[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]







 
                       OVERSIGHT OF THE FINANCIAL

                       CRIMES ENFORCEMENT NETWORK

=======================================================================

                             HYBRID HEARING

                               BEFORE THE

                    COMMITTEE ON FINANCIAL SERVICES

                     U.S. HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 28, 2022

                               __________

       Printed for the use of the Committee on Financial Services

                           Serial No. 117-81
                           
                           
                           
                           
                           
   [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                        
                           
                           
        
                           
                          ______
 
              U.S. GOVERNMENT PUBLISHING OFFICE 
47-648PDF            WASHINGTON : 2022 
                          
                           
                           
                           
                           
                           
                           
                           
                           

                 HOUSE COMMITTEE ON FINANCIAL SERVICES

                 MAXINE WATERS, California, Chairwoman

CAROLYN B. MALONEY, New York         PATRICK McHENRY, North Carolina, 
NYDIA M. VELAZQUEZ, New York             Ranking Member
BRAD SHERMAN, California             FRANK D. LUCAS, Oklahoma
GREGORY W. MEEKS, New York           BILL POSEY, Florida
DAVID SCOTT, Georgia                 BLAINE LUETKEMEYER, Missouri
AL GREEN, Texas                      BILL HUIZENGA, Michigan
EMANUEL CLEAVER, Missouri            ANN WAGNER, Missouri
ED PERLMUTTER, Colorado              ANDY BARR, Kentucky
JIM A. HIMES, Connecticut            ROGER WILLIAMS, Texas
BILL FOSTER, Illinois                FRENCH HILL, Arkansas
JOYCE BEATTY, Ohio                   TOM EMMER, Minnesota
JUAN VARGAS, California              LEE M. ZELDIN, New York
JOSH GOTTHEIMER, New Jersey          BARRY LOUDERMILK, Georgia
VICENTE GONZALEZ, Texas              ALEXANDER X. MOONEY, West Virginia
AL LAWSON, Florida                   WARREN DAVIDSON, Ohio
MICHAEL SAN NICOLAS, Guam            TED BUDD, North Carolina
CINDY AXNE, Iowa                     DAVID KUSTOFF, Tennessee
SEAN CASTEN, Illinois                TREY HOLLINGSWORTH, Indiana
AYANNA PRESSLEY, Massachusetts       ANTHONY GONZALEZ, Ohio
RITCHIE TORRES, New York             JOHN ROSE, Tennessee
STEPHEN F. LYNCH, Massachusetts      BRYAN STEIL, Wisconsin
ALMA ADAMS, North Carolina           LANCE GOODEN, Texas
RASHIDA TLAIB, Michigan              WILLIAM TIMMONS, South Carolina
MADELEINE DEAN, Pennsylvania         VAN TAYLOR, Texas
ALEXANDRIA OCASIO-CORTEZ, New York   PETE SESSIONS, Texas
JESUS ``CHUY'' GARCIA, Illinois
SYLVIA GARCIA, Texas
NIKEMA WILLIAMS, Georgia
JAKE AUCHINCLOSS, Massachusetts

                   Charla Ouertatani, Staff Director
                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on:
    April 28, 2022...............................................     1
Appendix:
    April 28, 2022...............................................    49

                               WITNESSES
                        Thursday, April 28, 2022

Das, Himamauli, Acting Director, Financial Crimes Enforcement 
  Network (FinCEN), U.S. Department of the Treasury..............     4

                                APPENDIX

Prepared statements:
    Das, Himamauli...............................................    50

              Additional Material Submitted for the Record

Himes, Hon. Jim A.:
    Written statement of the Financial Accountability and 
      Corporate Transparency (FACT) Coalition....................    62
    Written statement of the Project on Government Oversight 
      (POGO).....................................................    68
    Written statement of The Sentry..............................    83
Maloney, Hon. Carolyn:
    Written statement of Democrats Abroad........................    87
McHenry, Hon. Patrick:
    Written statement of the CATO Institute Center for Monetary 
      and Financial Alternatives.................................    93
    Letter to Secretary Yellen and Acting Director Das...........    96
    Written statement of the National Association of Federally-
      Insured Credit Unions (NAFCU)..............................   100
    Written statement of SentiLink...............................   102
Das, Himamauli:
    Written responses to questions from Representative Budd......   110
    Written responses to questions from Representative Sylvia 
      Garcia.....................................................   106
    Written responses to questions from Representative Gooden....   111
    Written responses to questions from Representative 
      Luetkemeyer................................................   108
    Written responses to questions from Representative McHenry...   105
    Written responses to questions from Representative Sessions..   113


                       OVERSIGHT OF THE FINANCIAL


                       CRIMES ENFORCEMENT NETWORK

                              ----------                              


                        Thursday, April 28, 2022

             U.S. House of Representatives,
                   Committee on Financial Services,
                                                   Washington, D.C.
    The committee met, pursuant to notice, at 10:05 a.m., in 
room 2128, Rayburn House Office Building, Hon. James A. Himes 
presiding.
    Members present: Representatives Velazquez, Sherman, Meeks, 
Green, Cleaver, Perlmutter, Himes, Foster, Beatty, Vargas, 
Gottheimer, Gonzalez of Texas, Axne, Casten, Lynch, Adams, 
Tlaib, Dean, Garcia of Illinois, Williams of Georgia, 
Auchincloss; McHenry, Posey, Luetkemeyer, Huizenga, Wagner, 
Barr, Williams of Texas, Hill, Emmer, Zeldin, Loudermilk, 
Mooney, Davidson, Budd, Kustoff, Hollingsworth, Gonzalez of 
Ohio, Rose, Steil, and Timmons.
    Mr. Himes. [presiding]. The Financial Services Committee 
will come to order.
    Without objection, the Chair is authorized to declare a 
recess of the committee at any time.
    Today's hearing is entitled, ``Oversight of the Financial 
Crimes Enforcement Network.''
    I now recognize myself for 5 minutes to give an opening 
statement.
    Today, we welcome Mr. Himamauli Das, the Acting Director of 
the Financial Crimes Enforcement Network, also known as FinCEN, 
for the first time before our committee. At a time when the 
international community is united in imposing severe sanctions 
on Russia for its unprovoked attack on Ukrainian sovereignty 
and democracy, a strong, well-resourced FinCEN is more 
important than ever.
    FinCEN is on the front lines of our financial intelligence 
efforts, tracking and tracing the ways that bad actors, like 
Putin and his allies, try to hide their assets. FinCEN also 
provides law enforcement agencies with information to follow 
the money, and alerts financial institutions to the ways that 
bad actors might try to evade sanctions. Without FinCEN, 
terrorists, drug traffickers, and other criminals would pose an 
even greater threat to our national security and the integrity 
of our financial sector.
    Lately, this committee has focused hard on cracking down on 
oligarchs and other bad actors looking to hide their ill-gotten 
gains through financial channels. Last month, the committee 
passed several bills to further cut Russia off from the global 
markets, to isolate Russian officials on the international 
stage, and to target Russian oligarchs, including the Nowhere 
to Hide Oligarchs' Assets Act, which was led by Chairwoman 
Waters. Today, I am pleased that we will continue discussing 
these bills and other proposals to target financial crime 
schemes, including a bill that I have sponsored, the Special 
Measures to Fight Modern Threats Act, which would help FinCEN 
target money laundering concerns operating outside of the 
traditional banking sector.
    In the past, this committee, and Chairwoman Waters in 
particular, played an important role in passing the Anti-Money 
Laundering Act of 2020 (AMLA), which was the most sweeping 
anti-money laundering reform in decades. AMLA tasks FinCEN with 
zeroing in on corruption, cybercrime, foreign and domestic 
terrorist financing fraud, transnational criminal organization 
activity, and trafficking. It also contains the Corporate 
Transparency Act, which requires corporations to disclose their 
true beneficial owners and tasks FinCEN with implementing this 
transformative anti-corruption measure. In the 15 months since 
AMLA became law, FinCEN has made considerable progress on these 
tasks, despite delays in authorized funding. But there is more 
work ahead to do, and more regulations to be finalized to 
ensure that law enforcement can use these important tools to 
follow the money and bring bad actors to justice.
    Even before Russia's illegal invasion of Ukraine, FinCEN 
helped protect our financial sector from money launderers, 
authoritarians, and kleptocrats. Today, as some of the richest 
and most corrupt people in the world look to the United States 
to stash their dirty money, it is important that Congress and 
this committee give FinCEN the resources it needs to assure 
that Putin, his cronies, and his despots and thugs don't get 
access to our financial system to hide their money.
    It is also important that FinCEN be transparent with 
Congress about its accomplishments, its challenges, its 
strengths and its weaknesses, and to share findings that can 
help lawmakers who are tasked with oversight to better 
understand FinCEN's strengths and weaknesses. FinCEN and 
Congress must work together to make sure that our financial 
crime toolkit is being put to good use, and that we are staying 
vigilant against emerging threats and sanction evasion schemes.
    Finally, I would like to enter into the record statements 
from the Project on Government Oversight, The Sentry, and the 
FACT Coalition. These statements emphasize FinCEN's critical 
role in combating corruption, and stress the importance of a 
fully-funded and staffed FinCEN to implement the beneficial 
ownership reporting requirements as envisioned by Congress.
    Without objection, it is so ordered.
    Mr. Das, I look forward to your testimony on the 
implementation of the Anti-Money Laundering Act of 2020, and 
FinCEN's progress on the beneficial ownership database, and to 
learning more about how Congress can be a strong and reliable 
partner in helping FinCEN successfully combat financial crime.
    I now recognize the ranking member of the committee, the 
gentleman from North Carolina, Mr. McHenry, for 5 minutes.
    Mr. McHenry. Thank you, Mr. Himes, and thank you for 
sitting in the chair. We wish Chairwoman Waters a speedy 
recovery from COVID, and we are glad that she is getting the 
care she needs and taking the responsibility of separating and 
quarantining. We wish her a speedy recovery.
    But I want to thank the Chair for holding the hearing. As 
we know, the proper oversight of agency heads is necessary for 
Congress' intent to be fulfilled and for agencies to fulfill 
their responsibilities. For an office like FinCEN, which has 
operated under the radar screen for the last 3\1/2\ years, 
appearing before us is especially significant. Acting Director 
Das, thank you for being here. Thank you for your outreach.
    Mr. Das, you were not head of FinCEN during the Fiscal Year 
2021 National Defense Authorization Act (NDAA) negotiations, 
which resulted in a rewrite of the statute that you are now 
implementing. But I would like to take a moment to share with 
you congressional intent during those negotiations, and the 
resulting statute and the intent of that statute. And the 
reason why I want to do this is because in reading FinCEN's 
beneficial ownership notice of proposed rulemaking (NPRM), 
there seems to be quite a disconnect.
    Early negotiations were anything but bipartisan. For 
Republicans, non-negotiables were clear. We wanted to limit 
burdens on small businesses, protect personally identifiable 
information (PII) as if it were tax information, and hold 
FinCEN accountable to the American people once a bill became 
law. We understood on both sides of the aisle that the stakes 
were too high for millions of small businesses to not get this 
right. So, the four corners in our negotiations came to an 
agreement that a revised beneficial ownership regime would: 
first, be easy to understand for small businesses; second, 
limit the burdens on those filing; and third, protect civil 
liberties and ensure confidentiality.
    What resulted was a targeted statute that would focus on 
stopping bad actors, such as Chinese and Russian nationals, 
from using the financial system. At the same time, it limited 
the burdens of law-abiding small businesses in the process. We 
directed FinCEN to prevent duplicative and burdensome 
requirements on small businesses, including rescinding the 
customer due diligence rule. We directed FinCEN to report on 
steps it is taking to minimize reporting requirements, which 
will provide this committee with necessary data on suspicious 
activity reports (SARs), currency transaction reports (CTRs), 
and the reporting thresholds. And we asked that the new 
beneficial ownership data be equipped with the strongest 
privacy and disclosure protections for small business owners' 
information.
    FinCEN is one of the biggest data collectors in the U.S. 
Government. Yet, how they collect, manage, and allow access to 
that data remains largely a mystery to Congress and, most 
assuredly, the public. Unfortunately, after reading FinCEN's 
NPRM, it is clear that the Agency needs a reminder of what 
Congress directed. The proposed rule was far too complex, 
overly broad, and deviated significantly from Congress' intent. 
My colleagues across the aisle like to advocate for greater 
authorities for FinCEN. I understand that. We have a new 
statute. The rules have not been implemented on that new 
statute. Let's get that done before we talk about new 
authorities, and I think that is where we are at this stage.
    And without objection, I would like to submit for the 
record my letter with Ranking Member Luetkemeyer, outlining our 
disappointment and concerns with the beneficial ownership NPRM. 
Thank you.
    Mr. Himes. Without objection, it is so ordered.
    Mr. McHenry. Director Das, it is fair to say that FinCEN 
has too many responsibilities and doesn't do any of them as 
well as they could. I am hopeful that in your leadership of 
FinCEN, we can right some of these huge challenges for the 
Agency and get it right for the American people. And I look 
forward to working with you to ensure that our anti-money 
laundering programs are targeted and effective, and at the same 
time, protect Americans' civil liberties.
    With that, Mr. Chairman, thank you, and I yield back.
    Mr. Himes. Thank you to the ranking member. I now recognize 
the gentleman from Kentucky, Mr. Barr, for 1 minute for an 
opening statement.
    Mr. Barr. I thank the Chair for yielding and for holding 
this hearing today.
    Congressional oversight of FinCEN is long overdue. Acting 
Director Das, thank you for coming before us today to talk 
about the operations of FinCEN. FinCEN indeed has a critical 
mission, and safeguarding the financial system against illicit 
use has never been more important. Whether FinCEN is targeting 
Russian oligarchs, international terrorists, or narcotics 
traffickers, we need to hold your office accountable for 
results. At times, this will mean FinCEN investigators need to 
find a needle in a haystack. Congress supports this work, but 
FinCEN must also guard against the temptation to add to the 
haystack endlessly, simply so it can collect more and more data 
on Americans. FinCEN's intelligence should be used as a weapon 
against money launderers, not as a financial Wikipedia on law-
abiding citizens. I look forward to hearing how FinCEN can stay 
focused on its targeted mission, including its efforts to 
counter bad actors from Russia.
    Thank you for your testimony, and I yield back.
    Mr. Himes. The gentleman yields back. I want to welcome 
today's distinguished witness to the committee, Mr. Himamauli 
Das, the Acting Director of the Financial Crimes Enforcement 
Network.
    You will have 5 minutes to summarize your testimony, Mr. 
Das. You should be able to see a timer that will indicate how 
much time you have left. I would ask you to be mindful of the 
timer and quickly wrap up your testimony if you hear the chime.
    And without objection, your written statement will be made 
a part of the record.
    Acting Director Das, you are now recognized for 5 minutes.

