Why recent consent orders should be a wake-up call for reform
In this blog, Financial Crime Account Director at Fivecast, Chad Longo, delves into the crucial role that online investigations play in AML and KYC programs for banking and financial institutions to aid financial crime investigation efforts and improve compliance.
The $3,000,000,000 USD price tag accompanying TD Bank’s FinCEN Consent Order is breathtaking, and it certainly signals that regulators intend to hold institutions accountable for their actions and inaction regarding AML programs. The Consent Order reads like an episode of the popular Netflix series Ozark, without the benefit of being a fictional drama. Picture a millennial (Da Ying Sze) walking into a neighborhood TD Bank Branch with a literal duffle bag full of neatly bundled cash, which is then happily deposited by the employee. While some staff members raised their eyebrows and took appropriate measures, others were all too happy to cut corners and even accept gift cards for their efforts. The source of the cash? Proceeds from the plague of fentanyl, devastating communities throughout the United States. What is the destination of those funds? Mexican and Chinese drug cartels.
Discover how Fivecast empowers Financial Institutions to uncover financial crime
GAPS IN BANKING AML PROGRAMS
Momentarily putting aside the poor compliance culture that TD Bank fostered pre-consent order, it is not too difficult to understand the acceptance of the cash deposits because the bank fundamentally did not understand their customer. They did not have the proper due diligence information available to question why a 43-year-old with limited online information—a red flag for someone his age with the funds he had—would be depositing millions of dollars in cash as purported proceeds from a textile distribution business—which would typically not be considered cash intensive, especially during the COVID-19 Pandemic. They did not have the ability or information to link the multiple individuals Sze was using as proxies to deposit funds, even when he used their photo identification to do it himself. Training and culture aside, linking these people, activities, and anomalies together can be extremely difficult without modern tools and better data, such as online data-driven due diligence for AML programs. That point makes the TD Bank and Bank of America Consent Orders far more interesting.
Read the Industry Brief: ENHANCING FINANCIAL CRIME INVESTIGATIONS WITH AI-DRIVEN ONLINE INSIGHTS
Financial Due Diligence Programs are Failing
While Bank of America (B of A) escaped a monetary fine, their order was strongly worded. It directly reflected the sentiment expressed by FinCEN toward TD: the bank’s due diligence processes are failing. The OCC states in its Consent Order that B of A engaged in “unsafe” and “unsound” practices related to their Due Diligence Program.
FinCEN was far more aggressive, charging that TD operated a deficient risk-based due diligence program “including missing blatant disparities between customers’ actual activity and what would reasonably be expected based on available information; and insufficient independent testing that failed to identify material gaps reasonably.”
The signal is clear that American regulators are tired of the glaring gaps in due diligence programs. They echo June 2024 guidance from The Wolfsburg Group that blasts current due diligence programs for relying upon incomplete data whilst conducting mandated due diligence functions.
Minimal Compliance is non-compliant
Most striking, however, was what the FinCEN consent order boiled down to in its message to TD Bank: the bare minimum is not enough. Coupled with identifying due diligence failures, the signal is clear that banks and other regulated entities must begin modernizing their AML and due diligence programs. They must include sources that give accurate and timely risk insights and provide proper context. Change is difficult to accept, but when a regulator writes the need for it on a proverbial wall, everyone should listen and start looking for ways to innovate, while maintaining efficiency; you must work smarter and with better tools.
According to FinCEN, TD Bank spent “an order of magnitude less than its peers” on its AML program and “vastly underinvested” in its compliance efforts. While this was not solely focused on the bank’s due diligence practices, this is an area where both banks—and the entire sector—have a remarkable opportunity to improve to meet the needs of the current financial crime landscape. It is an opportunity for TD and B of A to be compliance leaders, pushing their peers to keep pace as they embrace fresh sources of due diligence data like social media content.
Modernize and Reform AML programs, or be the Next Example
In a June 2024 statement, the Wolfsberg Group concluded that current AML/CFT frameworks were ineffective in curbing financial crime. This is not surprising, as they estimated 98.9% of criminal profits are not confiscated, however, the group pushed further by challenging financial institutions to adopt a “true risk-based approach” and become inclusive of dynamic behavioral customer information, such as customer social media accounts. The Group’s conclusion illustrates the need for financial institutions to modernize their processes with relevant and contemporary data and better safeguard against bad actors attempting to take advantage of systemic gaps in information monitoring. Financial institutions and regulated entities should seriously consider the Wolfsberg statement and begin holistically evaluating risk by integrating social media as a standard source throughout the KYC lifecycle.
The Power of Social Media Due Diligence for Financial Institutions
Online data is a powerful information source for AML programs, capable of being used to detect predicate offense risk across all 22 crimes identified by FATF. Because of this versatility, online content should be consistently used and one of the initial sources evaluated by analysts. Under the recommendations for effective customer due diligence, FATF explicitly indicates that financial institutions should use “independent source documents.” While online data was not readily available when the recommendations were published in 2004, it is easy to see how applicable those sources are today for this type of verification.
Looking outside the US, EUAMLD6 expanded the regulatory scope. It extended the criminal liability to include the initiators, facilitators, and inciters of crimes as accomplices to those laundering proceeds of predicate offenses. Discovering connections between these entities can be difficult because they deliberately attempt to distance themselves in traditional sources, like corporate registries and public records. However, with Surface, Deep, and Dark Web data, financial institutions can uncover critical connections that reveal a customer’s risk, even when they may otherwise appear low or no risk.
In September 2024, AUSTRAC published suspicious activity indicator guidance to help organizations identify potential money laundering, terrorism financing, and other serious criminal activities. Many of the indicators can be enriched and illuminated with publicly available online data. In particular, for indicators of terrorist financing, mentions are made to look at open source information for links to known terrorist organizations or terrorism activities and displays of extremist ideologies (social, political, or environmental). These areas of emphasis are deftly augmented with social media data, which will likely provide the fastest and most complete answers the institution and regulators need.
The future of AML programs
No silver bullet will fix a broken compliance program or suddenly catch all the bad guys washing their ill-gotten gains through our behemoth financial system. Processes such as due diligence, adverse media checks, and continuous screening programs, which are now well-established in the industry, were once seen as “novel”. Similarly, online data is emerging as a significant focus and is being rapidly advanced by regulators worldwide.
TD and Bank of America are taking their consent orders very seriously and making sweeping, critical changes to their BSA and AML programs, but it will be interesting to see if they do “more of the same old thing,” or instead opt to try something new and show regulators that they are listening and taking measures to modernize their programs. Financial institutions can do more to identify bad actors washing duffels of cash for international drug cartels who are flooding our streets with fentanyl. It is time to catch criminals using the best tools and data available and include online data as a primary source.
Watch the latest webinar on Online Trends in Fentanyl Trafficking
About Fivecast
Fivecast is a world-leading provider of digital intelligence solutions that enable financial institutions to efficiently and accurately assess a customer’s risk profile, uncovering actionable insights critical to reducing business risk and maintaining compliant operations. Fivecast deploys advanced data collection and AI-enabled analytics to solve the most complex due diligence challenges, while driving down the cost of compliance. Fivecast was born out of a unique collaboration between government agencies and world-leading research institutions to tackle big data challenges, like those facing financial institutions today.
Request a demo of Fivecast solutions for financial crime investigations
