From: cman@communities.com (Douglas Barnes)
Date: Sun, 8 Oct 95 22:24:48 PDT
To: cypherpunks@toad.com
Subject: Conference Summary, Part the First
Message-ID: <v02120d07ac9e557bab94@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain




INTRODUCTION

As you may know, I attended the Fourth International conference
on Money Laundering, Forfeiture, Asset Recovery, Offshore Investments,
the Pacific Rim and International Financial Crimes last week. I
will be dribbling my trip report out over the next week.

The conference was attended primarily by lawyers, bank "compliance
officers", law enforcement personnel and federal regulators. There
were several main themes through the conference:

  o How existing and soon-to-exist regulations affect banks and
    NBFIs (Non-bank financial institutions) with respect to money
    laundering.

  o How the US is projecting its notions of fiscal propriety around
    the globe.

  o Scary stories about things bad people do.

There were also a few bits that prevented it from being a complete
pro-law-enforcement rally, including an interesting bit on foreign
asset protection trusts and a single speaker who dared to suggest that
if we stopped treating drugs as a law enforcement problem, perhaps we
wouldn't have such a serious problem with money laundering. There was
also the bizarre substitution of a marketroid from First Virtual for one
of the speakers.

Despite this somewhat bleak description, it was extremely educational,
and, I think quite useful -- the utility coming not so much from the
explicit content, but rather from the subtext of the talks, the
interactions between the different parties, the hallway conversations,
and the vast tracts of ignorance with respect to cyberspace that were
displayed (and, to be honest, openly admitted) in some of the talks.

Some quick morsels of interest:

  o Regulators are not amused by attempts to run unlicensed online
    banks. They are aware such things are starting to pop up, and
    they are very interested in shutting them down when they do.

  o The same goes for NBFIs (Non-bank financial institutions) --
    these appear to be regulated primarily at the state level, with
    some IRS and FinCEN involvement. These include everyone from
    stock brokers to Casas de Cambio. (I shared a table with a lawyer
    from Chula Vista who represents some of these guys -- he had a
    wonderful sense of humor and we began to worry we'd get chucked
    out for laughing at the wrong parts of the presentations.)

  o The attendees displayed an understanding of the situation wrt
    electronic payment systems that ran from dim to non-existent. A
    surprisingly large number of them had heard of David Chaum, who
    apparently has been hob-nobbing with them a bit. I don't think
    much of what he's said has sunk in, beyond some acquisition of
    the notion that non-anonymous systems can pose privacy problems.


THE _REALLY_ SCARY PART
New Regulations Coming, Old Regulations Reinterpreted

Recent legislation and regulation on money laundering is moving
in the following direction:

  o Fewer formal, specific or deterministic rules for reporting
    suspicious transactions.

  o More vague, subjective, and privacy-invading rules for
    reporting suspicious transactions, coupled with more severe
    penalties for banks and NBFIs.

More specifically ("bank" includes NBFIs):

  o Banks are now considered "deputies" of the federal government
    in the War On Money Laundering.
  o Banks have an affirmative duty to use their resources to seek
    out and report on suspicious activity.
  o Banks must implement strict "Know Your Customer" policies.
  o If money launderers are found to be using a bank, a bank
    can be closed down (Under Annunzio-Wylie "death penalty"
    provisions); penalties are mitigated if:

    o Senior officers are aware of and pushing for compliance
      with m.l. regulations.
    o Bank has strong controls that were thwarted in a new or
      unusual way.
    o Bank cooperated (and has a history of cooperating with)
      Law Enforcement Agencies, including appropriate filing
      of Currency Transaction Reports (CTRs), Suspicious Activity
      Reports (SARs) and Criminal Referral Forms (CRFs).
    o Bank instituted new controls after m.l. incident.
    o Removal of bank would harm community.

The primary representative of the regulators, Dan Sato, made it
very clear that it was not the government's job to define
"suspicious" behavior, but that this was up to the banks. This
has the effect of causing the banks to implement far more
restrictive and invasive policies than the government could ever
explicitly mandate.