 STATEMENT OF HIMAMAULI DAS, ACTING DIRECTOR, FINANCIAL CRIMES 
                  ENFORCEMENT NETWORK (FINCEN)

    Mr. Das. Good morning. My name is Him Das, and I am the 
Acting Director of the Financial Crimes Enforcement Network. 
Chairman Himes, Ranking Member McHenry, and distinguished 
members of the committee, thank you for the invitation to 
appear before you today to provide an update on FinCEN's 
implementation of the Anti-Money Laundering Act of 2020, 
including the Corporate Transparency Act.
    FinCEN fulfills a critical statutory mandate as the 
administrator of the Bank Secrecy Act (BSA). In that role, we 
draft regulations to implement the BSA, we receive statutorily-
required reports from financial institutions about things like 
suspicious activities and high-value cash transactions, and we 
regulate financial institutions and enforce the rules. We can 
and have imposed significant monetary penalties against 
financial institutions that failed to implement effective and 
reasonably-designed Anti-Money Laundering/Combating the 
Financing of Terrorism (AML/CFT) programs. Our statutory 
authorities give us a powerful toolkit that we use to protect 
the U.S. national security and safeguard the integrity of our 
financial system. Along with suspicious activity and cash 
transaction reports, we can request information from financial 
institutions, and in some cases, non-financial trades and 
businesses within defined parameters through special collection 
tools.
    We use the information that financial institutions report 
to us to support law enforcement to target and disrupt illicit 
finance threats. And it is a diverse set of threats, from cyber 
criminals to kleptocrats, organized crime groups and beyond. 
Our information and analysis is critical to combat all of them. 
In fact, in a survey released in 2020, the Government 
Accountability Office found that law enforcement personnel at 
six law enforcement agencies use BSA reports extensively to 
inform their investigations, and that BSA reporting helped to 
identify potential subjects, networks, and defendants.
    Recent events, from COVID-19 to Russia's invasion of 
Ukraine and the rise in ransomware attacks on U.S. businesses, 
have underscored the importance of protecting our financial 
system. They have made clear the importance of an AML/CFT 
framework that is well-designed and effective in preventing bad 
actors from exploiting the financial system, and that protects 
Americans and American ideals. Clearly, FinCEN has a robust 
agenda and a diverse mission. And while we work to carry out 
our statutory mandate, we are also cognizant of our 
responsibility to do so in a way that safeguards citizens' 
privacy, that does not put undue burden on small businesses, 
and that does not spark de-risking that harms financial 
inclusion. All of these considerations are important to me and 
to our institution.
    The AML Act has only expanded our responsibilities, and it 
is nothing short of transformative. We recognize the enormous 
opportunity that it presents to streamline, modernize, and 
update the U.S. AML/CFT regime. The Act has helped position us 
to address today's challenges and provides us with the tools to 
approach innovations in a way that balances opportunities and 
risks, and it has placed national security front and center in 
FinCEN's mandate.
    While the AML Act has made a significant improvement to the 
AML/CFT framework, these improvements come at a cost. FinCEN 
employs a team of about 300 dedicated employees: intelligence 
analysts; investigators and enforcement officers; policy 
strategists; data analysts; and others. We welcomed the Fiscal 
Year 2022 appropriations to support our mission. Those 
resources are critical to support our IT systems and to build 
our beneficial ownership database. But nonetheless, FinCEN has 
significant staffing requests that remain unfunded. These 
include requests specifically related to positions required in 
the AML Act, such as foreign Financial Intelligence Unit (FIU) 
liaisons, domestic liaisons, and others.
    Timely and effective implementation of the AML Act is our 
top priority. Even with our limited resources, the FinCEN team 
is working diligently with law enforcement and regulatory 
stakeholders to promulgate rules and take other steps under the 
Act to promote a transparent financial system. It is important 
that we get it done right, and we get it done quickly. We have 
accomplished a lot, but we also recognize that we need to do 
more. As you are aware, we are missing deadlines. And to be 
blunt, we will likely continue to do so because our budget 
situation has required us to make significant tradeoffs among 
competing priorities.
    Just as I am grateful for the opportunity to appear before 
you today, I am also glad that I have had the opportunity to 
speak with some of you in the lead-up to today's session to 
hear more about your priorities and what is most important to 
your constituents. The entire FinCEN team is committed to 
working with you and to carrying out our ambitious agenda with 
your support, and I am happy to answer any questions.
    [The prepared statement of Acting Director Das can be found 
on page 50 of the appendix.]
    Mr. Himes. Thank you, Acting Director Das. I now recognize 
myself for 5 minutes of questions.
    Mr. Das, I read your testimony and just listened, and I 
appreciate all of that testimony. What I would love to have you 
do first in my 5 minutes is maybe fill in some of the blanks, 
which are really critical oversight blanks from what we have 
heard so far, that is, how FinCEN defines success. I would 
assume it would be prosecutions assisted in, nefarious plots 
disrupted. How do you quantify and, therefore, know when you 
are succeeding and where you may succeed better? I am used to 
thinking in the intelligence context, where the intelligence 
community looks at the number of citations for collection and 
in various reports and that sort of thing.
    And then second, if we have time, the other thing we 
obviously need to do is protect the privacy of the American 
people, and I am very grateful for the data that you have 
provided my office with respect to the collection that you do. 
How do you evaluate and how do you raise incidents of privacy 
breaches that, from an oversight standpoint, we should be 
interested in? But, again, I am primarily interested in how you 
define success and what metrics allow you, and therefore us, to 
track that success.
    Mr. Das. Thank you for that question, Chairman Himes, and 
thank you for your support and the committee support as well. 
Again, we are very focused on measuring and ensuring success in 
achieving FinCEN's mission. We think it is incredibly important 
to engage with stakeholders in Congress on ensuring the 
effectiveness of BSA reporting, and it is absolutely critical 
to ensuring confidence in the AML/CFT framework.
    Again, I just want to step back for a second. FinCEN has a 
number of functions, right? We collect information and reports 
from financial institutions, we issue regulations that regulate 
financial institutions to ensure that they have successful and 
effective and reasonably designed AML/CFT programs as well, and 
we work closely with law enforcement, and the intelligence 
community, and the Office of Foreign Assets Control (OFAC) in 
ensuring that they receive and use our information in an 
effective way. We want to be effective on all of these fronts 
because all three components of our mission work together.
    In terms of your specific question on the success of 
reporting, the AML Act provides a framework for that. Section 
6201 of the AML Act does precisely that. It requires DOJ to 
provide a report on the value of BSA information, and in 
January of this year, DOJ delivered such a report. That reports 
states that the value of BSA information for DOJ cannot be 
overstated. IT staff has searched BSA records over 2 million 
times over the past 5 years, and it is used in tens of 
thousands of investigations. The GAO, in a survey conducted 
from the years 2015 to 2018, as well indicated that three-
fourths of the staff of six law enforcement agencies have used 
BSA reporting in the context of their investigations. And that 
study also noted that three-fourths of those personnel also 
indicated that they either did not have an alternative, or that 
an alternative to BSA reporting was less efficient. I 
recognize, however, that the information that I have provided 
is our qualitative measures of success. They are not 
quantitative measures of success.
    Mr. Himes. Mr. Das, that is interesting information about 
the DOJ. I think you told me that there are just shy of 500 law 
enforcement agencies that have access to the database. When 
they query that database, are they then required to report what 
they did with the information that was obtained as part of that 
query, therefore enabling you to see what the outcome is of the 
use of that information?
    Mr. Das. They are not required to respond specifically to 
the use of the data that they receive when they do a query. 
However, we proactively engage with law enforcement across-the-
board. We have a number of liaison officers from law 
enforcement agencies who sit at FinCEN, whom we engage with 
regularly in terms of the challenges that they are facing, in 
terms of using our data, how they use their data, and how we 
can help them more effectively use their data. We regularly 
engage with our law enforcement counterparts and provide 
products to them. We flag--
    Mr. Himes. I'm sorry. Thank you. In my last 20 seconds, the 
data is important, but so are the anecdotes. We are very 
focused on Ukraine and Russia right now. In my very limited 
remaining time, tell us what FinCEN is doing, maybe an anecdote 
or a story, an example of how you have used this data to go 
after oligarchs or otherwise illicitly--
    Mr. Das. Absolutely. We have identified over 2,000 
suspicious activity reports (SARs) that relate to Russian 
oligarch activity and Russian sanctions evasion. We have 
reviewed all of those reports. We have sent 271 of those 
reports to law enforcement, and to OFAC, and the intelligence 
community to understand what is happening with respect to 
illicit financial transactions, which they can use for 
prosecutions, and to trace assets and seize and freeze assets. 
The information that we receive, we have also provided directly 
to OFAC, so that they can use it in their sanctions 
investigations and then designate and target illicit actors 
across-the-board, including Russian oligarchs, shell companies, 
cryptocurrency companies, and others. A number of the recent 
actions were based on information that we have provided to OFAC 
as well.
    Mr. Himes. Thank you, Mr. Das. My time has expired.
    The ranking member of the committee, Mr. McHenry, is now 
recognized for 5 minutes.
    Mr. McHenry. Thank you, Mr. Chairman. And thank you, Acting 
Director Das.
    I think there is a lot of confusion about what FinCEN does. 
And I want to piggyback on Mr. Himes' question here, but let's 
just kind of walk through the basics. Last month, there were 
roughly 325,000 suspicious activity reports filed with FinCEN. 
That is a massive amount of data. Let's talk through what 
FinCEN does with this sort of flood of data. What percentage of 
Bank Secrecy Act reports and FinCEN's monthly database lead to 
convictions?
    Mr. Das. I appreciate the question, Ranking Member McHenry. 
Again, we do not have precise metrics in terms of a one-to-one 
correlation between information that we receive from financial 
institutions with respect to suspicious activity reports and 
direct prosecutions. But in response to the DOJ report, it is 
clear that these reports are being used by the Justice 
Department and by other law enforcement agencies to investigate 
actions and to prosecute actions as well. We have had a law 
enforcement awards program in place since 2015, and that law 
enforcement awards program is designed to identify instances in 
which BSA information has translated into actual prosecutions. 
So it is anecdotal in nature, but it shows that our information 
is being used by law enforcement, especially the--
    Mr. McHenry. The anecdotes here are very few and far 
between. We have talked about this, so I think that is a 
problem. Mr. Himes' question and my follow-up to basically the 
same question here is, show us the results. You are able to 
talk about what you said as qualitative rather than 
quantitative. We would like to see these statistics on what is 
being done. Mr. Himes said that 500 individual agencies have 
access to these databases, the currency transaction reports, 
and suspicious activity reports, 500 agencies. How many 
individuals have access to these databases?
    Mr. Das. Thank you for that question. Your first point, in 
terms of metrics and better understanding how the information 
is being used, we intend to work with you as well as the law 
enforcement agencies to hone those metrics and to provide 
better assessments of how that information is being used. In 
terms of the number of individuals who have access to the 
database, from law enforcement, from the intelligence community 
and other agencies as well, again, there are 471 agencies that 
have access to the information. The number of law enforcement 
personnel and other personnel who have access fluctuates, but 
it is in the 13,000 to 16,000 range.
    Mr. McHenry. Okay. Then, how do you keep track of how those 
users use that information? How do you police that?
    Mr. Das. I appreciate the question. We have a robust 
framework in place. With respect to each of the 471 agencies, 
we negotiate separate memorandums of understanding (MOUs) with 
each of the agencies after having a discussion with them to 
ensure that they have appropriate reasons under the purposes of 
the Bank Secrecy Act to use that information. The MOUs 
identified protocols for access, protocols for security, and 
protocols for use of that information.
    Mr. McHenry. But how do you police those MOUs?
    Mr. Das. It is part of sort of an overall suite of efforts 
in terms of those MOUs. In terms of access to the database, 
individuals who have access need to go through a robust 
training program. They need to undergo a background check. Each 
of their searches--
    Mr. McHenry. Okay. So, what is then the proscriptive?
    Mr. Das. We track each of their searches. They need to 
enter in a justification. It goes into a query audit log, and 
then we do two things. One is we conduct an annual audit of the 
searches that are being done by each of the agencies that have 
access to ensure that they are being used appropriately and 
that there is no misuse. We engage with the agencies on an 
individual basis to ensure that there are no questions and that 
all questions are answered. And then finally, we identify 
anomalous searches on a quarterly, on a monthly, and on an 
annual basis to identify whether or not there are any 
inappropriate uses of the database, and we reach out to the 
agencies to try to remedy that as well.
    Mr. McHenry. Okay. I want to be respectful of everyone's 
time, but what if an MOU is breached, or if individuals have 
breached that responsibility, what is the enforcement action?
    Mr. Das. We will do two things. First of all, we will 
engage with the agency and seek responses to an investigation 
in terms of what that individual is doing, and whether or not 
they were doing it appropriately, and we will refer the issue 
to the Inspector General's office as well.
    Mr. McHenry. Okay. Would you provide data on that, on those 
referrals?
    Mr. Das. Yes, sir. We can.
    Mr. McHenry. Thank you. Thanks for your testimony.
    Mr. Himes. The gentleman's time has expired.
    The gentlewoman from New York, Ms. Velazquez, who is also 
the Chair of the House Committee on Small Business, is now 
recognized for 5 minutes.
    Ms. Velazquez. Thank you, Mr. Chairman. Director Das, in 
December of 2019, FinCEN released a statement entitled, ``Bank 
Secrecy Act Reports Filed by Financial Institutions Protect 
Elders from Fraud and Theft of Their Assets.'' In this 
statement, former FinCEN Director, Ken Blanco, acknowledged 
that understanding the trends and potential exploitation 
methods included in these reports can help banks and consumers 
protect themselves. Can you briefly tell us how financial 
institutions and older consumers use these reports to protect 
themselves from financial exploitation?
    Mr. Das. Thank you, Congresswoman Velazquez. Elder abuse is 
a terrible problem and one that we and our partners from across 
the government have been focused on for many years, and we 
provide ongoing support to numerous task forces and multi-
agency groups working to address this problem. In February, we 
joined with other Federal agencies in an awareness-raising 
campaign about romance scams, which often target the elderly. 
In this campaign, we highlighted our Rapid Response Program. In 
this program, FinCEN partners with law enforcement agencies 
that receive complaints of abuse, and incorporates with Foreign 
Financial Intelligence Units, our counterpart agencies in 
foreign governments, to help recover stolen funds.
    We have done a lot more on this front, too. Our first 
public advisory to financial institutions on elder financial 
exploitation dates back to 2011. Since then, in 2017, we issued 
a joint memorandum with the Consumer Financial Protection 
Bureau (CFPB) on financial institution and law enforcement 
efforts to combat elder financial exploitation. In 2019, we 
issued a financial trend analysis describing how our elders 
face increased financial threats from domestic and foreign 
actors, and it is critical that we work with law enforcement, 
regulatory, and national security partners to use our 
information. Public documents like the one I just mentioned 
that highlight typologies, educate financial institutions so 
that they can appropriately use risk-based mitigating measures, 
and monitor to detect potential elder abuse. This ultimately 
protects consumers. And this reports also led to an incredible 
increase in SAR reporting, and has ultimately led to numerous 
successful prosecutions of bad actors.
    Ms. Velazquez. Thank you for the response. Director Das, 
like elders, survivors of intimate partner violence are at high 
risk of financial exploitation. In fact, 58 percent of 
survivors, approximately 19.1 million individuals in the United 
States, report that their abuser has accessed, withdrawn from, 
or otherwise controls their bank account. This means that over 
half of survivors in the U.S. do not have access to a safe and 
protected bank account. Wouldn't you agree this is a 
significant problem that must be addressed?
    Mr. Das. Thank you for that question. I agree that victims 
of domestic violence and all victims of financial abuse should 
be able to obtain banking access and extricate their accounts 
from their abuser. We are very focused on financial inclusion, 
and we want to work with you and your offices to ensure that 
FinCEN does its part to ensure that survivors have access to 
the banking services.
    Ms. Velazquez. Thank you. One of the bills that we are 
reviewing here today is a discussion draft of legislation I am 
working on, the Survivors Safe Banking Act, which will require 
FinCEN to compile and publish reports on statistics and trends 
of customers and potential customers of covered financial 
institutions who are a survivor of domestic violence or 
economic abuse. Wouldn't you agree that a similar report will 
likewise help protect consumers who are survivors of intimate 
partner violence from financial exploitation?
