[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]







                    EXAMINING THE BSA/AML REGULATORY
                           COMPLIANCE REGIME

=======================================================================

                                HEARING

                               BEFORE THE

                 SUBCOMMITTEE ON FINANCIAL INSTITUTIONS
                          AND CONSUMER CREDIT

                                 OF THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 28, 2017

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 115-26







[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]















                         U.S. GOVERNMENT PUBLISHING OFFICE 

28-223 PDF                     WASHINGTON : 2018 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
























                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                    JEB HENSARLING, Texas, Chairman

PATRICK T. McHENRY, North Carolina,  MAXINE WATERS, California, Ranking 
    Vice Chairman                        Member
PETER T. KING, New York              CAROLYN B. MALONEY, New York
EDWARD R. ROYCE, California          NYDIA M. VELAZQUEZ, New York
FRANK D. LUCAS, Oklahoma             BRAD SHERMAN, California
STEVAN PEARCE, New Mexico            GREGORY W. MEEKS, New York
BILL POSEY, Florida                  MICHAEL E. CAPUANO, Massachusetts
BLAINE LUETKEMEYER, Missouri         WM. LACY CLAY, Missouri
BILL HUIZENGA, Michigan              STEPHEN F. LYNCH, Massachusetts
SEAN P. DUFFY, Wisconsin             DAVID SCOTT, Georgia
STEVE STIVERS, Ohio                  AL GREEN, Texas
RANDY HULTGREN, Illinois             EMANUEL CLEAVER, Missouri
DENNIS A. ROSS, Florida              GWEN MOORE, Wisconsin
ROBERT PITTENGER, North Carolina     KEITH ELLISON, Minnesota
ANN WAGNER, Missouri                 ED PERLMUTTER, Colorado
ANDY BARR, Kentucky                  JAMES A. HIMES, Connecticut
KEITH J. ROTHFUS, Pennsylvania       BILL FOSTER, Illinois
LUKE MESSER, Indiana                 DANIEL T. KILDEE, Michigan
SCOTT TIPTON, Colorado               JOHN K. DELANEY, Maryland
ROGER WILLIAMS, Texas                KYRSTEN SINEMA, Arizona
BRUCE POLIQUIN, Maine                JOYCE BEATTY, Ohio
MIA LOVE, Utah                       DENNY HECK, Washington
FRENCH HILL, Arkansas                JUAN VARGAS, California
TOM EMMER, Minnesota                 JOSH GOTTHEIMER, New Jersey
LEE M. ZELDIN, New York              VICENTE GONZALEZ, Texas
DAVID A. TROTT, Michigan             CHARLIE CRIST, Florida
BARRY LOUDERMILK, Georgia            RUBEN KIHUEN, Nevada
ALEXANDER X. MOONEY, West Virginia
THOMAS MacARTHUR, New Jersey
WARREN DAVIDSON, Ohio
TED BUDD, North Carolina
DAVID KUSTOFF, Tennessee
CLAUDIA TENNEY, New York
TREY HOLLINGSWORTH, Indiana

                  Kirsten Sutton Mork, Staff Director
       Subcommittee on Financial Institutions and Consumer Credit

                 BLAINE LUETKEMEYER, Missouri, Chairman

KEITH J. ROTHFUS, Pennsylvania,      WM. LACY CLAY, Missouri, Ranking 
    Vice Chairman                        Member
EDWARD R. ROYCE, California          CAROLYN B. MALONEY, New York
FRANK D. LUCAS, Oklahoma             GREGORY W. MEEKS, New York
BILL POSEY, Florida                  DAVID SCOTT, Georgia
DENNIS A. ROSS, Florida              NYDIA M. VELAZQUEZ, New York
ROBERT PITTENGER, North Carolina     AL GREEN, Texas
ANDY BARR, Kentucky                  KEITH ELLISON, Minnesota
SCOTT TIPTON, Colorado               MICHAEL E. CAPUANO, Massachusetts
ROGER WILLIAMS, Texas                DENNY HECK, Washington
MIA LOVE, Utah                       GWEN MOORE, Wisconsin
DAVID A. TROTT, Michigan             CHARLIE CRIST, Florida
BARRY LOUDERMILK, Georgia
DAVID KUSTOFF, Tennessee
CLAUDIA TENNEY, New York




























                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    June 28, 2017................................................     1
Appendix:
    June 28, 2017................................................    45

                               WITNESSES
                        Wednesday, June 28, 2017

Anderson, Faith Lleva, Senior Vice President and General Counsel, 
  American Airlines Federal Credit Union, on behalf of the Credit 
  Union National Association (CUNA)..............................     6
Baer, Greg, President, The Clearing House Association............     7
DeVaux, Lloyd, President and Chief Executive Officer, Sunstate 
  Bank, on behalf of the Florida Bankers Association.............     9
Lowe, Heather A., Legal Counsel and Director of Governmental 
  Affairs, Global Financial Integrity............................    11

                                APPENDIX

Prepared statements:
    Anderson, Faith Lleva........................................    46
    Baer, Greg...................................................    59
    DeVaux, Lloyd................................................   102
    Lowe, Heather A..............................................   114

              Additional Material Submitted for the Record

Luetkemeyer, Hon. Blaine:
    Written statement of the American Gaming Association.........   131
    Written statement of the American Land Title Association.....   132
    Written statement of the Independent Community Bankers of 
      America....................................................   135

 
                    EXAMINING THE BSA/AML REGULATORY
                           COMPLIANCE REGIME

                              ----------                              


                        Wednesday, June 28, 2017

             U.S. House of Representatives,
             Subcommittee on Financial Institutions
                               and Consumer Credit,
                           Committee on Financial Services,
                                                   Washington, D.C.
    The subcommittee met, pursuant to notice, at 2:13 p.m., in 
room 2128, Rayburn House Office Building, Hon. Blaine 
Luetkemeyer [chairman of the subcommittee] presiding.
    Members present: Representatives Luetkemeyer, Rothfus, 
Posey, Ross, Pittenger, Barr, Tipton, Williams, Love, Trott, 
Loudermilk, Kustoff, Tenney; Clay, Maloney, Scott, Velazquez, 
Green, Heck, and Crist.
    Ex officio present: Representatives Hensarling and Waters.
    Also present: Representative Davidson.
    Chairman Luetkemeyer. The Subcommittee on Financial 
Institutions and Consumer Credit will come to order. Without 
objection, the Chair is authorized to declare a recess of the 
subcommittee at any time.
    Today's hearing is entitled, ``Examining the BSA/AML 
Regulatory Compliance Regime.'' Before we begin today, I would 
like to thank the witnesses for appearing. We certainly 
appreciate you taking time out of your schedules to be here and 
participate today. I look forward to your comments.
    I now recognize myself for 2 minutes for an opening 
statement. The goals of the Bank Secrecy Act and anti-money-
laundering legal regime are laudable: Institutions and 
government agencies should work together to prevent money 
laundering and terrorist financing.
    However, the reality is that well-intentioned regulation 
has spiraled out of control and resulted in a breakdown of what 
should be a collaborative relationship between law enforcement, 
financial regulators, and institutions. Today, regulators 
essentially deputize credit unions and banks as law enforcement 
and allow for a regulatory regime that is both opaque and 
punitive.
    BSA/AML-related settlements have increased significantly in 
both amount and frequency. Institutions are reporting surges in 
total investment in AML. And their consumers, especially those 
conducting financial transactions internationally, bear the 
brunt of this regulatory cost. I fear the BSA/AML process 
oftentimes benefits no one, not the institution and not law 
enforcement.
    Also concerning is that financial institutions are more 
risk-adverse than seemingly ever before, partially as a result 
of the regulatory structure. The rampant derisking seen in 
recent years actually, in my opinion, increases risk to the 
financial system, proving the BSA/AML regulatory regime to be 
ineffective and, to some degree, dangerous.
    To be clear, the intent of today's hearing is not to 
discuss opportunities for financial institutions to more easily 
skirt the law or to help nefarious actors participate in 
illegal activity. We are here today to discuss improvements 
that could benefit both law enforcement and financial 
institutions while simultaneously creating a more effective 
BSA/AML regulatory construct.
    I look forward to a robust conversation with our 
distinguished panel and thank them for their participation.
    The Chair now recognizes the ranking member of the 
subcommittee, the gentleman from Missouri, Mr. Clay, for 5 
minutes for an opening statement.
    Mr. Clay. Thank you, Mr. Chairman, for holding today's 
hearing to review the compliance regime for the Bank Secrecy 
Act and related anti-money-laundering requirements.
    And I thank the witnesses for sharing their perspectives on 
this topic.
    A 2016 GAO report found that from 2009 to 2015, Federal 
agencies assessed roughly $5.1 billion in fines, forfeitures, 
and penalties against financial institutions for violations of 
BSA/AML requirements. In one notable case, HSBC was required to 
enter into a deferred prosecution agreement with the Justice 
Department and forfeited more than $1.2 billion for violations 
of the Bank Secrecy Act and illegally conducting transactions 
with Iran and other sanctioned countries.
    A 2012 bipartisan staff report issued by the Senate 
Permanent Subcommittee on Investigations found that HSBC 
exposed the U.S. to money laundering, drug trafficking, and 
terrorist financing risk by operating its corresponding 
accounts for foreign financial institutions with longstanding 
severe AML deficiencies, including a dysfunctional AML 
monitoring system for account and wire transfer activity, an 
unacceptable backlog of 17,000 unreviewed alerts, insufficient 
staffing, inappropriate country and client risk assessments, 
and late or missing suspicious activity reports (SARs).
    The Senate staff report also criticized the OCC for weakly 
enforcing BSA/AML requirements with respect to HSBC and 
included a series of recommendations that I think should be 
part of our discussion on this topic.
    So as the subcommittee examines the effectiveness of the 
current BSA/AML compliance regime and reform proposals, these 
facts should help remind us that we still need a strong system 
that stops bad actors and prevents the criminal exploitation of 
financial systems to conceal the location, ownership, source, 
nature, or control of illicit proceeds.
    There are a number of proposals that Congress should 
consider. Ranking Member Waters introduced legislation last 
term that would, among other things, significantly increase 
civil monetary penalties for both institutions and individuals 
for willful and negligent violations of the BSA. And 
Congresswoman Maloney has introduced legislation on beneficial 
ownership that would eliminate the ability of bad actors to 
conceal their activities in shell corporations.
    And, Mr. Chairman, at this time, I yield my time to 
Congresswoman Maloney.
    Mrs. Maloney. First, I want to thank my colleague, the 
ranking member and my good friend, for yielding to me, and to 
thank the chairman for holding this hearing. I would like to 
also thank Chairman Hensarling for creating, first, the 
antiterrorism task force and the antiterrorism financing 
committee. I think it is critical, and reflects, really, the 
challenges that we confront.
    The anti-money-laundering rules for financial institutions 
are an incredibly important tool for combating terrorism 
financing. And if they can't finance their terrorist 
activities, they are not going to have them. So it is a very 
important part of our national security strategy.
    But because criminals and terrorists are constantly 
changing their strategies to elude law enforcement and to hide 
their identities from financial institutions, the anti-money-
laundering obligations also require financial institutions to 
do a great deal of work. So to the extent that we can 
streamline this process without letting our guard down and 
making it easier for criminals and terrorists to access the 
U.S. financial system, that would be a win-win for everyone.
    The Clearing House, which is represented on the panel 
today, published a lengthy set of recommendations in February 
on how to streamline the anti-money-laundering framework, and I 
think it is a serious report that deserves our consideration 
and support.
    I would like to highlight one section of the Clearing House 
report in particular. Section 2 of the report recommends that 
Congress pass the Beneficial Ownership bill, which is 
bipartisan, introduced today by Chairman Ed Royce, former 
Chairman King, and myself. The bill, called the Corporate 
Transparency Act, will require companies to disclose their true 
beneficial owners when a company is formed. States would have 
the option to collect this information themselves under our 
bill. But if the State isn't doing it, then the Treasury 
Department would collect beneficial ownership information as a 
backup.
    This information would be available to law enforcement and, 
importantly, to financial institutions as well with customer 
consent. This is important because it helps financial 
institutions comply with their know-your-customer obligation. 
If the customer is a company, financial institutions can't know 
who their customers really are unless they know who the 
beneficial owners of the company are.
    This would also reduce the regulatory burden on financial 
institutions, because they wouldn't have to spend an enormous 
amount of resources investigating their own customers and 
trying to figure out their beneficial owners. Instead, they 
could just refer to the Treasury database to figure out who the 
owners of these companies are.
    So this bill is a win-win. It is good for our financial 
institutions, good for law enforcement, and good for our 
national security. Thank you.
    Chairman Luetkemeyer. With that, we yield 2 minutes to the 
gentleman from Pennsylvania, the vice chairman of this 
subcommittee, Mr. Rothfus.
    Mr. Rothfus. I thank the chairman for yielding, and I want 
to thank him for having this hearing today.
    Getting our Bank Secrecy Act and anti-money-laundering 
policies right is a very important issue for me and my 
district. In fact, it is a life-or-death issue.
    Just a few days ago, we marked the International Day 
Against Drug Abuse and Illicit Trafficking. It was a time to 
reflect on the drug epidemic that has destroyed so many lives 
and continues to ravage our hometowns. It was also an 
opportunity to take stock of how our current policy framework 
fails to achieve its objectives.
    This committee's effort to interrupt the finances of the 
transnational criminal organizations and gangs that pump the 
heroine and fentanyl poison into our communities can ultimately 
save lives. If we can cut off the flow of cash, we can greatly 
hinder the ability of these groups to do us harm.
    I am looking forward to hearing from stakeholders today as 
to how we can create a more potent BSA/AML regime that makes 
the best use of scarce public and private sector resources. It 
is clear to me that our existing framework puts heavy burdens 
on financial institutions and appears to emphasize compliance 
with rigid standards over efficacy. We need to be looking at 
how technology, innovation, and greater cooperation can be 
employed to yield better results in this fight.
    President Trump wrote in his letter marking the 
International Day Against Drug Abuse and Illicit Trafficking, 
``We will not stand idle as our families are devastated, our 
communities are hollowed out, and our Nation's future is 
diminished.'' I could not agree more with that sentiment. And 
the work that we are doing here today is an example of Congress 
taking action to bolster our defenses against illicit financing 
and to bring down the criminals who cause so much pain in 
communities across this country. We have a moral obligation to 
achieve these ends.
    I thank the chairman, and I yield back.
    Chairman Luetkemeyer. The gentleman yields back.
    The Chair recognizes the gentleman from North Carolina, the 
vice chairman of our Subcommittee on Terrorism and Illicit 
Finance, Mr. Pittenger.
    Mr. Pittenger. Thank you, Mr. Chairman. And I appreciate 
you holding this important examination of the Bank Secrecy Act 
and our AML/CFT compliance regime.
    In addition to serving on this subcommittee, as you stated, 
I do serve as vice chairman of our Subcommittee on Terrorism 
and Illicit Finance, which is also strongly engaged in this 
topic. I am also encouraged that both subcommittees are taking 
a hard look at BSA modernization. We will need both 
subcommittees' expertise if we are to establish a streamlined 
and effective regime to protect our financial system from 
illicit use.
    As we examine the BSA, this committee should explore 
innovative technologies and policies that can facilitate 
compliance and targeted information sharing. The goal should be 
getting the most relevant, timely, and actionable information 
into the hands of our financial regulators and law enforcement 
while providing targeted data sharing from the government to 
financial institutions with privacy and civil liberty 
protections that will limit the focus and oversight of 
financial institutions.
    We have a great opportunity to achieve this goal, and I 
look forward to the testimony of our witnesses and their 
suggestions for where we can improve and modernize our current 
system.
    Thank you, and I yield back.
    Chairman Luetkemeyer. The gentleman's time has expired.
    Today, we welcome the testimony of Ms. Faith Lleva 
Anderson, senior vice president and general counsel for 
American Airlines Federal Credit Union, on behalf of the Credit 
Union National Association; Mr. Greg Baer, president, The 
Clearing House Association; Mr. Lloyd DeVaux, president and CEO 
of Sunstate Bank, on behalf of the Florida Bankers Association; 
and Ms. Heather Lowe, legal counsel and director of government 
affairs, Global Financial Integrity.
    Before we recognize the witnesses, I would like to ask 
unanimous consent that the gentleman from Florida, Mr. Ross, be 
recognized for the purpose of making a brief introduction. 
Without objection, the gentleman from Florida is recognized.
    Mr. Ross. Thank you, Mr. Chairman. And it is my pleasure to 
introduce one of our witnesses today, Mr. Lloyd DeVaux, 
president and CEO of Sunstate Bank in Miami, Florida.
    In addition to his position with Sunstate, Mr. DeVaux 
serves on the Board of Directors and Executive Committee of the 
Florida Bankers Association (FBA), and he is testifying today 
on behalf of more than 100 Florida banks represented by the 
FBA.
    Mr. DeVaux brings over 25 years of experience in the 
banking industry to today's hearing, including 12 years as 
chief operating officer with BankAtlantic and City National 
Bank of Florida prior to joining Sunstate Bank in July of 2014.
    Founded in 1999, Sunstate Bank is one of Florida's most 
vibrant community banks--and we want to see you continue to be 
a vibrant community bank--with 3 locations and 45 employees 
serving the Miami-Dade County region.
    We are fortunate to have Mr. DeVaux here today to provide 
us with insight into the role of community banks in Florida and 
across the Nation in the fight against money laundering and 
terrorist financing. I want to thank the chairman for calling 
upon Mr. DeVaux to share with us the community and the Florida 
bank perspective on this important issue.
    And thank you to Mr. DeVaux and the rest of the witnesses 
today. We look forward to your testimony.
    I yield back.
    Chairman Luetkemeyer. Thank you, Mr. Ross. That is such 
compelling testimony there, I might want to make a deposit to 
Mr. DeVaux's bank. Thank you.
    Each of the witnesses will be recognized shortly here for 5 
minutes to give an oral presentation of your testimony. And 
without objection, each of your written statements will be made 
a part of the record. Briefly, the lighting system, for those 
of you haven't been here before, green means go. When the 
yellow light comes on, it means you have a minute. So be ready 
to start wrapping up. And when you hit the red, that means we 
need to stop and move on.
    A couple of quick notes. We may be interrupted by votes--we 
are looking at votes sometime around 4:00, 4:15. If we do, and 
we are not done, we may ask the witnesses to please return or 
stay put here, and then we will return as quickly as we can. If 
not, we will hopefully be able to wrap up shortly.
    The other thing is, for those Members who are asking 
questions, we have a large turnout today, so if you can keep it 
within the 5 minutes, that would be great.
    Ms. Anderson, you are recognized for 5 minutes.

