On October 3, 2018, federal bank regulators and FinCEN issued an interagency statement (Joint Statement) on the topic of banks sharing resources with other banks to manage Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance. While the statement generally supports collaboration, banks that are considering entering into resource-sharing agreements should still proceed with caution and ask themselves if entering into a BSA/AML compliance collaboration agreement will benefit the bank.
Background
The concept of collaboration between banks and other financial institutions for BSA/AML compliance is not new. Banks have long collaborated through the information-sharing process under Section 314(b) of the USA PATRIOT Act to allow them to investigate potentially suspicious transactions or parties. More recently, however, banks have begun entering into broader sharing agreements outside the 314(b) process that pool the resources of multiple banks to more efficiently and effectively manage BSA/AML risks. The Joint Statement speaks to this latter form of collaboration and provides greater guidance to banks about whether collaboration may be appropriate and what such collaboration might look like in practice.
It is critical for any bank considering collaboration on BSA/AML compliance to understand that entering into such an arrangement does nothing to alleviate each participating bank’s own obligations to develop and implement a BSA/AML program. Each institution must maintain a program that satisfies the traditional “four pillars” of AML compliance: (1) a system of internal controls to ensure ongoing compliance; (2) independent testing of BSA/AML compliance; (3) designating a BSA compliance officer; and (4) training for appropriate personnel. Banks must also individually comply with the newly added “fifth pillar” that requires banks and other covered financial institutions to develop and implement appropriate risk-based procedures for conducting ongoing customer due diligence. Such procedures must include understanding the nature and purpose of customer relationships to enable development and maintenance of a customer risk profile and conducting ongoing monitoring to identify and report suspicious transactions.
Although collaboration agreements cannot eliminate a bank’s individual obligations under the BSA, the Joint Statement acknowledges that BSA/AML compliance collaboration between banks may nonetheless be beneficial to banks in some circumstances. The decision about whether collaboration may be appropriate in an individual circumstance must be assessed on a bank-by-bank basis.
Questions for Banks to Consider
While the decision about whether to collaborate should ultimately be made after thorough consideration by bank stakeholders and counsel, there are several questions that a bank should consider as a part of the decision-making process.
Is collaboration appropriate given a bank’s risk profile?
As the Joint Statement indicates, collaboration agreements will not be appropriate for all banks. Whether collaboration is appropriate for a specific bank will depend in large part on the bank’s risk profile. The Joint Statement contemplates collaboration between community-focused banks with less complex operations and lower risk profiles for money laundering and terrorism financing. For example, local and small regional banks and community credit unions are likely good candidates for collaboration agreements.
In contrast, larger banks with complex operations and multinational or high-risk customer bases are not likely to be suitable candidates for collaboration. Bank regulators expect and demand that banks with higher risk profiles will maintain more sophisticated BSA/AML compliance programs and will devote more resources to BSA/AML compliance generally, as appropriate for such banks’ level of risk exposure.
What should a bank look for in seeking a bank with which to collaborate?
Although the Joint Statement does not address what a bank should look for in a partner it will collaborate with, it is inevitable that not all banks will pair well. To fully leverage the efficiencies of shared BSA/AML compliance resources, banks will likely want to seek out true peer banks with similar risk profiles. Among the similarities that a bank will likely want to look for when seeking to partner are:
- Size of the bank, including total number of branches, total number of customers, total assets held for customers, etc.
- Makeup of its individual-customer base (e.g., U.S. versus non-U.S. customers).
- Makeup of its corporate-customer base (e.g., money services businesses, cash-intensive businesses).
- Geographic proximity for purposes of sharing physical resources such as personnel.
- Extent of financial resources devoted to BSA/AML compliance efforts.
- History of regulatory scrutiny or civil or criminal enforcement actions against the bank or its customers.
More broadly, thorough due diligence on any potential partner will be crucial for a bank when considering whether to collaborate on BSA/AML compliance.
What resources will be shared as a part of the collaboration?
The Joint Statement contemplates the potential for broad sharing of resources as a part of BSA/AML compliance collaborations. Among the types of resources and tasks that a bank may wish to consider sharing in a collaboration are:
- Drafting, review, and revision of BSA/AML policies and procedures.
- Development and review of risk-based customer identification and account monitoring processes.
- Customization of monitoring systems and reports.
- Cross-utilization of employees for independent testing of the BSA/AML programs of the collaborators.
- Shared training.
Ultimately, the decision of the extent to which collaboration is appropriate will be driven by both economic and risk considerations of the individual banks involved.
Will collaboration ultimately benefit a bank?
Collaboration on BSA/AML compliance is both a legal decision and a business decision. Any decision to collaborate should take both considerations into account.
From a legal perspective, a bank should consider several issues. First, will the collaboration meaningfully enhance the strength of the bank’s overall BSA/AML compliance program through devotion of greater or more sophisticated resources to the program? Second, will the collaboration expose the bank to greater risk due to the proposed partner’s risk profile? Third, can the parties come to clear and mutually beneficial terms detailing the scope of the collaboration and the obligations of the parties to support that collaboration?
From a business perspective, a bank will likewise have a number of issues to consider. First, does the collaboration make economic sense for the bank, taking into consideration the potential for economies of scale in the use of shared resources? Second, does the collaboration risk exposure of bank proprietary or sensitive information to a competitor? Third, are there practical concerns with how the bank’s primary regulator may view a decision to collaborate, particularly in light of any negative history of enforcement actions against the bank?
Conclusion
The Joint Statement supports banks considering collaboration on BSA/AML issues in appropriate circumstances. Although collaboration will not be appropriate for all banks, there are certainly those that stand to benefit from collaborations through more efficient use of resources and the ability to strengthen compliance efforts through the sharing of resources. Nonetheless, banks considering entering into collaboration agreements should proceed with caution and be mindful that nothing alleviates a bank’s responsibility for ensuring the adequacy of its BSA/AML compliance program.