    Mr. Das. Thank you, Congresswoman. Without commenting on 
the specifics of the draft legislation, FinCEN has and will 
continue to urge financial institutions to report all forms of 
suspicious transactions and to be attentive to any abnormal 
patterns or behaviors, whether in their customer's accounts or 
in their interactions with them. Again, as you are well aware, 
and as FinCEN has highlighted through advisories and notices 
and alerts, there are a myriad of illicit finance threats 
facing consumers today. And sadly, vulnerable populations, such 
as the elderly, or those in abusive relationships can be 
victimized and financially exploited by those close to them. We 
will continue to educate and equip financial institutions on 
these threats, what to look for, and how to report a suspicious 
transaction.
    Ms. Velazquez. I am looking forward to working with you.
    Mr. Das. Thank you. As am I.
    Ms. Velazquez. Thank you. I yield back.
    Mr. Himes. The gentlelady's time has expired.
    The gentleman from Florida, Mr. Posey, is now recognized 
for 5 minutes.
    Mr. Posey. Thank you very much, Mr. Chairman. Mr. Das, can 
you please describe your strategic plan for protecting the 
privacy of the individuals and firms you collect data from?
    Mr. Das. Pardon me, Congressman, if you could repeat your 
question? It didn't quite come through clearly. My apologies.
    Mr. Posey. Could you please describe your strategic plan 
for protecting the privacy of the individuals and firms you 
collect data from?
    Mr. Das. Yes. Thank you, Congressman. Again, that is a very 
important issue for us. The privacy of our database and the 
sensitive information that we collect is fundamental to me and 
is fundamental to our institution more generally. We have a 
number of processes in place to ensure that the information is 
safeguarded and used appropriately, and we are continuing to 
work to do more on this front, to identify any gaps or issues 
and to remedy those gaps. We have a robust framework in place 
both from an IT perspective and from a procedural perspective 
in ensuring and safeguarding the use of this information. From 
an IT perspective, we have robust controls and a significant 
segment IT architecture, which is robust, and constrains access 
to the database by hackers and other malicious threats to the 
database.
    Second, we conduct regular penetration testing to ensure 
that the database is not exposed to malicious threats as well, 
and we subject the database to the highest standards of 
security controls. It is Federal Information Security 
Modernization Act (FISMA) high level with respect to the 
security structure of the IT database.
    With respect to the privacy considerations, again, as I 
mentioned previously, we have robust controls in terms of 
access to the data and the use of the data. We negotiate MOUs 
in place with each of the agencies that have access to our 
database. Those MOUs include provisions which ensure that the 
database is used appropriately and that there are appropriate 
audit and oversight functions. We provide regular training to 
those who have access to the database to ensure that they 
understand what the parameters are in terms of their use of the 
database, and that they use it appropriately and for purposes 
that are consistent with their agency's access to the database, 
and consistent with the purposes of the Bank Secrecy Act as 
well.
    And then, we audit those uses. Again, we have a query audit 
log where we track each of the searches and the justifications 
made for those searches. Where there are anomalous searches, we 
refer those searches and concerns to the home agency as well as 
to the Inspector General's Office. We investigate, and if there 
are shortcomings in terms of those searches, we work with the 
agencies to either restrict access or to terminate those 
individuals.
    Mr. Posey. Have there ever been any breaches?
    Mr. Das. There have been no IT breaches that we are aware 
of to the overall database.
    Mr. Posey. Does FinCEN share information and data with the 
Internal Revenue Service?
    Mr. Das. One of the purposes of the Bank Secrecy Act, in 
terms of use of the information, is to combat tax evasion, and 
the IRS has access to our database to support their law 
enforcement efforts and efforts to combat tax evasion. The IRS 
Criminal Investigations Unit as well is a partner in our--
    Mr. Posey. I think that is a yes.
    Mr. Das. Pardon me?
    Mr. Posey. I think that is a yes, isn't it?
    Mr. Das. It is a yes.
    Mr. Posey. Can you explain the cost-benefit analysis in 
your rulemaking and how that compares with other agencies?
    Mr. Das. Yes, sir. We conduct cost-benefit analyses under 
the Regulatory Impact Act for each of our rulemakings. It is 
required by law. And when we renew regulations, as we are 
required to do on a periodic basis, we conduct cost estimates 
in terms of what the cost might be with respect to those 
regulation renewals.
    Mr. Posey. Thank you very much. Mr. Chairman, my time is 
about to expire, so I yield back. Thank you.
    Mr. Himes. The gentleman yields back.
    The gentleman from Missouri, Mr. Cleaver, who is also the 
Chair of our Subcommittee on Housing, Community Development, 
and Insurance, is now recognized for 5 minutes.
    Mr. Cleaver. Thank you very much. I have a number of 
questions that I would like to raise with you, Acting Director 
Das. Compared to many, probably most of the Federal agencies, 
you are a small, either an agency or a bureau; I am not sure 
which is the appropriate term. But I am wondering, Congress 
approved $161 million and the President had requested $191 
million. Does the fact that we didn't meet the President's 
request have any negative impact on your work?
    Mr. Das. Thank you for that question, Congressman. We are a 
bureau of the Treasury Department. We have 300 full-time 
equivalents (FTEs) at this point. First of all, I want to 
express my appreciation for the funding in the Fiscal Year 2022 
appropriations. We received about $34 million over previously-
enacted levels in that legislation. And that funding is 
incredibly important to us in terms of being able to ensure 
operations of our IT system and our IT database. It is also 
incredibly important in terms of our design and build of the 
beneficial ownership database. So, it is a valuable 
contribution in terms of our overall effort.
    It does fall short, however, in terms of our ask of, I 
believe, $64.5 million over previously-enacted levels. The 
amount of money that we did not get was intended to be used for 
FTE staffing for all of our efforts to implement the AML Act. 
We had asked for 80 FTEs to support our staffing and 
implementation of the AML Act. That includes drafting 
regulations and the rules being able to conduct the cost-
benefit analyses and to perform all of the other functions 
under the AML Act, including hiring foreign FIU liaisons, and 
domestic liaisons to do outreach to financial institutions 
across the country to help them understand how we use data and 
how it is effective. It would be used to hire innovation 
officers, and security and information officers as well, who 
would be able to help steer and lead the charge with respect to 
our engagement on innovative technologies and how the 
regulatory framework meets the innovative technologies as well. 
Again, even with the resources that we have and that we are 
using, we are working full tilt to be able to work thoroughly, 
and effectively and efficiently, to complete all of the 
mandates required under the AML Act, but we need more.
    Mr. Cleaver. Yes, you just hit on the point that I was 
going to raise, which is what is not getting done because you 
didn't receive the amount that was requested in the President's 
budget. And I am assuming you are saying that everything is 
getting done; it is just not at the level that the Bureau 
required.
    Mr. Das. I have two points on that. One is that we are 
missing deadlines, as I mentioned in my testimony, and we will 
continue to miss deadlines because we just don't have the 
staffing to be able to carry through on all of the efforts 
required under the AML Act. The second is we are making 
tradeoffs. We are making tradeoffs against resources that can 
be used to engage in enforcement and compliance work that can 
be used to ensure implementation of our whistleblower program, 
that can be used to track ransomware actors, and to be able to 
support law enforcement, and to perform all of the other 
activities that we are doing and are required to do under the 
BSA.
    Mr. Cleaver. I am paranoid about the whole cryptocurrency 
issue, and I think I am going to remain paranoid for some time. 
In November of 2021, a FinCEN advisory on ransomware and the 
use of the financial system to facilitate ransom payment noted 
that cybercriminals usually require ransom payments to be 
denominated in convertible virtual currency, most commonly in 
Bitcoin. However, they are also increasingly requiring or 
incentivizing victims to pay an anonymity enhanced 
cryptocurrency. Now, what is the incentive for malicious actors 
to demand payment in an anonymity-enhanced cryptocurrency? I am 
presuming they believe they are maximizing their chances for 
getting away, for escaping.
    Mr. Das. That is correct, Congressman. I think that 
anonymity-enhancing currencies is another way in which 
ransomware actors and other criminal actors are working to 
avoid the financial system, and evade the financial system, and 
to hide illicit transactions. Again, we are very focused on 
ransomware. We have taken a number of enforcement actions with 
respect to cryptocurrency exchanges that support ransomware 
actors, and we are doing our best on this front.
    Mr. Cleaver. Thank you very much.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Missouri, Mr. Luetkemeyer, is now 
recognized for 5 minutes.
    Mr. Luetkemeyer. Thank you, Mr. Chairman, and welcome, 
Director Das. You and I have had multiple conversations over 
the last few weeks about independent ATM operators, and today, 
I would like to put a few facts on record and discuss this 
issue with you again.
    The fact is, for years the members of the Federal Financial 
Institutions Examination Council (FFIEC)and FinCEN supported 
the notion that independently-owned ATMs are at high risk for 
money laundering. This was evident in the FFIEC BSA/AML 
Examination Manual, which contains many disparaging remarks 
about the industry and the so-called risk they pose to money 
laundering. Because the members of the FFIEC took the stance 
that financial institutions for the last several years have 
been refusing to provide financial services to independent ATM 
operators. However, because of the extensive conversations I 
have had with you and members of FFIEC, it has been determined 
and acknowledged that independently-owned ATMs do not, in fact, 
pose a high risk of money laundering. This became apparent when 
after multiple bipartisan meetings with Members of Congress, 
FFIEC changed its examination manual to accurately portray that 
independent ATMs are not inherently at risk for money 
laundering. In addition, I directly asked representatives of 
the FFIEC whether independent ATMs are a high-risk industry, 
and each of them individually said no.
    Despite the changes made to the examination manual, I still 
hear reports of financial institutions cutting off access to 
services for independent ATM owners. That is because the 
regulators, the examiners for years have intimidated financial 
institutions into eliminating services to illegally-operating 
industries. The perception is still there, similar to an 
Operation Choke Point activity. It is now up to you and them to 
fix it, Director Das. That is why I am calling on all the 
prudential regulators and FinCEN to issue a policy statement to 
all financial institutions clarifying that independently-owned 
ATMs are not a high-risk industry for money laundering.
    One excuse has been that we will be setting a precedent. 
This is not a precedent. In 2020, the agencies and FinCEN 
issued a fact sheet to all FDIC-insured institutions about 
nonprofit organizations (NPOs). Specifically, this fact sheet 
stated that, ``NPOs do not present a uniform or acceptably high 
money laundering terrorist financing risk.''
    Mr. Chairman, I ask unanimous consent to enter into the 
record the document dated November 19, 2020.
    Mr. Himes. Without objection, it is so ordered.
    Mr. Luetkemeyer. Thank you. The reason I am bringing this 
all up today is I want to get these facts on the record of what 
has actually been going on with some of these agencies. They 
made up the charge that the money laundering was going on. They 
got caught, and now they need to fix it. And part of that fix 
is to fix the manual, which they have already done and are 
working on with the industry itself, and I applaud those 
efforts. The second part of it, though, is to clear up the 
perception that is still there with the financial institutions 
that this is a high-risk industry, and that these banks, if 
they want to go back and finance them, can do this again 
without punitive action taken by the regulators if they do it 
in a prudent, risk-free manner.
    My question to you is very simple: Will you join the other 
agencies and send a statement clarifying that independent ATM 
operators do not have a high risk of money laundering?
    Mr. Das. Thank you for that question, Congressman 
Luetkemeyer, and I appreciate the conversations that we have 
had over the past weeks on this issue. Again, we agreed that 
this is an ongoing issue in terms of clarifying the scope of 
this issue for examiners and for financial institutions as 
well. We are working with the banking agencies and the specific 
agencies to clarify this issue and to issue a joint statement, 
and we would join any such joint statement with the Federal 
banking agencies.
    Mr. Luetkemeyer. I thank you for that. I take that as a 
yes. In the future, I would just make the comment that your 
Agency should be a check on these other agencies to make sure 
this doesn't happen again. You should be pushing back on them 
when they do things like this, where there is no evidence that 
there was money laundering going on. Can you be a watchdog on 
that?
    Mr. Das. We will continue to engage with the banking 
agencies and to ensure that the record is clear on this point 
in terms of no particular customer type, including independent 
ATMs, present any automatically higher risk with respect to 
money laundering, correct.
    Mr. Luetkemeyer. Thank you very much for that. My time is 
about up. I have some more issues to discuss, expansion of some 
of the definitions with regards to benefit ownership rules and 
regulations, but we are out of time.
    With that, I will yield back the rest of my time, Mr. 
Chairman. Thank you.
    Mr. Himes. The gentleman yields back.
    The gentleman from New York, Mr. Meeks, who is also the 
Chair of the House Committee on Foreign Affairs, is now 
recognized for 5 minutes.
    Mr. Meeks. Thank you, Mr. Chairman. Good morning, and as 
indicated, I am the Chair of the House Foreign Affairs 
Committee, but I am also a member of this committee. And one of 
the issues that pops up now on both of our committees is 
dealing with Russia's illegal and immoral invasion of Ukraine. 
All of us have come together on both committees to impose 
significant sanctions on Russia and Russian oligarchs. As 
always, when it comes to sanctions, we are worried about how 
the sanctions can be circumvented, and sanctions have 
traditionally been scouted through shell companies in real 
estate, for example. And in FinCEN's March guidance, it is 
noted that the United States needs to also look out for the 
Central Bank of Russian Federation using import or export 
companies to engage in foreign exchange transactions on its 
behalf. Can you explain how FinCEN is monitoring these specific 
types of traditional means of sanction evasions, and what are 
some of the persisting issues that FinCEN is seeing with these 
techniques, not only as it relates to Russia, but also other 
sanctioned countries?
    Mr. Das. Thank you, Congressman. Our team has been working 
incredibly hard since the Russian invasion of Ukraine, on both 
the sanctions efforts and law enforcement efforts. We have 
worked incredibly hard to raise awareness on the part of 
financial institutions--that is, banks, cryptocurrency 
exchanges, and other financial institutions as well--about 
Russia's abuse of the financial system and their efforts to 
evade sanctions. We have issued two alerts so far: one on 
sanctions evasion specifically; and one on the efforts of 
Russian oligarchs to evade sanctions more generally and to hide 
their illicit assets, so that we can ensure that financial 
institutions understand the ways in which Russian actors might 
abuse the financial system.
    We also recently issued an advisory on cryptocracy as well. 
Those advisories and alerts alert financial institutions in 
terms of the red flags of either sanctions evasion or 
typologies with which Russian actors, oligarchs, proxies, and 
elites seek to evade sanctions. This allows financial 
institutions to better understand what types of transactions 
bad actors might engage in to evade sanctions. We have also 
reached out to financial institutions and to law enforcement 
across-the-board. This includes the FBI, the Department of 
Homeland Security Investigations (HSI), and the Department of 
Commerce's Bureau of Industry and Security, with respect to 
export controls, and others to participate in FinCEN exchanges 
with financial institutions so we can exchange information with 
financial institutions and law enforcement so that we can 
understand how to better trace and identify Russian sanctions 
evasions efforts, so we can get quality suspicious activity 
reporting from financial institutions that is actionable and 
that we can provide back to law enforcement as well.
    We are very active in terms of reviewing the suspicious 
activity reports that we get, and we take those suspicious 
activity reports and distill those reports into summaries for 
law enforcement to use, and for OFAC to be able to use in their 
sanctions designations efforts and their targeting efforts as 
well. So, we have a number of different fronts, in terms of 
both working with financial institutions to collect more 
information in terms of trends or typologies of sanctions 
evasion, and then to take that information and translate it for 
OFAC and law enforcement to be able to use that information to 
go after Russian oligarch assets and to be able to identify 
other bad actors for sanctions designations as well.
    Mr. Meeks. Thank you for that. And I really can go deep, 
but I have another question, because you mentioned crypto, and 
I heard also conversations from Congressman Cleaver. We all 
have certain concerns about crypto. I am trying to find that 
balancing act, because I see there are some good purposes of 
it, and some people who try to utilize and get around have been 
concerned about Russia trying to use crypto to evade sanctions 
also, specifically. My question in the little time that I have 
is, is FinCEN thinking about new ways to implement Anti-Money 
Laundering/Know Your Customer (AML/KYC) procedures in this 
evolving world in a way that strikes a balance, and I want to 
know, what is, ``to strike a balance?'' And can you explain 
what FinCEN is already seeing with respect to crypto being used 
to evade sanctionsc, in 2 seconds?
    Mr. Das. I appreciate the question. As part of one of the 
alerts that we issued at the outset of the Russian invasion of 
