The Devil in the Details: Complying With the PATRIOT Act

In December, FinCEN issued a final rule to implement the provisions of Section 312 of the USA PATRIOT Act dealing with foreign correspondent accounts and private banking. The new provisions become effective April 4, 2006.

Under the final rule, financial institutions must take "reasonable steps" to identify the owners of a private banking account and to determine whether any of its owners are "senior foreign political figures." Furthermore, financial institutions will have to ensure that account activity matches up with the purpose and expected uses of the account.

Similar provisions cover correspondent accounts, which foreign financial institutions use to resell the capabilities of U.S. banks to their own clients. Now, financial institutions opening correspondent accounts for foreign financial institutions will have to do their homework -- on the foreign financial institution, their customers and even on the anti-money laundering supervisory regime overseeing that financial institution.

The provisions of final rule are focused on "enhancing what you're already doing," suggests Agnes Bundy-Scanlan, counsel in the financial services practice of Goodwin Procter LLP (Boston). "You want to ensure that your policies and procedures, and your internal controls, are appropriate for your institution and your customer base."

From an operational standpoint, this means investment in education as well as in systems. "It's not only addressing the basic legal requirements, but moving more into spelling out the roles and responsibilities of the associates internally," explains Bundy-Scanlan. "Is there enough information for employees to make the correct decisions? Is the training up to date on this new regulation? Is your monitoring software appropriate given these higher levels of scrutiny?""Monitoring has to be taken to a new level," adds Bundy-Scanlan. "It'll take time, creativity and some dollars."

Part of the creativity is finding a way to incorporate monitoring into profitability models. "The leading institutions are refining their models as to what makes a customer a risky customer," says Jeff Lavine, partner in the regulatory advisory services group at PricewaterhouseCoopers. "From the time a customer walks in the door through the monitoring of that customer through the investigation of any suspicious activities -- ultimately that ends in an evaluation of whether that customer is still worth doing business with."

In some cases, such risk-based models may lead to an assessment that the potential revenue isn't worth the risk. "There are certain classes of business that financial institutions no longer do business with," notes Lavine. "Check cashing, a legitimate industry, is increasingly being run out of the banking market. They're having a harder and harder time keeping and maintaining banking relationships."

"To a financial institution, those customers were never profitable anyway -- the money comes in and the money goes out," he adds.

Similar calculations may come into play for other potential customers, whether they are wealthy individuals seeking private banking services, or correspondent banks and their customers. For these decisions, ample data is required. "Because there is the hope for a profitable relationship and a reasonably good profit margin on the customer, you can afford to do detailed due diligence on that customer, and are expected to do so," says Lavine.But enhanced due diligence poses a challenge for domestic financial institutions, especially the smaller players without a broad-based, on-the-ground presence in other countries. Although there are third-party information sources that can provide on-the-ground due diligence, FinCEN states that financial institutions "may not rely on foreign intermediaries to satisfy their due diligence obligations." In other words, banks can outsource the task but not the responsibility. "[Third-party sources] are an imperfect tool, but they get better every single day," says Lavine. "You use the best information that's available to you."

Technology vendors are adjusting their product offerings to cover not just intelligence about foreign individuals and political figures, but also about the correspondent banks themselves. "Our capabilities can help those organizations monitor the riskiness of correspondent banks, and also to take a look at some of the transactions, monitor them and score them based on risk," explains Frank Caruana, director of product management for anti-money laundering, Experian (Costa Mesa, Calif.). "You have to know the banks’ management, audit capabilities, controls in place and the type of customers they have."

Despite all of the available technology, the ideal approach is personal. "When new customers approach you, there's no substitute for consulting some of your contacts and long-trusted customers in the marketplace and checking them out," relates PwC's Lavine.

Indeed, monitoring technology can only go so far in a compliance operation. "You need live bodies to think about, to talk about and review newspaper materials -- or images even -- and have a conversation," says Goodwin Procter's Bundy-Scanlan. "It's still not yet at the point where this can all be done through technology."