BPI Recommends Banking Agencies, FinCEN Change Risk Management Examination Practices for AML/BSA and Sanctions Models and Tools

Re:    Request for Information and Comment: Extent to Which Model Risk Management Principles Support Compliance with Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Requirements (Docket No. OCC—2020—0047; OP—1744; RIN 3064—ZA23; NCUA–2021–0007; FINCEN—2021—0004)

To Whom It May Concern:

The Bank Policy Institute1 appreciates the opportunity to respond to the request for information and comment regarding the extent to which model risk management principles support compliance by banks with Bank Secrecy Act requirements and economic sanctions administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control.2

I.  Introduction

We note at the outset considerable work that has been done by your agencies in order to make the AML/CFT and sanctions regimes more efficient and effective—that is, to ensure that banks and other institutions responsible fordetecting suspicious activity are doing so in the most effective way.

This has included Treasury Department support for the recently enacted Anti-Money Laundering Act of 2020 (“AMLA”), which includes not only beneficial ownership disclosure requirements that will deter the use of anonymously owned shell companies to hide illicit behavior, but also a general mandate to the Treasury and FinCEN to foster innovation in transaction monitoring. Even aside from the legislation, however, the banking agencies and FinCEN over the past few years have taken numerous steps to rationalize the AML process, which have included, among other things, the issuance of a joint statementin August 2020 clarifying the due diligence requirements applicable to customers that may be politically exposed persons,3statements issued by FinCEN and the federal banking agencies in August 2020 setting forth BSA enforcement approaches,4 a joint statement in December 2018 encouraging institutions to responsibly implement innovative AML compliance approaches,5 and various revisions to the FFIEC BSA/AML Examination Manual.

Of course, those efforts also include the recent interagency statement from the federal banking agencies, issued in consultation with FinCEN and the NCUA,6 emphasizing that the Supervisory Guidance on Model Risk Management (“MRMG”)7 does not have the force of law and may be interpreted flexibly as applied to AML/CFT systems. That statement, standing alone, should do much to rationalize relevant processes. That said, we welcome the current RFI as a way to amplify the Interagency Statement and ensure that it is effectively communicated both to examiners in the field and to compliance officers at institutions. We recognize that facilitating a change in direction by a broad set of examiners and institutions is always difficult, and particularly in an area that historically has been treated as one with zero tolerance for error such as this one. We also recognize that there will be challenges in ensuring that the MRMG is no longer necessarily considered binding, at least at the most risk-averse firms or by the most aggressive examiners.

For these reasons, in this letter, we emphasize why the Interagency Statement was appropriate and how we believe it will promote a banking system more difficult for bad actors to exploit, and then suggest ways that it can be implemented most effectively.

Download the full letter below.

1 The Bank Policy Institute is a nonpartisan public policy, research and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the UnitedStates. Collectively, they employ almost two million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.

2  Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, Office of the Comptroller of the Currency, Request for Information and Comment:Extent to Which Model Risk Management Principles Support Compliance With Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Requirements, 86 Fed. Reg. 18,978 (Apr. 12, 2021).

3 Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, Office of the Comptroller of the Currency, Joint Statement on Bank Secrecy Act DueDiligence Requirements for Customers Who May be Considered Politically Exposed Persons (Aug. 21, 2020), available at https://www.fincen.gov/sites/default/files/shared/PEP%20Interagency%20Statement_FINAL%20508.pdf.

4 Financial Crimes Enforcement Network, Financial Crimes Enforcement Network (FinCEN) Statement on Enforcement of the Bank Secrecy Act (Aug. 18, 2020), available at https://www.fincen.gov/sites/default/files/shared/FinCEN%20Enforcement%20Statement_FINAL%20508.pdf. Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Joint Statement on Enforcement of Bank Secrecy Act/Anti- Money Laundering Requirements (Aug. 13, 2020), available at https://www.occ.treas.gov/news- issuances/news-releases/2020/nr-ia-2020-105a.pdf.

5 Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, Office of the Comptroller of the Currency, Joint Statement on Innovative Effortsto Combat Money Laundering and Terrorist Financing (Dec. 3, 2018), available at https://www.fincen.gov/sites/default/files/2018-12/Joint%20Statement%20on%20Innovation%20Statement%20%28Final%2011-30-18%29_508.pdf.

6 Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Interagency Statement on Model Risk Management for Bank Systems Supporting Bank Secrecy Act/Anti-MoneyLaundering Compliance (Apr. 9, 2021) (the “Interagency Statement”), available at https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20210409a2.pdf.

7 Board of Governors of the Federal Reserve System, Officer of the Comptroller of the Currency, Supervisory Guidance on Model RiskManagement (Apr. 4, 2011), available at https://www.federalreserve.gov/supervisionreg/srletters/sr1107a1.pdf see also Federal Deposit Insurance Corporation, Adoption of Supervisory Guidance on Model Risk Management, FIL-22-2017 (June 7, 2017), available at https://www.fdic.gov/news/financial-institution-letters/2017/fil17022.pdf