Ukraine, the alert on sanctions evasion specifically 
highlighted the risks of cryptocurrency being used to evade 
sanctions. Again, we have not seen large-scale evasion through 
the use of cryptocurrency, but we are mindful of that and we 
are working with financial institutions so that they are aware 
of that potential so that we can identify a large-scale evasion 
using cryptocurrency and act on it as well. So, thank you.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Kentucky, Mr. Barr, is now recognized 
for 5 minutes.
    Mr. Barr. Thank you, Mr. Chairman. Thanks for holding the 
hearing. Mr. Das, again, thank you for appearing here, and let 
me pick up right where Chairman Meeks left off on these 
advisories and alerts on Russian sanctions evasion efforts. I 
appreciate that FinCEN is issuing these advisories and alerts 
for law enforcement for financial institutions. I appreciate 
the communications between your Agency and law enforcement. 
But, Acting Director Das, can you go into a bit more detail 
about the data analytics that your Agency engages in, in 
providing that to OFAC? And can you give us a little bit 
greater granular detail about the analysis that FinCEN provides 
to OFAC to give OFAC the tools to thwart these sanctions 
evasion efforts?
    Mr. Das. I appreciate that. We do a number of different 
things on the analysis of information that we get with respect 
to Russia sanctions. First of all, we receive suspicious 
activity reports. We review those reports. We have reviewed 
over 2,000 Russia-related SARs, and we have referred 271 of 
them for further action to OFAC and to law enforcement as well. 
We have sent these reports to the FBI, and to the Department of 
Commerce's Bureau of Industry and Security as well.
    Mr. Barr. Do you know whether or not OFAC has acted upon 
those 271 SARs that you have flagged for them?
    Mr. Das. We have provided OFAC with a substantial amount of 
information, either directly or through the Office of 
Intelligence and Analysis at the Treasury Department. We are 
aware that they review that information very carefully and they 
have acted on that information in the context of their 
designation--
    Mr. Barr. Did they report back to you, hey, this has been 
helpful, we have now closed a sanctions evasion loophole or 
effort?
    Mr. Das. We remain in close communication with OFAC. We are 
part of a working team in terms of ensuring that OFAC has the 
information that we are seeing, and that we can engage with 
OFAC in terms of the sanctions designation and how they are 
using it. The short answer to your question is, yes, they do 
use our information. It has been used in sanctions 
designations, both in the context of Russia and in many other 
contexts as well.
    Mr. Barr. Okay. Great. Keep up the good work there. FinCEN 
is asking Congress to authorize a sixth special measure, which 
would allow you to block fund transfers on a transaction-by-
transaction basis, including for digital assets. However, 
special measures 1 through 4 appear to be rarely used, and 
FinCEN has often rescinded proposals to impose the fifth 
special measure against foreign financial institutions. Less 
than 2 years ago, you voluntarily withdrew a fifth special 
measure designation against Banco Delta Asia, which had been 
tied to North Korean money laundering. Why should Congress 
grant FinCEN a new sixth special measure to go after digital 
assets when the effectiveness of the first 5 special measures 
is unclear?
    Mr. Das. Thank you for that question. Again, we are very 
focused on the use of our Section 311 authority, as well as the 
authority in Section 97.14 of the NDAA from 2021, which 
includes a special measure sixth. Again, Section 311 was 
enacted in a time when most financial relationships and 
transactions were done through the traditional banking system, 
where there are traditional correspondent account 
relationships. Nowadays, cross-border transactions often 
include money services businesses, payment systems, and well 
foreign exchange houses, as well as cryptocurrency.
    So if we were to use the Section 311 authority against, for 
example, Chinese ransomware actors, those using dark markets 
and the like, we would not be able to use the Section 311 
authority with respect to those transactions to prohibit those 
actors from abusing and engaging in money laundering with 
respect to the U.S. financial system. Currently, the Section 
311 authority is not the right size for the types of threats 
that we are seeing through the use of cryptocurrency.
    Mr. Barr. One final question. I do want to echo the 
concerns of the ranking member on FinCEN's development of its 
beneficial ownership database, and I want to highlight the leak 
of the SARs by a FinCEN employee. You talked about no hacking, 
that there has been no hack, but there was this very troubling 
report of a FinCEN employee in 2017-2018, as well as 
ProPublica's recent disclosure of details from a leaked IRS 
document. Data security looks to be not just a FinCEN problem, 
but a Treasury problem. What specific steps have you taken to 
ensure that these illegal disclosures never happen again?
    Mr. Das. When that disclosure happened, we referred the 
matter both to our Inspector General's office as well as to law 
enforcement. That individual was removed from the premises, 
detained, prosecuted, and served time. We are very focused on 
that. We took a number of steps in terms of the mechanism used 
by that individual in terms of being able to use a thumb drive. 
Thank you.
    Mr. Himes. The gentleman's time has expired.
    Mr. Das. Sorry. Very quickly, to use a thumb drive. We have 
ceased that use except under limited circumstances. And again, 
we have a robust internal security program to ensure that the 
database is used properly.
    Mr. Barr. Thank you.
    Mr. Das. Thank you.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Colorado, Mr. Perlmutter, who is also 
the Chair of our Subcommittee on Consumer Protection and 
Financial Institutions, is now recognized for 5 minutes.
    Mr. Perlmutter. Thank you, Mr. Chairman, and if my Wi-Fi 
goes out, just move on to the next participant here.
    I would like to first thank Director Das for his service to 
our country at a very difficult time when sanctions have been 
imposed in many different ways against Russia, and obviously, 
the role of FinCEN has really grown by leaps and bounds as we 
deal with them. The ranking member talked about how you have 
massive amounts of information coming to you, and compared to 
what the normal person has, I would say that is true. But as 
compared to the Big Tech companies and other major 
institutions, you get a fraction of the information that they 
vacuum up every day. I just want to let the record reflect 
that, as massive amounts of information has to be compared to 
what and what.
    Several of us visited the Caribbean recently and one of the 
things that came up again and again was money laundering 
issues, de-risking issues, and what appeared to be kind of 
redlining of that entire region, which has left the 
correspondent banking services to the Caribbean in really 
pretty sad shape. With the exception of Wells Fargo, it appears 
that correspondent banking has pretty much left the Caribbean. 
And so, I would like you to talk about, is FinCEN, is our 
ability to do the money laundering and Know Your Customer, can 
we do that on a nation-by-nation basis, or do you guys look at 
regions, or how does that work?
    Mr. Das. Congressman Perlmutter, thank you for that 
question and for the opportunity to discuss this topic. Again, 
financial inclusion and de-risking is incredibly important to 
FinCEN and to Treasury writ large. It is critical that 
countries, jurisdictions, and customers have access to 
financial services. De-risking is a real problem, and we are 
aware that it has impacted a variety of customers and sectors. 
There has been a lot of work that we have done to understand 
the root causes of de-risking, to identify what more that we 
can do on this front. And, in fact, the AML Act, under Section 
6215, requires that we identify and develop a strategy to be 
able to respond to de-risking, and we have contributed to the 
GAO report on de-risking as well that was also required by 
Section 6215. Again, it is clear that the root causes for de-
risking are complex, and that they really come down to the 
cost-benefit considerations and calculations that financial 
institutions are making when they decide with whom to do 
business. Some of these considerations are commercial and focus 
on business strategy and profitability.
    It is also very important just to note that there are 
considerations that are related to jurisdictions' 
implementation of their AML/CFT rules in ensuring that they 
have robust AML/CFT frameworks within jurisdictions. We at 
FinCEN and at Treasury engage on a regional basis and on a 
country-by-country basis to ensure that countries are 
implementing high and robust AML/CFT standards as well. And to 
be able to encourage them to do so, we work through a number of 
different institutions as well, including the Financial Action 
Task Force (FATF), to raise standards and to ensure that 
countries are able to implement those standards, and that will 
provide confidence to financial institutions that they can 
continue to bank customers within specific countries and 
jurisdictions.
    Mr. Perlmutter. Let me stop you for a second.
    Mr. Das. Yes.
    Mr. Perlmutter. Let me stop you for a second because it 
appeared to us that there really wasn't a case-by-case or 
country-by-country kind of review of this, and not in a very 
frequent fashion, that there was just sort of this carte 
blanche against this region and really has affected 
individuals, and companies, and businesses down there because 
they can't get correspondent banking, and it has made it very 
difficult. I appreciate the general approach you take, but 
let's say with respect to this region, are you updating on a 
pretty continuous basis whether you think you need more de-
risking or everything is okay?
    Mr. Das. Congressman, thanks for that question. With 
respect to specific details about how Treasury is engaging, 
particularly in the Caribbean region, I am happy to follow up 
on that and provide you specific answers to your questions.
    Mr. Himes. The gentleman's time has expired. The gentleman 
from Texas, Mr. Williams, is now recognized for 5 minutes.
    Mr. Williams of Texas. Thank you, Mr. Chairman, and thank 
you for being here today, Mr. Das. When the Bank Secrecy Act 
was updated in the 2020 NDAA, the small business community 
expressed serious concerns about burdensome new regulations 
that would accompany this law. And Congress intended to strike 
this balance between tracking down bad actors within the 
financial system without hurting small businesses by directing 
your Agency to only collect four simple pieces of information. 
However, in the proposed rule, FinCEN is requiring businesses 
to report more information than is required by statute. Can you 
explain this decision and also shed some light on your 
communications with financial institutions as you have been 
developing these new regulations?
    Mr. Das. Thank you very much for that question, Congressman 
Williams. We are very mindful of the impact that the AML/CFT 
framework and the rules that we have to implement have on small 
businesses and the business community, more generally. In the 
context of the Beneficial Ownership rule, again, we are 
required to develop a beneficial ownership framework that is 
highly useful to law enforcement, while at the same time 
minimizing the costs and burdens to small businesses, and we 
are very mindful of that fact. We received a number of comments 
in the rulemaking process about the burdens that small 
businesses will face. We are taking into consideration very 
seriously those comments in the context of working towards the 
final rule as well.
    Mr. Williams of Texas. Yes, that is important, because 
small business is the heart of our economy, and they are 
getting buried right now. Everybody says I am for small 
businesses, but they add more regulations to what they need to 
do, so thank you for looking at that. And to keep on the topic 
of small businesses, the proposed rule estimates that there 
will be over 2.5 million new covered entities under this rule. 
For many of these businesses, this will be the first time that 
they have ever heard of FinCEN, and additionally, many will be 
wary of turning over their information to a new government 
agency, like most of us are. Again, how will you build trust 
within the small business community as well as educate them on 
what will now be required of them?
    Mr. Das. Thank you for that question. As we work through 
the rulemaking process, with respect to all of the three 
different rules that we have to issue in the context of the 
Corporate Transparency Act, we are planning an outreach process 
to reach out to industry groups, to financial institutions, to 
State-level secretaries of state, and others to be able to 
ensure that the business community, stakeholders, and 
individuals across America understand what the rules do, what 
they require of small businesses and others within in terms of 
reporting, and we plan on proactively engaging. This requires 
an extensive strategic plan.
    And again, when it comes back to resources, this is part of 
the reason that we are asking for additional resources to be 
able to support our FTE hiring so that we have the people 
available to develop an outreach strategy, to implement that 
outreach strategy, and to engage with a high number of industry 
groups, again States and secretaries of states, businesses, and 
to do the type of stakeholder outreach that we need to do to 
ensure that everybody understands the scope of the rules, what 
they are required to do, and how that information is going to 
be used.
    Mr. Williams of Texas. Small businesses are scared to death 
of new government agencies, and when you start talking about 
hiring more, hiring more, that really worries small businesses. 
I am a small business owner, and I hear what you are saying, 
but it is worrisome. We have heard about the massive inflow of 
CTRs and SARs coming into the Agency. One solution that many of 
my Republican colleagues and I have advocated is to raise the 
monetary thresholds to file these reports.
    As a reference point, when this law was first adopted in 
the 1970s, a brand new Corvette--I am in the car business, so I 
measure by this--a brand new Corvette sticker price was $5,000. 
Today, the same model car costs over $100,000. And even with 
this huge increase in prices, the thresholds to file these 
reports has stayed the same. So, I do not see how you can 
effectively recognize bad actors when they are being obscured 
among the hundreds of thousands of other reports that are 
filed. Another question, how do you think we can make the 
reportings regime more effective so FinCEN is receiving fewer 
overall reports from the financial institutions?
    Mr. Das. Thank you for that question. Again, Section 6204 
and Section 6205 of the AML Act require us to review the 
reporting thresholds for currency transaction reports (CTRs) as 
well as suspicious activity reports. That is something that we 
are currently undertaking. We are engaging with a number of 
other agencies at the State and Federal level in terms of 
understanding the use of the report and a number of proposals 
in terms of both raising the thresholds as well as considering 
lower thresholds in terms of developing what is most useful for 
law enforcement. That is an ongoing review. We also intend to 
sort of link up that review with our review of information 
coming in through Section 6215--
    Mr. Himes. The gentleman's time has expired.
    Mr. Williams of Texas. I yield back. Thank you.
    Mr. Himes. The gentleman from Illinois, Mr. Foster, who is 
also the Chair of our Task Force on Artificial Intelligence, is 
now recognized for 5 minutes.
    Mr. Foster. Thank you, Mr. Chairman, and thank you, Acting 
Director Das, for your service in a very challenging time. And 
I also have to say, as a former and successful small business 
owner myself, I share my Republican colleague's enthusiasm for 
the role of small business, and I hope that we can both 
applaud, on a bipartisan basis, the record number of startups 
that are happening under President Biden's economic recovery.
    Now, I understand that FinCEN has had notable success in 
combating some classes of illicit cryptocurrency cases through 
either blockchain analysis or through other more traditional 
detection methods. I presume that you have also been mostly 
successful in preventing illicit crypto use in transactions 
involving exchange accounts or hosted wallets that comply with 
AML/KYC standards. However, I worry that we are much less 
equipped to handle instances where transactions involve self-
hosted wallets or generally off-exchanges.
    In a hearing a few months ago in this committee, when we 
had several crypto industry leaders, they acknowledged that if 
we wish to prevent crypto from being used for ransomware and 
other illicit payments, that there is no alternative to having 
all crypto transactions pseudonymously attached to a legally-
traceable, secure digital identity from a country with which we 
have extradition treaties. And this is something that they 
acknowledged was sort of a logical necessity here.
    In late 2020, FinCEN proposed a rule that would amend the 
implementation of the Bank Secrecy Act regulations and require 
banks to provide KYC information and digital asset transaction 
records for unhosted or self-hosted digital wallets. However, 
if we end up with a regulatory regime where bank accounts are 
not needed to create or access a digital wallet, what might the 
regime that works to prevent money laundering, ransomware, and 
so on--how would you monitor something like KYC compliance if 
it is not tied to a bank account?
    Mr. Das. Thank you for that question, Congressman Foster. 
In terms of the rule, first of all, for the NPRM that was 
issued in 2020, a number of comments were made. I think we 
received over 8,000 comments to the NPRM. We are reviewing 
those comments and considering next steps in terms of the 
overall approach. With respect to the risks presented by 
unhosted wallets, again, it is not that unhosted wallets are 
entirely opaque. Unhosted wallets often engage in transactions 
with cryptocurrency exchanges, which are subject to AML/CFT 
regulation, and those are subject to SAR reporting requirements 
as well. Law enforcement can engage with cryptocurrency 
exchanges with respect to suspicious activity reporting and 
other reports that might be applicable to them in terms of 
getting some degree of understanding in terms of transactions 
with unhosted wallets as well.
    Mr. Foster. Yes, but there are limits to that, which we 
probably shouldn't talk about here, but there are limits to 
your ability when you start to use privacy-enhanced coins when 
you go through multiple devices designed to obscure the origin 
of transactions in them.
    Mr. Das. And that is something that we are very concerned 
about. Again, the illicit finance risks of transactions that 
are not transparent create significant illicit finance risks, 
and that is something that we are very focused on in the 
context of understanding more effectively the cryptocurrency 
industry and how cryptocurrencies use this to be able to better 
assess what those channels of illicit finance risk are, and to 
be able to find ways to identify an appropriate regulatory 
