October 2, 2025 • 33 mins
Banks have been using natural language processing and machine learning applications for years in managing their anti-money laundering and Bank Secrecy Act obligations. But how does the growing adoption of generative AI tools affect how BSA and fraud professionals protect their banks? On the latest episode of the ABA Banking Journal Podcast — presented by Agri-Access — former FDIC official Lisa Arquette shares a regulator’s-eye view of generative AI in the BSA world and how regulators have been approaching the technology for their own work.
Joined by ABA SVP Heather Trew, Arquette also discusses:
- The state of play on banks’ beneficial ownership reporting obligations.
- Other elements of implementing the AML Act of 2020.
- How regulators weigh AML/BSA performance when approving mergers and acquisitions.
- Fluctuations in AML/BSA compliance investments through the economic cycle.
- The low number (1%) of BSA-related examinations at the FDIC that result in enforcement actions.
Register for the ABA Financial Crimes Enforcement Conference, Oct. 14-16 in Arlington, Virginia.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Evan Sparks (00:06):
from the American Bankers Association.
This is the A BA Banking Journal podcast.
Welcome back.
Today's episode ispresented by Agri Access.
I'm Evan Sparks and I'm delighted tobring you a conversation on a topic
of perennial interest to bankers.
And that is Bank Secrecy Actcompliance and how we are working.
Banks are working to ensure the financialsystem does not get used by bad actors.
(00:30):
And to ke to catch us up onrecent trends in that area.
We have two excellent guests.
Well, first we have lisa Arquette, aformer operational risk Deputy Director
at the FDIC with a lot of experience inthese issues as well as my a BA colleague
who's been on the podcast before.
Heather Trew senior Vice President forBSA/AML issues here at a BA and both of
(00:53):
them experts in this area in this topic.
So Heather and Lisa, welcome to the show.
Delighted to have you.
Heather Trew (00:59):
Thank you.
Lisa Arquette (01:00):
It's good to be here.
Heather Trew (01:01):
Thank so much Evan.
Evan Sparks (01:02):
Alright.
So let's let's start off with a topicthat we have talked about for you
know, talked about a lot on the showat the end of last year with all of
the ups and downs of court cases and apresidential transition and issues in
Congress, and that's beneficial ownership.
This was the, the, the single most readitem by probably five x, that was appeared
(01:27):
on the a BA Banking Journal website inthe past year was on beneficial ownership.
And one of the, the cases related to thebeneficial Ownership information registry.
Heather and Lisa, what's the state of playwith the beneficial ownership registry and
what bank's obligations are in that area?
Lisa Arquette (01:42):
This has been an area where there's been a great deal of angst
not only by the banking industry but bya lot of entities in the US that thought
they were going to be reporting companiesthat had an obli that would have an
obligation, and that included very smallentities like mom and pop stores that
suddenly were domestic reporting entities.
But I do think this is an area wherea tremendous amount of feedback
(02:06):
resulted in a change that I thinkhas been largely viewed as positive,
and now reporting entities do notinclude what was previously the
domestic reporting entities, and itdoesn't include us persons that would
have been beneficial owners underone of the iterations of the rule.
(02:27):
FinCEN issued an interim final rulethat really applies only to foreign
entities that would be doing, orthat will be doing business in the
US and their beneficial owners.
So that is a big change.
And again, I really think that based onthe feedback that was coming to banks
from their customers about, a databasethat would collect a lot of information
(02:49):
on their entity or at least their person.
And what was gonna be done with thatinformation and when would it be updated?
Who had the obligation and what wouldthe bank do to verify the identity?
There were so many questions,and I think many of them have
been resolved and, and some mayremain outstanding for, for banks.
What do you think, Heather?
Heather Trew (03:08):
Well, I would say yes.
The bottom line, there havebeen so many twists and turns.
It's been the rollercoaster of BSA compliance.
Absolutely.
But yeah, so I think bottom line isFinCEN had reported that there were
approximately 10 million of the originally33 million small businesses in America
(03:30):
that were anticipated to have newreporting requirements under what was
the previous version of the reportingrule, which is you just pointed out,
Lisa has totally changed and is nowvery different than what it was before.
So there were pro about a third of thosebusinesses, 10 million had reported.
It's not clear what's gonnahappen to that data yet.
But now going forward, the only peoplewith reporting obligations, as you
(03:53):
said, are the foreign companies that areregistered to do business in the us which
are approximately 12,000 of them or so.
So from a bank's perspective though,bottom line is you were doing CDD
before, you're continuing to do CDD.
Now keep on keeping on.
Right,
Evan Sparks (04:11):
so, so from the bank's point of view, the bank does not have the
benefit of this one-stop shop registryto go and validate the information that
they're getting from their customers.
So you've gotta go, you know, you know,the customers may be ha, the business
customers may be happy about not having toregister, but banks still do have to have
more to do to validate the informationthat they're getting from these clients.
(04:31):
Right?
Yeah.
Lisa Arquette (04:32):
You know.
Evan, nothing, nothingchanged from that perspective.
The beneficial ownership requirementthat banks have currently that has not
changed is that they collect informationon business entities and then they,
on a risk basis, verify the identity.
Even that was not gonna change based onthe earlier version of the rule, because.
(04:55):
There wasn't a provision withinthe earlier version that FinCEN
was going to verify the identityand or update that information on
any frequency that still exists.
So at this point, bank requirementsremain the same and they've got, they've
got processes in place to do that.
That's my understanding, Heather.
Heather Trew (05:15):
My understanding is just the same.
The one additional piece to note isthere still is a piece of the CTA, the
Corporate Transparency Act, which isthe law that authorizes all of this,
that sort of directs and anticipatesthat, you know, there are ways and
people who can use that information.
Seek use, seek use of that informationthat includes banks, but it's not yet
(05:38):
clear what scent is going to do interms of moving forward with that.
So there's still questions that remainand, and we're, we're gonna stay on
top of that and keep pe people informedas, as we learn new information.
Evan Sparks (05:52):
Good points.
We've hit the big news bucket item, but,bank Secrecy Act is, you know, not just
the, the sprint of beneficial ownership.
It is over the last year or so, ithas, it is this marathon process
of always ma managing the risksassociated with this program.
I'm curious, you know, particularlyLisa, from your point of view,
(06:14):
given that you know, banks.
They want to, they want to havea strong BSA program, and they
also are, banks are also growingand attempt and seeking growth.
What are some of the challenges thatyou've seen in a bank bSA program that
comes about from the process of growth,whether organically or through M&A.
Lisa Arquette (06:33):
That's a great question.
I've seen over time, and based onmy different roles in the FDIC,
different ways for banks to grow andin times that are very stressed or
in communities that are not growingand there's little opportunity for
organic growth I've seen that bankswill explore a lot of innovative
options to grow that might includeor, or sell or sell the institution.
(06:58):
What we saw primarily during thepandemic was that the method of
banking changed dramatically,just like every other business.
