Ongoing Impact of the USA PATRIOT Act

USA PATRIOT Act compliance - or something very much like it - will eventually be mandatory across the entire financial services industry. Many enterprises currently outside of its regulatory reach are adopting customer identification programs and transaction mining systems anyway, as their use reflects sound business judgement on a number of fronts. Compliance, though, is more than the simple one-time acquisition of software or imposition of business processes. Adequate ongoing funding must be provided for:Knowing your Customer

Acquiring and preserving adequate identification, behavioral and transaction data to facilitate the profiling of "normal" customer behavior and determine the beneficial owner of business clients. Covered firms are required to be not only "reasonably certain" regarding the identity of their customers but also must determine whether the source and destination of their customers' funding is unlawful. Detailed, accurate and timely personal and/or corporate information will be needed to perform link and "householding" analyses of accounts.

Cleansing customer data. This will greatly reduce the number of "false positive" reports requiring investigation, especially for OFAC and other interdiction list matching. Ultimately this may require centralizing data management and data quality control to introduce consistency. This does not require a data czar, but can be met with uniform rigorously enforced data standards.

Investigating "anomalous" customer behavior to see if filing official Suspicious Activity Reports is actually warranted. SARs are shared across, and never purged from, the worldwide law enforcement community. SARs filed as a substitution for proper investigation of poorly understood business activities may blight your customers' future business prospects and haunt their lives in ways now unforeseen.

Knowing the Bad Guys

Ongoing training for system operators and compliance staff who must keep abreast of changes in money-laundering regulations, policies and practices. AML awareness training, at minimum, should be required for all employees, geared to their function-related needs.

Updating and testing the business rules for detecting suspicious or prohibited activity. This may require engaging outside security and law enforcement specialists.

Subscribing to "augmented interdiction lists and services" beyond those necessary for strict letter-of-the-law regulatory compliance. Demands for extended due diligence for "politically exposed persons" are expected to intensify, and are difficult to track without outside help.

Knowing Yourself

Establishing a truly independent audit function to test anti money laundering programs. The function should exceed minimum requirements and include actual "live" testing of anti-money laundering procedures by experienced, independent third parties.

Know your agent... and business partner, and supplier. Problems can spring from anywhere, and may be contagious.

Fighting racial and ethnic discrimination. Insurance firms are encouraged to run "mystery shopper"-type tests to make sure employees or agents are not inadvertently or accidentally discriminating against groups "everyone knows" are involved in money laundering.

Improving accessibility: Test periodically but randomly to assure you can answer anti-money-laundering-driven requests for information and account documentation for any account opened, maintained, administered or managed in the United States by your regulators within 120 hours (five days) of receipt. Written requests from law enforcement agencies must be fulfilled within seven days.

We expect that, despite intense industry pressure, the exemption of property and casualty (P&C) insurance lines from USA PATRIOT Act compliance will be temporary. P&C carriers should at least investigate adopting USA PATRIOT Act-compliant customer information programs and data architectures as part of their fraud reduction efforts and U.S. Office of Foreign Asset Control compliance programs, so that the required information will be available when needed. All financial services providers should be aware that the USA Patriot Act is not the only anti-money laundering regulation, and applications tailored to its unique needs may not be sufficient in all cases.

Compliance is not the place to wantonly cut spending. Keep in mind that corporate officers, not low-level compliance staff, will be the ones fined or jailed if a money laundering event is discovered by law enforcement, rather than your own staff.

For reprint and licensing requests for this article, click here.
MORE FROM DIGITAL INSURANCE