regime so that appropriate AML/CFT controls are in place. But 
again, this is a question that we are very focused on with 
respect to unhosted wallets as well as other types of 
convertible cryptocurrencies.
    Mr. Foster. Yes. I think ultimately, it seems like what you 
are going to need is some sort of an internationally-operable 
crypto driver's license that you attach to every crypto 
transaction, that you can use. When you see a crime has been 
committed, for example, you can go to a trusted court system 
and get that de-anonymized and find out when your screen locks 
up with ransomware, you have to be able to go to a judge and 
say, here is the proof that a crime has been committed, and I 
want to know who owns that wallet. And to have the judge in a 
trusted jurisdiction is an important part. And that seems to 
only work if you have something like a crypto license attached 
pseudonymously to every transaction. I don't see a logical 
alternative to that. And if you are aware of one, I would be 
very interested as you interpret all of these comments coming 
in.
    Mr. Das. I appreciate that, and that is something we can 
follow up on with you.
    Mr. Foster. Thank you.
    Mr. Himes. The gentleman's time has expired. The 
gentlewoman from Missouri, Mrs. Wagner, is now recognized for 5 
minutes.
    Mrs. Wagner. Thank you, Mr. Chairman. Good morning, Acting 
Director Das. As you are aware--and I do appreciate your 
meeting with me and my staff--the pandemic caused a horrific 
spike in the amount of child sexual abuse material (CSAM) found 
online. In 2021 alone, the National Center for Missing and 
Exploited Children received nearly 30 million reports of online 
child sexual exploitation, which is a staggering 70-percent 
increase in this illegal, illicit exploitation from 2019.
    The financial sector plays a vital role in combating the 
distribution and sale of these disturbing images and videos of 
children being sexually abused, but clearly, much more needs to 
be done. Title 31 of the U.S. Code requires the financial 
sector to implement effective anti-money laundering compliance 
controls. Combating human trafficking, including crimes against 
children, is one of FinCEN's anti-money laundering priorities.
    I would like to submit for the record, Mr. Chairman, two 
reports compiled by separate anti-trafficking organizations 
using different investigatory methods, both of which found 
extremely troubling results on a website that also grew 
massively during the pandemic, and that is known as 
OnlyFans.com.
    Mr. Himes. Without objection, it is so ordered.
    Mrs. Wagner. I thank the Chair. Currently, major U.S. 
credit card companies must comply with Title 31 regulations to 
allow their products to be used to purchase content on this 
website. Although there is no legal issue with purchasing 
content involving consenting adults, this report by the Avery 
Center found, ``A clear correlation between third-party 
traffickers and minor victims on OnlyFans.'' And the platform 
has, ``no screening procedures to identify situations where 
exploitation or abuse are occurring.''
    The other report by the Anti-Human Trafficking Intelligence 
Initiative and the University of New Haven found again, ``A 
high value of OnlyFans profiles possessing commonly understood 
indicators of CSAM--again, CSAM is child sexual abuse 
material--and sex trafficking within less than 2 hours.'' These 
reports assert that the U.S. financial sector is enabling this 
illegal commerce by, ``failing to adequately comply with their 
existing regulatory requirements mandated by Title 31.''
    Acting Director Das, what are the regulatory requirements 
that credit card companies must comply with in order to prevent 
the use of their products to purchase CSAM and non-consensual 
sexual imagery?
    Mr. Das. Thank you for that question, Congresswoman Wagner. 
Again, credit card companies are subject to defined AML/CFT 
program requirements under our rules where they need to focus 
on whether or not their partner financial institutions are 
engaged in money laundering or terrorism financing. However, in 
the overall framework, credit card companies act as 
intermediaries in the overall financial system in terms of 
payments between merchants and financial institutions. The 
financial institutions at the end that deal with customers who 
might be malign actors are required to file suspicious activity 
reports when they see information that they may suspect is 
linked to illicit finance activity. And the financial 
institutions do file suspicious activity reports in relation to 
online child sexual exploitation.
    Mrs. Wagner. I know that we are going to run out of time, 
and I just want to thank you and your office for working with 
me. And I would implore my colleagues on the committee to also 
get on board and work with our office in this regard. More has 
to be done to ensure that this child sexual abuse material 
cannot be purchased using mainstream financial tools like a 
credit or a debit card. So, I am imploring my colleagues and 
FinCEN to work with me to find a solution to keep our children 
safe; A 70-percent increase during the pandemic is 
unacceptable.
    I thank you, Director Das, for your support on this, and I 
appreciate the Chair giving me the indulgence of time, and I 
yield back.
    Mr. Himes. The gentlewoman's time has expired. The 
gentlewoman from Ohio, Mrs. Beatty, who is also the Chair of 
our Subcommittee on Diversity and Inclusion, is now recognized 
for 5 minutes.
    Mrs. Beatty. Thank you, Mr. Chairman, and thank you also, 
Acting Director Das, for being here today. I have a two-part 
question, but, first, for the record and for the sake of time, 
I won't repeat Congressman Perlmutter's question. But I, too, 
was on that same CODEL with him, and I also want to associate 
myself with the words of Congressman Foster.
    With that said, Mr. Das, what we heard, and I will say it a 
little differently, as Mr. Perlmutter referenced being 
redlined--we heard this repeatedly from heads of states to the 
point that they felt they were being punished by United States 
secretaries of states in how our process works as it looked to 
blaming them for money laundering or blaming them for crimes 
that they didn't believe were necessarily the case. We all 
understand it is a delicate balance, but I guess I, too, share 
a concern that these are people of color, and they were a lot 
stronger than the redlining. They thought part of it dealt with 
systemic racism. And I made a commitment, like the others on 
the CODEL, that we would come back and really take a look at 
this. I would like to join you in that dialogue when you have 
it with Mr. Perlmutter.
    But let me also say, like most of us, or all of us rather, 
I represent people who are amongst the 9 million Americans who 
live abroad. And one of those constituents by the name of 
Rebecca emails my staff frequently. She lives in England, and 
she raised this issue with us specifically for this hearing. 
And it has to do with FinCEN Form 114, the Report of Foreign 
Bank and Financial Accounts, or FBAR, which people are required 
to file, as you know, if they have aggregate foreign holdings 
of over $10,000. And for a lot of people living abroad, the 
FBAR is another confusing form on top of the special reporting 
that they also have to do to the IRS. Now, as I understand it, 
the $10,000 threshold hasn't been updated in decades, and I 
think the BSA was sometime around 1970. And since it is 
aggregate, once you have assets above that amount, you have to 
file the information on all of your accounts, regardless of how 
small they might be.
    Now, I want to be clear again, I don't want to advocate for 
anything that impedes your ability to weed out money laundering 
or any type of illicit financing, but at the same time, my 
question is, is it worth us taking a look at making an 
adjustment to that? If you would look at inflation over the 
decades since it was established, from $10,000, if I wanted to 
do legislation to say, take it to $70,000, accounting from the 
1970s to the present, is that something that you could support?
    Mr. Das. Thank you very much for that question, 
Congresswoman Beatty. I think the answer is that we would 
review the thresholds for FBAR reports as well. I think it is 
an important issue to review, and, in fact, we are in the 
context of Section 6204 and Section 6205 of the AML Act. We are 
reviewing the thresholds with respect to CTRs as well as with 
respect to SARs.
    In the context of Section 6216 of the AML Act, we are also 
reviewing, more generally, the effectiveness of the reports 
that we receive, and in that context, I think it is important 
to review the thresholds with respect to FBARs. But I would 
like to say that FBARs are incredibly important to law 
enforcement, and they are incredibly important to the IRS as 
well. Some law enforcement agencies, particularly those 
investigating tax-related crimes such as the IRS CI, work 
mainly with FBARs and/or the absence of FBARs to be able to 
generate cases. And they use the account and ownership 
information to generate cases and to target tax evaders and the 
like.
    Mrs. Beatty. My time is almost up. Mr. Director, let me 
just say this because the clock is running out. I think I hear 
you, and I get the gist of it. I am not trying to impede them. 
I am just saying, let us take a look at the $10,000, keep the 
same rules, but let us lift the bar.
    Mr. Das. We can take a look at that.
    Mrs. Beatty. Thank you. And thank you, Mr. Chairman.
    Mr. Himes. The gentlelady's time has expired.
    The gentleman from Arkansas, Mr. Hill, is now recognized 
for 5 minutes.
    Mr. Hill. Thank you, Mr. Chairman. I appreciate you being 
the Chair. I join with the ranking member in wishing Chairwoman 
Waters a speedy recovery from COVID. Nobody's family has 
suffered more than hers, losing her sister very early in the 
pandemic. And thank you, Acting Director, for being here today, 
with very helpful testimony.
    Would you be willing to come once a year and visit with the 
committee on behalf of FinCEN?
    Mr. Das. Of course, yes.
    Mr. Hill. Thank you. That would be very helpful. I think we 
were all so pleased with your briefing the other day. We just 
don't have access to this level of detail, so I think it is 
very helpful to Members. Mrs. Beatty raised the issue of 
thresholds. Others did as well. I just would remind the Acting 
Director that neither Secretary Lew nor Secretary Mnuchin were 
particularly forthcoming or helpful in trying to review or 
raise those thresholds. We had bipartisan bills here, I think, 
Mr. Himes, for three Congresses that would have done some 
modest inflation adjustment of the CTR and SAR threshold. So, I 
am glad to hear you are going to look at them, and we would 
welcome Secretary Yellen being a more forthcoming interlocutor 
on trying to raise those somewhat without impeding law 
enforcement. I think that is possible. Would you agree?
    Mr. Das. Again, Section--
    Mr. Hill. Don't repeat the section numbers. Just, do you 
agree or not agree? Do you agree that raising the thresholds is 
a possibility and might be beneficial to both sides?
    Mr. Das. We are looking at a number of proposals with 
respect to raising thresholds and seeing what the impact will 
be.
    Mr. Hill. Yes, okay. Good. I appreciate that. Have you done 
a cost/benefit analysis at Treasury using your great macro 
resources on the new Corporate Transparency Act proposal for 
beneficial ownership?
    Mr. Das. The reporting rule, NPRM, that we published last 
December includes a regulatory impact analysis that includes 
evaluation of what the costs would be to business, yes.
    Mr. Hill. When it was proposed, I was very opposed to this 
style. I am not opposed to improving beneficial ownership, but 
I was very opposed to Mrs. Maloney's bill. I worked very hard 
against it and offered alternatives. Again, our mutual good 
friend, Secretary Mnuchin, didn't agree, nor did the Chair of 
the Ways and Means Committee, so I lost out on my approach. But 
I think you are going to find this is going to be one of the 
most expensive regulations ever imposed on American business, 
so I want to associate myself with Mr. Williams' comments.
    And just in the last 16, 17 months of the Biden 
Administration, the American Action Forum has released that the 
Administration's regulatory costs in the economy are up about 
$200 billion annualized from the Trump level, so we are all 
very sensitive to the imposition and cost of regulations on our 
small businesses.
    And I think Mr. Williams summarized some of the concerns we 
have about the beneficial ownership rule. Would you be willing, 
when you get ready for that notice for final rulemaking, to 
brief and receive some final comments, not approval, we 
understand separation of powers, but some final comments from 
Ranking Member McHenry and Chairwoman Waters, because I know 
they have divergent views on this. That makes it hard on you. 
We recognize that, but would you be willing, before that 
rulemaking is published, to visit with Ranking Member McHenry 
about it?
    Mr. Das. Thank you for that question. Again, we are subject 
to APA requirements with respect to notice-and-comment 
rulemaking. To the extent that, from my perspective, from a 
FinCEN perspective, we are happy to brief you on the rules and 
the contours of the rules as well, but it would have to be 
subject to the notice-and-comment rules and we would have to 
follow those rules in terms of any--
    Mr. Hill. Let's think about that, because we are concerned 
about the cost of this rule. Let me shift comments and talk 
about the topic really of the day for Mr. Himes, Ms. Waters, 
Mr. McHenry, and all of us, and that is what we are doing to 
track down Russian oligarchs. You were very helpful and 
forthcoming the other day in our briefing, but of course, we 
have sanctioned Russia, and Russian people, and Russian 
entities, particularly since the Crimean invasion back in 2014. 
And you cited the SARs and the possible connection of SARs, 271 
out of 2,000 that were referred to law enforcement. Let me 
narrow that a little further and ask you, since 2014, are you 
aware of a prosecution of a Russian connected to sanctions 
evasion that was related to a SAR filed in the United States?
    Mr. Das. We have taken compliance efforts with respect to 
entities linked to Russian ransomware activities. In terms of a 
specific Russian prosecution with respect to sanctions evasion, 
I would have to refer you to DOJ on that question. And I am 
happy to follow up with you on any questions that you may have.
    Mr. Hill. Yes, let's follow up on that. Thank you. I yield 
back, Mr. Chairman.
    Mr. Himes. The gentleman's time has expired. The gentleman 
from Illinois, Mr. Casten, who is also the Vice Chair of our 
Subcommittee on Investor Protection, Entrepreneurship, and 
Capital Markets, is now recognized for 5 minutes.
    Mr. Casten. Thank you, Mr. Chairman. Acting Director Das, 
it's nice to see you again. I want to follow up on a 
conversation you and I had a couple of weeks ago, specifically 
about the Deutsche Bank mirror trades in 2014 and the degree to 
which we have closed that barn door. This was, of course, the 
situation where Russians were executing simultaneous buy and 
sell trades to move rubles into hard currency. And when we 
talked about it a couple of weeks ago, I was thinking about it 
in the context of, if we close the barn door, Russia can't use 
that to either influence foreign politicians as they were using 
in 2014, or to get hard currency to prosecute their war crimes 
in Ukraine. It is, of course, back in the news this week with 
the news of Val Broeksmit's death, who was the whistleblower, 
who, among other things, disclosed what was happening at 
Deutsche.
    What I would like to understand with you, from a FinCEN 
perspective is, do you have jurisdiction or do you receive SARs 
reports if a non-U.S. actor is laundering money through non-
U.S. markets? I think the answer is no, but I just want to 
clarify that my understanding is right.
    Mr. Das. Your question is whether or not we receive SAR 
reporting when a non-U.S. actor launders money through non-U.S. 
markets, is that correct, sir?
    Mr. Casten. Yes.
    Mr. Das. If there is a touchpoint to the U.S. financial 
system, and the financial institution is able to identify any 
illicit activity, we would receive a suspicious activity 
report. If the action is entirely outside of U.S. jurisdiction, 
and it doesn't have a touchpoint with respect to a U.S. 
financial institution, I am just struggling to see a situation 
in which we would see a suspicious activity report.
    Mr. Casten. Okay. So if I understand it, FinCEN is a member 
of the Egmont Group, which is sort of trying to tie that with 
your peers in other countries. Let's say a bad actor, not a 
U.S. flag, doesn't trigger a SARs report and they are in two 
other countries. Would you find doubt about it? Do you have 
jurisdiction? Can you put the appropriate walls up if that is 
flagged by one of your partners in the Egmont Group? Is that 
what the Egmont Group is intended to do? Do I have that right?
    Mr. Das. You have that right, Congressman. It would depend 
on a couple of different considerations. One is we have the 
ability to ask questions of our Egmont Group partners with 
respect to law enforcement actions or investigations that might 
be ongoing in the United States and to identify whether or not 
our counterpart FIUs might have that information. There may be 
some situations in which Egmont Group partners spontaneously 
disclose that information to FinCEN. And if they did disclose 
that information when they think that the United States might 
have an interest, we would review that information, and, if 
appropriate, pass it on to law enforcement agencies.
    Mr. Casten. Okay. This is rapidly going to get into areas 
where this may not be the appropriate forum to discuss this, 
but let me just sort of walk through where my concern is, and 
you can comment as you see fit. We know from the mirror trading 
scandal that Deutsche Bank broke the law. They were fined. 
Thank you. We know that they were influenced to some degree by 
Russian money. They were tempted by the commissions. And we 
know that Russian money has been used to corrupt an awful lot 
of people in our world, sadly, and that is a part of what they 
have been using that laundered money to do.
    As we now try to make sure that they don't have the 
resources to continue to commit these acts across cities in 
Ukraine, that all of our sanctions are effective, have we and 
our international partners sufficiently closed that down, or 
are we at risk that just one bad corrupted actor, one bad 
country can still provide the gap so that Russia could find 
their way through that and all of a sudden the money is into 
somebody whom we don't know about or some company that is not 
triggering any flags for us? Are we doing enough to close that 
down? Is this a U.S. law issue? Is it an international law 
issue?
    And some of that gets well beyond the jurisdiction of this 
committee, but I would like to understand, as we impose these 
sanctions, so that we have a good understanding that they are 
actually going to affect the people intended and are, at the 
very least, consistent with where those gaps are in 
international. I realize it is a big, meaty question. I would 
welcome your comments and maybe continued conversation given 
the time.
    Mr. Das. I would be happy to continue the conversation with 
you. I think on our part, and in terms of ensuring that we 
understand how Russia is evading sanctions or abusing the 