People were not going on site, people werenot opening accounts face-to-face, people
weren't doing their banking face-to-face.
There was a tremendous amount, ifnot almost entirely online banking,
which included opening accounts.
(07:20):
So we saw a lot of growth inintermediaries providing services to
banks to help open accounts, both on thedeposit side and on the lending side.
With that, I think there were manychallenges that really didn't bubble
up initially, and that was that theintermediaries were not, are not
(07:42):
regulated and subject to bank secrecyACT requirements and therefore may have
had a different approach to collectinginformation and may have collected.
Minimal information, maybe notall of the information, or they
may have used different methodsto get some of the information.
Bottom line is that as banks were tryingto grow through intermediaries and
continue to use those relationships itwas very important to make sure that both
(08:07):
parties knew what the obligations were.
That the bank was checking that thatinformation was collected, that the bank
understood the risks that that they weretaking, the money laundering or other
illicit financial activity risks that theywere taking on by using an intermediary
because they may have performedsome compliance function for them.
(08:27):
So it became a little moredifficult to develop customer
risk profiles and then to.
Manage the risk because that allbuilds upon each other, right?
Do you know the personsthat are your new customers?
Can you develop a risk profile?
Once you develop that riskprofile, how does it fit into
your internal control framework?
How do you monitor those or that customerfor illicit financial activity risk?
(08:53):
If you don't have the foundationalinformation, it becomes very, very
difficult to have a really strong program.
So that's one of the key issues that wesaw with some institutions, but certainly
not the majority of institutions.
But it just changed theway people did banking.
It changed, I think we all saw that.
Other ways of expansion that we've seen.
(09:15):
Would be institutions merging together.
Strong institution acquiring a smallerinstitution, a small community bank being
acquired by a larger institution, maybe abank acquiring a branch network in an area
that they hadn't previously, you know,outside of their market area or a bank
expanding its offerings, its services inits products to its existing customers,
(09:36):
or to persons outside of the us.
So the jurisdiction expands, the geographyexpands, the customer base expands,
and all of these things become a littlemore challenging and complicated.
Does their staff have the capabilityto manage these newer risks, or
does expanded risk, do the systemsthat they have have the capability?
Are they tailored to the expanded risk?
(10:00):
I guess the biggest takeaway that I'vehad over the years is that the Bank
Secrecy Act department or the FinancialIntelligence Unit, the fraud department,
where wherever all of this resides reallyneeds to be involved in the business
decisions, have some influence in thebusiness, dec decisions, provide the
input, and I get that it's about profit.
(10:24):
And risk and then managing that risk.
But it's really the best outcomeis from institutions that include
the staff and the executives inthe anti-money laundering area in
the decisions that they're making.
Heather Trew (10:39):
It seems like you're also making a case for sort of the value of
a strong BSA program because honestly,one of the questions that I get sometimes
is not from necessarily the the BSAofficer, but from this bank, senior
leadership or board of directors, and theysometimes are sort of asking, essentially.
Okay.
I, I do it because it's, you know,it's required, but what is the value
(11:03):
of having a strong BSA program?
And I, I think you were sayingsome things, Lisa, that, that
really sort of spoke to the valueof this in terms of, you know, the
overall health of the institution.
Lisa Arquette (11:15):
Well, and you know, Heather, with the A ML Act, purpose of
the Bank Secrecy Act was really augmented.
It went from providing usefulreports and records primarily to law
enforcement, to a, a pretty significantexpansion that touches on that point
that I think we all embrace, and thatincluded preventing the laundering of
(11:36):
money and the financing of terrorismthrough the establishment of financial
institutions, of banks having reasonably.
Designed risk-based programs to combatmoney laundering and the financing of
terrorism to facilitate the trackingof money that has been sourced through
criminal activity, or is intendedto promote promote criminal or
terrorist activities to assess moneylaundering and terrorist financing.
(11:56):
Tax evasion fraud risks to financialinstitutions, products and services
to protect the US financial systemfrom criminal abuse and to safeguard
national security and all of thisbeing done through the establishment
of frameworks for information sharingbetween banks, law enforcement,
regulatory authorities, associationsfor those financial institutions.
(12:18):
It really expanded to deal withwhat banking is now, what financial
transactions are now, and protectingthe US financial system much more
broadly, the global financial system.
And I think we're all part of that.
I know we're all part of that.
Banks play a very key role in identifyingrisk, mitigating risk, and managing what
(12:40):
they've got left on their, on their books.
So it really has expanded, but it is forthe benefit not only of the bank, but
for the US financial system and reality.
I don't believe.
That any bank wants tofacilitate any of that activity.
They really wanna identify their risklike they do with credit risk and
liquidity risk, and manage that risk.
(13:00):
So I, I think the A ML ACT did a, areally good job pulling together all
relevant stakeholders into statutorylanguage and expanding the purpose,
bringing it up to, you know, 2020 at the time, but for us, 2025.
Evan Sparks (13:19):
I am gonna take a quick moment here to thank
our sponsor for this episode.
This episode is presented by Agri Access.
With national reach and local focus,agri Access helps lenders expand
access to capital through loanparticipation's, flexible lease options,
and embedded lending solutions fromlarge banks to rural institutions.
Agri Access helps grow your portfolio,serve more producers, and lead
with confidence in today's market.
(13:40):
Learn more at agriaccess.com.
Again, that's agri-access.com.
And thanks again to Agri Accessfor sponsoring this episode.
Now back to the conversation.
We go through COVIDand this, this process.
That was an economic cycle.
Through the history of economic cycles,what patterns do you see in, in terms
of BS, A enforcement actions as yougo through these cycles, looking
(14:02):
back over the last few decades.
Lisa Arquette (14:06):
Also very interesting.
So what I've noticed, and this ispersonal, but because I've moved
from very broad safety and soundnessexamination functions and enforcement
actions and the application processitself like acquiring other institutions
or obtaining deposit insurance.
That's much more broad to a narrowerfocus of evaluating a bank's
(14:28):
anti-money laundering program.
What I have seen is that duringweaker economic times, banks
are very much focused on.
Dealing with their problem loans, possiblydealing with the depreciation in their
investments, the deterioration of theircapital, and potentially failures.
(14:51):
So there are some institutions thatreally begin to triage and really start
dealing with the problems that they'reexperiencing because they must, when
that happens, and it makes sense, right?
They move resources from cost centersto the areas that demand attention.
Regulators also where the FDIC alsofocuses most of their efforts on
(15:13):
areas that could cause a loss to thedeposit insurance fund could result
in a failure to the institution.
And that is happening duringweaker economic times.
We've gone through a few of those.
I've gone through a few of those,including the great financial crisis.
So when we come out of those, the banksthat have survived, which is most of
the banks, but not all of them, right?
(15:35):
Over the the last 20 years north of500 failed and over 3000 were merged.
So there was a great consolidationover the last 20 years.
That's normal.
And there have been failures that havereduced the number of institutions, but.