 STATEMENTS OF FAITH LLEVA ANDERSON, SENIOR VICE PRESIDENT AND 
  GENERAL COUNSEL, AMERICAN AIRLINES FEDERAL CREDIT UNION, ON 
     BEHALF OF THE CREDIT UNION NATIONAL ASSOCIATION (CUNA)

    Ms. Anderson. Thank you, Chairman Luetkemeyer, Ranking 
Member Clay, and members of the subcommittee. Thank you for the 
opportunity to testify on this important topic.
    I am Faith Lleva Anderson, the senior vice president and 
general counsel for American Airlines Federal Credit Union, 
headquartered in Fort Worth, Texas. I am also the Vice Chair of 
the Consumer Protection Subcommittee of the Credit Union 
National Association, on whose behalf I am testifying today.
    American Airlines Federal Credit Union proudly serves over 
274,000 members. We began as a single-sponsor credit union for 
American Airlines over 80 years ago. Following 9/11, we 
extended our membership beyond American Airlines employees to 
include air transportation groups, such as TSA and FAA 
employees.
    My credit union's asset size is $6.5 billion, which is 
quite small compared to regional or national banks. Like all 
credit unions, we are a not-for-profit institution owned by the 
very members we serve and are established to promote thrift and 
provide access to credit for provident purposes.
    American Airlines Federal Credit Union is committed to 
financial security compliance and applies whatever resources 
necessary to ensure our operations are solid and our members 
are protected. However, since the 2008 economic crisis, credit 
unions have been subject to more than 200 regulatory changes 
totaling nearly 8,000 Federal Register pages. The new 
regulatory regime makes Bank Secrecy Act and anti-money-
laundering regulatory compliance even more daunting.
    Nevertheless, my credit union has a staff dedicated to 
ensure we fully comply with BSA/AML requirements. We conduct 
detailed recordkeeping and spend thousands of hours and dollars 
on due diligence. In fact, due to increasing BSA requirements, 
we have split our BSA department into two separate sections, 
one to work on the investigative side and one to work on the 
risk side. This adjustment was made so my credit union could 
efficiently keep up with the many filing and recordkeeping 
requirements.
    Of all the requirements on BSA/AML, the most burdensome and 
time-consuming are investigating open suspicious activity 
report cases, monitoring the members' accounts and transaction 
activity for unusual behavior, conducting the exhaustive 
research on an average of 600 potential suspicious activity 
scenarios per month, and filing these reports, as well as 
currency transaction reports.
    It generally takes my credit union 3 to 5 days to process 
an average suspicious activity report for one case, and we have 
about 30 to 40 filings per month.
    In addition, quality control is costly and time-consuming. 
Preparing for our annual exam on BSA/AML compliance requires 
the work of 3 full-time professional staff members and takes 
about 2 full months. This time is dedicated to ensuring reports 
are filed accurately, the risk assessments are completed, and 
there have been no mistakes made to the process and filings.
    My credit union dedicates a great amount of time, staff, 
resources, and money to BSA/AML requirements. The median size 
of a credit union is less than $30 million in assets with a 
total staff of just 8 employees. The reality is the cost of 
technology for monitoring and ensuring compliance with BSA/AML 
regulations is disproportionately burdensome on smaller and 
less complex institutions.
    Nevertheless, with the changes outlined in my written 
testimony, the Federal Government can ease the compliance 
burden for financial institutions while maintaining the 
protections needed. We urge legislative and regulatory changes 
to address the redundancies, unnecessary burdens, and 
opportunities for efficiencies within the BSA/AML statutory 
framework.
    In particular, we support changes to minimize the 
duplication of the same or similar information, provide 
additional flexibility based on the reporting institution type 
or level of transactions, curtail the continually enhanced 
customer due diligence requirements, increase the currency 
transaction reporting threshold, reduce defensive filings, 
simplify the reporting requirements of suspicious activity 
reports, and allow for greater regulatory and examination 
consistency among regulators.
    My written testimony provides details on issues that credit 
unions face regarding BSA/AML compliance and also outlines 
common-sense changes. Credit unions are committed to the fight 
against terrorism and related crimes. I hope my testimony will 
help this subcommittee find the balance between protection and 
undue burden.
    Thank you.
    [The prepared statement of Ms. Anderson can be found on 
page 46 of the appendix.]
    Chairman Luetkemeyer. Thank you, Ms. Anderson.
    Mr. Baer, you are recognized for 5 minutes.

     STATEMENT OF GREG BAER, PRESIDENT, THE CLEARING HOUSE 
                          ASSOCIATION

    Mr. Baer. Thank you, Chairman Luetkemeyer, and members of 
the subcommittee.
    Over the past year, The Clearing House has devoted 
substantial resources to analyzing the current system for anti-
money-laundering and countering the financing of terrorism. 
Today, I will present some of the conclusions that we have 
reached.
    Our current AML/CFT system is broken. It is extraordinarily 
inefficient and outdated and driven by perverse incentives. 
Fundamental change is required to make that system an effective 
law enforcement and national security tool and reduce 
collateral damage it is doing to global development, financial 
inclusion, and other U.S. policy interests.
    I will begin with an analogy. Imagine an army where 
officers are evaluated based not on how their units behave in 
battle, but rather based on the accuracy and punctuality of 
their expense reports and the casualties suffered by the unit. 
The auditors do not have sufficient security clearance to be 
briefed on the battles that have occurred or read any after-
action report. Thus their audits reflect only the losses 
suffered by the unit itself, not the casualties inflicted by 
the enemy.
    What sort of an army would this system produce? One led by 
officers averse to outside-the-box thinking and risky advances 
and more inclined to entrench their positions and excel at 
paperwork. This army inevitably would be led by a George 
McClellan, not an Eisenhower or a Patton.
    The U.S. AML/CFT regulatory regime circa 2017 is not 
dissimilar. Law enforcement and national security officials are 
the end users of the information that banks produce. They value 
a risk-based approach to AML/CFT with banks using innovative 
approaches that detect the most dangerous crimes. But 
compliance with AML/CFT rules is not examined or enforced by 
law enforcement or national security officials, but rather by 
bank examiners.
    These examiners are in a no-win position. On the one hand, 
they are excluded when the bank they examine is pursuing real 
cases with law enforcement and national security and receive no 
credit for those cases. But if something goes wrong, if a 
corrupt official or organization turns out to be a client of 
the bank they examine, the examiner takes the blame.
    Thus the rational response is to focus on what they know 
and control, extremely detailed policies and procedures and 
simple metrics, for example, the number of computer alerts 
generated, the number of suspicious activity reports filed, and 
the number of compliance employees hired.
    What gets measured gets done, and providing valuable 
intelligence to law enforcement or national security agencies 
does not get measured. Writing policies and procedures and 
filing a lot of SARs does.
    So almost 2 million SARs are filed per year now. The 
largest banks file one SAR per minute. Even then, the value of 
those SARs to their end users is not measured, so the measure 
of success is generally volume alone.
    The greatest cost of this dysfunction is an opportunity 
cost. Emerging technology has the potential to make the AML/CFT 
regime dramatically more effective. Artificial intelligence and 
machine learning could revolutionize this area, and banks 
continue to discuss ways to utilize those technologies.
    But those strategies require feedback loops which do not 
exist in the current SARs system. They also require a mandate 
from government to shift resources from investigating and 
filing SARs on low-dollar crimes and instead investing in 
modern methods for detecting high-impact crimes and terrorist 
activity. Law enforcement and national security currently have 
no authority to provide that mandate.
    Another cost to the current system comes as banks are 
pushed to eliminate clients in countries or industries that end 
up creating political risk, so-called derisking. Here, a whole 
other group of government stakeholders has concerns: global 
development officials concerned about human suffering in 
countries cut off from correspondent banking and remittances; 
trade officials worried that American business will have to 
retreat along with American banks; and diplomatic officials 
concerned about a lack of influence when U.S. companies leave.
    Again, though, these agencies play no role in the current 
system, and Federal prosecutors seeking record fines when a 
problem does develop do not internalize those costs.
    In 2016, the Clearing House convened at two symposia a 
remarkable group of stakeholders, including foreign policy, 
development, and technology experts. Their goal was not to save 
banks money, but to do what is right for this country. The 
resulting report is attached to your testimony.
    You will see numerous recommendations in that report. The 
most important one, though, is for the Department of the 
Treasury to play a strong leadership role in setting priorities 
for the system. This should include reclaiming, through FinCEN, 
supervisory authority over the largest internationally active 
banks which filed a majority of SARs and present the toughest 
issues. A dedicated FinCEN examination team for this group of 
firms could receive appropriate security clearances, meet 
regularly with law enforcement, and work to develop metrics in 
this area. Most importantly, it could establish priorities and 
stick to them.
    Finally, one important change to the current regime does 
require legislation: ending the use of shell companies with 
anonymous ownership. I was pleased to appear this morning with 
Congresswoman Maloney to endorse the Corporate Transparency Act 
that she is cosponsoring with Congressman King and a bipartisan 
group of Members. I hope to discuss it further this afternoon.
    Thank you very much for your time, and I look forward to 
your questions.
    [The prepared statement of Mr. Baer can be found on page 59 
of the appendix.]
    Chairman Luetkemeyer. Thank you, Mr. Baer.
    Mr. DeVaux, you are recognized for 5 minutes.

