Information sharing about emerging money laundering typologies and customers engaging in suspected money laundering or fraud activity is invaluable for financial institutions (FI) in trying to protect their customers and their business. The problem faced by the industry in making information sharing a reality is quite simple: Sophisticated criminals are organized and coordinated; financial institutions are not. And this is because sophisticated criminals are not bound by any restrictions: financial institutions are.
The current information sharing mechanisms that FIs generally utilize are extremely limited. There are three primary reasons for this. First, financial institutions have legal constraints on sharing information about their customers. Second, the sharing of information can require additional resources for financial institutions that are already stretched thin trying to meet all of their regulatory obligations. And third, institutions may incur legal liability for having information in their possession that could have protected their customers, but they failed to utilize it.
While these three obstacles are formidable, they are not insurmountable. The benefits of increased information sharing far outweigh the obstacles. There are ways to accomplish this without trampling on the privacy expectations of law-abiding customers. So, let’s see what a better model of information sharing might look like.
Section 314(b)
Section 314(b) of the USA PATRIOT ACT was enacted in 2001 to provide financial institutions with the ability to share information with one another under a safe harbor that offers protections from liability in order to better identify and report activities that may involve money laundering or terrorist activities. So, for example, if Bank A sees an unusual transaction coming from a customer of Bank B, Bank A can contact Bank B and ask about that activity, and Bank B can share information about its customer with bank A. While this form of communication is useful, it is very linear between the two banks and not operated in real time. So, this process might take 60-120 days before information is shared while the initiating institution completes its investigation. By then, the damage has been done, and the money is long gone.
Information sharing with multiple banks
Let’s take the 314(b) situation one step further. Let’s say that Bank A is investigating money laundering activity and finds that one of its customers is receiving funds from accounts at Banks B, C, D, and E. Normally, Bank A would send out 314(b) requests to each of the other banks to learn more about this activity and alert the other banks about this potential money laundering activity. So, Bank A would send out requests to the four other banks and wait to see if they will respond. If all four banks respond, then Bank A will have to compile all of this information and include it in a Suspicious Activity Report (SAR) that it will file with the Treasury Department.
While this would be the normal scenario, it does not have to be like this. If all five banks are participants in the 314(b) program, it is legally permissible for them to discuss this activity amongst themselves all together – rather than for Bank A to reach out individually to each bank. However, this would require more coordination and resources. There are projects where banks do pursue joint investigations in this manner, but it is not the norm.
There is another scenario where sharing information with multiple banks at the same time would be very useful. Consider that Bank A has been notified by one of its customers that they have been defrauded. Following an investigation, it was determined that the stolen funds went to an account at a bank in Hong Kong. Bank A, if it wanted to be proactive, could notify other banks that Account #123456 at the First Bank of Hong Kong appears to be a destination account for fraud proceeds, and that other banks should review any transactions going to that account. This would be legally permissible so long as all the banks receiving the information are participants in the 314(b) program. However, there is potential legal liability for the receiving banks if they obtain information about a destination account but fail to act on it in time to prevent one of their customers from sending money to that account.
Sharing information with law enforcement
It is great to share information with other FIs, but what about also sharing it with law enforcement? That would also be useful. Unfortunately, sharing information with law enforcement requires a different mechanism that is not compatible with the 314(b) system. Unless a bank has received a subpoena or other request for information from law enforcement, the only way that banks can report suspicious activity to law enforcement is through filing SAR. But SARs are confidential, so Bank A cannot tell another bank that it has filed a SAR, even if the banks have conducted a joint investigation under the auspices of 314(b). Each bank must file its own separate SAR without discussing this with the other banks. It will be up to law enforcement to make the connection between these SARs and put them together to understand the whole case.
How can we do better? A new model
One model that would solve some of these issues would be a database available to all 314(b) participants where banks could post queries to other banks or provide information to other banks about possible bad customers or bad accounts. Rather than limiting the usage of 314(b) to linear queries, this would provide a way to share or seek information with multiple banks in a real time manner. In my view, this is legally permissible under 314(b).
There are several possible impediments here. First, banks would have to resource this new form of information sharing which could require a large staff to utilize the database properly. Second, each bank would have to develop policies and procedures for utilizing this database – both for receiving information as well as for contributing information – because this process will be subject to audit and regulatory review. Third, there is the issue of potential legal liability for failing to act upon available information to protect customers. There is also an issue of financial exclusion if banks were to be negligent in submitting adverse customer information into the database that would result in a customer being unfairly de-banked. Despite the hurdles, there are ways for these issues to be addressed if there is a will to build the system.
There is one other issue that would still need to be addressed if this information sharing model would be of maximum benefit, and that is allowing law enforcement to access this database as well. This would allow them to receive information in real time instead of having to wait for a SAR that might be filed 60 days or more after the suspicious activity took place.
Law enforcement access would require a change in the law. However, this goal was accomplished by the United Kingdom where the government created a Joint Money Laundering Intelligence Taskforce (JMLIT). JMLIT is a partnership between law enforcement and the financial sector to exchange and analyze information relating to money laundering and wider economic threats. The taskforce consists of more than 40 financial institutions, the Financial Conduct Authority, Cifas (a not-for-profit membership organization that brings different sectors together for the common goal of eliminating fraud and financial crime), and five UK law-enforcement agencies. So, this impediment can be overcome. It’s just a matter of political will.
Conclusion
It is necessary for banks and law enforcement to find a better model of information sharing if we are to ever stand a chance of getting ahead of well-organized and versatile criminal organizations. Albert Einstein once said, “We cannot solve our problems with the same thinking we used when we created them.” This is true for information sharing. While it will not be easy to build a new model for information sharing, it can be done. No issue is insurmountable. In the long run, the benefits will far outweigh the effort it took.