financial system, we have actually set up a group with our 
counterpart FIU, our closest partners, for example, the U.K., 
the EU, Australia, and others, to be able to work together to 
identify key issues with respect to Russian illicit finance and 
to be able to exchange information quickly and on an effective 
basis to be able to support law enforcement and the intel 
community in terms of targeting exactly the types of activity 
that you are discussing.
    Mr. Casten. Okay. Thank you, and let's have a follow-up 
conversation. I yield back.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Georgia, Mr. Loudermilk, is now 
recognized for 5 minutes.
    Mr. Loudermilk. Thank you, Mr. Chairman. Acting Director 
Das, it's good to see you again. I would like to start off by 
discussing the implementation of the anti-money laundering and 
beneficial ownership reporting law. The proposed rule's 
definitions of, ``substantial control,'' and, ``ownership 
interests,'' are quite complicated, which would make it hard to 
apply them consistently. This problem is going to be 
compounded, in my opinion, for financial institutions if FinCEN 
uses those same definitions in an updated customer due 
diligence rule. My first question is, will FinCEN take steps to 
simply define these definitions before the rule is finalized?
    Mr. Das. Thank you for that question. The substantial 
control rule is a rule that is covered in the NPRM. We received 
a number of comments on the substantial control rule, the 
contours of it, the benefits that it might provide in terms of 
providing a highly-useful database for law enforcement, as well 
as some of the complexities in terms of implementation of that 
substantial control role. We are taking a hard look at those 
comments in the context of moving towards a final rule, and we 
will consider issues that were raised in the comments, 
including by a number of you in terms of the contours and the 
costs imposed as well.
    Mr. Loudermilk. Okay. I would appreciate if you would keep 
us informed on the direction that you are going and the 
decisions that you make there. Another question is, the law 
requires FinCEN to minimize burdens on businesses, but it 
appears that FinCEN is not following that requirement. For 
example, FinCEN has expanded the scope of who is required to 
file, expanded the types of information that must be filed, and 
set very short compliance deadlines. My question is, are there 
examples in the rule where FinCEN has minimized compliance 
burdens, as the law requires?
    Mr. Das. We proposed a rule that would develop a highly-
effective database for law enforcement to use. We evaluated the 
impacts that businesses and particularly small businesses would 
have. We estimated that the costs of the rule for small 
businesses would be at $45 per business for a filing, for the 
initial filing, which is comparable to the cost that small 
businesses would have to pay just to establish an LLC, which 
ranges anywhere from $40 to $500, depending on which State is 
involved in terms of incorporating it. Again, we received a 
number of comments around both the costs and the implications 
for small businesses as well as the complexity of the rules. We 
found the comments to be incredibly helpful and instructive, 
and we are taking all of those into account in terms of next 
steps as we work towards a final role.
    Mr. Loudermilk. And I trust you will keep us informed on 
the direction that you are going, and again, as the law 
requires, minimize those burdens as much as possible. I would 
like to follow up on something that my colleague, Mr. Williams, 
discussed, and that is Section 6205 of the Anti-Money 
Laundering Act, which requires Treasury to conduct a rulemaking 
to consider changing the dollar threshold for SARs and CTRs. 
This is badly needed because institutions are currently 
required to file more than 20 million CTRs and SARs every year, 
most of which have no value to law enforcement. In fact, a 2018 
study indicated that 4 percent of SARs and 0.44 percent of CTRs 
warranted additional review from law enforcement. That is a 
very low number compared to the amount of data that businesses 
are required to report. What is the status of the reports and 
rulemaking required by Section 6205?
    Mr. Das. Could you repeat the question? I'm sorry.
    Mr. Loudermilk. Okay. What is the status of the reports and 
rulemaking required by Section 6205? How are you going to 
modernize this reporting requirement?
    Mr. Das. We are working on the reports under Sections 6204 
and 6205. We have engaged with all of the consulting agencies 
that are involved. We are reviewing a number of different 
proposals from a number of different sources. With respect to 
the CTR and the SAR reporting threshold, we expect to issue 
that report later this year in conjunction with the two reports 
together. And again, we are currently evaluating the issue. We 
are very focused in terms of priorities, given there are 
resource constraints on getting the beneficial ownership rule 
done and the real estate process moving forward as well. But 
this is something that we are actively working on, and we hope 
to get it done as quickly as possible.
    Mr. Loudermilk. Thank you. I see my time has expired, so 
any other questions I have, I will submit for the record. And I 
yield back the balance of my time.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from California, Mr. Sherman, who is also the 
Chair of our Subcommittee on Investor Protection, 
Entrepreneurship, and Capital Markets, is now recognized for 5 
minutes.
    Mr. Sherman. Thank you. Acting Director, when Secretary 
Yellen testified before us a few weeks ago, I asked about the 
time frame by which we can expect the beneficial ownership 
database to be established. As you know, that database is 
required under the Corporate Transparency Act, which passed in 
January of last year. Under the law, the database is supposed 
to be implemented within 1 year, so it is a few months late. 
Secretary Yellen pointed out that FinCEN has proposed one of 
the two rules that the Agency believes are necessary to 
establish the database. I know you are a few months late now. 
Can you give us some detail as to what is preventing you from 
meeting the timeline and, more importantly, when we can expect 
the database to be established?
    Mr. Das. Thank you so much for that question. Again, the 
Corporate Transparency Act requires that we issue three rules: 
first, a reporting rule that governs the information that is 
provided to FinCEN that goes into the database; second, the 
access rule, which provides the guidelines and rules for how 
law enforcement agencies and others access the database; and 
third, it requires us to issue revisions to the Customer Due 
Diligence (CDD) rule, which needs to be issued 1 year after the 
effective date of the reporting rule. As the Secretary 
mentioned, we are very focused in terms of the use of our 
resources in getting the access rule NPRM done by the end of 
the year, and we are working hard to do it. At the same time, 
in parallel, we are working on the comments to the reporting 
rule. We received a substantial number of comments. It is an 
incredibly complex issue, and it is incredibly important for 
some of the reasons stated here today that we just get it 
right.
    Mr. Sherman. Okay. Congress gave you a year to do it. You 
think it will take 2 years to do it. You are confident, or how 
confident are you that you will be able to get it done by the 
end of this year?
    Mr. Das. Again, we are committed to getting the access rule 
NPRM done by the end of this year.
    Mr. Sherman. Will that then lead to the establishment of 
the database, or do you have to then do the revisions to the 
third rule?
    Mr. Das. I do not have a timeline for the establishment of 
the database. Again, we are working incredibly hard given the 
resource constraints that we have and the complexity of the 
issues.
    Mr. Sherman. Okay. I will urge you to get this done as 
quickly as you can. It is important.
    Mr. Das. Again, we are very focused on getting it done as 
quickly as possible.
    Mr. Sherman. When Secretary Yellen came before this 
committee last month, I highlighted a recently-published 
article in The Washington Post saying that yachts and mansions 
are easier for us to track down when we are going after the 
Russian oligarchs than interest in hedge funds and equity 
funds, venture capital funds, et cetera, because they are not 
required to disclose beneficial ownership information to you or 
to the SEC. In February, the House passed the America COMPETES 
Act, which included an amendment I offered, which would require 
issuers of exempt securities to file beneficial ownership 
information with the SEC with regard to large transactions.
    Would you agree that increased Federal Government 
visibility into our $11 trillion private securities market, 
especially knowledge as to beneficial ownership, would help us 
combat the Russian oligarchs?
    Mr. Das. Thank you for that question. As we have noted in 
our unified regulatory agenda, we are actively considering a 
proposed rule that would address existing gaps in regulatory 
coverage for investment advisors, taking into account the 
comments that were submitted during the NPRM process that 
occurred in 2015. Again, we are working from a FinCEN 
perspective with Treasury's Office of Terrorist Financing and 
Financial Crimes in a number of different efforts to be able to 
better understand the risks presented by investment advisors as 
we think about what the appropriate rule might look like and 
what the scope and coverage might look like as well. In the 
meantime, we are very focused on this issue in the context of 
Russian illicit finance and the way Russian oligarchs are 
abusing the financial system. And again, we are working--
    Mr. Sherman. Let me try to squeeze in one more question. We 
have sanctioned 400 individuals and entities, as well as, of 
course, the Russian government. The crypto world is not big 
enough to handle the major governmental transactions, but they 
are big enough for some of the oligarchs. We hear that the 
crypto industry transactions is a technology which would allow 
for traceability. However, privacy coins, like Monero, and 
protocols, like Lightning Network, can be effective in 
obscuring transactions. How focused is FinCEN on looking at 
crypto at the oligarch level?
    Mr. Das. We are focused on it. Again, we issued a sanctions 
evasion alert around potential evasion using cryptocurrency. 
And again, we are very focused on this issue in terms of trying 
to identify means through which cryptocurrency might be used to 
evade sanctions or to bolster the Russian economic system as 
well.
    Mr. Sherman. Thank you.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Ohio, Mr. Davidson, is now recognized 
for 5 minutes.
    Mr. Davidson. I thank the chairman, and I thank Acting 
Director Das. Thank you. Thank you for your time and, frankly, 
taking the time to meet individually with some of our Members, 
including me and my staff. We appreciate the challenge that you 
are up against.
    As Mr. Hill highlighted, I have worked passionately and 
vigorously to stop some of the things you are working on, but 
they passed anyway, and so there is a law. I understand that 
you are implementing them. I do hope that we can make them less 
bad than they would potentially be. And I share some of the 
concerns that he, and Mr. Williams, and others have 
highlighted, so thanks for listening, and we hope that we can 
continue to collaborate as we go through this development 
process.
    Today, I am in the process of introducing the Financial 
Crimes Enforcement Network Improvements Act, which would 
provide additional accountability. It would provide a path for 
your role as the Director to be a Senate-confirmed position and 
provide some of the things that you have personally been 
willing to do, like come before this committee and testify in 
an open setting, and also meet with us in a classified setting, 
because it is really important for our nation to have the 
world's best financial intelligence organization. I know that 
we have an advantage because we have the power and influence of 
the U.S. dollar, but we hope that advantages also not just 
great people, but great authorities for our FinCEN.
    And when you look at how we go about, inherently in America 
in intelligence, we are also constrained in some ways that 
maybe more authoritarian regimes wouldn't feel hindered by, 
which is we need to protect civil liberties, and we need to do 
these things in a way that provides privacy and due process and 
is concerned about the impact on our economy. So, we probably 
disagree on what the costs are for compliance for small 
businesses.
    But I highlighted another thing. Just recently, talking to 
the Congressional Budget Office, they thought that student debt 
was going to be better when the government operated student 
lending programs, and they said we were going to save $68 
billion by taking over student lending. What we know is 
actually just in defaults alone, it is going to cost half a 
trillion dollars, so the financial modeling on all this is 
pretty bad. When we just have these debates and you say one 
thing, it is just words. When you look at the financial models, 
it is really just understanding what is it really like.
    As a small business owner, as someone who spent a lot of 
time in the private sector, this is a very disruptive thing 
aside from the cost, because it assumes that the citizen 
somehow has to come to the government to get permission to 
operate, and, in fact, that is exactly what my colleague, Mr. 
Foster, highlighted. Perhaps the most disturbing thing that I 
have heard is the idea that to access your own money, you need 
to get some identity, some globalist-conforming identity stamp, 
and then everything that you want to do is tracked and 
monitored. And then, when they want to rewind the tape and 
figure out who it was, they may not even need to get a warrant; 
they just come and expose who that person is.
    I think that the way that we protect our way of life is by 
being less like China and more like America, because this is 
exactly what China is in the process of implementing. And when 
they hear the things that you are working on, people back home 
fear that what you are part of building is a system, frankly, a 
dystopian system where the average citizen needs to get 
permission to access their own money. And I think that is why 
the self-hosted, self-custody of crypto, basically if you 
download software and you use it, somehow you could become a 
criminal under this self-hosted rulemaking that has been 
proposed. Could you talk about self-custody and where FinCEN is 
headed with that?
    Mr. Das. Thank you for that. First of all, I entirely agree 
with you in terms of the importance of FinCEN's mission in 
getting it right. Second of all, we are very focused on privacy 
interests in the context of what we do. That is an important 
concern in terms of the information that we get, as well as how 
that information is used. Third, in terms of the self-hosted 
custody wallet rule, the unhosted wallets rule as we call it, 
and again, we received a number of comments. They raised a 
number of privacy considerations in those comments, both with 
respect to the unhosted wallets rule as well as the travel 
rule. We are taking a close look at that and reviewing it and 
our consideration of next steps.
    Mr. Davidson. I hope that the Keep Your Keys Act will 
feature prominently, which protects the ability of the ordinary 
citizen to continue to own digital assets and, frankly, self-
custody. Thanks for the work, and I yield back.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Massachusetts, Mr. Lynch, who is also 
the Chair of our Task Force on Financial Technology, is now 
recognized for 5 minutes.
    Mr. Lynch. Thank you, Mr. Chairman. Thanks for holding this 
hearing. I want to thank our witness as well for his 
accessibility. As Mr. Davidson noted, Mr. Das has been very 
good with his availability.
    I do want to ask, I look at the funding for FinCEN and I 
also look at the responsibilities that you have, and I know 
that despite the importance of the role that FinCEN plays, the 
current funding levels are about $430 million short of what we 
would recommend for your agency. And I am just curious as to 
how you work around that issue? Are there tradeoffs that have 
to be made? I know that Congress did make an additional 
appropriation in connection with the Ukraine situation. But 
where do we stand now and how are you doing that workaround 
where you don't have enough resources to hire the number of 
agents that would be appropriate given the scope of your 
responsibilities? Could you talk about that a little bit?
    Mr. Das. Sure. I appreciate that question about our budget. 
Again, we appreciate the funding that was provided under the 
Fiscal Year 2022 appropriations as well as the Ukraine 
supplemental. The Fiscal Year 2022 appropriations will in large 
part go to supporting our IT system, as well as our beneficial 
ownership database. The Ukraine funding will be used in a 
number of different respects to help support our analyst team 
in tracking and tracing funds related to sanctions evasion and 
illicit finance as well.
    Where the Fiscal Year 2022 appropriations comes up short is 
with respect to funding to support hiring additional FTEs to be 
able to do all the work that we have to do. As a result, there 
are huge tradeoffs that are made in terms of our ability to 
engage in the enforcement and compliance work that our Office 
of Compliance and Enforcement does, to be able to ensure that 
financial institutions, cryptocurrency exchanges, and others 
have reasonably-designed and effective AML/CFT programs. It 
constrains our ability to get the rules and regulations done to 
implement the AML Act, and that is incredibly important because 
we are simply missing deadlines at this point. It constrains 
our ability to hire analysts, particularly in the 
cryptocurrency area, to be able to do the type of analytics 
that is required to understand how cryptocurrencies are flowing 
and contributing to illicit finance.
    And our team is incredibly talented, but they are 
incredibly small as well, and they are just outmatched by the 
challenge, not in competence, but in terms of resources alone. 
And we continuously run up against challenges in terms of 
trying to figure out who is available to do work around 
cryptocurrency issues, to be able to combat that illicit 
finance. And again, we are constrained in our ability to engage 
in public/private partnerships and outreach forums like the 
FinCEN Exchanges and Innovation Hours, to be able to execute on 
the AML Act's directive to engage more with financial 
institutions so they understand how law enforcement is using 
the information that FinCEN has so we can provide feedback to 
those financial institutions in terms of what works and what 
doesn't work. And there are a number of different fronts in 
which we are just coming up short in terms of fulfilling what I 
think the AML Act intends for us to do, which is to create a 
robust framework.
    Mr. Lynch. Great. I only have another minute, and I do want 
to get another question in. With the advent of digital wallets, 
we have a whole area of vulnerability now. The New York Times 
just wrote a great piece about the vulnerability of these 
digital wallets, and 19 million Americans last year were 
scammed or had their money stolen on these platforms because of 
the vulnerabilities in these digital wallets. This is sort of a 