   STATEMENT OF LLOYD DEVAUX, PRESIDENT AND CHIEF EXECUTIVE 
   OFFICER, SUNSTATE BANK, ON BEHALF OF THE FLORIDA BANKERS 
                          ASSOCIATION

    Mr. DeVaux. Chairman Luetkemeyer, Ranking Member Clay, and 
members of the subcommittee, my name is Lloyd DeVaux. I am 
president and CEO of Sunstate Bank, a community bank founded in 
1999 with $200 million in assets and 3 locations in Miami-Dade 
County in south Florida. Sunstate Bank has 45 employees and 
focuses on the needs of small businesses, consumers, and real 
estate investors, including nonresident aliens.
    I appreciate the opportunity to be here today to discuss 
the challenges in complying with the Bank Secrecy Act. Clearly, 
BSA compliance is an important building block for our national 
security. But the world has drastically changed since it was 
first adopted in 1970. As the United States takes steps to 
combat terrorism and financial crime, now is the time to update 
BSA compliance in order to develop a system suited for the 21st 
Century.
    The resources devoted to compliance, especially BSA 
compliance, are significant for a bank our size. Sunstate Bank 
has seven people in compliance, six of whom are just in BSA. 
BSA is our largest department. We have only four full-time 
lenders. That means we have fewer staff devoted to making loans 
that benefit the community than we have devoted to compliance.
    Our experience is not unique. In 2007, 14 percent of the 
Florida banks had 5 or more BSA officers. Today, 38 percent 
have 5 or more. While some of this increase is due to 
acquisitions, much has been driven by regulatory pressure and 
the heightened regulatory risk of enforcement actions.
    This is not a recipe for success. Direct BSA expenses were 
more than 10 percent of the bank's total expenses in 2016. The 
more we spend on compliance, the less we spend on services for 
our communities. Every $100,000 spent on compliance translates 
to a million dollars less that we can lend.
    The added cost of BSA compliance on top of the significant 
cost of the Dodd-Frank Act has led to the disappearance of many 
smaller banks in Florida. For example, 111 banks merged or sold 
after Dodd-Frank was enacted. That is a consolidation of 50 
percent of all Florida banks in just 7 years.
    Even more important than the direct cost of BSA compliance 
is the impact on our customers. For example, many legal 
businesses are labeled high risk by the regulators. This means 
banks must collect more data, do more analysis, provide more 
oversight, and engage in more site visits, all of which 
translates to higher costs for us and our customers.
    The best option in many cases is not to bank certain 
industries and certain customers and to even ask existing 
customers to close their accounts. From the bank's perspective, 
the economics of compliance make it unprofitable to maintain 
certain accounts.
    This has serious drawbacks. First, it makes no sense to 
create a system that drives legitimate customers outside the 
formal banking system to less regulated or even unregulated 
providers. Second, it creates a series of financial 
transactions that may not be reported or available to law 
enforcement. Third, it can create a shadow financial system 
that is readily available for criminals and terrorists.
    We need to modernize our approach. Banks should not be 
serving as undeputized law enforcement agents. For example, 
rather than doing a full-blown investigation on a suspicious 
transaction, banks should file a short suspicious activity 
report and let law enforcement agents do what they are trained 
and qualified to do.
    Moreover, the partnership between law enforcement and the 
private sector needs to be a two-way street to succeed. Banks 
produce a huge amount of information but seldom get any 
feedback on its use or its effectiveness. More communication 
from law enforcement is needed to help banks focus resources in 
more useful ways. We also need to eliminate red tape that 
restricts bank from sharing information with each other.
    Finally, we need to focus on real risk appropriate to the 
institution. For example, many of the 5 to 10 percent of our 
customers who are considered high risk by the regulators would 
not even be on the radar of very large banks. Our customers 
complain all the time that small banks are asking questions 
that larger banks never ask.
    We all want to fight money laundering and terrorist 
financing. We only asked that regulation be sensible so that 
resources are used in a wise and efficient manner to combat the 
crime.
    Thank you for holding this hearing today. I look forward to 
answering your questions.
    [The prepared statement of Mr. DeVaux can be found on page 
102 of the appendix.]
    Chairman Luetkemeyer. Thank you, Mr. DeVaux.
    Ms. Lowe, you are recognized for 5 minutes.