Those deposits go somewhere,those assets go somewhere.
(15:56):
The risk is redistributedto other institutions.
So it becomes really important thatas the risk is redistributed or the
relationships that the acquiringinstitution has, the staff that's
trained to absorb that, to monitor it,the systems that can track issues within
(16:17):
the different, more complex institution.
So what we have seen in enforcementactions is that when things are better
and institutions are stronger, banks takean, take a look at the areas that maybe
have been managed, but not as closely as,as they would like to have managed them.
(16:38):
They recognize that they have abigger and more complex institution.
They've got different customer types.
They're operating in differentgeographies now, and, that can take time
and integrating one institution intoanother larger institution takes time.
And sometimes what we've seen isthe systems are not compatible.
The staff in institutions have towork really hard to aggregate data.
(17:03):
Sometimes that doesn't happen.
The internal control frameworksdon't automatically work together.
Sometimes institutions acquirecustomer types where they don't have
the expertise to manage the risksassociated with the newer customer types.
They just don't have thestaff that has that training.
And so we have seen after, weakereconomic conditions that when we come
(17:25):
out of those conditions, banks aremuch more focused on the changes.
So are the regulators and the enforcementactions that I've seen reflect that
they'll reflect problems with customerdue diligence, problems with systems to
monitor for suspicious activity, problemswith the internal control framework.
But I should emphasize, Evan, thatimportantly, the number of banks that
(17:49):
the FDIC examines every year onlyresults in formal enforcement actions
that hover around 1% or less than 1%.
So what that means is.
That it's good news thatbanks generally have adequate
anti-money laundering programs.
They generally keep up with their changes,but again, when you are going through a
(18:12):
banking cycle and things go from prettybad to improving banks experience changes,
just like just like we all experiencechanges when things go from bad to good.
Evan Sparks (18:23):
Absolutely
Heather Trew (18:24):
pat yourself on the back banks for that.
That's, that seems likea really great statistic.
Lisa Arquette (18:29):
It is.
It is.
And, and we tracked it monthafter month, year after year.
And that is really where bankshave hovered, you know, around
one 1% result in a formal action.
And.
For the benefit of your audience,who I know is very educated,
those are the public actions.
All of the confidential supervisoryinformation, including the informal
(18:49):
actions to deal with minor issues,nobody's ever gonna see those
except for the bank, their boardof directors, importantly, and the
regulators that they're working with.
And those generally getresolved by the next exam.
Heather Trew (19:01):
One other theme I had noticed and I'm interested to get your
thought on this, Lisa, is when I waslooking at a lot of the enforcement
actions that are public, again, thesmall number of enforcement actions that
one, one thing that comes up a lot inBSA arena is, you know, unreviewed data,
unreviewed alerts, unreviewed material.
Essentially if.
(19:22):
If there's something that suggests youought to be on notice of something, yeah.
You know, it's in your holdingsand you haven't looked at it,
that seems to be somethingthat's a red flag for regulators.
Lisa Arquette (19:34):
Well, you bring up a another really good point.
I wonder if institutions, you know, havemade full use of technology, for instance,
so there's only so much a human can do.
We all know that, but I know thatbased on our own experience in using,
natural language processing and largelanguage models At at the FDIC, just
(19:54):
in my own area, operational risk.
We use technology to sort through atremendous amount of report findings.
So we have these reports of examinationon banks and service providers.
We combed through years worth of datausing natural language processing
to pull examiner comments andidentify institutions that had.
(20:15):
Experienced cyber eventsand even ransomware events.
And by doing that, we were able tonarrow down the controls that they had
in place that helped institutions to bestdeal with those, to come out of them,
to remediate them, to get all of theircustomers access to systems quickly.
Could we have done that with justhumans sorting through years and
(20:36):
years and years worth of dataand reports and manual processes?
Maybe could we have done it as well?
Not in the amount of time that was used.
So what I've learned is.
That finding the right technology tosort through a lot of information can
help narrow down information to alerts.
And you did mention alerts.
(20:57):
So you've gotta have the staffto review the important alerts.
You've gotta tailor your suspiciousactivity or fraud monitoring system
to the risks that the institution has.
And figure out, you know, what,what thresholds have to be used?
Do we need more staff?
Do we need to tailor our alerts?
Are we getting too many false positives?
If not, then maybe we need more staff.
If, if we have too many, then maybewe really need to work with either our
(21:21):
IT team or the vendor with whom we'vecontracted to get this information.
Maybe we need to better understand therules or the algorithms that go into
this just to make sure that we aregetting the best information possible.
But yeah, I've seen that aswell and I think it's really
something that can be refined inmost institutions and addressed.
Evan Sparks (21:41):
To expand on the point you made about all of the
manual review of these sys Yeah.
you know, AI in banking is a hot topic.
Now we're talking about generative ai,but AI tools have been used in banking
for many, many years, and particularlyto deal with all of these like, automated
reviews of BSA transactions and, andfilters and flags and things like that.
(22:04):
Can you talk about what the regulatoryexpectations at the FDIC have been
for banks that are using AI in theirBSA processes and and how banks can
ensure they're, you know, on, onfirm footing as they continue to
roll out this kind of technology?
Lisa Arquette (22:20):
Yeah.
Well, I, I would startwith a caveat that I know.
Everybody's leaning into innovationright now and should, it's 2025.
And so along with that probably comes alot of learning from the institutions and
their staff, just to make sure that asthey lean into it they understand some of
the basics, what we've done historically.
(22:42):
And you're right, most banks haveused some form of at least natural
language processing tools that helpautomate the generation of alerts.
So it goes from very simpleto very complex that involves
almost no human interaction.
That's kind of the continuumwhen you get to generative ai.
(23:03):
Our perspective has been if it'sin-house, that's, that's one thing.
If somebody's developing it and it'sproprietary, it's who you talk to.
And for us, it would be partnering withour IT specialists to make sure that we're
all speaking similar languages, right?
Because BSA language isdifferent than IT language.
So we partner internally, or the FDICpartners internally, it's specialists,
(23:24):
it's SE subject matter experts.
I think similarly it's really importantthat banks do that, that they have
their IT people working with differentdepartments, whether it's their lending
department or their A ML department,so that everybody understands all
of the inputs that go into theirsuspicious activity monitoring system.
(23:44):
That all customer data isaccessible whether it's all used
why some of it wouldn't be used.
Are all branches incorporated into this?
Are all of the jurisdictions thatthe bank is providing services
are, are they all included?
Are all products and services tapped into?
Does the bank have multiple layers ofsubsidiaries that feed into the bank?
(24:07):
Are those systems compatiblewith the bank's systems?
So understanding that all data can beaccessed and if there are changes in
what is accessed, why are there changes?
What are the rules that have been set up?
Again, if there was testing and therewere too many false positives and you
know, in the bank's view and there werechanges made, what were the changes?
Has the a ML department beeninvolved in making those changes?
(24:30):
Do they understand them?
