Are Wires Crossed on Cross-border Reporting? The government says it's feasible; industry wonders if it's worth the effort
March 12, 2007
The decision of the Financial Crimes Enforcement Network (FinCEN) to have firms report cross-border wire transfers has the potential to become the biggest anti-money-laundering (AML) compliance initiative since the USA Patriot Act was passed in the wake of the Sept. 11, 2001 terrorist attacks.
But with no hard deadlines, financial firms were reluctant to disclose their plans to address what many observers see as an insoluble problem. Even if a data warehouse of the kind that FinCEN proposes was built and could successfully accept the data on wire transactions, many in the industry feel that the data will go unanalyzed and unused-an electronic equivalent of a file cabinet stuffed with unread documents.
In a report to Congress in January, FinCEN concluded that cross-border wire reporting was feasible but that the original 2007 deadline was not. The deadline, however, has not been revised. "FinCEN will need to make improvements to its IT infrastructure, and the foundation for those improvements is being built," said FinCEN spokesperson Steve Hudak. He said a functioning infrastructure could take three years to build. "We have established a program management office, and the recently appointed CIO has been assessing FinCEN's current IT assets."
Edward Dorris, formerly of the Department of Housing and Urban Development, was named chief information officer in September to oversee the technical infrastructure that supports the management of data gathered under provisions of the 1970 Bank Secrecy Act (BSA).
In making the case for the initiatives, FinCEN points out that these wires are already stored by firms. At the same time, FinCEN said it would need 18 months just to figure out how to collect the wires once they are sent.
"We plan to spend the next year studying what we need to do to have the capacity to collect the wire data," said Hudak. "We expect it to involve building a federated data warehouse to store the data. The feasibility study includes a discussion on the expected costs, ... about $32 million spread out over the next three or four years. We will depend on future congressional appropriations for the bulk of this funding."
FinCEN plans to limit reporting institutions to a relative handful, which it describes as "first in, last out institutions through which wires will pass," or gatekeepers. "They are those U.S. institutions that transmit an electronic funds transfer instruction directly to a non-U.S. financial institution or, conversely, those that receive such instructions directly from a non-U.S. financial institution," said FinCEN spokesperson Anne Marie Kelly. Hudak, however, noted that "it's too early to offer a precise definition of a gatekeeper."
Industry Will Pay
Taxpayers aren't the only contributors to this initiative; reporting institutions are going to have to chip in an as-yet unspecified amount of cash. "We will make every effort to determine the expected industry costs to comply with any future requirement," said Hudak. He noted that the wire transfer records are kept and held by financial institutions but "not affirmatively reported. Our cost-benefit analysis, to be conducted over the next year, should provide a much more accurate picture of the costs of reporting the records that they now hold. We continue to expect to focus only on the first in/last out' institutions. These will tend to be larger, sophisticated banks, and we'll work with them to determine the true costs involved."
Many industry observers are concerned not only about the size of the initiative, but that the specific ways in which this will be done have not been identified. "There are only a few ways they can do this," said Chris Myers, Washington, D.C. -based partner at law firm Holland & Knight. "They can take a Swift or Chips message and download it into their reporting system. Firms without compatibility will have to translate the data or file a paper form." Myers said it promises to be "a massive undertaking. Just because firms are storing this data doesn't mean there aren't compatibility issues at the other end with FinCEN. Many financial institutions have jerry-rigged legacy systems where, if you change one format or one interface, the whole system crashes, and it's expensive to redo this."
Determining the feasibility of a cross-border reporting regime was mandated in the 2004 Intelligence Reform and Terrorism Prevention Act, but the cross-border wire transfer initiative was beginning to ramp up in the aftermath of BSA Direct, the Web-based interface that would have enabled law enforcement firms to have access to BSA filings. Its prolonged development and eventual shutdown last spring does not bode well for a cross-border wire reporting regime, which is more complicated and expensive.
"I'm not aware of any government IT upgrade of this magnitude that has come in on time," said Myers. "The firms have this data: FinCEN made them retain it, it's in the regulation. What they don't have is a system that differentiates between domestic wires and international. That has to be built and will cost money."