  STATEMENT OF HEATHER A. LOWE, LEGAL COUNSEL AND DIRECTOR OF 
        GOVERNMENTAL AFFAIRS, GLOBAL FINANCIAL INTEGRITY

    Ms. Lowe. Chairman Luetkemeyer, Ranking Member Clay, and 
members of the subcommittee, thank you very much for the 
opportunity to address you here today. You have my biographical 
details in front of you, so I won't belabor that.
    I hope my contributions to today's hearing will help you 
make measured and informed decisions that are really in the 
public's interest as well with respect to the U.S.'s AML 
regime. In my written testimony, which is about 17 pages, I 
provide information and opinions regarding trends in 
compliance, suspicious activity reports, know your customer 
(KYC) and customer due diligence, and balance of activity and 
obligations between FinCEN, the regulators, and the private 
sector.
    And I would stress balance. I do think that is really 
important here, and that is something that has been mentioned 
by other panelists today. Some of my remarks also directly 
address some of the proposals by The Clearing House.
    So to summarize some of my key points in my testimony, the 
first point is that money laundering and the technology that 
can help us combat both are evolving. And in light of this, it 
is appropriate to consider whether changes to our regulatory 
structure should be made.
    Equally, however, it is critical that Congress understands 
and carefully weighs the potential benefits against the 
potential ramifications that may be negative before making 
decisions in this area. Regulation and enforcement are 
primarily dissuasive measures because they can carry potential 
liability and we should be very careful when we decrease those 
dissuasive measures.
    The second point I really wanted to stress here is that AML 
compliance and reporting is undertaken by a really wide range 
of entities and persons going far beyond the banking sector. 
You have bankers in front of you today. But any proposed 
changes being considered should really be looked at in light of 
that wide range of actors, those types of entities and persons.
    Third, some types of entities and persons should be 
required to have AML programs in place but currently don't, 
such as those involved in real estate closings, lawyers, and 
others. The banking sector cannot and should not carry this 
responsibility alone, especially where these persons act as 
proxies to open the door to the U.S. financial system for 
criminals and their money.
    Fourth, Congress should request from the various regulators 
data regarding formal and informal enforcement actions 
pertaining specifically to AML/BSA violations and deficiencies 
so that they are better able to independently assess the 
appropriateness of the enforcement regime currently in place.
    Fifth, I wanted to point out as well that both small banks 
and large banks have been the subject of major money laundering 
cases. You don't often see the smaller banks in the news and 
hitting the national news, because they tend to be considered a 
local matter.
    Sixth, enforcement against money laundering is primarily 
through the identification of regulatory infractions as opposed 
to through criminal charges of actual money laundering. This 
may be because it is easier to find the evidence of regulatory 
infractions, the burden of proof is lower, the cost of doing so 
is far less than pursuing criminal money laundering charges. 
But the dissuasive effect is just as great.
    However, when one looks at the cases where enforcement was 
merely through identification of deficiencies of AML systems 
and filing requirements, the hallmarks of serious criminal 
money laundering are in those cases. As a result, decreasing 
the ability to enforce using the regulatory approach may have 
serious negative repercussions on compliance and ultimately 
criminal access to the U.S. system.
    My seventh point is that suspicious activity reports are 
meant to be just that, reports of suspicious activity. 
Requiring bank employees to determine if activity is, in fact, 
illegal before filing a SAR, as has been recommended by The 
Clearing House, would actually be counterproductive, I think, 
in a lot of ways, including increasing the burden on bankers 
who would have to then actually make a legal determination that 
they didn't previously have to make.
    I do think that there are some issues with respect to how 
much information needs to be provided on SARs and how much 
background work banks need to do before filing those, and I 
think that is something that we should really seriously 
discuss. But that bright line, illegal/legal line, I think, is 
very counterproductive.
    Eighth, The Clearing House also recommends that greater 
information-sharing take place among banks and with the 
government in a number of ways. We generally support that 
greater sharing of information in the AML area, but it has to 
be done with appropriate privacy safeguards. Where it may 
result in people being, essentially, debanked, there has to be 
some sort of system for redress for people to be able to prove 
that what they are doing is legitimate activity, and we need to 
be taking that into account.
    Ninth, it is critical that information about the natural 
persons who own and control companies, otherwise known as the 
beneficial owners, is finally collected by either the State or 
the Federal Governments and that it is made available to so 
both law enforcement and to the financial institutions. 
Companies with unknown or hidden ownership are the number one 
problem in the AML world, and the U.S. cannot continue to allow 
our failure to act here to put the U.S. and the global 
financial system at risk.
    I am really pleased that this morning a bipartisan bill was 
introduced in both the House and the Senate to do just that. We 
wholeheartedly support the Corporate Transparency Act and thank 
Representatives Maloney, King, and Royce for introducing the 
House bill.
    Tenth, I would strongly caution against transferring 
responsibility for setting AML priorities for individual banks 
from those banks to FinCEN. Banks really are best placed to 
understand their business and their systems and the money 
laundering risks that are inherent in those things. They really 
need to be able to create--
    Chairman Luetkemeyer. Can you wrap up pretty quickly?
    Ms. Lowe. Don't I have another minute? No?
    Chairman Luetkemeyer. You had 5 minutes.
    Ms. Lowe. Oh, I'm sorry.
    Chairman Luetkemeyer. Everybody else had 5 minutes.
    Ms. Lowe. Am I--
    Chairman Luetkemeyer. You are way over.
    Ms. Lowe. I am on the wrong side of 5 minutes. That would 
explain it. I apologize. I thought I had a minute left.
    Chairman Luetkemeyer. We thank for your testimony. 
Hopefully, you can delve into more of your suggestions here as 
we go through the discussion.
    Ms. Lowe. Sure.
    [The prepared statement of Ms. Lowe can be found on page 
114 of the appendix.]
    Chairman Luetkemeyer. Thank you.
    Without objection, the gentleman from Ohio, Mr. Davidson, 
is permitted to participate in today's subcommittee hearing. 
Mr. Davidson is not a member of the subcommittee, but he is a 
member of the full Financial Services Committee, and we 
appreciate his interest in this topic, and welcome his 
discussion here when he returns.
    With that, I recognize myself for 5 minutes for questions.
    It was interesting to hear your discussion, and I certainly 
appreciate everybody's testimony this afternoon. There were 
lots of interesting comments from the standpoint of Mr. Baer's 
analogy to the army with regards to how this whole structure is 
working, I thought that was pretty enlightening, and bankers 
have become law enforcement officers instead of being bankers. 
I think we need to put everybody back in their own pew.
    But I was interested in your discussion, Mr. Baer, when you 
talked about some of the technology that can actually help 
detect some of this stuff. I know with the fintech explosion 
here it seems like there is a lot of ability to go in and 
assess data. And is there a place for that, are we doing that 
now, or are we not doing that?
    Because it would seem to me that we can figure out what 
kind of magazine I would like to read based on all the things 
in my background here--where I do business, what I eat, where I 
go--and yet, we are not doing that with regards to suspicious 
activities.
    Mr. Baer. It is a great question. Among the experts we 
considered or consulted in our work were folks who were experts 
in big data and AI.
    And just as background, I think what is important to 
understand is the SAR database was created 25, 30 years ago for 
a very different purpose. It was a suspicious activity report 
where there were a sufficiently small number of them that one 
of them was read by an Assistant United States Attorney (AUSA) 
somewhere in this country. So they were actually written to be 
read, every one read by someone.
    Now that we have almost 2 million filed per year, there is 
no one reading them in the first instance. Instead, what law 
enforcement does is word searches against that database. The 
banks also do searches against the database, basically looking 
for patterns.
    So we have gone from sort of providing leads in a very 
personal way to a prosecutor to basically having a big bunch of 
data, and what do you do with that data? And that is where the 
system has never caught up, because the first thing we heard 
from the big data folks is you have to have a feedback loop. If 
you want your algorithms to get smarter, you have to know for a 
given SAR, is that a good SAR or a bad SAR?
    They have even proposed you should just have law 
enforcement have a green button and a red button for good SAR 
or bad SAR. That would actually make things work a lot better. 
But there are a lot of other concepts like that that you could 
apply once you start thinking about that database in terms of a 
searchable bunch of data as opposed to an individual lead.
    Also, you could think about--and I think Mr. DeVaux was 
talking about this--the format of it. When it was an individual 
lead to be read, it had to be very carefully written in great 
syntax and reviewed at three levels. But if it is just going to 
be searched, do you even need a paragraph? Can you just dump in 
the data from the underlying account?
    So those are the kinds of questions that aren't being faced 
now.
    Chairman Luetkemeyer. Okay. Very good.
    Mr. DeVaux, you are in the trenches every day. You deal 
with this every day. So can you explain to me the impact of the 
rules and regulations presently on your--you kind of outlined 
it with regards to the numbers of people in there. But are you 
finding problems? Are you finding people who do illicit 
activities with the process that we have? Or can you give us 
ideas on how to do something different that would actually 
streamline the process so that you don't have to have more 
compliance officers than you do loan officers?
    Mr. DeVaux. Thank you, Mr. Chairman.
    To give you an example, when you set a customer up in your 
system, you build a profile on that customer. If that customer 
deviates from the profile, the BSA area gets an alert. We got 
7,100 alerts last year. We filed 29 total SARs, 15 from alerts. 
We had to go through every one of those alerts. And any alert 
that creates suspicious activity is then turned into an 
investigation.
    Chairman Luetkemeyer. Okay. Let me interrupt for just one 
second. Do you the investigating or does law enforcement do the 
investigating?
    Mr. DeVaux. The bank.
    Chairman Luetkemeyer. The bank does the investigating.
    Mr. DeVaux. The bank's BSA department does an 
investigation. And it may eventually lead to a SAR. Last year, 
we filed 29 SARs; 15 were generated from the alerts. So we did 
7,100 alerts turning into 15 SARs. That is a lot of work. About 
7 or 8 percent of our accounts are high risk, and that is what 
generates a lot of our alerts.
    Chairman Luetkemeyer. Okay. Very good.
    I think you made a comment also with regards to the 
consistency of the rules. I think you made the comment with 
regards to being a small bank, that a lot of times, you are 
looked at differently than larger banks with regards to your 
client base. Can you expand on it for just a second?
    Mr. DeVaux. Yes, sir. Thanks.
    We run our database to determine how many high-risk 
accounts we have. And we have had regulators come back and tell 
us that number is not high enough, you can't just have 4 
percent high risk, you need to have 6 or 8 percent high risk. A 
high-risk account is a high-risk account. It shouldn't be 
determined by an arbitrary number.
    Chairman Luetkemeyer. So they are asking you to go in and 
fudge the numbers, then, so you get to a higher number? Because 
I would assume you are giving the actual amount of high-risk 
business in your book of business.
    Mr. DeVaux. The way the high risk is built is by parameters 
associated with the country they are doing business with, the 
amount of money they are running through the account, etc. So 
if you set the level of account transactions at a higher or 
lower level, you will generate more or less alerts. So, they 
are saying, and I wouldn't use the word ``fudge,'' but they are 
basically saying you need to decrease your high-risk account 
parameters to pick up more alerts.
    Chairman Luetkemeyer. Okay. Thank you very much. My time 
has expired.
    With that, we will recognize the gentleman from Georgia, 
Mr. Scott, for 5 minutes.
    Mr. Scott. Thank you very much, Mr. Chairman.
    Mr. Baer and Mr. DeVaux, I would like to, first of all, 
direct this to you two to respond.
    Last month, in May, we received a report from the FBI's 
Internet Crime Complaint Center. And according to this report, 
attempts at cyber wire fraud globally surged in the last 
several months of 2016. Fraudsters sought to steal some $5.3 
billion in schemes where they pretended to be trusted business 
associates requiring wire transfers. And this spike in fraud 
saw a total number of business email companies' cases almost 
doubled from May to December of last year, rising to 40,000, up 
from just 22,000.
    So, Mr. Baer, I listened to your testimony, and I want you 
to address the issue of these financial innovation units. It 
seems to me that you are sort of plowing down this road as a 
possible way of dealing with this. And so my understanding is--
don't get me wrong--is that we need to provide regulatory safe 
harbors to these financial innovation units or institutions so 
that these units can operate in a sandbox outside of bank 
examiners' sanctions.
    Now, that is a lot. What is the sandbox? How well does this 
work? Is this a pattern we have to follow on?
    And then, Mr. DeVaux, I would like for you to agree or 
disagree.
    Mr. Baer?
    Mr. Baer. Sure. In some ways it is unfortunate that you 
actually have to request a safe harbor or a sandbox in order to 
do the right thing, which is to innovate and try to find more 
interesting ways--or more effective ways to catch very bad 
people doing bad things.
    The problem that has arisen, however, and we have heard 
this from multiple banks, is that--and to some extent this gets 
back to Mr. DeVaux, where there is a certain number of alerts 
that are expected or a certain number of SAR filings--when you 
are trying out a new way of identifying criminal behavior, you 
don't have policies and procedures for that. You are 
experimenting. You may not know what the yield is supposed to 
be. If you have a new algorithm, you don't know how many alerts 
that is supposed to trigger.
    And yet banks do face criticism when they do that. And so 
what they are really saying is, yes, we will comply with all 
the rules that we are complying with currently, but we want to 
have the chance to innovate and find new ways to do this, which 
I would hope could be relatively uncontroversial.
    Mr. Scott. Let me tell you a little bit of my concern about 
this. In providing a regulatory sandbox approach to combating 
terrorism, could we be hurting the very people we are trying to 
help if financial institutions can operate in a sandbox like 
this?
    Mr. DeVaux?
    And, Mr. Baer, you can chip in too.
    Mr. DeVaux. I think fighting BSA crime is a team effort 
across-the-board. The question for me is which members of the 
team should be doing what. For banks, we get very little 
feedback on what works and what doesn't work.
    Mr. Scott. You get very little feedback from whom?
    Mr. DeVaux. From law enforcement, from FinCEN, from the 
people who actually receive our BSA product, our SARs, any 
reports, our OFAC hits, our 314 hit lists of suspected 
terrorists.
    So if we get no feedback, it is very hard for us to know 
what works and what doesn't work. But if we make a mistake, we 
know very quickly what we did wrong. And it may not have been 
any type of transaction or illegal money moving. It could have 
been just that they didn't like our policy, they didn't like 
our program.
    It seems there has to be some kind of safe harbor to say, 
you have a decent program. One of the analogies I use from my 
old farming days is we are looking for a needle in a haystack 
with BSA. If we can make that haystack smaller, we have a 
better chance of finding that needle.
    So why don't we look at the things that work and do those 
and maybe do more of those, and look at the things that don't 
work and let's stop doing that.
    Mr. Scott. So one of the things that you are saying that 
has worked are these financial units. You don't see a problem 
there?
    Mr. DeVaux. No, not at all.
    Mr. Scott. Okay. And the fact that so many of them are 
manned by former law enforcement people certainly could help 
with getting the communications.
    Is that right, Mr. Baer?
    Mr. Baer. Yes. And I wanted to add too, although there 
aren't really policies and procedures for it, banks of all 
sizes are very good, I believe, about alerting law enforcement 
when they actually see something that is truly suspicious, as 
opposed to just an alert you have to file because it hit some 
parameter. There is actually a term for this now called ``super 
SAR.'' And banks actually walk those into the U.S. Attorney's 
Office or the FBI, or whomever, and say, look, we filed the SAR 
like we always do, but this one really means it.
    Mr. Scott. All right. Thank you, sir.
    Chairman Luetkemeyer. The gentleman's time has expired.
    The gentleman from Pennsylvania, Mr. Rothfus, is recognized 
for 5 minutes.
    Mr. Rothfus. Thank you, Mr. Chairman.
    Mr. Baer, in your testimony, you described the current AML 
regime as, ``inefficient and outdated and driven by perverse 
incentives.'' You described a system where financial 
institutions face broad reporting requirements and file large 
numbers of SARs, some of which are purely defensive in nature.
    I think we can all agree that our BSA/AML regime should 
seek to provide law enforcement with actionable intelligence 
that they can actually use rather than volumes of SARs that 
waste resources and provide minimal value to law enforcement.
    With this in mind, do you believe that the provisions of 
the Bank Secrecy Act with respect to required reports of 
suspicious activity by financial institutions are overly broad 
and, as a result, produce too many reports that are not 
particularly useful to law enforcement?
    Mr. Baer. It is a great question and it is very difficult 
to answer. There was a time when we used to say there were too 
many SARs and it was adding hay to the haystack and making it 
more difficult to find needles. That was when someone was 
actually reading every SAR.
    You can actually argue now that no one is reading them in 
the first instance and you are just running word searches 
against them. Why not have more SARs? That is just more data to 
search.
    The real problem there, though, and with a SAR database 
is--again we have heard this from the big data folks--that the 
SAR database is filled with noise because you're filing a bunch 
of SARs on low-level, low-dollar offenses that no Federal 
prosecutor would ever look at, and then it is really the 