If working with a vendor.
Those changes become reallytoo difficult and impossible.
Or the, the bank just doesn'thave the opportunity to tailor
a system to their own businessmodel, to their own risk profile.
That, that has been problematic.
And we've heard aboutthat many, many times.
(24:50):
But what the banking agencies havedone is shared application reviews.
So if there's a big service provider that.
Offers a service to a lot ofbanks, a lot of community banks.
For instance, there's a sharedapplication review of their
suspicious activity monitoringsystem that can be made available to.
The banking agency staff, and withservice providers even those exams are
(25:12):
made available to client institutions.
So the banks that use thoseservice providers, that doesn't
work for vendors that aren'tpart of large service providers.
But it's a resource that is available tobanks that use some of the top service
providers and, and most banks do.
So again, what we did washave the conversation.
(25:33):
What product do you use?
How does it work to understand that thatthe staff that the staff is involved in,
how it was developed, how it is managedand how changes are made and that the
output is reasonable, that it makes sense.
None of that's simple,but it's really important.
Evan Sparks (25:54):
Yeah.
Well, heather, anything else?
Anything else you'd like to, youknow, weigh in on or ask Lisa about
before we wrap up our conversation?
Heather Trew (26:02):
Just, you know, I think one of the, the things that
comes up a lot because banks arealways very interested in getting
the perspective from regulators.
And, you know, I know as, as a regulatorwho is, you know, focused not just
on BSA, but also has the broaderperspective of, you know, safety and
soundness and also maybe with a focus onsome of the data security and privacy.
(26:24):
All of those are extremely important,and I know we could probably fill
a podcast with each one of those.
But you know, one thing that comesup a lot is banks do interact
regularly with their regulators.
They're examined, you know, all the time.
You know, annually there's going to besort of interaction with their regulators.
Do you have any specific sort ofideas or insights or advice to give
(26:46):
to banks about what it would be youknow, best practices for when they,
they have these regular engagementsand interactions with their regulator.
Lisa Arquette (26:55):
Yeah.
I've heard over the years, justlike you have from banks and from
service providers that they don'tenjoy the examination process.
That if they have a difference of opinion,maybe even a conflict with an examiner,
that they don't think that it goes well.
And I've even heard banks, you knowbecome concerned about some type of future
(27:17):
problem retribution from an examiner.
That was never my experience, andsince, I think 2004, for about 20
years, I reviewed every single reportthat we sent to FI as part of our
information sharing arrangement.
Again, with the A ML findings onlyeverything else was redacted because it's
confidential supervisory information.
(27:38):
But I reviewed everyone andthe findings looked reasonable.
So at least in my view, we train examinerswell, I think their findings are solid
and there shouldn't be conflict, but thereis, even the FDIC has auditors that look
at different areas, so I get the stress.
Just involved with the process.
I think it's important to recognizethat every agency has a whole process
(28:02):
and the FDIC has a team that'sthere to examine the institution.
They have case managers assignedto every institution, having
frequent conversations, establishinga relationship, talking about
changes before they occur.
I think that's very important so thatwhen the team comes in to examine,
or if it's a large institution that'sthere for a continuous examination,
(28:24):
knowing the team so that it doesn'tthe perspective doesn't have to be
that it's going to be confrontational,it shouldn't be, but to the extent
that there is a legitimate concern orcomplaint, there's a whole process.
There's an examiner in charge.
There should be a case managerthat they can reach out to.
There is in, you know, worst casescenario, there's a full supervisory
appeal process and even that is beingreconsidered, like how that happens.
(28:46):
And I've been involved in those.
I think open communication and I alsothink that it's important to recognize if,
if there are bankers that are new to theprocess, that it is an iterative process.
So being asked a bunch of questionsdoesn't mean that there's a problem.
It means that the examinerneeds to understand the topic or
(29:07):
verify what they're reviewing.
Maybe they looked at the independentreview or an audit, or the last
examination findings, and they want tojust ask the questions about remediating
problems changes that the banks.
That doesn't mean that there are problems.
It means that this is, thatthis is how the examinations go.
Questions, answers, questions, an answers.
It feels uncomfortable.
(29:27):
But when it comes to the point thatthere might be a conflict that needs to
be resolved there you know, each agencyhas a process built in so that you
reach out early instead of, you know,really having a problem in the end.
And, and it.
There are very few instances whereI've seen a supervisory appeal and a, a
complete disagreement with the ratingsthe examination staff, et cetera.
(29:49):
So I think, again, back to thenumber of institutions that are
even subject to a formal action,it's very low back to supervisory
appeals of the findings very low.
I hope it's because.
There aren't a lot of disagreements, butwhen there are, there's a process built in
that banks should, should use, and thereis the, we do, you know, every agency
(30:09):
has an external ombudsman and there is away to even just escalate issues through
a bank trade group, through an externalombudsman and, and remain anonymous.
Just saying, these are the issues we'vebeen observing and we take 'em seriously.
Or the FDIC takes them seriously,all the banking agencies do, and
I think that's important to know.
(30:31):
They're, they're not ignored.
Heather Trew (30:33):
It is really true that when one banker raises an issue and
I'm, I have an opportunity to go backto all of the BSA bankers mm-hmm.
To say, you know, howare you finding this?
Is this an issue?
There have been some real tangibleexamples of times where I've been able
to flag like, Hey, this is a problem thataffects a lot of people, can anonymize
(30:54):
it so that nobody has to be the personthat's tagged with putting their hand up.
I think that.
It, it, I think that's a reallyimportant part of this job.
Lisa Arquette (31:02):
Yeah.
It's important.
So again, I would like just my, someof my parting comments to be one, my
experience, a lot of it many decades isthat banks are generally doing a good job.
There are some that are you know,interested in the risk spectrum of
being at one end of the risk spectrum.
Most of them understand their risk,they measure their risk, they mitigate
(31:27):
their risk, they manage the rest ofthe risk, and they're doing fine.
And my hope is that that continuesmy, I'm thinking that it will
continue, you know, national securityis an issue here protecting the
institution, protecting the financialsector domestically and globally.
And I think we all have a partin that and all recognize that.
And, and I think that.
(31:48):
Bankers, regulators, law enforcement,we haven't talked about them much.
Law enforcement need to workcollaboratively to make sure that this
is all done effectively, recognizingthat there's a cost associated with it.
So are there better ways to do it?
I, I think that, you know, 20 25 and 26,we're gonna start seeing better and more
efficient ways to get information to allof the right parties much more quickly.
(32:11):
I'm kind of looking forward to seeing it.
I, I just know there will be more changes.
Evan Sparks (32:18):
All right.
Well, for our listeners who are interestedin all of these BSA topics and interested
in digging deeper, learning more we havea great opportunity coming up in October
at the ABA Financial Crimes EnforcementConference just outside Washington
DC across the river in Arlington.
So you can find out moreabout that@aba.com slash.
FCEC.
(32:38):
And take a look there and, andif, and make your plans to join
us in the DC area in October.
