The Banks Secrecy Act (BSA) of 1970 was enacted by Congress to prevent criminals from hiding or laundering their illicit gains through the U.S. banking system. The statute’s objective forced financial institutions to maintain currency transactions reports, along with identifying individuals conducting suspicious transactions. Preserving these records allow law enforcement the ability to pursue and arrest criminals involved in money laundering or other financial crimes. Since the inception of the BSA, legislators have provided minimal updates, and the monetary thresholds of the currency transaction reports (CTRs) and suspicious activity reports (SARs) need to be addressed.
Furthermore, with the innovations in financial technology (fintech), criminals continue to exploit these new technologies to move money and obfuscate law enforcement. Currently, the BSA does not adequately address emerging technologies like machine learning, digital currency, know your customer, and peer-to-peer technology. As criminals continue to move money throughout the financial system, lawmakers should amend the BSA to address emerging fintech while addressing the monetary thresholds of cash transactions and suspicious activity.
In dealing with these issues, a delicate balance exists between increasing regulation to prevent crime and hindering the growth of innovation and customer convenience, along with privacy concerns. This thesis provides a policy analysis and proposal for legislative and technological improvements to financial fraud detection. Furthermore, policy leaders will have a comprehensive understanding of the benefits and consequences of specific policy action.
This paper discusses in detail the proposed monetary changes to the BSA as introduced in the Counter Terrorism and Illicit Finance Act. The Counter Terrorism and Illicit Finance Act would have altered the BSA to address the monetary CTR and SAR thresholds. The question surrounding these monetary requirements are: Should the current thresholds remain the same? Or should the amounts be adjusted as stated in the counter-terrorism act? Or should the monetary amounts be adjusted to account for inflation? Also, the counter-terrorism act removed the highly contested beneficiary ownership provision. Addressing these various issues becomes complicated, especially when considering the stakeholders involved. These concerns are addressed using a policy options criteria and matrix ranking the threat to public safety, the cost to the banking industry, the impact on law enforcement investigations, and political acceptance or opposition. Furthermore, several viewpoints with a detailed perspective from bank executives, law enforcement, and privacy advocates are discussed to provide a complete representation of the affected parties.
Fraud detection is an ongoing and challenging problem for financial institutions. Internal currency alerts only detected 50% of money laundering or terrorist financing. The banking industry also has difficulty hiring experienced staff to detect or comply with anti-money laundering (AML) regulations. With these two significant issues, machine learning (ML) can process large amounts of data to detect fraudulent activity that thus assists financial institutions. In the financial sector, “machine learning is trained to recognize normal transactions within the data and then identify all deviations and anomalies in real-time.” Using this relatively new technology, financial institutions can detect suspicious activity instead of paying a traditional analyst. However, ML has disadvantages in regards to accuracy, along with costly implementation and maintenance concerns.
Digital currency has also been a growing concern among regulators. When people think of digital currency, Bitcoin comes to everyone’s mind. Bitcoin has the largest market financial resources of any decentralized digital currency. Even though Bitcoin is the most widely circulated digital currency, many other digital currencies are available, such as Ethereum, Ripple, Litecoin, and Monaro, to name a few. The concept of having a decentralized payment system is very enticing to several citizens and entities. Nevertheless, criminals continue to use digital currency as a means to launder illicit funds without detection. Sophisticated criminals even use digital privacy coins, mixers, and blenders, to further exasperate law enforcement tracing abilities.
Know-your-customer (KYC) has become a common term within the banking industry. KYC is often referred to as the customer identification programs (CIP) as mentioned in the USA PATRIOT Act. The customer identification program or the term used now as KYC was purposely left vague to allow the banking industry flexibility in implementing this requirement. The KYC portions of the USA Patriot Act were used to verify new customers and not focus on longtime loyal customers. With the development of new technology, individuals can open bank accounts and transfer money without appearing at a local bank. This same technology allows criminals to move illicit money throughout the financial system while providing limited identification to banks. Appropriate KYC rules governing financial institutions are crucial in maintaining financial integrity to identify the source of money. The BSA must provide banks with a minimum standard for a client to open an account. These rules should ensure consistency among local and national banks, while carefully considering the implications of international banking.
With the development of the fintech industry, access to mobile money and peer-to-peer (P2P) transfers continue to increase. As more consumers and merchants embrace P2P networks solutions, criminals exploit these new platforms to launder illicit funds. Many P2P services meet the definition of financial institutions or money transmitters under the BSA/AML rules, as defined by the Financial Crimes Enforcement Network (FinCEN). The BSA should clearly define P2P services. Many fintech P2P services are not maintaining an adequate KYC program, anti-money laundering program, or filing appropriate CTRs. The BSA should address P2P transactions by using not only specific payment cards but also the international mobile equipment identity (IMEI), international mobile subscriber identity (IMSI), and the integrated circuit card identifier (ICCID). Regulators must hold P2P payment services more accountable by increased monitoring and using fintech to detect the movement of illicit funds by mandating P2P services monitor not only payment cards, but also phone devices through IMEI, IMSI, and ICCID for fraud detection.
This thesis discusses the advantages and disadvantages of ML, digital currency, KYC, and P2P technologies. An analysis of the technologies will consider cost, ease of implementation, sustainability, accuracy, privacy concerns, and public and political acceptability. A matrix will be developed objectively ranking each criterion and concluding with a detailed discussion on the results. The arguments will focus on bank executives, law enforcement, civil libertarian groups followed by a comprehensive analysis.
This document concludes with several recommendations to improve and updated the BSA. First, raising the monetary threshold of CTR filing from $10,000 to $60,000, the rate of inflation. Furthermore, the BSA should grant the U.S. Secretary of Treasury the ability to raise the monetary CTR filing on a five-year basis to adjust for inflation. The current monetary thresholds for SARs should remain the same, and the highly contested beneficial ownership provision should be added.
Advanced technology, like ML and distributed ledger technology, should not be mandated in the BSA but encouraged as the technology develops. Currently, the complexity of the technology, the monetary cost to banking institutions, privacy concerns, and political oppositions are all reasons for not mandating this type of technology in the BSA.
On the other hand, the BSA should regulate digital currency. FinCEN has already mandated several regulations on digital currency exchangers, but these regulations should be discussed and addressed by legislators. Advanced digital privacy coins, mixers, and tumblers also should be regulated within the BSA.
This thesis also recommends a minimum standard for a client to open an account. As a KYC requirement, fintech can utilize biometrics as an additional provision. Also, using a risk-based approach regarding KYC, as suggested by the Financial Crimes Task Force. These recommendations ensure consistency not only throughout the United States but also globally. Finally, P2P payment services should increase monitoring of financial transactions as related to IMEI, IMSI, and ICCID.
Supporters and challengers of the BSA all agree on the need to update the historical mandates within the act to address emerging threats and technology. As criminal organizations continue to move money throughout the U.S. financial services sector, legislators should amend the BSA to address these areas of concern to ensure financial stability and integrity. Legislators should also be cautious in restricting innovation within the United States, as fintech encourages financial ingenuity and security to accelerate financial services globally.