Also, said Myers, "that system will have to differentiate between the wires that are over $3,000 and the ones that aren't." Wire transmissions of less than $3,000 do not have to be reported. Adds Myers: "This is going to be expensive no matter how flexible FinCEN's data warehouse is. Has FinCEN taken into consideration all the costs that a bank will confront in modifying their systems to talk to FinCEN's? You won't have clean data if they're not compatible; that's another cost. And I don't think FinCEN can put a cap on what banks have to spend."
"A wire contains a lot of information," said Bruce Roland, Baltimore-based principal in the PricewaterhouseCoopers risk and regulatory practice. "The successful receipt of information contained in a wire depends on several systems and layers of continuous information that reveal how it was processed and the funds were removed. When you talk about capturing wires, it's more than just capturing a Swift message or a Fedwire command. And wires are still processed one transaction at a time."
Roland said that the most critical task is "reaching a consensus on what the standard information in a wire transfer sent to FinCEN should include. Second, what's the format and what technology would be needed to accomplish that. There's information in these same messages that has to be captured in other systems. A high degree of automation does not guarantee a high degree of data quality."
Roland believes that the Swift, Chips and Fedwire data formats may have to be reengineered. The format of data received from any of those three wholesale money transfer networks "may not meet that FinCEN reporting requirement," he said. "A message you get from one bank may be different in structure than a message you get from another bank. You accept both and process them because you have an internal structure to do that. But going from the raw wire as it comes in to converting it to your systems is going to be a challenge."
Longer term, Roland expressed concern that FinCEN would leave the financial services industry to its own devices to an unacceptable extent because of the lack of standardization in wire transfers. "Hopefully, there will be coordination between the players," said Roland. "If you look at bank call reports that are now filed in XBRL [extensible business reporting language] with the Federal Deposit Insurance Corp. [FDIC], they migrated from globally standardized formats. The industry doesn't have anything like that when it comes to cross-border wires." XBRL is a tag-based, extensible-markup-language-formated standard used by FDIC, the Securities and Exchange Commission and other regulators globally for filings and reports.
FinCEN declined to comment on its plans for data formats in wires. Swift believes that adequate changes will be in a standards release this October. "In consultation with our payments community, we are implementing a change to our existing MT messages to allow a payment originating bank to provide customer information in a clear, structured and regulation-compliant way," said Malene McMahon, business manager of Swift's standards department for the North American market. "For banks on the receiving side of the payments, the option offers an automated way of earmarking noncompliant payments and easier compliance-checking of content against, for example, AML watch lists. The change will be implemented in the next Swift FIN standards release in October 2007."
However, those changes will not involve retiring text-based messages. "Swift users have always had the option of typing alphanumeric information in the ordering customer' field of FIN [MT] payment messages," said McMahon. "This option will continue to be available."
She said a new option will allow users to "input a structured format for identification of ordering customers that is in line with regulatory requirements." Codes for alien registration numbers, passport numbers and so on would allow senders and receivers to automate this information. McMahon compared it to the granularity in the International Organization for Standardization's new ISO 20022 payment messages.
Will Anyone Use It?
A lingering concern in the industry is whether, even if a data warehouse were successfully implemented, the data would ever be analyzed-and if so, then by whom, and how would it be put to use?
"One of our largest customers was processing a half million [wire transfers] a year," said Amir Orad, EVP at New York-based AML vendor Actimize. "The sheer volume is not the problem for them. The really big problem is, what will anyone do with the data? Technology is not the issue; it's the business rules and the models you will need to take advantage of that much data. This is another burden on the industry, which has been bombarded with compliance requests and legislation. The government should consider whether or not it's cost-effective."
"The question to ask is: Will this help law enforcement, or will it sit and gather dust like a stack of currency transaction reports that nobody ever reads?" said Greg Baldwin, Miami-based partner at Holland & Knight. "What is FinCEN going to do with this data when they get it? How are you going to analyze it? Who will analyze it? Do any of your agencies have the qualified staff or the budget to do this?"
"Bringing data analysis online is going to take a huge effort beyond a reporting regime," said Myers. "You're going to need coordination with all of the law enforcement agencies that look into money laundering, and somehow let them have access to this data and set up a system for using it in investigations. Unless there's a way to use this data effectively, it's going to be nothing more than window dressing,"