absence of a feedback loop.
    It is just not a smart database. It is not necessarily more 
or less, it is more, how are you going to search that database 
and how are you going to get feedback so that you are searching 
it smarter and smarter every day?
    Mr. Rothfus. Are there any changes you would suggest to the 
reporting requirements, or is it more the feedback loop that 
you are looking at here?
    Mr. Baer. On the reporting requirements, for example, there 
is no dollar limit for insider abuse. So if you think a teller 
is taking some money and decide to let him or her go, you 
actually have to decide whether to file a SAR on that, even 
though, again, there is no Federal law enforcement official in 
the world who will ever bring a case on that.
    The dollar limits have not been raised, I believe, since 
the BSA was originally enacted with regard to other low-level 
offenses. So for a $2,000 theft, you are filing a SAR.
    And I think as both Ms. Anderson and Mr. DeVaux noted, that 
is a lot of resources, because you actually have to investigate 
those like a law enforcement agency. And so you could take 
massive resources away from those low-product, low-utility 
efforts and put them to much more useful purposes.
    Mr. Rothfus. The report that The Clearing House issued, 
``Redesigning the U.S. AML/CFT Framework,'' discusses the 
possibility of setting up a no-action letter procedure at 
FinCEN. This would allow financial institutions to query FinCEN 
on enforcement issues. Could you describe how you would 
envision no-action letters working in this context?
    Mr. Baer. I will give you one example. With respect to 
sharing of information among firms under 314(b), that is 
actually permitted with respect to two categories of offenses: 
anti-money-laundering; and terrorist financing.
    It is not quite clear what anti-money-laundering means with 
respect to that exception, because just about any crime 
involves having to launder the proceeds of it. So, for example, 
in that area, you would be able to write in and say, ``Is this 
sort of offense the kind where I could share information with 
another financial institution to the extent I am investigating 
that conduct?''
    But there are millions of questions like that where firms 
have a very difficult time knowing what the exact right answer 
is and are at great risk if they get it wrong.
    Mr. Rothfus. Mr. DeVaux, in your testimony, you suggested 
that there are deficiencies in how Section 314(b) of the USA 
PATRIOT Act has been implemented. As you know, this section 
encourages banks to share information with each other. 
Specifically, you wrote, ``The restrictions and red tape 
surrounding its use make it impractical.''
    What are some of these restrictions that hinder bank-to-
bank cooperation?
    Mr. DeVaux. There are always privacy issues related to 
sharing information. In order to share information with another 
bank, you have to first file with FinCEN. And before you share, 
you have to also be certain that the other institution has 
filed with FinCEN. And then you can share information.
    And the process is not as smooth as it should be in terms 
of having to go through that procedure. Many banks do not do 
it. They just don't share the information.
    Mr. Rothfus. Ms. Anderson, in your testimony, you wrote 
that it takes your credit union 3 to 5 days to process an 
average SAR for one case from beginning to end, and American 
Airlines Federal has 30 to 45 filings per month. How has 
technology helped to mitigate this compliance burden?
    Ms. Anderson. We use a system that generates the cases. And 
so what we do to eliminate false positives is once a year, we 
look at the rules that we have established in the system so 
that we can eliminate the false cases, which takes time, 
because the ones that I mentioned where it takes 3 to 5 days to 
research, it takes that long for a true SAR, because you have 
to look at the deposits, you have to look at the lending 
system, you have to look at what is in your imaging system.
    There is a lot of research in the background to truly grasp 
what is going on, especially if a lot of individuals are 
involved. And then you have to look at all those accounts.
    So what we try to do once a year is we do a quality review, 
and we look at our rules to eliminate those that have false 
positives.
    Mr. Rothfus. I yield back. Thank you, Mr. Chairman.
    Chairman Luetkemeyer. The gentleman yields. His time has 
expired.
    The gentlelady from New York, Mrs. Maloney, is recognized 
for 5 minutes.
    Mrs. Maloney. Thank you very much, Mr. Chairman.
    And I thank all the panelists for your testimony.
    Mr. Baer, I would like to ask you about the Beneficial 
Ownership bill. You and your organization, The Clearing House, 
have been extremely helpful on this bill and we deeply 
appreciate your support. And I want to thank you for that. But 
we both share a common goal, which is to prevent terrorists and 
criminal organizations from using the U.S. financial system to 
move their money around.
    And as you know, the Corporate Transparency Act will allow 
financial institutions to have access to the same beneficial 
ownership information that law enforcement has, because we want 
financial institutions to know their customers, and they can't 
know their customers if they don't know who owns the 
corporation.
    Can you talk about why it is important for both law 
enforcement and financial institutions to have accurate 
beneficial ownership information?
    Mr. Baer. Sure. Thank you, Congresswoman.
    Actually, I think you noted this morning, which I think is 
a really important point, that the greatest benefit from that 
legislation is actually outside the banking system. As you 
noted, sophisticated criminals, or kleptocrats, know not to use 
the banking system. So they use LLCs to set up--to hold real 
estate or diamonds or art or whatever it is. So even if you 
left aside the banking system, there would be a great reason to 
enact the bill.
    For banks, they already are under, as we have discussed, a 
customer due diligence requirement from FinCEN, that they know 
their customers, and if it is a corporate customer, that they 
know the beneficial owners of that corporation.
    Currently, that is a game of hide-and-go-seek where they 
have to ask and then investigate. If they had access to an 
established database filed under penalty of law where a 
corporation had to identify to the State or to FinCEN who the 
beneficial owners are, obviously that would reduce the burden 
on the bank, it would reduce the risk of getting it wrong, and 
that is all to the good.
    But I think the primary reason we support the legislation 
goes beyond those marginal reductions in cost and risk and is 
more just to having a much safer system and a much safer 
country.
    Mrs. Maloney. But it would be a substantial benefit to 
financial institutions as it would reduce the regulatory burden 
on those institutions?
    Mr. Baer. No. Absolutely.
    Mrs. Maloney. It was interesting in the ``60 Minutes'' show 
that was done on the hiding of money in America, that in that 
show they interviewed 15 lawyers, and all of them were 
cooperating in trying to hide money in America.
    What I thought was very interesting was they all said, 
don't go to a bank, whatever you do, don't go to a bank, 
because they are going to know their customer, and that is not 
a good place to hide your money.
    It was disturbing to me to see the American legal system 
cooperating with an alleged criminal on how to hide money, but 
it shows that the banks have been successful in knowing who is 
there. But every single one of them said, ``Don't go to a bank, 
go to these LLCs, we will help you set it up.''
    How many banks are part of your clearinghouse?
    Mr. Baer. It is basically the 25 largest commercial banks 
in the United States.
    Mrs. Maloney. And are they all supporting this legislation?
    Mr. Baer. As well as we can determine, yes. We have asked 
them repeatedly, and they are all for it, yes.
    Mrs. Maloney. I appreciate it. I represent an area that has 
a lot of terrorism financing. And any way we can crack down on 
it makes America safer. So thank you so much.
    I would also like to ask the gentlelady, Ms. Lowe, and you 
have been very supportive of this bill too, which we introduced 
today with your support. And can you talk a little bit about 
why you think it is important? And how will this help crack 
down on terrorism financing in America?
    Ms. Lowe. The issue of anonymous companies and beneficial 
ownership is not simply a U.S. issue. It is, certainly, a 
global issue.
    The U.S. started off actually quite strong many years ago, 
trying to push to make it more difficult to create anonymous 
companies, but has actually fallen quite far behind many other 
countries in actually operationalizing that.
    The U.K. today, for example, has a completely publicly 
available register of beneficial ownership information that, 
for example, U.S. law enforcement could access, U.S. banks 
could access now as they wish.
    So terrorism finance today, as you have heard in many of 
your hearings last year, is not something that is done only by 
terrorists. There are a lot of people working together among 
the criminal systems around the world, and that is terrorism 
folks working together with organized crime, working together 
with human traffickers, because they are all using the same 
systems.
    And a fundamental vehicle for moving any of this criminal 
money is unanimous companies. Again, that is global.
    The U.S. is particularly important in this area--
    Chairman Luetkemeyer. Very quickly.
    Ms. Lowe. --because we do incorporate the largest number of 
companies in the world, and the rest of the world thinks that 
they are very legitimate.
    Chairman Luetkemeyer. The gentlelady's time has expired.
    The gentleman from North Carolina, Mr. Pittenger, is 
recognized for 5 minutes.
    Mr. Pittenger. Thank you, Mr. Chairman.
    And I thank each of you for your expert testimony today.
    Previously, I had drafted legislation to strengthen and 
clarify Section 314, information sharing mechanisms that were 
written in the USA PATRIOT Act.
    How important is it for us, in our anti-money-laundering 
regime, that we fully enable vital information-sharing between 
the government and financial institutions, and between the 
financial institutions themselves? And in this legislation, 
part of our objective, of course, was to streamline this 
process, enabling the government to focus in on those entities 
that would be a strategic importance to them.
    Yes, sir?
    Mr. Baer. Yes. Congressman, I think it is very important. I 
think it is important, under the current paradigm, where I 
think it is more a matter of banks picking up the phone and 
calling each other to the extent that they share a customer and 
want to know if they are seeing the complete picture.
    I think in a future paradigm, where there was, again, more 
use of data. I have been taught by the data folks that the 
importance is not the algorithm, it is how much data you are 
running that algorithm against.
    If you have a customer who has four bank accounts, you 
would certainly want to see the behavior in all of those 
accounts in order to determine whether it is truly suspicious 
or troublesome. So, whether it is the informality now and 
picking up the phone, or whether it is a future state where you 
are actually sharing data in real time, I think it is important 
in both cases.
    Of course, there are privacy concerns here, and we respect 
those. I think those should be addressed, but they seem 
solvable.
    Mr. Pittenger. In respect to that, and when you consider--
and I will get to the privacy issues, if the government was 
able to identify those particular entities that they wanted you 
to respond back to, that in itself, it seems to me, would 
provide greater privacy for those relieving you of others that 
you would not have to be engaged with.
    Would you concur with that?
    Mr. Baer. Yes. I agree, Congressman.
    Mr. Pittenger. Ms. Lowe?
    Ms. Lowe. Thank you. Just to add, moving forward and 
looking at this issue, I think you need to be looking at the 
international data privacy regulations in place. The 
internationally-operating banks are very much bound by those, 
and what they can and cannot share. The European Union, in 
particular, has had the strictest regime, and that is a pretty 
wide-ranging regime. And they just adopted a new directive in 
May on this that will come into effect in May of 2018.
    Around the world, countries generally have adopted either 
this sort of European approach or the American approach, and so 
it is sort of a hodgepodge out there in the world as far as how 
these data policy restrictions interplay with the information-
sharing. But I think it is something that this committee should 
look at in that sort of much wider context, understand what we 
can and cannot do and how to make that better.
    Mr. Pittenger. Mr. DeVaux?
    Mr. DeVaux. Yes. I agree 100 percent. The 314(a) list is a 
list of people of interest, and I would like to get that list. 
That is a very efficient activity. We can just run it against 
our database. If we get a hit, we report it.
    I think about the situation where you may have people who 
are criminals--or doing criminal activity, and they are not 
banking at just one bank. They are banking at four or five 
banks, and they could be moving money around.
    You can imagine the scenario where five banks are writing a 
SAR on the same person. If there were ways to better share this 
information so we could get the information out there, we might 
save a lot of that redundant work.
    Mr. Pittenger. And part of your objective is to have a 
safety capacity where you would be protected from litigation 
sharing information one with another as well. Is that correct?
    Mr. Baer. I probably reaffirm Ms. Lowe's point, in the 
sense, internationally, there are now currently restrictions on 
the ability of a given bank to share even within the bank to 
the extent there is a foreign affiliate, or even branch 
involved. So that is a very real concern.
    Mr. Pittenger. Ms. Anderson, do you have a comment?
    Ms. Anderson. I just wanted to echo the remarks made by Mr. 
Lloyd DeVaux. We would also like to share information, but as 
was previously mentioned, you are limited to only two instances 
where you can share information.
    And at credit unions, we have what is called shared 
branching, where if they are involved in a system, they could 
go to another credit union and make a deposit or withdrawal. 
And so it would be great if we could openly share that type of 
information so that we are not spending so much time trying to 
call them, or they are trying to call us so they can file a 
proper SAR or a CTR.
    Mr. Pittenger. You have a safe harbor where you are able to 
provide information with each other?
    Ms. Anderson. Yes.
    Mr. Pittenger. Thank you very much. I yield back.
    Chairman Luetkemeyer. The gentleman yields back his time.
    Ms. Velazquez from New York is recognized for 5 minutes.
    Ms. Velazquez. Thank you, Mr. Chairman.
    Ms. Anderson, Mr. Baer, and Mr. DeVaux, I am hearing from 
real estate title and settlement professionals in my district 
that criminals are doctoring up fraudulent wire instructions 
and sending them to home buyers. They make the instructions 
look legitimate as if they were coming from the title insurance 
company.
    The buyer then goes to the bank and sends a wire using the 
incorrect instructions. These funds, then, get transferred to 
the criminal before a series of transfers sends the money 
offshore. So my question to you is, can each one of you tell me 
what you are doing to prevent your institutions from being used 
by these criminals?
    Ms. Anderson. I would like to start. Thank you, 
Congresswoman.
    What we do when a member wants to send a wire is that they 
have to complete a form, and we verify their identity. And so, 
to make sure that we send funds from their account, because 
funds can go so quickly. And so we do authenticate our members, 
and we also contact them. And then depending on the dollar 
amount, it might have a second level of approval. That is what 
we try to do to discourage fraud. But also what we do, is we 
also have alerts that we send our members. If we see a pattern 
of a type of fraud, we try to send newsletters to them.
    Ms. Velazquez. Thank you.
    Ms. Anderson. Thank you.
    Ms. Velazquez. Mr. Baer?
    Mr. Baer. I think I will defer to the real bankers here, 
although The Clearing House runs a payment system. It is 
actually a bank-to-bank, very large dollar payment system, 
which I don't think would be relevant.
    Mr. DeVaux. From our perspective, one of the beauties of 
being a community bank is we know our customers. So when we get 
a wire request, in addition to the comments Ms. Anderson made, 
we call every customer on every wire, and we have a 
conversation with them. They complete a wire authorization 
form, and the information we call is in that form. And we 
verify using that form, if we don't recognize the voice, which 
it would be very rare that we wouldn't recognize the person on 
the other end.
    Ms. Velazquez. Does your AML program detect these crimes? 
And if so, how?
    Mr. DeVaux. Every wire in and out of the organization is 
run through OFAC, first of all. Also, we run OFAC every single 
night on every single customer, and on every transaction that 
comes in and out of the organization. I talked about the 314(a) 
list, which is a list of people of interest to FinCEN.
    I like OFAC. OFAC is easy for us. We run the list against 
our database, so we know the people they are looking at, and 
the places they are trying to avoid sending money to; 
therefore, it is very, very efficient.
    Ms. Velazquez. Thank you.
    Mr. DeVaux, how can Congress help facilitate greater 
communication from FinCEN and a better relation between law 
enforcement and financial institutions?
    Mr. DeVaux. The first thing, as I said earlier in my paper, 
would be to share information with us, to tell us what is 
working and what is not working.
    It is very difficult for us to know the things we do that 
are valuable and the things we do that are not valuable. And 
sometimes, everybody gets busy and doesn't take the time to 
step back and take the bigger view and say, okay, what is 
working?
    I think if we could focus on the things are working and 
maybe even do more of the things that are working and stop 
doing the things that don't provide value, I think it would 
help the entire system be better.
    And I mentioned earlier, there is so much redundant work 
going on, so if we had the ability to share through some type 
of database, or some type of sharing agreement where we could 
not have to repeat all the work that has been done dozens of 
times by other organizations, it would save us a lot of 
resources.
    Ms. Velazquez. Thank you.
    I yield back, Mr. Chairman.
    Chairman Luetkemeyer. The gentlelady yields back.
    The gentleman from Colorado, Mr. Tipton, is recognized for 
5 minutes.
    Mr. Tipton. Thank you, Mr. Chairman.
    I thank the panel for participating today, on a very 
important issue. We appreciate the efforts you all are making 
on this.
    Mr. DeVaux, you commented that your compliance department 
has grown significantly. In fact, you have the largest 
compliance department when it comes to the AML. Is that 
accurate?
    Mr. DeVaux. Yes, Congressman. That is accurate. In fact, it 
has doubled since 2011. But what I am talking about here is the 
compliance department and the direct expenses related to 
compliance.
    We have 45 employees, and all 45 employees are in BSA, not 
just the 6 who are in the compliance department. Every customer 
who walks through the door, you have to follow the know-your-
customer rules in the CIP program. You have to go through an 
extensive process to identify who that customer is.
    The frontline officer who is dealing with that customer has 
to build a profile of that customer to know what type of 
