They understand the functionality and can offer suggestions on what works well, what to

avoid, and where the pain points are.

An updated AML program that includes proactive inclusion of the future will be a

significant change for many community banks. A common mistake is not including ongoing

review and adjustments to the plan. Carving a path forward without accommodating new

understandings and change results in the same quagmire of unwinding expensive, avoidable

mistakes. Compliance is not a revenue generating activity, but it doesn’t need to be viewed as an

albatross to the bank. Done well it provides important intelligence about risks to the bank, and

how to mitigate them.

39
Conclusion

In many community banks, AML compliance is dated and ineffective. Given the

anticipated disruptive changes in the regtech industry, there is no value in entirely remediating

existing systems. The key to optimal performance is balancing the maintenance of current

compliance programming with the integration of new regulations and technology. The bank

should recognize retooling of the AML compliance program as an ongoing effort, and not a fixed

project.

Community banks have decades of embedded practices designed to meet the needs of

small geographical footprints and local customers. In the coming years, the customer base might

not change, but the most effective ways to service their business needs will. A transition to a

more nimble, responsive AML compliance program is possible with new tools, a fresh approach,

and a cultural shift within the organization.

40
 References

Accenture. (2017). Compliance costs for financial institutions will continue to increase over the

next two years driven by regulations and emerging risks, according to global Accenture

survey of executives. Retrieved from https://newsroom.accenture.com/news/compliance-

costs-for-financial-institutions-will-continue-to-increase-over-the-next-two-years-driven-

by-regulations-and-emerging-risks-according-to-global-accenture-survey-of-

executives.htm

Akmeemana, C. (2017). Using blockchain to solve regulatory and compliance requirements.

[Blog Post]. Retrieved from https://medium.com/@akme_c/using-blockchain-to-solve-

regulatory-and-compliance-requirements-16290f4b4ac1

American Bankers Association. (2017). Statement for the record on behalf of the American

Bankers Association before the Committee on Banking, Housing and Urban Affairs

United States Senate.

Association of Certified Financial Crime Specialists. (2017). Why artificial intelligence is the

future of financial crime mitigation. [Blog Post]. Retrieved from

https://www.acfcs.org/news/367459/Why-Artificial-Intelligence-Technology-is-the-

Future-of-Financial-Crime-Mitigation.htm

Bajpai, P. (2017). How IBM’s Watson will help financial institutions save time, money in

meeting regulatory guidelines [Blog Post]. Retrieved from

http://www.nasdaq.com/article/how-ibms-watson-will-help-financial-institutions-save-

time-money-in-meeting-regulatory-guidelines-cm803853.

Brynjolfsson, E. and McAfee, A. (2017). The business of artificial intelligence: what it can – and

cannot – do for your organization. Harvard Business Review.

41
Burnet, B. (2015). Compliance burdens: reducing bank products and services [Blog Post].

Retrieved from https://www.sageworks.com/blog/post/2015/08/03/compliance-burdens-

reducing-bank-products-and-services.aspx.

Crosman, P. (2016). IBM buying Promontory clinches it; regtech is real; artificial intelligence

may not make bank compliance officers obsolete, but it could mean far fewer of them in

the future. National Mortgage News, 22, Vol. 41, No. 4.

Dow Jones Risk and Compliance, ACAMS. (2016). Global anti-money laundering survey

results 2016. Retrieved from

http://files.acams.org/pdfs/2016/Dow_Jones_and_ACAMS_Global_Anti-

Money_Laundering_Survey_Results_2016.pdf

Financial Action Task Force. Retrieved from http://www.fatf-

gafi.org/publications/?hf=10&b=0&s=desc(fatf_releasedate)

Federal Deposit Insurance Company. (2012). Appendix B – regulatory compliance costs. A

summary of interviews with community bankers. Community Banking Study.

Federal Financial Institutions Examination Council (FFIEC). (2014). Bank Secrecy Act/Anti-

money laundering examination manual. (pp. 11-34, 47-84).

FinCEN. Bank Secrecy Act forms and filing requirements. Retrieved from

https://www.fincen.gov/resources/filing-information

FinCEN. (2017) FinCEN penalizes Texas bank for violations of anti-money laundering laws

focusing on Section 312 due diligence violations. Retrieved from

https://www.fincen.gov/news/news-releases/fincen-penalizes-texas-bank-violations-anti-

money-laundering-laws-focusing

42
FinCEN. (2017). United States of America Department of the Treasury Financial Crimes

Enforcement Network. In the Matter of Merchants Bank of California, N.A. Carson,

California. Number 2017-02. Retrieved from

https://www.fincen.gov/sites/default/files/enforcement_action/2017-02-

27/Merchants%20Bank%20of%20California%20Assessment%20of%20CMP%2002.24.2

017.v2.pdf

FinCEN. (2017). SAR Technical bulletins. SAR stats Issue 3. 03/09/2017.

IOSCO Research report on Financial Technologies (Fintech). (2017).