Lisa and Heather, thank you somuch for being on the show today.
Lisa Arquette (32:48):
Thank you, Evan.
Very pleasure.
Thanks, Heather.
Evan Sparks (32:53):
Thanks again to Agri access for sponsoring this episode.
For our listeners, you can findthis in previous episodes at
abba.com/banking journal podcast.
You can also find us on any of yourfavorite podcast apps or platforms.
Thanks so much for listening, andwe'll be back with you again very soon.
from the American Bankers Association.
This is the A BA Banking Journal podcast.
Welcome back.
Today's episode ispresented by Agri Access.
I'm Evan Sparks and I'm delighted tobring you a conversation on a topic
of perennial interest to bankers.
And that is Bank Secrecy Actcompliance and how we are working.
Banks are working to ensure the financialsystem does not get used by bad actors.
(00:30):
And to ke to catch us up onrecent trends in that area.
We have two excellent guests.
Well, first we have lisa Arquette, aformer operational risk Deputy Director
at the FDIC with a lot of experience inthese issues as well as my a BA colleague
who's been on the podcast before.
Heather Trew senior Vice President forBSA/AML issues here at a BA and both of
(00:53):
them experts in this area in this topic.
So Heather and Lisa, welcome to the show.
Delighted to have you.
Heather Trew (00:59):
Thank you.
Lisa Arquette (01:00):
It's good to be here.
Heather Trew (01:01):
Thank so much Evan.
Evan Sparks (01:02):
Alright.
So let's let's start off with a topicthat we have talked about for you
know, talked about a lot on the showat the end of last year with all of
the ups and downs of court cases and apresidential transition and issues in
Congress, and that's beneficial ownership.
This was the, the, the single most readitem by probably five x, that was appeared
(01:27):
on the a BA Banking Journal website inthe past year was on beneficial ownership.
And one of the, the cases related to thebeneficial Ownership information registry.
Heather and Lisa, what's the state of playwith the beneficial ownership registry and
what bank's obligations are in that area?
Lisa Arquette (01:42):
This has been an area where there's been a great deal of angst
not only by the banking industry but bya lot of entities in the US that thought
they were going to be reporting companiesthat had an obli that would have an
obligation, and that included very smallentities like mom and pop stores that
suddenly were domestic reporting entities.
But I do think this is an area wherea tremendous amount of feedback
(02:06):
resulted in a change that I thinkhas been largely viewed as positive,
and now reporting entities do notinclude what was previously the
domestic reporting entities, and itdoesn't include us persons that would
have been beneficial owners underone of the iterations of the rule.
(02:27):
FinCEN issued an interim final rulethat really applies only to foreign
entities that would be doing, orthat will be doing business in the
US and their beneficial owners.
So that is a big change.
And again, I really think that based onthe feedback that was coming to banks
from their customers about, a databasethat would collect a lot of information
(02:49):
on their entity or at least their person.
And what was gonna be done with thatinformation and when would it be updated?
Who had the obligation and what wouldthe bank do to verify the identity?
There were so many questions,and I think many of them have
been resolved and, and some mayremain outstanding for, for banks.
What do you think, Heather?
Heather Trew (03:08):
Well, I would say yes.
The bottom line, there havebeen so many twists and turns.
It's been the rollercoaster of BSA compliance.
Absolutely.
But yeah, so I think bottom line isFinCEN had reported that there were
approximately 10 million of the originally33 million small businesses in America
(03:30):
that were anticipated to have newreporting requirements under what was
the previous version of the reportingrule, which is you just pointed out,
Lisa has totally changed and is nowvery different than what it was before.
So there were pro about a third of thosebusinesses, 10 million had reported.
It's not clear what's gonnahappen to that data yet.
But now going forward, the only peoplewith reporting obligations, as you
(03:53):
said, are the foreign companies that areregistered to do business in the us which
are approximately 12,000 of them or so.
So from a bank's perspective though,bottom line is you were doing CDD
before, you're continuing to do CDD.
Now keep on keeping on.
Right,
Evan Sparks (04:11):
so, so from the bank's point of view, the bank does not have the
benefit of this one-stop shop registryto go and validate the information that
they're getting from their customers.
So you've gotta go, you know, you know,the customers may be ha, the business
customers may be happy about not having toregister, but banks still do have to have
more to do to validate the informationthat they're getting from these clients.
(04:31):
Right?
Yeah.
Lisa Arquette (04:32):
You know.
Evan, nothing, nothingchanged from that perspective.
The beneficial ownership requirementthat banks have currently that has not
changed is that they collect informationon business entities and then they,
on a risk basis, verify the identity.
Even that was not gonna change based onthe earlier version of the rule, because.
(04:55):
There wasn't a provision withinthe earlier version that FinCEN
was going to verify the identityand or update that information on
any frequency that still exists.
So at this point, bank requirementsremain the same and they've got, they've
got processes in place to do that.
That's my understanding, Heather.
Heather Trew (05:15):
My understanding is just the same.
The one additional piece to note isthere still is a piece of the CTA, the
Corporate Transparency Act, which isthe law that authorizes all of this,
that sort of directs and anticipatesthat, you know, there are ways and
people who can use that information.
Seek use, seek use of that informationthat includes banks, but it's not yet
(05:38):
clear what scent is going to do interms of moving forward with that.
So there's still questions that remainand, and we're, we're gonna stay on
top of that and keep pe people informedas, as we learn new information.
Evan Sparks (05:52):
Good points.
We've hit the big news bucket item, but,bank Secrecy Act is, you know, not just
the, the sprint of beneficial ownership.
It is over the last year or so, ithas, it is this marathon process
of always ma managing the risksassociated with this program.
I'm curious, you know, particularlyLisa, from your point of view,
(06:14):
given that you know, banks.
They want to, they want to havea strong BSA program, and they
also are, banks are also growingand attempt and seeking growth.
What are some of the challenges thatyou've seen in a bank bSA program that
comes about from the process of growth,whether organically or through M&A.
Lisa Arquette (06:33):
That's a great question.
I've seen over time, and based onmy different roles in the FDIC,
different ways for banks to grow andin times that are very stressed or
in communities that are not growingand there's little opportunity for
organic growth I've seen that bankswill explore a lot of innovative
options to grow that might includeor, or sell or sell the institution.
(06:58):
What we saw primarily during thepandemic was that the method of
banking changed dramatically,just like every other business.
People were not going on site, people werenot opening accounts face-to-face, people
weren't doing their banking face-to-face.
There was a tremendous amount, ifnot almost entirely online banking,
which included opening accounts.
(07:20):
So we saw a lot of growth inintermediaries providing services to
banks to help open accounts, both on thedeposit side and on the lending side.
With that, I think there were manychallenges that really didn't bubble
up initially, and that was that theintermediaries were not, are not
(07:42):
regulated and subject to bank secrecyACT requirements and therefore may have
had a different approach to collectinginformation and may have collected.