activity, where every dollar is coming from and where every 
dollar is going to go, and the level of dollars and types of 
transactions.
    And we have to train across the entire organization on the 
four pillars of BSA. You have to train every person in the 
organization specific to their responsibilities in the 
organization. So when they should be out developing business 
and trying to generate new customers, they are spending a lot 
of time trying to onboard customers. And if an alert comes up, 
they are the ones who make that phone call back to the customer 
to get more information.
    If a lender is trying to do a loan, they have a lot of 
responsibility around gathering BSA information. So instead of 
being able to call on five customers that day, they can maybe 
call on two, because the process takes so much longer.
    Mr. Tipton. Great.
    Ms. Anderson, Mr. DeVaux, maybe you both would like to be 
able to address this. Earlier this month, the Treasury 
Department released a report on the current state of the 
financial system. And following the release, I wrote a letter, 
which is currently being circulated among membership or 
cosigners encouraging Federal regulators to institute policies 
requiring greater coordination for supervisory exams.
    In your testimony, you recommended that BSA/AML reform 
include minimizing duplication of some or similar information 
as well as greater regulatory examination consistency among 
regulators to minimize the regulatory overlap.
    Can you expand, perhaps, on why this is an important issue, 
not only for supervised entities, but also for the regulators 
themselves?
    Ms. Anderson. Yes. The reason that it is a burden is 
because from the regulator's point of view, they usually have 
agreements with FinCEN on the examination process. And there is 
such a high threshold with BSA that if you have one minor 
inadvertent mistake, you are written up. So what our compliance 
department does is prior to our examiner coming in, we review 
the whole BSA program from top to bottom, and that is where we 
have three people dedicated to reviewing that we filed all the 
SARs timely, that we didn't have to file any amendments, that 
our CTRs look right. We look at all our risk assessments. 
Because, unfortunately, the way that it appears that the 
agreement is between the regulators is that BSA has a higher 
threshold than if you would have, for example, errors in 
lending.
    In lending, they may make informal comments, the examiner 
will. But if it is something to do with BSA, they will 
automatically make it a finding, or they could raise it to a 
letter of understanding, or a DOR. So that is where we spend so 
much time on quality control besides doing the day-to-day 
investigating and filing.
    Mr. Tipton. Anything to add, Mr. DeVaux?
    Mr. DeVaux. We are a State-regulated bank, a State-
chartered bank, which means we are regulated by the State and 
by the FDIC, and by FinCEN--a lot of regulators.
    We just had a CRA compliance exam that started in early 
April. And when it finished, by the end of April, our safety 
and soundness exam started, and it continued until just last 
week.
    So we have actually had over 60 days of regulators in the 
bank, a $200 million bank, going through everything we do. It 
was the FDIC in both cases, but the exam reports then go to the 
State, and the State may call us up, and want to come in for a 
visit, and relook at some of the things that we did. So we are 
put through a lot of hoops in order to comply with regulation.
    And, we understand as banks, we need to be regulated. We 
are dealing with people's money. But at the end of the day, we 
would rather be out enabling the dreams of our community, 
enabling the small businesses, creating jobs, revitalizing the 
economy. So let's eliminate some of the duplication so we can 
do that. We can spend more resources on developing our economy 
and developing the small businesses in our area.
    Mr. Tipton. Thank you.
    And, Mr. Chairman, I think I have 22 seconds left?
    Chairman Luetkemeyer. I think you are 22 seconds over.
    Mr. Tipton. That is okay. Thank you. I yield back.
    Chairman Luetkemeyer. We are going to have to go back to 
basic 101 math here. Fortunately, we are Congressmen. We don't 
take education well.
    The gentleman from Texas, Mr. Williams, is recognized for 5 
minutes.
    Mr. Williams. Thank you, Mr. Chairman.
    And thanks to all of our witnesses today for your 
testimony.
    And, Ms. Anderson, it is good to see you. I always 
appreciate when the committee brings in a Texan, and I am from 
Fort Worth. So thank you for being here.
    Ms. Anderson, let me start with you. Banks, credit unions, 
are in an era of compliance. I have seen this in my own 
personal life. I hear this from small business owners like 
myself across my district. Every business is worried about 
making sure they comply with whatever regulatory authority 
oversees them.
    So along those lines, let me start by simply asking this: 
What is involved with preparing for your Federal regulatory 
agency examination of BSA/AML compliance?
    Ms. Anderson. Thank you, Congressman.
    As I mentioned earlier, what we do is we--the three people 
do a top-to-bottom review of the whole program. And so we look 
at all the filings, all of the--we make sure that the risk 
assessment that we have is final and complete. We look to make 
sure that we don't have--we didn't have any errors. And if we 
have to file any amendments, we will file amendments.
    We make sure that everyone has taken their required annual 
training, because when the examiner comes in, they want to make 
sure that besides the employees taking the training, that also 
the board of directors has been given training, and that if 
someone wasn't there, for example, at a board meeting, that we 
sent them the presentation that was given. We make sure that 
they don't have questions.
    So, it does take a full 2 months. We get all the documents 
ready for the examiners. And we have a stack this high of the 
documents that we have ready for them. So it is a very time-
consuming process, but we do that because we want to be in 
compliance with BSA.
    Mr. Williams. Okay. Let me follow up.
    What kind of training--you touched on this--do your 
employees go through on a regular basis to make sure they are 
up-to-date on the most current rules? You kind of touched on 
that. Go ahead.
    Ms. Anderson. We do online training, because we have 
branches in 13 States and the District of Columbia. But what we 
also do is we supplement that training with personal training 
specific to that department, whether it be a loan officer, or 
the wire department, or with the teller. We do a lot of 
training when we see there may be deficiencies.
    So we are always training our folks to make sure they are 
always catching and reporting to us any suspicious activities.
    Mr. Williams. And every now and then you try to do some 
business, right?
    Ms. Anderson. Yes. Thank you.
    Mr. Williams. Let me follow up. I have always said that 
banks, credit unions, and small businesses are the first people 
you turn to when you need something in your local community, 
whether it is sponsoring the Little League team or donating an 
item for charity. And you all are certainly pillars of our 
community, and people know that.
    In your testimony, you said that the American Airlines 
Credit Union was previously able to conduct online training for 
employees spread out over the 13 States. But now you must 
supplement that online training with one-on-one customized 
training, combined with the BSA/AML training every year for all 
600 employees. This is, obviously, a huge burden to all 
employees.
    So my question is this: In general, have the increased, 
BSA/AML compliance costs caused your credit union to miss out 
on opportunities to serve your community like we are talking 
about?
    Ms. Anderson. Yes. I always feel, and I am sure other 
financial institutions do, that you never have enough people 
who are working in BSA. So I always try to ask for an 
additional head, or we always try to make sure we have the best 
technology so that we can support the BSA regulations.
    Mr. Williams. My last question would be, how do these 
burdens that we are talking about, BSA/AML compliance and 
reporting, affect the credit unions, aside from just the 
training commitment?
    Ms. Anderson. It takes resources away from the credit union 
as a whole, because those resources could be spent elsewhere on 
providing better products and services for our members.
    We could do more. Other types of services, like offering to 
maybe beef up and hire more loan officers, or maybe hire more 
credit counselors, but because of the BSA regulations, we are 
staffed up for BSA, because it is such an important area, and 
it is looked at very closely.
    Mr. Williams. Thank you. I appreciate you being here, and I 
yield my time back.
    Chairman Luetkemeyer. The gentleman yields back. With that, 
we go to the gentlelady from California, the ranking member of 
the full Financial Services Committee, Ms. Waters. You are 
recognized for 5 minutes.
    Ms. Waters. Thank you very much, Mr. Chairman.
    And I would like to thank our witnesses who are here today.
    I have wrestled with what we can do to deal with violations 
of the BSA/AML. And at the same time, I share some of the 
concerns about the smaller banks and smaller institutions that 
are having difficulty, for any number of reasons that have been 
identified today.
    But here is what is causing us to be very concerned in this 
general area. In recent years, we have witnessed a seemingly 
endless stream of money laundering violations by some of the 
largest global banks, with Deutsche Bank being the most recent 
large global financial institution to disregard the anti-money-
laundering requirements contained in the Bank Secrecy Act. 
Given that large mega banks continue to treat our current BSA/
AML enforcement penalties as merely the costs of doing 
business, it is what is driving our concern.
    When I take a look at some of the banks, big banks that 
have been involved with the money laundering, or at least 
disregarding any efforts that should be made to do the kind of 
detection that has been discussed here today, for example, in 
2014, BNP Paribas, the world's fourth largest bank, agreed to 
pay $8.9 billion for knowingly and willfully moving over $8.8 
billion through the U.S. financial system on behalf of three 
countries the U.S. had already sanctioned for acts of terrorism 
and other atrocities.
    In 2012, HSBC agreed to pay $1.9 billion in U.S. fines 
while allowing itself to be used by money launderers in Mexico 
and terrorist financiers in the Middle East. HSBC allowed 
Mexican and Colombian drug cartels to launder at least $881 
million. And in another case, HSBC instructed a bank in Iran on 
how to format payment messages so that its transactions would 
not be identified as an Iranian entity, and be blocked or 
rejected by the United States. Again, with Deutsche Bank, it 
was $41 million for anti-money-laundering deficiencies.
    So given all of that, and our concerns about the smaller 
banks, what would you recommend that we do that could be 
helpful to smaller banks and credit unions, but at the same 
time, not interfere with our ability to deal with what I have 
just described?
    Ms. Lowe?
    Ms. Lowe. Thank you, Congresswoman Waters. There is no 
doubt that there have been some very willful and very egregious 
cases over the past several years that have come down in this 
area. And as I noted in my testimony, they are almost entirely 
based on what are, essentially, violations of the BSA/AML 
procedures. But when you look at the cases, you see so, so many 
hallmarks of actual money laundering, but there is no criminal 
prosecution related to these, not of the individuals nor of the 
banks.
    There are a number of reasons for that, as I mentioned, 
potentially. But what the DOJ tells me is that they don't have 
enough evidence to actually bring a prosecution against a 
person. I find that very difficult to believe when I read the 
statement of facts, because those statements very often contain 
things like emails, where people are exchanging emails about 
exactly what they are doing, and they know they shouldn't be 
doing it, right?
    So I find that difficult to believe. I want to really 
understand better why we are not prosecuting the individuals 
who are actually perpetrating these actions.
    I think that when a bank is fined, its bankers say, Oh, 
that is terrible. I think when a banker goes to jail, his 
fellow bankers say, Oh, that is not going to happen to me, and 
I am not going to do that. So I think we need to be focusing a 
lot more on individuals.
    Sally Yates made a memo in 2015 to this effect. I would 
like to see us, actually, following through on that.
    Ms. Waters. Ms. Lowe, I understand that some of the drug 
dealers that these banks were dealing with have gone to prison 
for long periods of time, but their enablers in the banks have 
not been penalized personally. No head of a bank, no CEO, has 
been placed in prison for knowingly laundering drug money.
    Ms. Lowe. That is correct. With respect to the very large 
cases, that is correct.
    Ms. Waters. I yield back the balance of my time.
    Chairman Luetkemeyer. The gentlelady's time has expired.
    The gentlelady from Utah, Mrs. Love, is recognized for 5 
minutes.
    Mrs. Love. Thank you so much for being here today.
    As a former mayor of a growing city, when I first started 
off at the city council, our city had a population of about 
7,000 people. And it may seem like it is an easy task, because 
there wasn't very much going on. You tend to learn that all of 
the decisions you make at the very beginning you end up either 
reaping the benefits of, or suffering the consequences of the 
decisions that you make very early on.
    But it is really interesting, as the city grew, the first 
people who were in our cities were our credit unions and the 
banks. And a lot of people kept asking, why do we have so many 
banks, and why do we have so many--they were the ones that were 
coming.
    And it wasn't until later that we realized that the small 
banks that were there, and the credit unions that were in our 
community, were the ones that were the lifeblood of our 
community. They were the ones that were helping support all the 
city events. They were the ones that were actually the 
financial credit. They were the ones giving the financial 
credit to all of our businesses that were there, and our city 
grew from, at that time, 7,000 to, when I left, over 27,000, a 
viable, growing city.
    And I am so glad that I didn't listen to all of the people 
who were saying, we don't need any more banks, just start 
getting other businesses, because they were the ones that were 
a great foundation for our city.
    So I want to focus on striking the right balance of 
oversight and regulation. And I guess the question that I 
have--and, Ms. Anderson, if you can help me answer this, and we 
can go down the line as quickly as we possibly can, what kind 
of analysis must an institution conduct to provide adequate 
oversight and monitoring in compliance with BSA? I haven't been 
here for the whole hearing, so if you answered this already, 
please forgive me.
    Ms. Anderson. What we look at, when we look at suspicious 
activity, is we look at if there is a lot of money being 
transferred. We look to see whether that person has the salary 
from our records to justify that amount of cash in their 
account. And then we look to see does the cash stay--does the 
money stay in their deposit account, or is it quickly moved 
out? And then, is there more than one individual? Is there more 
than one individual who has access to the accounts? And where 
is the money going? Is it going overseas? How long does it stay 
there?
    And so that is, for example, when we would file, because 
the funds are unknown. When we determine from our system that 
they are trying to avoid us filing a currency transaction 
report, when they deposit, like, more than $10,000, we also 
then file suspicious activity report, as do others here.
    Sometimes it is more complicated, because you have to look 
at many accounts if there is more than one individual, or the 
individual may have other accounts where they are joint with 
other people. And so that is why it takes so long to 
investigate when it is a true SAR filing, because it just looks 
suspicious on our end. We don't know if it is legal, but it 
doesn't look right based on what we know about our members.
    Mrs. Love. Okay. So, obviously, a lot goes into that. And, 
also, what is the result of the failure to comply?
    Ms. Anderson. So if you don't file, then there is no safe 
harbor. You are written up. There could be fines, especially if 
they find it to be willful. And so, I know some institutions, 
if--sometimes if we are not sure whether we should file or not, 
we will file, because there is a safe harbor for filing.
    And then if we decide not to file, we keep a spreadsheet of 
the reasons why we didn't file so that our examiner can see 
that we have good reasons for not filing.
    Mrs. Love. Okay.
    Mr. Baer, Did you have something you wanted to add to that?
    Mr. Baer. I think that was very well-stated. I think the 
only information I would add, and Mr. DeVaux and I were talking 
about this earlier before the hearing began, is that most of 
these banks are running proprietary systems that they purchase 
from a vendor, that basically generates the alerts, and then it 
is up to them to investigate. A lot of the burden comes around, 
where do you set those dials? You can set those dials to 
generate 100 alerts a month, or 1,000 alerts a month. And I 
think one of the concerns that banks of all sizes have is the 
regulators will tell you, you know what, you only generated 100 
alerts. We want you to generate 500.
    But we are not aware of any analysis around why that is. 
And certainly, we are not aware of any analysis about the 
quality of the SARs that are being filed and how many of them 
are actually leading to prosecutable cases. And that is where, 
when I talked earlier about, sort of, the big data problems 
here, it is a system that is just fundamentally lacking in 
rigor in terms of the metrics for assessing whether it is being 
successful or not, and that is not a very good system.
    Mrs. Love. Right. As I look at all of this--my time has 
expired, but as I looked at all of this, striking that right 
balance is incredibly critical, because again, these 
institutions in the small communities can make or break that 
community.
    And, again, thank you for your expertise. I really 
appreciate it.
    I yield back.
    Chairman Luetkemeyer. The gentlelady's time has expired.
    The gentleman from Washington, Mr. Heck, is recognized for 
5 minutes.
    Mr. Heck. Thank you, Mr. Chairman.
    I would like to preface this by stipulating to the 
consensus point of view that anything we can and should do in 
this area does not compromise our efforts in fighting 
terrorism. I think that is something on which we all agree.
    That said, I am among those who believe that there is 
fertile soil here to cultivate regulatory modernization, as I 
would call it. And that has been brought about, my point of 
view that part has been brought about by two things. The first 
is I took it upon myself earlier to go on a tour of all the 
banks, big and small--not all, but many, many credit unions, 
big and small, in my district, to ask about what had happened 
to their regulatory compliance burden over the years.
    As you might imagine, it had increased very substantially, 
most graphically represented by piles of paper. I wish some of 
you had brought the piles of paper in.
    And probably the most common complaint I got, frankly, was 
about SARs and compliance with the Bank Secrecy Act and anti-
money-laundering, in fact, the preponderance over majority. And 
I am not trying to pick a fight at all, but I found it 
interesting that in the main regulatory relief bill we passed 