Lam, James. Enterprise risk management: from incentives to controls. Second Edition. 2014.

Chapter 14, Operational risk – definition and scope.

Lux, M. and Greene, R. (2016). Dodd-Frank is hurting community banks. The New York Times.

Retrieved from https://www.nytimes.com/roomfordebate/2016/04/14/has-dodd-frank-

eliminated-the-dangers-in-the-banking-system/dodd-frank-is-hurting-community-

banks?mcubz=1.

Macro, B. (2013). Assessing inherent BSA/AML risk at community banks. Federal Reserve

System Community Banking Connections.

McLannahan, B. (2017). US banks ‘wasting billions’ trying to track crime. The Financial Times.

Mitchell, D. (2016). Money laundering laws: ineffective and expensive. Cato Institute.

Office of the Federal Register. The Daily Journal of the United States Government. Page 29398.

Pelaez, C. (2016). Growing AML costs. AML Surveillance.

Protiviti. (2017)

Society of Corporate Compliance and Ethics. (2014). The complete compliance and ethics

manual 2014. Pages 1.3-1.7.

43
Stackhouse, J. (2016). Community bank research conference looks at the changing nature of

competition. Federal Reserve System Community Banking Connections.

Technavio (2016). Global Anti-money laundering software market 2016-2020.

The Clearing House. (2016). A New Paradigm: The U.S. AML/CFT framework to protect

national security and aid law enforcement.

Thompson Reuters. (2014). U.S. compliance salary report: job market in the post-crisis

landscape [Blog post]. Retrieved from https://blogs.thomsonreuters.com/answerson/u-s-

compliance-salary-report-job-market-post-crisis-landscape/.

Thompson Reuters (2017). Cost of compliance 2017 report. Retrieved from

https://risk.thomsonreuters.com/en/resources/special-report/cost-compliance-2017.html

Trulio. (2015) Updated 2016. Banking trend: growth of compliance teams and spending [Blog

post]. Retrieved https://www.trulioo.com/blog/are-compliance-costs-hurting-banks-

bottom-lines/

U.S. Department of the Treasury. (2015) National Terrorist Financing Risk Assessment.

U.S. Department of the Treasury. (2017). A financial system that creates economic opportunities

Banks and credit unions. Executive order 13772 on core principles for regulating the

United States financial system.

WilmerHale. (2017). AML and sanctions: 2017 trends and developments. Regulatory and

government affairs.

Winkler, S. (2016). The Three Biggest Challenges in the Data Migration Process [Blog Post].

Retrieved from http://www.ionep.com/blog/the-three-biggest-challenges-in-the-data-migration-

process/.

44
https://www.fincen.gov/sites/default/files/enforcement_action/2017-02-

27/Merchants%20Bank%20of%20California%20Assessment%20of%20CMP%2002.24.2017.v2.

pdf

45
 Appendix

Appendix A – Acronyms and Abbreviations

ABA- American Bankers Association

ACH Automated Clearing House Transactions

AML/CTF Anti-money laundering/counter terrorism financing

AI Artificial Intelligence

BSA Bank Secrecy Act

CAMS Certified Anti-Money Laundering Specialist

CDD Customer due diligence

CFCS Certified Financial Crime Specialist

CFE Certified Fraud Examiner

CFPB Consumer Financial Protection Bureau

CFTC Commodity Futures Trading Commission

CIA Certified Internal Auditor

CID Customer Identification

CPA Certified Public Accountant

CRCM Certified Regulatory Compliance Manager

CTR Currency Transaction Report

DHS Department of Homeland Security

DLT Digital Ledger Technology

DOD Department of Defense

Dodd-Frank Dodd-Frank Wall Street Reform and Consumer Protection Act

DOE Department of Energy

46
DOJ Department of Justice

ES Economic sanctions

FATF Financial Action Task Force

FDIC Federal Deposit Insurance Corporation

FFIEC Federal Financial Institutions Examination Council

FinCEN Financial Crimes Enforcement Network

FINRA Financial Industry Regulatory Authority

FIU Financial Intelligence Unit

FRB Board of Governors of the Federal Reserve System

GDP Gross domestic product

G-SIB Global systematically important banks

GRC Governance, Risk, Compliance

IRS Internal Revenue Service

KYC Know your customer

MSB Money service business

NCUA National Credit Union Administration

OCC Office of the Comptroller of the Currency

ODNI Office of the Director of National Intelligence

OFAC Office of Foreign Assets Control

PEP Politically exposed person

PII Personally identifiable information

POC Point of contact

SAR Suspicious activity report

47
SEC Securities and Exchange Commission

TFI Office of Terrorism and Financial Intelligence

TTFC Office of Terrorist Financing and Financial Crimes

USA PATRIOT ACT Uniting and Strengthening America by Providing Appropriate Tools

Required to Incept and Obstruct Terrorism Act of 2001

USPS United States Postal Service

48