Minimal information, maybe notall of the information, or they
may have used different methodsto get some of the information.
Bottom line is that as banks were tryingto grow through intermediaries and
continue to use those relationships itwas very important to make sure that both
(08:07):
parties knew what the obligations were.
That the bank was checking that thatinformation was collected, that the bank
understood the risks that that they weretaking, the money laundering or other
illicit financial activity risks that theywere taking on by using an intermediary
because they may have performedsome compliance function for them.
(08:27):
So it became a little moredifficult to develop customer
risk profiles and then to.
Manage the risk because that allbuilds upon each other, right?
Do you know the personsthat are your new customers?
Can you develop a risk profile?
Once you develop that riskprofile, how does it fit into
your internal control framework?
How do you monitor those or that customerfor illicit financial activity risk?
(08:53):
If you don't have the foundationalinformation, it becomes very, very
difficult to have a really strong program.
So that's one of the key issues that wesaw with some institutions, but certainly
not the majority of institutions.
But it just changed theway people did banking.
It changed, I think we all saw that.
Other ways of expansion that we've seen.
(09:15):
Would be institutions merging together.
Strong institution acquiring a smallerinstitution, a small community bank being
acquired by a larger institution, maybe abank acquiring a branch network in an area
that they hadn't previously, you know,outside of their market area or a bank
expanding its offerings, its services inits products to its existing customers,
(09:36):
or to persons outside of the us.
So the jurisdiction expands, the geographyexpands, the customer base expands,
and all of these things become a littlemore challenging and complicated.
Does their staff have the capabilityto manage these newer risks, or
does expanded risk, do the systemsthat they have have the capability?
Are they tailored to the expanded risk?
(10:00):
I guess the biggest takeaway that I'vehad over the years is that the Bank
Secrecy Act department or the FinancialIntelligence Unit, the fraud department,
where wherever all of this resides reallyneeds to be involved in the business
decisions, have some influence in thebusiness, dec decisions, provide the
input, and I get that it's about profit.
(10:24):
And risk and then managing that risk.
But it's really the best outcomeis from institutions that include
the staff and the executives inthe anti-money laundering area in
the decisions that they're making.
Heather Trew (10:39):
It seems like you're also making a case for sort of the value of
a strong BSA program because honestly,one of the questions that I get sometimes
is not from necessarily the the BSAofficer, but from this bank, senior
leadership or board of directors, and theysometimes are sort of asking, essentially.
Okay.
I, I do it because it's, you know,it's required, but what is the value
(11:03):
of having a strong BSA program?
And I, I think you were sayingsome things, Lisa, that, that
really sort of spoke to the valueof this in terms of, you know, the
overall health of the institution.
Lisa Arquette (11:15):
Well, and you know, Heather, with the A ML Act, purpose of
the Bank Secrecy Act was really augmented.
It went from providing usefulreports and records primarily to law
enforcement, to a, a pretty significantexpansion that touches on that point
that I think we all embrace, and thatincluded preventing the laundering of
(11:36):
money and the financing of terrorismthrough the establishment of financial
institutions, of banks having reasonably.
Designed risk-based programs to combatmoney laundering and the financing of
terrorism to facilitate the trackingof money that has been sourced through
criminal activity, or is intendedto promote promote criminal or
terrorist activities to assess moneylaundering and terrorist financing.
(11:56):
Tax evasion fraud risks to financialinstitutions, products and services
to protect the US financial systemfrom criminal abuse and to safeguard
national security and all of thisbeing done through the establishment
of frameworks for information sharingbetween banks, law enforcement,
regulatory authorities, associationsfor those financial institutions.
(12:18):
It really expanded to deal withwhat banking is now, what financial
transactions are now, and protectingthe US financial system much more
broadly, the global financial system.
And I think we're all part of that.
I know we're all part of that.
Banks play a very key role in identifyingrisk, mitigating risk, and managing what
(12:40):
they've got left on their, on their books.
So it really has expanded, but it is forthe benefit not only of the bank, but
for the US financial system and reality.
I don't believe.
That any bank wants tofacilitate any of that activity.
They really wanna identify their risklike they do with credit risk and
liquidity risk, and manage that risk.
(13:00):
So I, I think the A ML ACT did a, areally good job pulling together all
relevant stakeholders into statutorylanguage and expanding the purpose,
bringing it up to, you know, 2020 at the time, but for us, 2025.
Evan Sparks (13:19):
I am gonna take a quick moment here to thank
our sponsor for this episode.
This episode is presented by Agri Access.
With national reach and local focus,agri Access helps lenders expand
access to capital through loanparticipation's, flexible lease options,
and embedded lending solutions fromlarge banks to rural institutions.
Agri Access helps grow your portfolio,serve more producers, and lead
with confidence in today's market.
(13:40):
Learn more at agriaccess.com.
Again, that's agri-access.com.
And thanks again to Agri Accessfor sponsoring this episode.
Now back to the conversation.
We go through COVIDand this, this process.
That was an economic cycle.
Through the history of economic cycles,what patterns do you see in, in terms
of BS, A enforcement actions as yougo through these cycles, looking
(14:02):
back over the last few decades.
Lisa Arquette (14:06):
Also very interesting.
So what I've noticed, and this ispersonal, but because I've moved
from very broad safety and soundnessexamination functions and enforcement
actions and the application processitself like acquiring other institutions
or obtaining deposit insurance.
That's much more broad to a narrowerfocus of evaluating a bank's
(14:28):
anti-money laundering program.
What I have seen is that duringweaker economic times, banks
are very much focused on.
Dealing with their problem loans, possiblydealing with the depreciation in their
investments, the deterioration of theircapital, and potentially failures.
(14:51):
So there are some institutions thatreally begin to triage and really start
dealing with the problems that they'reexperiencing because they must, when
that happens, and it makes sense, right?
They move resources from cost centersto the areas that demand attention.
Regulators also where the FDIC alsofocuses most of their efforts on
(15:13):
areas that could cause a loss to thedeposit insurance fund could result
in a failure to the institution.
And that is happening duringweaker economic times.
We've gone through a few of those.
I've gone through a few of those,including the great financial crisis.
So when we come out of those, the banksthat have survived, which is most of
the banks, but not all of them, right?
(15:35):
Over the the last 20 years north of500 failed and over 3000 were merged.
So there was a great consolidationover the last 20 years.
That's normal.
And there have been failures that havereduced the number of institutions, but.
Those deposits go somewhere,those assets go somewhere.
(15:56):
The risk is redistributedto other institutions.
So it becomes really important thatas the risk is redistributed or the
relationships that the acquiringinstitution has, the staff that's
trained to absorb that, to monitor it,the systems that can track issues within
(16:17):
the different, more complex institution.
So what we have seen in enforcementactions is that when things are better
and institutions are stronger, banks takean, take a look at the areas that maybe
have been managed, but not as closely as,as they would like to have managed them.
(16:38):
They recognize that they have abigger and more complex institution.