here, the CHOICE Act, there were--count them--exactly zero 
words related to bank secrecy, or anti-money-laundering, and 
that was the chief complaint that I got.
    And it just seems to me, however--and I will offer this as 
a friendly suggestion to the Chair, because I am grateful for 
this topic being heard, that it would be nice to hear from law 
enforcement as well. We learn more when we hear from both 
sides.
    I think about the CTRs. It defies my comprehension that we 
cannot update that to reflect inflation, but I want to hear 
what the other side says. I think other work product would be 
better if we had had an opportunity for that conversation.
    I also want to suggest, Ms. Anderson, I have asked over and 
over and over again for people to give me concrete examples of 
how we can improve regulatory burdens on financial 
institutions, and I found your testimony to be refreshingly 
specific and concrete. And I thank you for it very sincerely.
    The second reason I got very involved in this was when 
FinCEN published their guidance for banks serving marijuana 
businesses in the State of Washington, which the voters 
approved, as you know, they chose to legalize it and to 
regulate it; that guidance says that banks are required to 
check to make sure that marijuana businesses aren't violating 
any of--yes, count them--14 Federal priorities on marijuana. 
They are intuitively obvious: Don't sell to minors, don't sell 
across State lines, et cetera. That struck me as an incredible 
compliance burden, frankly, on these organizations. But you 
know what, our State regulators had an unbelievably clever 
solution. Because the DOJ, the other hand, asked the State 
regulators to check against the same 14 Federal priorities.
    So here is what happens in our State: The banks are able to 
look directly into the database of the Liquor and Cannabis 
Board, our State regulator, to see if there are any red flags 
for businesses. They are able to largely rely on the State to 
check for conformance with the 14 priorities, and then 
piggyback on that work instead of duplicating it.
    And so my question is, how can that be a model for reform 
for other SARs filings? What statutory changes would be 
required in order implement it if there is a possibility of 
doing this kind of creative database sharing very efficiently, 
very quickly? Any of you?
    Mr. Baer. This sort of gets to the questions about AI, at 
least with regard to the largest firms that are my owners. We 
think there is extraordinary potential for--``utility'' may be 
the wrong word--sharing of expense whether it is around account 
opening or account monitoring. And also, sharing of data in 
order to make the algorithms work better. So, we think that is 
clearly the future here. That is where this database is going 
to end up going. As I said earlier, you are having 2 million 
SARs filed a year. So this is no longer a personal need law 
enforcement proceeding.
    Mr. Heck. If I may, sir, on the issue of the number of SARs 
filed per year, when the financial institutions submit SARs, if 
there are multiple financial institutions involved in that 
SARs, we are required to do duplicate investigations, and if 
there is a correspondent bank, a triplicate investigation, why 
doesn't it make sense to just kick it up to the financial 
institution in that chain and say, It is your responsibility to 
do this? What benefit is there to multiple SARs, when it is the 
same transaction?
    Mr. DeVaux. Right. There isn't. And then I think there is 
another case where you may have somebody who is banking at four 
different banks. None of them file a SAR. But if they all had 
shared the information about that customer, the lights would 
have gone on, and they would have said Oh, yes, we should all 
be filing a SAR. So that is also a potential concern.
    Mr. Heck. Thank you. My time has long expired.
    Thank you for your indulgence, Mr. Chairman.
    Chairman Luetkemeyer. Thank you. The gentleman's time has 
expired.
    And to respond to your suggestion, Mr. Heck, the problem 
with bringing in law enforcement to this particular committee, 
is that it actually goes into the purview of the Terrorism and 
Illicit Financing Subcommittee. And so our intention is to work 
with the bank side of the issue here, and then marry this with, 
perhaps, a bill or suggestions or guidelines with the other 
subcommittee, which is doing very similar work. And that is 
what we want to try to accomplish here. So I appreciate your 
suggestion.
    Mr. Heck. And I appreciate the explanation very much, Mr. 
Chairman.
    Chairman Luetkemeyer. The gentleman from Georgia, Mr. 
Loudermilk, is recognized for 5 minutes.
    Mr. Loudermilk. Thank you, Mr. Chairman.
    And I thank the panel for being here. I would like to 
direct my question, really, around the transaction amount, the 
amount that triggers the reporting and the investigation.
    I believe it was 1970 when this was enacted. The first time 
I found out about the BSA was when I left the Air Force in 
1992. I was living in Alaska, and moving back to my home State 
of Georgia, so we sold our house. Fortunately, we made a little 
equity on it. I had a truck with a trailer packed full of 
everything that I owned, and I was leaving Alaska to go to 
Georgia--and, actually, I was going to start over, start a new 
business, open a bank account. So I asked the bank to give me 
all of my money, and they wouldn't. They said all we can give 
you is less than $10,000. I ended up getting my money through 
multiple transactions, but that is when I found out that they 
were reporting it.
    And as I was thinking about this, around 1970 I was still 
in elementary school. My dad bought a house, paid $25,000 for 
this house. When my dad passed away, we sold this house. And it 
was in much worse condition than when he bought it. The 
neighborhood had gone downhill. We sold it for over $100,000. 
When I am looking at $10,000 in 1970, $10,000 today is not the 
same thing. It has to be that transfer of $10,000 is done 
multiple times on multiple accounts, especially, when you think 
of somebody who has a sub S corporation, or some type of pass-
through through the businesses has to happen.
    I am a small business owner. Several times in a month, we 
would have transactions of $10,000 or more happen quite often.
    I know two of you, in your statements, mentioned that if 
you adjust it for the rate of inflation, we are looking at 
somewhere around $60,000 today. Is that correct?
    Mr. DeVaux. So, $64,009.
    Mr. Loudermilk. Okay. I believe the credit union said about 
$58,000 is what you guys calculated. You are using different 
interest rates now. So you may want to up yours. People invest 
more in credit unions. But let's start with Mr. DeVaux.
    What do you think the appropriate threshold should be? Is 
this a crux of part of the problem that we are having?
    Mr. DeVaux. It is a good question. And the issue we have, 
without knowing how the information is used, what is valuable, 
what is not valuable, it is very tough for us to say that it 
should be $5,000 or it should be $25,000.
    It came about in 1970. And if you run it through CPI, it is 
$64,000 today. Or in other words, as you stated, $10,000 buys 
$1,500 worth of stuff today.
    So without us having feedback, saying, here is how we are 
using the currency transaction reports (CTRs), and here is what 
works and here is what doesn't work, it is very difficult for 
banks on their side to be able to pick a number that works.
    Mr. Loudermilk. Okay. Ms. Anderson, would you like to 
respond?
    Ms. Anderson. Yes, for currency transaction reports, that 
is where we would have to file if there is a deposit or 
withdrawal or $10,000 more in cash. I was looking at a recent 
month in our activity for what we receive. So if the currency 
transaction threshold was increased just to even $20,000, we 
filed 27 when it was $10,000 and above. But if it was increased 
to $20,000, our filing sort of dropped to just 5. So that would 
be of great benefit, because if you don't file a CTR within 15 
days, there is a large penalty. So we are always on the clock 
to file that.
    From the suspicious activity point of view, from the 
subpoenas that we have received that I am aware of, it seems 
that law enforcement goes for the larger dollar items. They are 
not concerned with $10,000 or $25,000. It seems like they go 
for a larger amount. So maybe just, in the interim, try 
doubling it just so see so that it is $10,000 minimum instead 
of the $5,000, where you know who the perpetrator is, then 
maybe instead of $25,000 where you don't know who the bad 
person is, you increase it to $50,000.
    At least just try it, and we can at least determine if 
there is anything there. And it would be very helpful if when 
we respond to a subpoena and they finally do go after the bad 
people, that we do receive some validation that, Oh, yes, 
because of your institution, we were able to go after this 
person or that person or that ring of criminals.
    Mr. Loudermilk. I'm running out of time here, but you do 
believe that we definitely need to address what this value is; 
I think that is what I am hearing. But we really don't know 
what it is unless we get proper feedback from law enforcement. 
Is that kind of a good summary?
    Mr. Baer, I see you--
    Mr. Baer. Yes. I refer to it in my testimony. It is the 
last piece of the puzzle argument. There will always be a case 
where an $11,000 transaction was the last piece of the puzzle 
in some investigation. Just the way you can end up arresting 
somebody for jaywalking, and they turn out to be a horrible 
criminal, but that doesn't mean you increase your jaywalking 
arrests. You actually have to do a cost-benefit analysis, and 
think, how much did that last piece of the puzzle cost you? And 
that is where Mr. DeVaux has it exactly right, which is we 
don't know because there are no metrics or analysis around it.
    Mr. Loudermilk. Thank you, Mr. Chairman.
    Chairman Luetkemeyer. The gentleman's time has expired.
    The gentleman from Michigan, Mr. Trott, is recognized for 5 
minutes.
    Mr. Trott. Thank you, Mr. Chairman.
    Before I begin my questions, I want to allow my good friend 
from Colorado to ask a follow-up question. So I yield to Mr. 
Tipton.
    Mr. Tipton. Thank you, Mr. Trott, for yielding.
    And, Mr. DeVaux, I just want to be able to follow up a 
little bit on some of your testimony, in terms of some of the 
examination and compliance between smaller banks like yours, 
and larger banks on the reporting.
    Do you basically feel that since you are smaller, some of 
the activity actually gets magnified, as opposed to a bigger 
bank, when it comes to some of the compliance?
    Mr. DeVaux. Yes, sir. It is a good question. And I think 
what happens is regulators are trained in a certain way. And 
they don't really see a lot of times the bank size or the risk 
of the bank. They just know how to do their exam. And so 
whether they are walking into a big bank or a small bank, they 
are applying all the same rules. They are looking for all the 
same percentages.
    As I mentioned earlier, we had 7,100 alerts generated last 
year. From those alerts, we filed 15 SARs. And we feel like we 
could tune our alerts a little better, and probably still get 
14 or 15 SARs out of it by not doing so much work.
    A lot of times--and I am not trying to be critical of 
regulators--it comes down to personality or the person who 
comes through the door. What is their specialty? What is their 
expertise? You can go through an exam at a bank 3 years, 3 
times. On the fourth time, you get a different regulator, and 
the whole story changes. And what was good before is now bad, 
and what was bad before is now good. So it is an issue for us.
    Mr. Tipton. Thank you.
    I thank the gentleman for yielding to me, and I yield back.
    Mr. Trott. Thank you.
    Mr. DeVaux, I want continue to follow up on what you just 
said. And one of my concerns is the heavy hand of the 
regulators. So very quickly, I heard stories that examiners 
tell institutions to file a certain number of CTRs and SARs or 
be written up for having a bad audit. Is that happening, to 
your knowledge?
    Mr. DeVaux. Yes, sir, it does happen. For clarification, on 
the CTRs, when the transaction is over $10,000, it is clear, 
you file a CTR. You file a currency transaction report. So if 
they ever come back and say, you are not filing enough, it is 
because you didn't file something that you are required to 
file. But when it comes to SARs, and when it comes to high-risk 
accounts and high-risk reviews and investigations, that is 
where the regulators want to see a certain number in a lot of 
cases.
    You can run your database, you would get 3 or 4 percent 
high-risk accounts, and they can come back and say, you know 
what, this seems a little low. Maybe you should change your 
parameters and rerun your database again. But for me, a high-
risk account is a high-risk account. It doesn't matter what 
your parameters are. It doesn't change just because you change 
dollar amounts and other things like that.
    Mr. Trott. Thank you, sir.
    Ms. Anderson, on the same lines, do you ever feel that the 
government uses the complex regulations to set banks and credit 
unions up to fail, or if not to fail, but to find a supposed 
error and then use that error to try and leverage the bank or 
the credit union to make--get some other concessions as part of 
the audit?
    Ms. Anderson. Yes. From just what I have heard from other 
credit unions, it does appear that Bank Secrecy Act exams are 
more--can become a ``gotcha,'' especially when--if you are 
looking at the whole examination, not just BSA, but lending, 
the call report filing. And we have seen where you have just a 
minor discrepancy, for example, use a P.O. Box instead of the 
street address. Clearly, we had the street address, it was just 
a minor issue. But you don't fight it, because you don't want 
to argue on that. If that is all they found, I guess that is 
great.
    Mr. Trott. Thank you so much.
    Mr. Baer, you worked with the 25 largest banks, as you 
mentioned. In my prior life, I represented most of those folks. 
And our biggest concern was reputational risk. If we didn't do 
something that didn't reflect well--I used to joke that my 
number one goal when representing Chase was to make sure Jamie 
Dimon didn't know my name.
    So any concern that maybe reporting a suspicious 
transaction or a mistake could cause reputational risk to a 
bank, particularly a large bank, which would thereafter cause 
them not to want to report that because of the risk or because 
of government action.
    I assume it is not happening, but that would be a terrible 
set of circumstances if the oversight caused them not to report 
something they should.
    Mr. Baer. No. I think all of the incentives are to file. 
There is a safe harbor if you file, so you are protected if you 
file. And it just goes into a big database.
    I want to add, though, to some extent, as Ms. Anderson was 
talking about, the regulators, the examiners here, are in a 
very difficult position, too. And as I highlighted in my 
testimony, it is not their fault that they are in a position 
where they don't get to know what law enforcement is doing with 
these SARs or what national security is doing with these SARs.
    What they know is if they don't have enough people written 
up, or they don't have enough consent orders, they are going to 
be hauled to Washington and criticized for that. And then, God 
forbid, something goes wrong at the institution they are 
examining, they are going to be held to account. And their only 
defense can be, I have them under a consent order. I wrote them 
up for 50 MRAs. It is not my fault.
    Mr. Trott. Would an advisory opinion process help?
    Mr. Baer. I'm sorry?
    Mr. Trott. Would an advisory opinion process help?
    Mr. Baer. I hadn't thought about that. Yes, I think that 
could be helpful. Yes.
    Mr. Trott. Thank you.
    I yield back.
    Chairman Luetkemeyer. The gentleman's time has expired.
    The gentleman from Tennessee, Mr. Kustoff, is recognized 
for 5 minutes.
    Mr. Kustoff. Thank you, Mr. Chairman.
    Ms. Anderson, if I could ask you a question that is along 
the same track, but a little bit different relating to real 
estate, and real estate loans.
    In the last 12 months or so, according to the FBI Internet 
Crime Complaint Center, there have been, supposedly, over 3,000 
victims who reported the actual attempt or attempted theft of 
almost $400 million in assets through fraudulent wire transfers 
related to real estate transactions. That is a big increase 
over the last several years. And my concern is is that these 
funds represent, often, the large majority of savings that are 
held by families who are being victimized.
    And if it is not detected within a few hours or several 
hours of the fraud taking place, as I understand it, it becomes 
almost impossible to recover that money as it gets laundered 
and transferred through a network of accounts and fraudulent 
schemes.
    There are sophisticated hackers that mine data to identify 
the victims near the conclusion of these real estate 
transactions. And they often mimic trusted participants, such 
as a real estate agent, a mortgage lender, or a closing agent, 
to provide transfer information that the victim has little or 
maybe no reason to suspect.
    With the real estate-related email compromise schemes, is 
it common, in your experience, for the nominal payee who is 
listed on the instructions in the payment order not to match 
the holder of the account at the receiving institution?
    Ms. Anderson. Usually for us, when the name and the account 
number doesn't match, it is a red flag. And so we do more due 
diligence. And the fraud that you alluded to, where title--the 
customer will receive an email to transfer the funds somewhere 
else, it has just recently come to our attention that that does 
happen.
    And so we try to be vigilant in informing our members who 
are purchasing houses, to know to be careful when they receive 
emails like that.
    For example, they need to be more vigilant on the side of--
with their title company. And the title companies need to also 
be vigilant in telling their customers, we would never send you 
an email telling you to transfer money from this account or to 
another bank.
    Because we do what we can for our side, for our members on 
our side, but it is hard to also control what is going on on 
the other side, because we don't know what is going on on that 
other side. We don't have that information.
    Mr. Kustoff. And I appreciate you saying that.
    Would your particular AML program catch that discrepancy?
    Ms. Anderson. How that is caught is through the training 
that we would give, for example, to the wire folks. So while it 
may be caught with our system, we get the cases at the 
beginning of every month. It is not a live system. Our fraud 
system may catch it the next day, but really, it is the 
training that you give to your employees that catches fraud 
right at the beginning.
    Mr. Kustoff. And if I could follow up on that, do you know 
what your credit union does to double-check that both the 
account number and the payee's name matches before sending a 
wire and making the funds available for withdrawal after a wire 
transfer?
    Ms. Anderson. If we are the receiving institution, we make 
sure that the name and the account match, the number, but 
generally, it is the account number that controls. But I know 
that when there is fraud, working with other financial 
institutions, sometimes when you are able to talk to them, if 
it hasn't processed yet on the other side if we are sending. 
But we do what we can to make sure our members' money is safe 
and gets into the right accounts.
    Mr. Kustoff. As it relates to these email schemes, I would 
assume you are seeing more and more of those type of emails and 
situations relating to your customers?
    Ms. Anderson. Actually, I just heard of one just recently, 
and we were able to stop it.
    Mr. Kustoff. Very good.
    Thank you, Mr. Chairman. I yield back my time.