Those of you who have recently experienced new account paranoia
at banks should take note -- it's going to get much, much worse.
Current compliance measures being used or proposed for use by the
industry itself include:

 o Increased ID requirements for new accounts, including bank
   references, follow-up investigation, flagging of mail-drop
   addresses, etc. One attendee described some software to detect
   new account fraud in glowing terms.

 o Use of transaction profiling to detect unusual patterns; use of
   AI at banks to turn them into mini-FinCENs.

 o Pre-loading transaction profiling with a detailed questionnaire
   given to customers when account is opened: "Do you plan to make
   any large cash transactions?", "Do you plan to send or receive
   any wire transfers?" -- answers trigger further investigation
   and documentation of the customer's reson for using these services.

Note that equivalent measures and software are enthusiastically
embraced by the people involved in NBFIs, including a
representative of a large money transmitter I spoke with.

Most of the discussions on the subject of bank regulation wrt
money laundering featured some input from John Byrne, a lobbyist
for the American Banker's Assocation, and, for reasons which
are clear, "the first private sector recipient of FinCEN's
Director's Medal for Exceptional Service." Mr. Byrne continued to
provide exceptional service for the government throughout the
conference, a model of government-industry cooperation.

It is important for people not involved in the banking industry
to realize that it is very tightly regulated, with a good deal of
highly subjective lattitude given to bank examiners. There is
very little due process available to banks wrt the judgements made
by examiners, and banks wisely do whatever they can to avoid
irritating the government. The alternative is higher fines and
less benefit of the doubt when they inevitably screw up and
violate one of the yards of regulations affecting them. [I am
continuing to research how control is extended to NBFIs.]

This enthusiastic compliance is not too surprising. In
fact, one of the recurring complaints from the bankers was that
over the years they had dutifully filed Suspicious Activity Reports
and Criminal Activity Forms and nothing ever happened; as a reward
for their concerns, they now have an affirmative duty to follow
up on these forms if they don't hear back from an appropriate LEA.
(Failure to follow up is now considered a form of willful blindness.)

And finally, for your entertainment and edification, here are some
examples of "suspicious behavior", generally:

o Insufficient, false, or suspicious information provided by
  the customer.

o Cash deposits, purchase and/or deposits of monetary instruments,
  or wire transfers which are not consistent with the business activities
  of the customer. (Ponder for a bit how closely a bank has to understand
  you and your business to make this determination.)

o Structuring of transactions to avoid reporting requirements (a
  running joke in the conference was that a $9,500 cash transaction
  is far more suspicious than a $24,000 one.)

o Funds transfer to foreign countries.

More specifically:

o Customer is reluctant to provide information requested for
  proper identification.

o Customer opens a number of accounts under one or more names and
  subseqently makes deposits of less than $10K in one or more of them.

o Customer is reluctant to proceed with transaction after being
  informed that a CTR will be filed.

o Customer makes frequent deposits or withdrawals for no apparent
  business reason, or for a business which generally does not involve
  large amounts of cash. (Again, ponder the process of determining
  this.)

o Customer exchanges large amounts of currency from small to large
  denomination bills.

o Customer makes frequent purchases of monetary instruments for cash
  in amounts less than $10K.

o Customers who enter the bank simultaneously and each conduct a large
  currency transaction under $10K with different tellers.

o Customer who makes constant deposits of funds into an account and
  almost immediately requests wire transfers to another city or
  country, and that activity is inconsistent with the customer's
  stated business.

o Customer who receives wire transfers and immediately purchases
  monetary instruments for payment to another party.

o Traffic patterns of a customer change in the safe deposit box
  area possibly indicating the safekeeping of large amounts of cash.

o Custmoer discusses CTR requirements with apparent intention of
  avoiding those requirements or makes threats to an employee to deter
  the filing of a CTR.

o Customer's wire traffic increases, esp. if international

o Customer receives many small incoming wire transfers or deposits
  of checks and money orders then requests wire transfers to another
  city or country.

o Large wire transfers less than $10K to nonaccountholders, esp.
  in conjunction with purchase of monetary instruments.

o Customer's stated purpose for a loan does not make economic sense,
  or customer proposes cash collateral for a loan while refusing to
  disclose the purpose of a loan.

o Requests for loans to offshore companies, or loans secured by the
  obligations of offshore banks.

o Borrower pays down a large problem loan suddenly, with no reasonable
  explanation of the source of funds.

o Customer purchases CDs and uses them as collateral, or uses any
  cash collateral for a loan.

o Loan proceeds are unexpectedly channeled off-shore.

[More to come.]