They've got different customer types.
They're operating in differentgeographies now, and, that can take time
and integrating one institution intoanother larger institution takes time.
And sometimes what we've seen isthe systems are not compatible.
The staff in institutions have towork really hard to aggregate data.
(17:03):
Sometimes that doesn't happen.
The internal control frameworksdon't automatically work together.
Sometimes institutions acquirecustomer types where they don't have
the expertise to manage the risksassociated with the newer customer types.
They just don't have thestaff that has that training.
And so we have seen after, weakereconomic conditions that when we come
(17:25):
out of those conditions, banks aremuch more focused on the changes.
So are the regulators and the enforcementactions that I've seen reflect that
they'll reflect problems with customerdue diligence, problems with systems to
monitor for suspicious activity, problemswith the internal control framework.
But I should emphasize, Evan, thatimportantly, the number of banks that
(17:49):
the FDIC examines every year onlyresults in formal enforcement actions
that hover around 1% or less than 1%.
So what that means is.
That it's good news thatbanks generally have adequate
anti-money laundering programs.
They generally keep up with their changes,but again, when you are going through a
(18:12):
banking cycle and things go from prettybad to improving banks experience changes,
just like just like we all experiencechanges when things go from bad to good.
Evan Sparks (18:23):
Absolutely
Heather Trew (18:24):
pat yourself on the back banks for that.
That's, that seems likea really great statistic.
Lisa Arquette (18:29):
It is.
It is.
And, and we tracked it monthafter month, year after year.
And that is really where bankshave hovered, you know, around
one 1% result in a formal action.
And.
For the benefit of your audience,who I know is very educated,
those are the public actions.
All of the confidential supervisoryinformation, including the informal
(18:49):
actions to deal with minor issues,nobody's ever gonna see those
except for the bank, their boardof directors, importantly, and the
regulators that they're working with.
And those generally getresolved by the next exam.
Heather Trew (19:01):
One other theme I had noticed and I'm interested to get your
thought on this, Lisa, is when I waslooking at a lot of the enforcement
actions that are public, again, thesmall number of enforcement actions that
one, one thing that comes up a lot inBSA arena is, you know, unreviewed data,
unreviewed alerts, unreviewed material.
Essentially if.
(19:22):
If there's something that suggests youought to be on notice of something, yeah.
You know, it's in your holdingsand you haven't looked at it,
that seems to be somethingthat's a red flag for regulators.
Lisa Arquette (19:34):
Well, you bring up a another really good point.
I wonder if institutions, you know, havemade full use of technology, for instance,
so there's only so much a human can do.
We all know that, but I know thatbased on our own experience in using,
natural language processing and largelanguage models At at the FDIC, just
(19:54):
in my own area, operational risk.
We use technology to sort through atremendous amount of report findings.
So we have these reports of examinationon banks and service providers.
We combed through years worth of datausing natural language processing
to pull examiner comments andidentify institutions that had.
(20:15):
Experienced cyber eventsand even ransomware events.
And by doing that, we were able tonarrow down the controls that they had
in place that helped institutions to bestdeal with those, to come out of them,
to remediate them, to get all of theircustomers access to systems quickly.
Could we have done that with justhumans sorting through years and
(20:36):
years and years worth of dataand reports and manual processes?
Maybe could we have done it as well?
Not in the amount of time that was used.
So what I've learned is.
That finding the right technology tosort through a lot of information can
help narrow down information to alerts.
And you did mention alerts.
(20:57):
So you've gotta have the staffto review the important alerts.
You've gotta tailor your suspiciousactivity or fraud monitoring system
to the risks that the institution has.
And figure out, you know, what,what thresholds have to be used?
Do we need more staff?
Do we need to tailor our alerts?
Are we getting too many false positives?
If not, then maybe we need more staff.
If, if we have too many, then maybewe really need to work with either our
(21:21):
IT team or the vendor with whom we'vecontracted to get this information.
Maybe we need to better understand therules or the algorithms that go into
this just to make sure that we aregetting the best information possible.
But yeah, I've seen that aswell and I think it's really
something that can be refined inmost institutions and addressed.
Evan Sparks (21:41):
To expand on the point you made about all of the
manual review of these sys Yeah.
you know, AI in banking is a hot topic.
Now we're talking about generative ai,but AI tools have been used in banking
for many, many years, and particularlyto deal with all of these like, automated
reviews of BSA transactions and, andfilters and flags and things like that.
(22:04):
Can you talk about what the regulatoryexpectations at the FDIC have been
for banks that are using AI in theirBSA processes and and how banks can
ensure they're, you know, on, onfirm footing as they continue to
roll out this kind of technology?
Lisa Arquette (22:20):
Yeah.
Well, I, I would startwith a caveat that I know.
Everybody's leaning into innovationright now and should, it's 2025.
And so along with that probably comes alot of learning from the institutions and
their staff, just to make sure that asthey lean into it they understand some of
the basics, what we've done historically.
(22:42):
And you're right, most banks haveused some form of at least natural
language processing tools that helpautomate the generation of alerts.
So it goes from very simpleto very complex that involves
almost no human interaction.
That's kind of the continuumwhen you get to generative ai.
(23:03):
Our perspective has been if it'sin-house, that's, that's one thing.
If somebody's developing it and it'sproprietary, it's who you talk to.
And for us, it would be partnering withour IT specialists to make sure that we're
all speaking similar languages, right?
Because BSA language isdifferent than IT language.
So we partner internally, or the FDICpartners internally, it's specialists,
(23:24):
it's SE subject matter experts.
I think similarly it's really importantthat banks do that, that they have
their IT people working with differentdepartments, whether it's their lending
department or their A ML department,so that everybody understands all
of the inputs that go into theirsuspicious activity monitoring system.
(23:44):
That all customer data isaccessible whether it's all used
why some of it wouldn't be used.
Are all branches incorporated into this?
Are all of the jurisdictions thatthe bank is providing services
are, are they all included?
Are all products and services tapped into?
Does the bank have multiple layers ofsubsidiaries that feed into the bank?
(24:07):
Are those systems compatiblewith the bank's systems?
So understanding that all data can beaccessed and if there are changes in
what is accessed, why are there changes?
What are the rules that have been set up?
Again, if there was testing and therewere too many false positives and you
know, in the bank's view and there werechanges made, what were the changes?
Has the a ML department beeninvolved in making those changes?
(24:30):
Do they understand them?
If working with a vendor.
Those changes become reallytoo difficult and impossible.
Or the, the bank just doesn'thave the opportunity to tailor
a system to their own businessmodel, to their own risk profile.
That, that has been problematic.
And we've heard aboutthat many, many times.
(24:50):
But what the banking agencies havedone is shared application reviews.
So if there's a big service provider that.
Offers a service to a lot ofbanks, a lot of community banks.
For instance, there's a sharedapplication review of their
suspicious activity monitoringsystem that can be made available to.