growing phenomenon. There is a big adoption rate, a very high 
adoption rate in the economy right now. Those are financial 
crimes. Does FinCEN have visibility on that new development? 
And tell me, how are you redirecting resources to that problem?
    Mr. Das. Cryptocurrency exchanges are subject to FinCEN's 
AML/CFT program requirements. They are required to file 
suspicious activity reports if there is any indication of a 
financial crime or if they reasonably suspect a financial 
crime. So, we would have a certain degree of visibility if it 
filters through in our suspicious activity reporting.
    Mr. Lynch. Okay. Thank you. Mr. Chairman, I yield back. 
Thank you.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from West Virginia, Mr. Mooney, is now 
recognized for 5 minutes.
    Mr. Mooney. Thank you, Mr. Chairman. The Russian invasion 
of Ukraine has put the work that the Financial Crimes 
Enforcement Network (FinCEN) does at the forefront of our 
priorities here in the committee. As Russia's ruble tanked 
after the sanctions took hold, the incentive for Russian 
oligarchs to launder their money through the United States grew 
substantially. We must remain firm in punishing these bad 
actors and flexible enough to find the strategies that allow 
them to launder money into the country and our financial 
system. These goals are critically important to our national 
security, but we also have an obligation to ensure that the 
work that FinCEN does and the rules that it creates are not 
overly-burdensome to small businesses.
    Acting Director Das, the Corporate Transparency Act was 
written to specifically exclude sole proprietors in its 
definition of a reporting company. However, FinCEN has failed 
to make that distinction in their reporting company definition. 
Will FinCEN explicitly exclude sole proprietors from the 
definition of a, ``reporting company?''
    Mr. Das. As the NPRM states, reporting companies that are 
required to submit beneficial ownership information include 
corporations and LLCs and other similar entities that are 
required or that create or form an LLC or a legal entity 
through the submission of a document to a State secretary of 
state. That is the scope of the rule. As we have defined it in 
the NPRM, we requested a number of comments and questions 
around the scope of the reporting company definition to better 
understand who or what type of legal entities that definition 
would capture, and we are taking stock of those comments at 
this point.
    Mr. Mooney. Okay. In addition to the potential regulatory 
burdens of some FinCEN rules, I am also concerned about 
FinCEN's cybersecurity. FinCEN's role in combating illicit 
finance would make it a target of cyberattacks from Russia and 
China. Acting Director Das, please talk about what you are 
doing to ensure that a cyber breach of FinCEN would not 
jeopardize the information of small business owners.
    Mr. Das. That is an important concern. Again, we have a 
robust IT framework. And as I mentioned previously, we have 
what is called a segmented IT architecture, which makes our IT 
system less vulnerable to hack and intrusion. We conduct 
regular penetration testing to ensure that any vulnerabilities 
are exposed and that we prevent any targeted efforts with 
respect to our IT system. We stay in close communications with 
Treasury's Office of the Chief Information Officer as well to 
identify any potential threats to our system. And again, we 
apply the highest level of security under the FISMA levels of 
security as well. We work very hard to ensure the integrity of 
our IT database, and we are taking all of the precautions 
necessary to do so.
    Mr. Mooney. Thank you. Obviously, it is critical that we 
get the balance right between keeping illicit financing out of 
our country and keeping compliance burdens low. Small 
businesses are the backbone of this economy. We very much need 
them to succeed in America. In addition to the regulatory 
burden, we need to ensure that FinCEN can be a good steward of 
information. The new beneficial ownership database will contain 
personal information from millions of small business owners. 
Clearly, if someone were to breach that database, it would be a 
total disaster.
    Thank you, Mr. Chairman. I yield back the balance of my 
time.
    Mr. Himes. The gentleman yields back.
    The gentlewoman from Pennsylvania, Ms. Dean, is now 
recognized for 5 minutes.
    Ms. Dean. I thank the Chair, and I thank you, Director Das, 
for testifying today. I do apologize. I am between two 
hearings, so I don't want you to think my absence here is due 
to a lack of interest in your work and what you do. Thanks for 
being here and for your testimony.
    I would like to talk about FinCEN and combating gun 
violence. I have a bill that was noticed in conjunction with 
this hearing, the Gun Violence Prevention Through Financial 
Intelligence Act, which would require FinCEN to collect and 
analyze bank data to determine what financial indicators might 
precede a mass shooting, a terrorist attack, or gun violence in 
our communities, and that the FinCEN would be required to issue 
an advisory on how banks should use those indicators to comply 
with their suspicious activity reporting. If insufficient data 
exists, FinCEN is required to report to Congress within 1 year 
about why the information they collected was inadequate to 
publish an advisory.
    I don't need to tell you or anybody in this room that gun 
violence hunts down far too many innocent Americans. Every 
single year, those numbers are increasing in dramatic fashion. 
And I saw a tragic statistic earlier this week that guns have 
become the leading cause of death among children, the leading 
cause of death in 2020. Our inaction on this issue is, I think, 
shameful, unforgivable, and really intolerable. We have to have 
an honest discussion around gun violence.
    Director Das, right now, what does FinCEN do? Does FinCEN 
collect data relative to financial indicators of gun violence? 
If not, what should we be doing? How can we help financial 
institutions identify risks of mass shootings, of terrorist 
attacks, of gun violence? Would you tell us about FinCEN and 
gun violence?
    Mr. Das. I appreciate that, and the issue of gun violence 
is very serious, and the impact on children is incredibly 
important as well. It is tragic. In terms of suspicious 
activities related to gun violence, again, our reporting regime 
is one in which financial institutions identify suspicious 
activities where they know, they have reason to know, or 
suspect that there is some illicit financial activity that is 
ongoing, they would report that information. We can work with 
you in terms of identifying whether or not there may be use in 
terms of identifying red flags, or typologies, and have a 
conversation around that. But primarily, at this point, it is 
what suspicious activity reports are filed by financial 
institutions around this issue.
    Ms. Dean. And do those reportings include suspicious 
activity connected to gun violence? Does it specifically lift 
that up?
    Mr. Das. It could ultimately include that, if that is what 
a financial institution reports to us. I would have to look--
    Ms. Dean. Would you be able to maybe collect that and--
    Mr. Das. I would have to look closer at this issue to be 
able to identify whether or not suspicious activity reports 
specifically raise this issue. So, I would have to get back to 
you on this.
    Ms. Dean. I would really appreciate that. That will help 
inform the legislation that I am trying to move forward on. And 
maybe that is an avenue into combating gun violence that will 
not be politicized, that will be embraced in a bipartisan way. 
So, if you could collect that data and share it with us so that 
we can learn, that would be really terrific.
    I think I have a little more time, so I will try one more 
area of questions. I think you mentioned in your testimony that 
FinCEN has, ``issued two Russia-related alerts to provide 
financial institutions with more information about typologies 
and red flags in order to support U.S. Governmental efforts to 
sanction Russia.'' You talked about robust engagement with 
financial institutions. Were your advisories received? In your 
opinion, how well are financial institutions complying with the 
sanctions that have been put in place and are continuing to be 
put in place? What additional resources do you need to ensure 
full implementation?
    Mr. Das. I appreciate that. I believe the alerts and 
advisories were well received by financial institutions in 
terms of providing additional guidance with respect to red 
flags and typologies. Financial institutions are sensitized to 
the issue of both sanctions evasion as well as the U.S. 
financial system being used to hide Russian oligarch assets as 
well. And my sense is that we are seeing a number of very 
useful suspicious activity reports coming from U.S. financial 
institutions with respect to Russian oligarchs, as well as with 
respect to sanctions evasion.
    In terms of resources, again, the most important thing for 
us is to get FTEs, and then funding to be able to support 
hiring so that we can do the analytics necessary to evaluate 
those suspicious activity reports, to evaluate the 
transactional information that we receive so that we can take 
that information and translate and provide it to law 
enforcement as well.
    Ms. Dean. Thank you.
    Mr. Himes. The gentlewoman's time has expired.
    The gentleman from Tennessee, Mr. Kustoff, is now 
recognized for 5 minutes.
    Mr. Kustoff. Thank you, Mr. Chairman. Acting Director Das, 
I want to thank you for two things, first of all for your 
service, and second, for agreeing to appear today. We 
appreciate it.
    I kind of thought it was timely that on The Wall Street 
Journal's website today, there was a story that posted in the 
headline as, ``Russian Sanctions Complicate Paying Ransomware 
Hackers,'' and it cites FinCEN. But my question to you is, in 
terms of reality or practicality, do we have American 
businesses or companies that have been targeted by ransomware 
hackers that have to pay ransom to entities that we have 
sanctioned?
    Mr. Das. There may be situations in which a U.S. business 
or a company may be subject to a ransomware attack where the 
ransomware actor is a sanctioned person.
    Mr. Kustoff. This article again, posted this morning, said 
that the U.S. Treasury Department's Office of Foreign Assets 
Control (OFAC) and its Financial Crimes Enforcement Network 
(FinCEN) both have highlighted ransomware payments in recent 
months. OFAC said in September that it strongly discourages 
extortion payments and reiterated that it can take action 
against payers. I guess from a practical standpoint, if a 
company has been targeted with ransomware, they have to pay a 
ransom, and the ransom has to be paid to an entity that has 
been sanctioned by us. What recourse do they have?
    Mr. Das. I appreciate the question. Again, I am here to 
represent FinCEN and FinCEN's authorities. In terms of the 
answer to your question, that falls within the scope of OFAC 
authorities and engagement with the Office of Foreign Assets 
Control in terms of exactly how its sanctions apply, and what 
the contours might be, and what flexibility there might be in a 
particular situation. I am hesitant to go in that direction.
    Mr. Kustoff. Fair enough. I think you have answered this, 
but I am going to ask it one more time in a different way. Do 
you or FinCEN know of American businesses or entities that have 
been targeted with ransomware by companies or by entities in 
Russia that have been sanctioned?
    Mr. Das. I am not aware of particular situations in terms 
of that particular question.
    Mr. Kustoff. Okay. I am a former United States Attorney. I 
think I may be the last Presidentially-nominated United States 
Attorney who has been confirmed by the Senate and the House of 
Representatives. I am asking this with that in mind, is that, I 
don't know that FinCEN necessarily has an obligation to the 
people. I think you do to Congress, to provide evidence of how 
effectively or efficiently you work. I believe the ranking 
member asked about how many convictions have been led based on 
FinCEN's work and actions. I am not going to ask you anything 
that specific, but if you were talking to any of my 
constituents, how would you describe the effectiveness or 
efficiency of FinCEN?
    Mr. Das. First of all, in terms of this hearing, it is 
clear that we need to do a better job in terms of communicating 
how effective FinCEN's work is and how effectively we work with 
law enforcement and with the intelligence community. Again, the 
work that we do is invaluable in terms of supporting law 
enforcement, and U.S. Immigration and Customs Enforcement's 
(ICE's) efforts, and OFAC's efforts to target bad actors that 
might abuse the U.S. financial system and, for that matter, the 
international financial system. The information that we use is 
critical for law enforcement to go after a range of criminal 
threats, everything from human smuggling, human trafficking, 
online child sexual exploitation, and money laundering by drug 
trafficking organizations, across-the-board. All of the types 
of criminal activity that are identified in our AML/CFT 
national priorities, the information that we get, it cannot be 
overstated in terms of how valuable it is for law enforcement 
to be able to identify, target, and then prosecute individuals.
    Mr. Kustoff. I appreciate that. Is there anything you think 
that FinCEN could publish, not for the American people, but for 
us, to demonstrate again your effectiveness and efficiency?
    Mr. Das. The first step in that, again, is the report 
required under Section 6201 of the AML Act that DOJ is required 
to provide in terms of the value of BSA information for DOJ and 
for law enforcement. I am happy to work with you in terms of 
other measures or indicia of success as well to be able to make 
a better case for what we do.
    Mr. Kustoff. Thank you. We appreciate your service. And I 
yield back.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from New Jersey, Mr. Gottheimer, who is also 
the Vice Chair of our Subcommittee on National Security, 
International Development and Monetary Policy, is now 
recognized for 5 minutes.
    Mr. Gottheimer. Thank you, Mr. Chairman, for holding this 
critical hearing.
    As technology advances and terrorists continue to innovate, 
Federal enforcement efforts must keep pace so that we can crack 
down on each new method of financing terror, so I appreciate 
this conversation. Mr. Das, thank you for being here with us 
today. I am a strong proponent of establishing appropriate 
guardrails around the cryptocurrency industry to ensure the 
market matures in the United States. The industry wants clarity 
and consistency. One of the most critical areas to me is the 
area of anti-money laundering and counterterrorism financing. 
What is FinCEN doing to help prevent actors, such as Hezbollah 
and Russians seeking to evade sanctions, from utilizing 
cryptocurrency as a finance tool?
    Mr. Das. Again, thank you. FinCEN has been at the forefront 
in terms of ensuring that cryptocurrency exchanges and 
cryptocurrency administrators are subject to the same AML/CFT 
program requirements that MSBs are and other financial 
institutions are as well. Again, cryptocurrency exchanges, 
because of their AML program requirements, file suspicious 
activity reports where there are indicators or they may have a 
reason to know or suspect that there might be illicit financial 
activity. And that includes activity by foreign terrorist 
organizations and other bad actors as well. When we do receive 
those suspicious activity reports, we work very closely with 
the intelligence community and with law enforcement.
    Mr. Gottheimer. Thank you. Last year, FinCEN released its 
first national anti-money laundering and counterterrorism 
financing priorities list, as you know, which included domestic 
terrorists such as those radicalized online. This week, I am 
sending a request to the Appropriations Committee to request 
additional resources for your Agency, particularly related to 
targeting domestic financing. Could you elaborate on how this 
funding could be helpful and how FinCEN could use this funding 
to stop terrorist attacks before they even get beyond the 
planning phase?
    Mr. Das. I'm sorry. I am not aware of the additional 
financing with respect to domestic violent extremism and this 
bill.
    Mr. Gottheimer. Are there more resources that you think you 
could use?
    Mr. Das. Yes. Again, we need additional resources across-
the-board with respect to everything that FinCEN does, in terms 
of its support for law enforcement and for the intelligence 
community across-the-board with respect to terrorism.
    Mr. Gottheimer. In the remaining minutes we have, can you 
talk a little bit more about the priorities list?
    Mr. Das. Sure. The priorities list was developed over a 
period of time, 180 days, in terms of significant engagement 
with the law enforcement community and with respect to 
regulators and others, in terms of identifying the key 
priorities that the United States faces in terms of combating 
criminal activity and other types of illicit activity as well. 
The intent of the AML/CFT priorities list was to provide 
financial institutions with an understanding of what law 
enforcement priorities might be, for them to better hone and 
direct their AML/CFT programs to identify suspicious activities 
that might align with the interests of law enforcement and the 
types of priorities that we have in the United States.
    What we have heard from financial institutions is that it 
has been valuable. To the extent that financial institutions 
have used those AML/CFT priorities, that has been valuable in 
terms of them developing their AML/CFT programs and targeting 
their AML/CFT programs as well. Again, the AML Act provides 
that we need to issue regulations that direct financial 
institutions to incorporate those AML/CFT priorities into their 
AML/CFT programs. We are working on that regulation at this 
point in terms of what the contours of that might look like.
    Mr. Gottheimer. Thank you. I yield back. Thank you, Mr. 
Chairman.
    Mr. Himes. The gentleman yields back.
    The gentleman from Tennessee, Mr. Rose, is now recognized 
for 5 minutes.
    Mr. Rose. Thank you, Mr. Chairman, and thanks to Ranking 
Member McHenry. Acting Director Das, thank you for being here 
and for spending so much time with us today. It is good to see 
you again, and I appreciate you meeting with me earlier this 
week. It was great to discuss the issues that have been 
plaguing independent ATM operators, as you discussed earlier 
with my colleague, Mr. Luetkemeyer.
    As many people know, independent ATM operators across the 
country have had a tough time finding banks that will provide 
them with services since Operation Choke Point. Despite 
officially ending in August of 2017, the operation to de-bank 
certain industries is still impacting ATM operators today. So, 
I was thankful to hear your commitment to work with the other 
agencies to issue a joint statement underscoring that there is 
no particular risk associated with that category of customers.
    Acting Director Das, as I mentioned in our meeting, I am 
concerned about the current BSA process in which the Federal 
Government deputizes financial institutions. And I would say 
maybe at this point, just to broadly state my view, that the 
cost of this regulatory framework, I think, is troubling, and 
certainly even the path that we are headed down with respect to 
