A joint statement by five federal agencies on October 3, 2018, that details how smaller financial institutions can share resources to improve their anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance is welcome news to institutions that have long struggled to leverage their limited resources to meet regulatory requirements. 

The statement—issued by the Board of Governors of the Federal Reserve System (FRD), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN)—acknowledges some of the challenges smaller institutions face: an exponential increase in regulatory compliance costs and difficulty in finding experienced compliance talent. At the same time, it emphasizes that banks of all sizes need to enhance their BSA AML compliance programs to combat increasingly complex attempts to circumvent the U.S. anti-terrorism and money laundering rules.

Collaboration Raises Issues

Collaborative arrangements can be helpful in several operational areas for smaller banks, community banks, resource-challenged institutions, and those with lower risk profiles for terror financing and/or money laundering. For example, BSA AML training and independent testing require specialized expertise, which midsize and smaller banks generally do not need full-time. Outside of the financial centers in the United States, however, such expertise is hard to find. Banks in a collaborative arrangement theoretically could test each other’s compliance programs to ensure that controls are in place. 

On its face, collaboration makes sense. But it also raises issues that many institutions may not fully grasp, including:

• Confidentiality of data. Suspicious activity reports (SARs) are confidential. What information can banks disclose about their customers, or concerning supervisory or other information that is intended to remain confidential? Failing to meet regulations regarding the safeguarding of confidential data could be an expensive error.
• Misalignment of risk profiles. Institutions with similar risk profiles for money laundering would have a fairly straightforward task when combining their resources. But what if those risk profiles differ significantly? Aligning roles and responsibilities between collaborating banks can be challenging in such circumstances.
• Identifying qualified resources. Finding staff with the requisite qualifications for monitoring and reporting in BSA AML programs and conducting independent testing is difficult and time-consuming, particularly in areas outside the major banking centers. If banks lack employees with the necessary experience, collaboration makes little sense.

A Sustainable Solution: The Outsourced FIU

Whether your financial institution is a Bank, a Money Service Business, a regulated FinTech startup or a Cryptocurrency exchange, you will need a comprehensive approach to BSA AML compliance in mitigating terror financing and money laundering risks. Increasingly, many Financial Institutions looking for economical and efficient ways to enhance their programs are turning to outsourced financial intelligence units (FIUs).

Achieving a sustainable and effective in-house FIU involves significant investments in technology, experienced personnel, and the ability to continually adapt policies and procedures. Strong FIUs are able to apply sophisticated analytics and maintain segregated divisions that oversee transactional and trade surveillance, unusual activity investigations, global sanctions, currency transactions, and customer intelligence. This broad combination of compliance capabilities is nearly impossible for midsize and smaller financial institutions to assemble on their own. Outsourcing a financial institution’s FIU may be the answer for many institutions. An outsourced FIU allows smaller financial institutions to gain access to benefits usually reserved for larger institutions with extensive budgets, such as the following: 

• “Large Institutional” technology, expertise, policies, and procedures at a fraction of the cost, tailored to the individual financial institution.
• Continual advances in the technology employed to identify and assess new risks and threats.
• The ability to leverage analytics and lessons learned from serving multiple institutions. Outsourced FIUs can apply knowledge gained to benefit all bank clients, expanding their focus to high-risk customers and counterparty relationships, not just risky transactions.
• Ease of monitoring, because an outsourced FIU is designed solely for client institutions. 
• Crowdsourced early warning alerts when multiple financial institutions subscribe to the outsourced FIU. One financial institution’s customer might be involved in unusual transactions spanning across other outsourced FIU’s financial institutions and the FIU can provide some warning, without violating confidentiality and privacy, to other financial institutions. 

In addition to the benefits listed above, when a financial institution outsources its FIU function, resources otherwise used for compliance can be redeployed to other operational areas of the institution. For example, time not needed to deliberate on transactions or alerts can be devoted to other risk areas. 

Given the heightened scrutiny regarding newer types of financial institutions, such as FinTech money service businesses or Cryptocurrency Exchanges, a good outsourced FIU partner will help reassure the regulatory agencies that these financial institutions are serious and committed to meet and exceed their regulatory compliance requirements. Additionally, an outsourced FIU will allow these new financial institutions to scale economically regardless of the transactional volumes achieved.  

Regardless of whether a financial institution chooses the path of collaboration or outsourcing, it must always keep in mind that responsibility for BSA AML compliance always resides with each financial institution. It is not possible to delegate that obligation. Therefore, choosing an expert partner that understands the financial institution’s business as well as what regulators are looking for is critical.

Six Things to Look For

Financial Institutions considering a partner to provide an outsourced FIU should ask the following questions:

• Does your team understand my financial institution’s risk profile, products and services?
• How do you gain an understanding for our financial institution, our customers, and our risks?
• How will you marry your technology to those risks?
• What role does our financial institution play in the process?
• How will your service save us money?
• What qualifications and experience does your team have?
• How does your service scale to meet high levels of demands, such as transaction monitoring alerts?

Outsourcing allows financial institutions of all sizes to maximize their BSA AML compliance capabilities while taking advantage of economies of scale, bespoke technologies, and specialized expertise without excessive costs. Financial Institutions must cautiously weigh the risks and benefits of collaboration or outsourcing, identify the right partners, and remain transparent with customers and regulators about their compliance capabilities. Regardless of the solution chosen, it remains the responsibility of individual institutions to constantly strive to address the risks posed by domestic and international money launderers and those trying to finance terrorism utilizing the global financial system.