The banking agency staff, and withservice providers even those exams are
(25:12):
made available to client institutions.
So the banks that use thoseservice providers, that doesn't
work for vendors that aren'tpart of large service providers.
But it's a resource that is available tobanks that use some of the top service
providers and, and most banks do.
So again, what we did washave the conversation.
(25:33):
What product do you use?
How does it work to understand that thatthe staff that the staff is involved in,
how it was developed, how it is managedand how changes are made and that the
output is reasonable, that it makes sense.
None of that's simple,but it's really important.
Evan Sparks (25:54):
Yeah.
Well, heather, anything else?
Anything else you'd like to, youknow, weigh in on or ask Lisa about
before we wrap up our conversation?
Heather Trew (26:02):
Just, you know, I think one of the, the things that
comes up a lot because banks arealways very interested in getting
the perspective from regulators.
And, you know, I know as, as a regulatorwho is, you know, focused not just
on BSA, but also has the broaderperspective of, you know, safety and
soundness and also maybe with a focus onsome of the data security and privacy.
(26:24):
All of those are extremely important,and I know we could probably fill
a podcast with each one of those.
But you know, one thing that comesup a lot is banks do interact
regularly with their regulators.
They're examined, you know, all the time.
You know, annually there's going to besort of interaction with their regulators.
Do you have any specific sort ofideas or insights or advice to give
(26:46):
to banks about what it would be youknow, best practices for when they,
they have these regular engagementsand interactions with their regulator.
Lisa Arquette (26:55):
Yeah.
I've heard over the years, justlike you have from banks and from
service providers that they don'tenjoy the examination process.
That if they have a difference of opinion,maybe even a conflict with an examiner,
that they don't think that it goes well.
And I've even heard banks, you knowbecome concerned about some type of future
(27:17):
problem retribution from an examiner.
That was never my experience, andsince, I think 2004, for about 20
years, I reviewed every single reportthat we sent to FI as part of our
information sharing arrangement.
Again, with the A ML findings onlyeverything else was redacted because it's
confidential supervisory information.
(27:38):
But I reviewed everyone andthe findings looked reasonable.
So at least in my view, we train examinerswell, I think their findings are solid
and there shouldn't be conflict, but thereis, even the FDIC has auditors that look
at different areas, so I get the stress.
Just involved with the process.
I think it's important to recognizethat every agency has a whole process
(28:02):
and the FDIC has a team that'sthere to examine the institution.
They have case managers assignedto every institution, having
frequent conversations, establishinga relationship, talking about
changes before they occur.
I think that's very important so thatwhen the team comes in to examine,
or if it's a large institution that'sthere for a continuous examination,
(28:24):
knowing the team so that it doesn'tthe perspective doesn't have to be
that it's going to be confrontational,it shouldn't be, but to the extent
that there is a legitimate concern orcomplaint, there's a whole process.
There's an examiner in charge.
There should be a case managerthat they can reach out to.
There is in, you know, worst casescenario, there's a full supervisory
appeal process and even that is beingreconsidered, like how that happens.
(28:46):
And I've been involved in those.
I think open communication and I alsothink that it's important to recognize if,
if there are bankers that are new to theprocess, that it is an iterative process.
So being asked a bunch of questionsdoesn't mean that there's a problem.
It means that the examinerneeds to understand the topic or
(29:07):
verify what they're reviewing.
Maybe they looked at the independentreview or an audit, or the last
examination findings, and they want tojust ask the questions about remediating
problems changes that the banks.
That doesn't mean that there are problems.
It means that this is, thatthis is how the examinations go.
Questions, answers, questions, an answers.
It feels uncomfortable.
(29:27):
But when it comes to the point thatthere might be a conflict that needs to
be resolved there you know, each agencyhas a process built in so that you
reach out early instead of, you know,really having a problem in the end.
And, and it.
There are very few instances whereI've seen a supervisory appeal and a, a
complete disagreement with the ratingsthe examination staff, et cetera.
(29:49):
So I think, again, back to thenumber of institutions that are
even subject to a formal action,it's very low back to supervisory
appeals of the findings very low.
I hope it's because.
There aren't a lot of disagreements, butwhen there are, there's a process built in
that banks should, should use, and thereis the, we do, you know, every agency
(30:09):
has an external ombudsman and there is away to even just escalate issues through
a bank trade group, through an externalombudsman and, and remain anonymous.
Just saying, these are the issues we'vebeen observing and we take 'em seriously.
Or the FDIC takes them seriously,all the banking agencies do, and
I think that's important to know.
(30:31):
They're, they're not ignored.
Heather Trew (30:33):
It is really true that when one banker raises an issue and
I'm, I have an opportunity to go backto all of the BSA bankers mm-hmm.
To say, you know, howare you finding this?
Is this an issue?
There have been some real tangibleexamples of times where I've been able
to flag like, Hey, this is a problem thataffects a lot of people, can anonymize
(30:54):
it so that nobody has to be the personthat's tagged with putting their hand up.
I think that.
It, it, I think that's a reallyimportant part of this job.
Lisa Arquette (31:02):
Yeah.
It's important.
So again, I would like just my, someof my parting comments to be one, my
experience, a lot of it many decades isthat banks are generally doing a good job.
There are some that are you know,interested in the risk spectrum of
being at one end of the risk spectrum.
Most of them understand their risk,they measure their risk, they mitigate
(31:27):
their risk, they manage the rest ofthe risk, and they're doing fine.
And my hope is that that continuesmy, I'm thinking that it will
continue, you know, national securityis an issue here protecting the
institution, protecting the financialsector domestically and globally.
And I think we all have a partin that and all recognize that.
And, and I think that.
(31:48):
Bankers, regulators, law enforcement,we haven't talked about them much.
Law enforcement need to workcollaboratively to make sure that this
is all done effectively, recognizingthat there's a cost associated with it.
So are there better ways to do it?
I, I think that, you know, 20 25 and 26,we're gonna start seeing better and more
efficient ways to get information to allof the right parties much more quickly.
(32:11):
I'm kind of looking forward to seeing it.
I, I just know there will be more changes.
Evan Sparks (32:18):
All right.
Well, for our listeners who are interestedin all of these BSA topics and interested
in digging deeper, learning more we havea great opportunity coming up in October
at the ABA Financial Crimes EnforcementConference just outside Washington
DC across the river in Arlington.
So you can find out moreabout that@aba.com slash.
FCEC.
(32:38):
And take a look there and, andif, and make your plans to join
us in the DC area in October.
Lisa and Heather, thank you somuch for being on the show today.
Lisa Arquette (32:48):
Thank you, Evan.
Very pleasure.
Thanks, Heather.
Evan Sparks (32:53):
Thanks again to Agri access for sponsoring this episode.
For our listeners, you can findthis in previous episodes at
abba.com/banking journal podcast.
You can also find us on any of yourfavorite podcast apps or platforms.
Thanks so much for listening, andwe'll be back with you again very soon.
Popular Podcasts
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.