    Chairman Luetkemeyer. The gentleman yields back his time.
    With that, we go to the gentlelady from New York, Ms. 
Tenney, for 5 minutes.
    Ms. Tenney. Thank you, Mr. Chairman.
    And thank you to the panel. I know this is a very--it has, 
actually, turned into an interesting discussion. I sort of have 
even more questions than I had before. And I appreciate you 
being here and your expertise on this issue.
    I recently took a trip to the Middle East, to Iraq, 
Afghanistan, and central Asia. And one of the issues that we 
came across was countering the financing of terrorism, which we 
discussed, and how many of these banking institutions end up 
being financed through porous borders in Central and South 
America getting all the way to the Middle East, and how these 
are happening through banking and financial institutions.
    That was a concern to me, and we had a lot of interesting 
conversations about what to do about that, and international 
banks, how to regulate banks. And what was really interesting 
is that most of--a lot of it is cash. So there is no way, no 
matter how many regulations you put out, you are not going to 
be able to catch the virtual needle in a haystack, which it 
seems you are describing today, that we have been tasked with 
this enormous burden to try to find a needle in a haystack by 
combing through thousands of tiny transactions. As you 
indicated, a $10,000 transaction may not net something that 
maybe a $500 transaction would net.
    And I might reference that in 2007, we brought a New York 
Governor down, who ended up resigning over a $4,000 transaction 
in another State.
    So it really isn't the amount of the transaction. It is all 
the information that goes into it. And it just raised a lot of 
questions for me, and some of those are--what would be the 
approach that you would recommend? Because, honestly, I am a 
little leery about the idea of having a central network and 
worrying about a lot of concerns. Are we actually going to have 
an open case against an individual? Are there constitutional 
rights there, maybe a privacy right? And balancing that with, 
obviously, our need to find a lot of schemes through terrorism.
    I just thought I would start maybe with Ms. Anderson, or 
the Credit Bureau, or any small banking institutions, because 
many rural areas rely on you.
    What would you suggest that is a better way to make it more 
efficient for the bank, or the credit union, and still have--
being meaningful into finding cases of illegal illicit money 
laundering, financial issues?
    What would you suggest, quickly?
    Ms. Anderson. I think as we have mentioned before, it would 
be good to know what law enforcement does with our information, 
because right now we don't know. So even though we are filing 
all these suspicious activity reports, we don't know if they 
are fruitless or if it is helping law enforcement. So that 
would be one step.
    And to the extent that anything can be automated, we need 
to make sure that smaller financial institutions, such as 
credit unions, have access to that, because it can be 
expensive.
    And then, if there is anything else, I will send in written 
testimony. Thank you.
    Ms. Tenney. And, Mr. Baer, I am just curious. It just seems 
like we have this metadata type of idea. I hate to bring that 
in, but it sounds like we are just collecting all this data 
when we don't really have a defined mission. And you said we 
could isolate that. If you had just a quick comment on that?
    Mr. Baer. Sure. I think it is kind of interesting. On 
behalf of the largest banks, I think I would have pretty much 
the same observation as Ms. Anderson has on behalf of credit 
unions. A lot of it is about getting better feedback and being 
smarter about it.
    I think with regard to the international issues you talk 
about, there is another component, which is there needs to be--
and we believe it is the Treasury Department--somebody really 
has to be in charge and has to put everyone in a room and 
decide what is the cost-benefit of banks continuing to operate 
in Somalia, say. That may create terrorist risks, development 
risks on the other side, diplomacy risks.
    But that is a decision that needs to be made by somebody 
with a very heavy title, we think in our government, but right 
now it is being made by default by bank examiners where the 
push is always to derisk and leave.
    Ms. Tenney. Right. The pressure on banks and the pressure 
on banks to actually be the law enforcement as opposed to just 
a tool for law enforcement.
    And I thought maybe I could ask Mr. DeVaux, if you could 
just explain--how would you eliminate this idea--how would you 
enhance what Ms. Anderson had said about whether it is 
redundant or inefficient? And what can we do to eliminate this 
redundancy on banks that isn't really netting what we hope it 
would?
    I am going to lose my time in a minute, but if you could 
answer quickly, I would appreciate it. Thank you.
    Mr. DeVaux. I think it really does come down to sharing of 
information and working together. I mentioned earlier that this 
has to be a team approach, and there are pieces of this work 
that need to be done in the most efficient place.
    Ms. Tenney. Can I ask quickly, is there a privacy issue 
with a private citizen, with bank information, that would 
expose banks to liability as well?
    Mr. DeVaux. There is a privacy issue today. The more you 
share information about customers, the more likely customers 
are to leave the banks. They may want to go underground if the 
information is being shared too much.
    So we have to balance that. But we do have to share--I 
think we have to share and work together.
    Ms. Tenney. Excellent point.
    Thank you very much, panel. I appreciate it.
    Chairman Luetkemeyer. The gentlelady's time has expired.
    The gentleman from Florida, Mr. Posey, is recognized for 5 
minutes.
    Mr. Posey. Thank you, very much, Mr. Chairman.
    To the representatives of the banks and credit unions, do 
you feel that the Federal Government initiatives, such as 
Operation Choke Point, that seek to disrupt banking 
relationships with legal, yet undesirable, according to the 
Administration, businesses are concerning?
    Mr. DeVaux. Congressman, that is a good question, and one I 
talked about earlier. When it comes down to banking certain 
types of businesses and certain types of customers, the burden 
is overwhelming. And in a lot of cases these are legal 
businesses, and these are small businesses. And so if we turn 
them away, it becomes very difficult for them to do business.
    There are businesses that the regulators have deemed as 
high risk, and it is very tough for us to spend extra time on 
them when we could focus more on our communities and developing 
the businesses that grow our communities and grow jobs rather 
than have to spend all our time trying to clear BSA issues on a 
business that has been deemed high risk by a regulator.
    Ms. Anderson. I would like to add to that that, yes, there 
are certain types of businesses that are deemed high risk. And 
because of that, we know that under the regulations the amount 
of due diligence that we would need to really get to know that 
business and monitor them, it would be too burdensome and not 
fair to the rest of our members that we are spending so much 
time on a particular type of business. So we actually 
discourage that type of business from having accounts at our 
credit union.
    Mr. Posey. Okay. Do you think it is pertinent that 
financial institutions have due process and know if they are 
acting in compliance with applicable laws, not ideology or 
certain examiners who may personally disfavor a certain 
industry?
    Mr. Baer. I will address that. One of the other members 
alluded earlier to the phrase, ``reputational risk,'' which to 
me is the most troubling in bank supervision currently. Because 
what that really means is, what you are doing is legal, you 
seem to have the risk under control, but I just don't like it. 
Therefore, it poses a reputational risk to you. Namely, because 
I am going to say I don't like it as your regulator.
    And so it can become very circular and basically just boils 
down to, I don't have a legal basis for saying don't do this, 
but don't do this. And so whether it is BSA or in other areas, 
I think what banks really want is certainty and due process.
    Mr. Posey. Anyone else?
    How do you know who you don't want to do business with per 
the government's bias against that business? How do you 
determine?
    Mr. DeVaux. If we don't know before the examiners come in, 
we know after they come in, because they spend a lot of time 
digging through the high-risk businesses, such as money 
services businesses (MSBs). I could name a few, but I won't. 
The regulators continue to push and ask for more information 
and more due diligence and more oversight.
    We had one customer recently where I actually had a friend 
who used to be at another bank that I knew had banked the 
business, and I was talking to him about it. And he said, ``You 
know what, we even had an outside audit firm come in and do a 
full risk assessment of this business, and they said there is 
no risk in this business. The regulators never stopped pushing 
for more information.'' He said: ``My recommendation is, don't 
bank them.''
    Ms. Anderson. I would like to add to that.
    So, for example, if we file two or three suspicious 
activity reports because we don't know the sources of the 
funds, we will reach out to our member and ask them, ``Would 
you please let us know where you are getting this money, where 
is it going?'' So we have to dig into their business. And if 
they won't respond to us, we don't want to keep on filing 
suspicious activity reports, and so we limit services.
    Mr. Posey. What would you say if I was a manufacturer of 
pistols, say, and I wanted to open up an account with your 
bank? Would you open an account with me if you know that I was 
manufacturing pistols?
    Ms. Anderson. In theory, if you answered all of our due 
diligence questions, then we would open the account. We just 
need to make sure that whatever you tell us at the beginning 
when you open an account, what you actually do once you have an 
account with us matches what you told us you would be doing.
    And if it doesn't match, then we would--we may file a 
suspicious activity report or we may go back to you and ask you 
what changed in your business and how come you are using more 
cash or sending out more wires.
    Mr. Posey. Okay. I had a manufacturer in my district, and 
his bank told him, ``The government said you can't bank with us 
anymore. You have to find somewhere else.'' And every bank that 
he went to told him the same thing. That creates a life hazard, 
obviously, even for bad guys who know, if you are in this 
business or this business or that business, you can't have a 
bank account, so you are going to have to be a target for a 
large amount of cash.
    Have you ever heard--Mr. Chairman, my time is up. I yield 
back. I'm sorry.
    Chairman Luetkemeyer. The gentleman's time has expired.
    The gentleman from Ohio, Mr. Davidson, is recognized for 5 
minutes.
    Mr. Davidson. Thank you, Mr. Chairman.
    Thank you all for your testimony today. Thank you for your 
written testimony as well.
    Mr. Baer, in particular, you provided some good position 
papers. And one of the topics that has come up a fair bit is 
information-sharing. And Mr. Pittenger's topic that he and I 
don't agree on, we agree on lots of things, and the safe harbor 
that a lot of financial institutions want.
    And, Ms. Lowe, I believe you were the only one who 
addressed the concern on privacy there. So we have just talked 
with Ms. Tenney and Mr. Posey expressing some concerns. And up 
until now we really hadn't heard much on the concern of 
privacy.
    Just kind of an open question, in your assessment, should 
Americans have any expectation of privacy upon opening a bank 
account?
    Mr. Baer. Congressman, of course they should. The question 
is how far that privacy extends. Clearly, it is privacy with 
regard to disclosing to non-law-enforcement. And the question 
is, does it extend to other affiliates of that bank? Does it 
extend to other banks? Does it extend to law enforcement?
    There are clearly very difficult tradeoffs here, and every 
bit of sharing for a law enforcement or national security 
purpose is incrementally less privacy for the person whose 
information is being shared for sure.
    But we have seen pilot projects. For example, there is one 
around human trafficking with a group of banks getting together 
and sharing customer information with the approval, I believe, 
of FinCEN, and saying, can we make more cases on human 
trafficking?
    I think there you would say, ``Yes.'' The cost-benefit 
analysis there would be, yes, there was incrementally less 
privacy accorded those customers, but they were able to make 
cases they never would have made. And I think the information 
was cabined among the institutions that were doing that 
sharing.
    So I do think it is a very difficult issue. But I think our 
lean would be towards more sharing rather than less at this 
point.
    Mr. Davidson. Okay. So let's say, yes, of course, I am for 
catching human traffickers, we want to stop all the terrorists, 
all sorts of other things. But we have the constitutional 
safeguards in place because we can see things that happen, as 
Mr. Posey alluded to, disfavored speech, shaming, and not even 
against the law, just not liked by a regulator. I wonder if 
Bernie Sanders would be okay banking Mr. Vought's church or 
Wheaton College or something after his testimony in the Senate 
recently.
    So we have these protections in the Bill of Rights for a 
reason, which was wise of our Founders. How do you provide 
those safeguards today?
    Particularly, Mr. DeVaux, dealing with banks in Florida 
there, very similar to Ohio issues, just a different State, but 
a lot of the same challenges with the size of banks.
    Mr. DeVaux. Privacy is a big issue. We do not share with 
other banks. There is a mechanism for doing that. But we 
generally do our investigation and we file our suspicious 
activity report.
    But I think the same question comes to the passport office 
and the driver's license office, do they share that 
information? We are talking about money, which is an enabler of 
terrorism.
    So, for me, I think there should be some sharing at some 
point along the way. Why would five banks write a SAR on the 
same customer or investigate a customer who looks like they are 
doing illegal activity when maybe they could file, I think, as 
I mentioned earlier, a short SAR, shoot it off to law 
enforcement, and they have a database of the bad guys?
    One of the things I talked about earlier, also, was a list 
called a 314(a) list that is provided by law enforcement to us. 
Those are the bad guys they are interested in. So they are 
sharing information with us, saying, we are interested in these 
bad guys. We like that list. We can run that list very quickly. 
And we know immediately if we have any criminals and we can 
report back to them.
    Mr. Davidson. And if the 314(a) list comes in, does that 
come in, in terms of a subpoena, or is that just regular flow 
of information covered under 314(a)?
    Mr. DeVaux. It comes in as a list. It comes in as a 
database multiple times during the year, and we just run our 
database against it.
    Mr. Davidson. Ms. Lowe, since you addressed privacy in your 
written remarks, your thoughts on privacy?
    Ms. Lowe. Thank you.
    Privacy is definitely an issue. I think redress, some sort 
of way to have somebody be able to get their rights restored 
should there be a problem on the other end, is important.
    But I think, actually, the technology today allows us to do 
a lot of different types of encryption and anonymization of 
data. And I think we really need to be looking in those areas 
as well to see if there are solutions, technological solutions, 
that can be brought to bear to really protect privacy while 
also sharing information in a way that is useful for law 
enforcement
    Mr. Davidson. Distributed ledger is very promising.
    Thank you all.
    My time has expired. Mr. Chairman, I yield back.
    Chairman Luetkemeyer. The gentleman's time has expired. And 
with that, we are done with our questions. And we want to thank 
the panel for all of your great testimony and your answers 
today. You were very forthcoming. We certainly appreciate that.
    Just a couple of closing comments and thoughts.
    We appreciate what you have told us from the standpoint 
that--I think Mr. Heck probably said it best, from the 
standpoint of we want to make sure we catch the bad guys and 
prohibit folks from doing illegal, illicit things. At the same 
time, the laws and rules we are talking about haven't been 
``modernized,'' was his term--I thought it was a good term--for 
a long, long time. And so we need to take a look at 
streamlining, updating. I think we have talked about technology 
is a good way, perhaps, that we need to utilize it better, to 
streamline the process.
    Mr. Davidson brought up some good points with regards to 
privacy. Somehow we have to thread the needle between what is 
the protection of the privacy of our customers yet be able to 
find ways to ferret out the bad guys' illicit activities.
    What works, what doesn't work. I know you mentioned the 
``know your customer'' program. Maybe we need to take a look at 
fine-tuning that to find some streamlining. I appreciate your 
thoughts on that.
    Again, it was interesting, the discussion that was had by I 
think Mr. Loudermilk with regards to the level at which we 
decide to set the determination for, that $10,000 is really a 
good spot. And I appreciate it.
    Somebody, I think, Mr. Baer, your testimony was that 
$10,000 in 1970 is $64,000 today. Is that what you said? Or Mr. 
DeVaux. There we go. I thought that was an interesting comment, 
and I appreciate that, because it gives us some perspective. 
Maybe we need to take a look at that and maybe we need to work 
with law enforcement and see where the sweet spot is there.
    So I think, as Mr. Heck alluded to, we are on one side of 
this issue from the standpoint of the banks and the money 
folks, the financial services industry's rules and regulations. 
We need to go on the other side to also figure out law 
enforcement's perspective and how we can interface with them 
and find ways to come together.
    Reputational risk is something that is frustrating to me as 
a result of working all of these years with what is going on 
and the different rules and regulations, and now we have 
examiners doing the Operation Choke Point stuff, which is all 
based on reputational risk. And a lot of it is not really on 
illicit activity. And so we need to find ways to curtail that.
    So, again, sincerely thank you for your testimony. You have 
given us a lot of good ideas, a lot of good information. We 
want to continue to work with each of you and your associations 
to come to some solutions and we can take those solutions then, 
as I said, to the law enforcement sector and see how we can 
find ways to actually make this system better, streamline it 
for your benefit, while also, at the same time, helping them be 
able to do their job, which is to protect our country and our 
citizens.
    The Chair notes that some Members may have additional 
questions for this panel, which they may wish to submit in 
writing. Without objection, the hearing record will remain open 
for 5 legislative days for Members to submit written questions 
to these witnesses and to place their responses in the record. 
Also, without objection, Members will have 5 legislative days 
to submit extraneous materials to the Chair for inclusion in 
the record.
    And with that, the hearing is adjourned.
    [Whereupon, at 4:25 p.m., the hearing was adjourned.]






                            A P P E N D I X



                             June 28, 2017



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                        [all]