beneficial ownership is troubling to me, and the cost to our 
business community for that regulation is something that is 
very much in my sights. I spent 10 years on a bank board where 
I was tasked with looking at suspicious activity reports and 
the lack of feedback that banks and other financial 
institutions receive on whether a specific filing was helpful 
in assisting law enforcement is extremely troubling to me. As I 
have said, it is like shooting a target in the dark with a 
blindfold on.
    Acting Director Das, would it be possible for your Agency 
to effectively do its job without the participation of 
financial institutions?
    Mr. Das. Financial institutions are one of our most 
important partners being able to make the AML system.
    Mr. Rose. Thank you. And it costs them a lot of money to 
help you do your job by sending the data that law enforcement 
then has access to. I think the current system is somewhat 
broken, where these financial institutions are spending 
tremendous amounts of time and money on BSA filings, 
unfortunately, mostly without any feedback. There must be a 
more efficient process, and I know you have talked today about 
some of the efforts aimed at hopefully giving them some of that 
feedback. How much money do you think financial institutions 
spend every year on BSA filings in the United States?
    Mr. Das. I don't have a particular statistic on that point, 
but I--
    Mr. Rose. I think we could agree it is a lot, right?
    Mr. Das. Yes.
    Mr. Rose. And certainly, you have talked about the resource 
constraints that FinCEN faces in terms of fulfilling its 
mission of dealing with that data that comes to you. Would it 
be useful to tell financial institutions whether a filing was 
or was not valuable to law enforcement?
    Mr. Das. Again, the AML Act places a focus in terms of 
helping financial institutions understand how we are using our 
suspicious activity reports in relation to providing them to 
law enforcement and others. We are using a number of the 
vehicles through the AML Act to engage with financial 
institutions, including FinCEN Exchanges, Innovation Hours, et 
cetera, to help them understand better how we are using 
suspicious activity reports and what is valuable in terms of 
what they might be providing to us in terms of suspicious 
activity reports.
    Mr. Rose. In the current system, does law enforcement or 
another agency user of FinCEN data have to explain on an 
individual inquiry basis what the data that they are gathering 
is going to be used for?
    Mr. Das. There is no requirement on law enforcement to 
provide a specific SAR-by-SAR analysis of how they are using 
that information.
    Mr. Rose. Do you believe that FinCEN's current authority 
would enable you to implement some sort of requirement relative 
to a requirement that the user explain what they are seeking 
data for each time they access the database?
    Mr. Das. In terms of our engagement with law enforcement 
and financial institutions, I think that we can work under the 
existing framework to provide greater transparency in terms of 
how law enforcement may be using suspicious activity reports. 
Again, suspicious activity reports are just one piece of what 
law enforcement does in terms of an overall investigation. It 
complements information coming from a number of different 
sources, through subpoena authority, and through other 
investigative techniques. So often, drawing a one-to-one line 
between a suspicious activity report and a particular 
investigation or prosecution is just challenging.
    Mr. Rose. I understand that. And I guess I will just 
conclude, if you will indulge me for a second, by saying that I 
think what I am hearing today from a large number of the 
Members is that we want to see that kind of quantitative, that 
kind of actual objective data. And so, with that, I yield back.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Illinois, Mr. Garcia, is now recognized 
for 5 minutes.
    Mr. Garcia of Illinois. Thank you, Mr. Chairman, and, of 
course, thank you, Acting Director Das for your testimony 
today. At its best, FinCEN has the potential to set a strong 
anti-corruption agenda, disrupting the shadowy world of shell 
companies, oligarchs, and arms traffickers whose financial 
crimes have harmful consequences for everyday people. In order 
to fulfill that potential, the anti-corruption agenda requires 
our support and careful oversight to ensure transparency and 
progress, and I look forward to your partnership on these 
issues. With that in mind, I would like to move on to my first 
question.
    The Corporate Transparency Act is the most important change 
to U.S. anti-money laundering law in decades, and FinCEN's 
proposed implementation rule is a strong step in that 
direction. However, as my colleagues have noted, several phases 
of rulemaking are left. Final rules have been overdue since 
January 1st of this year. Will FinCEN commit to issuing final 
rules by the International Anti-Corruption Conference, which 
the U.S. Government will be hosting in December of this year in 
Washington, D.C.?
    Mr. Das. Thank you for that question, Congressman. We are 
committed to completing the second notice of proposed 
rulemaking and the suite of Corporate Transparency Act rules by 
the end of the year, so we will be issuing a notice of proposed 
rulemaking with respect to the access rule. I can't commit on a 
particular timeline with respect to the additional rules. We 
are doing a lot of work and we are working as hard as we can in 
terms of getting those rules done.
    Mr. Garcia of Illinois. Thank you. President Biden's 
strategic plan for countering corruption acknowledges the 
importance of a transparent and accessible beneficial ownership 
registry to effectively combat terrorist financing, corruption, 
and other crimes. Similar registries in the U.K. and the EU 
have public accessibility requirements. They also have examples 
of accountability groups, journalists, and members of the 
public successfully identifying financial crimes from the 
available data, but under the Corporate Transparency Act, 
information from the registry can only be shared for law 
enforcement purposes. As FinCEN works to implement this and 
future projects, do you believe that public-facing databases 
could be more effective than private databases, and how can 
FinCEN harness the power of civil society in the anti-
corruption work that it does?
    Mr. Das. Thank you for that question. Again, we are focused 
on implementing the Corporate Transparency Act (CTA). The 
Corporate Transparency Act has very specific rules with respect 
to access by law enforcement, by regulators, and by other 
government agencies, as well as State and local law 
enforcement. It is perceptive in this regard, and again, we are 
focused on implementing the CTA at this point. Again, civil 
society plays an important role in anti-corruption efforts. And 
from our perspective, we look forward to engaging with civil 
society in terms of their feedback and perspectives, either 
through the notice-and-comment process or otherwise, in terms 
of the effectiveness of the database, the contours of the 
database, and then the construction of the database as well.
    Mr. Garcia of Illinois. Thank you for that. My final 
question is on real estate. Home ownership has historically 
been a way to build modest wealth for otherwise marginalized 
communities, but as you know, real estate is one of global 
kleptocrats' most important assets, as my constituents are 
feeling the effects. While real estate investors take cash 
offers from foreign kleptocrats, working-class families are 
priced out from home ownership in their neighborhoods. This 
problem is particularly acute in Latino and Black communities, 
and the community that I represent, for example, was harmed 
during the Great Recession. I was encouraged to see FinCEN 
beginning to work on regulatory rules in the real estate 
sector. Director Das, will you commit to having a rule 
published by the International Anti-Corruption Conference this 
December?
    Mr. Das. We issued an NPRM last December, and we received a 
number of comments at the close of the notice-and-comment 
period, which was in mid-February. We are reviewing those 
comments and considering next steps in terms of a potential 
proposed rule. We are working incredibly hard on this, as we 
also work on the beneficial ownership database, as well as the 
other AML Act deliverables, so that makes it difficult for me 
to commit to a precise timeline.
    Mr. Garcia of Illinois. Thank you, Mr. Das.
    Mr. Chairman, I yield back.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from Ohio, Mr. Gonzalez, is now recognized 
for 5 minutes.
    Mr. Gonzalez of Ohio. Thank you, Mr. Chairman, and thank 
you, Acting Director Das, for your testimony today. I want to 
pick up on the online child sexual exploitation conversation. I 
just want to understand the organization's priorities and how 
you are effectively combating it. As an organization--and you 
can give me ballpark--what percent of your budget is targeting 
crackdowns on online child sexual exploitation?
    Mr. Das. In terms of the overall budget, it is difficult 
for me to provide a ballpark.
    Mr. Gonzalez of Ohio. Ballpark is fine.
    Mr. Das. But I can tell you that we have one staffer who is 
dedicated to the issue.
    Mr. Gonzalez of Ohio. One staffer?
    Mr. Das. One staffer in--
    Mr. Gonzalez of Ohio. One individual staffer?
    Mr. Das. One individual staffer.
    Mr. Gonzalez of Ohio. Does that staffer have a--
    Mr. Das. It is dedicated. But in addition, a number of 
other staffers and a number of other personnel support the 
effort more generally, but we have somebody who is dedicated to 
the effort full time across human trafficking, human smuggling, 
as well as online child sexual exploitation.
    Mr. Gonzalez of Ohio. So, one staffer. How does that 
compare to other priorities like--the top priority and how many 
staffers are leading that effort, and compare that to money 
laundering.
    Mr. Das. This is one full-time staffer. We have folks 
focused on a number of different fronts across the whole suite 
of issues around ensuring that we have effective AML/CFT 
programs in place. Financial institutions are providing 
suspicious activity reports, not only on the many priorities in 
the national AML/CFT priorities but as well as particularly on 
human smuggling, human trafficking, and online child sexual 
exploitation. That individual staffer is focused on reviewing 
suspicious activity reports that are filed, and then working 
very closely with IRS Criminal Investigation (IRSCI), which is 
very focused on this issue, as well as the Joint Criminal 
Opioid and Darknet Enforcement Network (JCODE), which is also 
very focused on this issue as well. So, it is a focal point in 
terms of collecting the information, looking at the 
information, and then providing that, and working with law 
enforcement so that they can use that information to 
investigate these acts.
    Mr. Gonzalez of Ohio. Okay. And then, how closely does 
FinCEN work with private industry to share information and best 
practices to identify and stop payment methods for the purposes 
of online child sexual exploitation?
    Mr. Das. I apologize, Congressman. If you could repeat that 
question. I didn't--
    Mr. Gonzalez of Ohio. Sorry. How closely does FinCEN work 
with private industry to combat online child sexual 
exploitation?
    Mr. Das. Again--
    Mr. Gonzalez of Ohio. On the payment side specifically.
    Mr. Das. We work with financial institutions in terms of 
suspicious activity reports, and enhancing awareness with 
respect to this issue. We have issued a couple of different 
advisories and notices on online child sexual exploitation in 
child sexual abuse material as well. In 2020, we issued an 
advisory around this issue. Specifically, it was a supplemental 
advisory. And in September of 2021, we issued a notice that 
identified this as a particular issue of focus for financial 
institutions, especially against the backdrop of the pandemic. 
We identified a particular code around online child sexual 
exploitation in the event that financial institutions were 
providing a SAR on this specific issue, that it would be 
identified with a particular marker that we would easily be 
able to track.
    And that notice actually was incredibly effective. We 
received over 1,600 suspicious activity reports from the period 
of September 2021 through December of 2021, and this year 
through April, I believe mid-April, we have received about 650 
suspicious activity reports on this issue as well. Again, we 
are attuned to this issue, we are very focused on it, and we 
are doing what we can.
    Mr. Gonzalez of Ohio. Can I ask a quick question? Do you 
think one staffer is enough, and it may be that you don't have 
the budget, I get that, but do you think the one staffer has 
the bandwidth to effectively monitor all of the SARs related to 
child sexual exploitation?
    Mr. Das. Again, this is a difficult issue. We should be 
providing resources across our entire envelope. Again, we are 
meeting incredibly difficult resource constraints against all 
of the types of activities that we do.
    Mr. Gonzalez of Ohio. Okay. Just a general observation, and 
then I will yield my time back. It gives me pause to know that 
there is only one staffer. And I know that you are budget-
constrained, but it is an enormous issue and there is nobody 
more vulnerable than a child who is being sexually abused, 
whether it is online, in a home, whatever it is. We know from 
our office's work with the FBI, the local FBI office in 
Cleveland, that the pandemic had a particularly nasty effect on 
the increases in child sexual exploitation. My ask would be 
that your office is willing to work with us on ways to get you, 
whether it is more funding, more tools, more resources, 
whatever it is, but this needs to be a bigger focus than just 
one staffer.
    And with that, I yield back.
    Mr. Das. And we would like to dedicate more resources, and 
we will take you up on that offer to work with you.
    Mr. Himes. The gentleman's time has expired.
    The gentleman from South Carolina, Mr. Timmons, is now 
recognized for 5 minutes.
    Mr. Timmons. Thank you, Mr. Chairman, and thank you, Acting 
Director, for being with us today. I want to talk about 
implementation of the Corporate Transparency Act, which is a 
pretty deceptive name, in my opinion, for the bill, as its 
scope goes far beyond large corporations. Before I came to 
Congress, I started a number of small businesses. It was hard 
work, and, honestly, probably the hardest work was dealing with 
the onerous government regulations at the Federal, the State, 
and the local level. Way too much of my time was spent trying 
to please bureaucrats rather than trying to please my 
customers. I don't think it should be that way.
    So, a part of my concern with the CTA was the additional 
compliance burden it places on businesses. The large 
corporations will be fine. They have armies of lawyers, 
accountants, and compliance departments. They can handle 
everything, but for small business owners, it is a big 
headache. I was my own compliance department. And by the way, I 
would venture to guess that out of the tens of millions of 
covered entities of this law, the vast majority have no idea 
what FinCEN even is. There is a big education piece to this, 
and a somewhat large potential for bad actors to take advantage 
of the beneficial ownership requirements to scam these folks 
and steal their identities. Do you share these concerns? Are 
you striving to implement these new rules in the least 
intrusive way possible on small businesses?
    Mr. Das. That is what the AML Act and the CTA directs us to 
do, is to do it in a way that minimizes the burden on small 
businesses. Again, we are focused on developing a database that 
is effective, and that minimizes the burdens on small 
businesses while ensuring that we have a database that is 
effective and provides highly-useful information to law 
enforcement. That is our prime directive with respect to the 
database.
    In terms of the reliability of the database, I think again, 
we are very focused on ensuring the integrity of the database 
and ensuring that it meets the highest standards of IT 
protection from hacks and otherwise. We are very focused on 
privacy interests and considerations around those issues in the 
context of the CTA. And the notice-and-comment process has 
provided us with a significant amount of feedback and useful 
feedback in terms of thinking through how the rules work, and 
how they could be improved, and we will be working on that in 
the coming months.
    Mr. Timmons. How do you feel that it is going so far?
    Mr. Das. We are working incredibly hard on this effort. It 
is difficult in a resource-constrained environment, but we are 
making a lot of progress. The team is incredibly dedicated. 
They are tired, I can tell you that. But we are making progress 
both in terms of the reporting rule, the access rule, and the 
overall database work. It is an incredibly complicated effort. 
We have to get it done right. And we are spending time and 
effort in making sure that the rules work together, the 
database is built appropriately, and is one that can be used 
effectively by law enforcement and other stakeholders.
    And I agree with your point that it is incredibly important 
for companies and individuals that have to report information 
to understand what the rules are, and it is very important for 
us. And we are very focused on it from a FinCEN perspective to 
develop an outreach strategy in an effort to engage with 
stakeholders, with industry groups, with businesses, and with 
State secretaries of states so that they understand what the 
contours of the rules are, and they understand what the 
obligations are in a way that ensures that they can do so in 
the least burdensome manner as well.
    Mr. Timmons. Sure. Thank you. This is going to be a huge 
amount of valuable, highly-sensitive data. What is your 
cybersecurity plan to make sure that it stays where it is 
supposed to be?
    Mr. Das. Again, we are very focused on cybersecurity. We 
plan on applying high standards, the highest standards with 
respect to cybersecurity for the beneficial ownership database. 
With respect to our existing system of records, our database, 
we apply FISMA high standards with respect to the database. We 
do regular penetration testing. We engage closely with the 
government security accountability committee which governs 
security around IT databases as well. And we plan on doing this 
with respect to the beneficial ownership database, because we 
recognize that that database holds very sensitive information.
    Mr. Timmons. Thank you. The government has had a lot of 
breaches recently, and I would hate to have this be another 
one. So, I appreciate you prioritizing that.
    Thank you, Mr. Chairman. I yield back.
    Mr. Himes. The gentleman yields back.
    The gentleman from Wisconsin, Mr. Steil, is now recognized 
for 5 minutes.
    Mr. Steil. Thank you very much, Mr. Chairman. And thank you 
for being here, Mr. Das. I really appreciate it.
    It has been discussed a little bit, but I want to dive in a 
little further on BSA data, SARs, the volume, who is looking at 
it, and the effectiveness of this. BSA data is meant to be 
highly useful for law enforcement. To what extent is law 
enforcement providing feedback to those who file BSA data? I am 
looking for that feedback loop.
    Mr. Das. We regularly engage with law enforcement in terms 
of the suspicious activity reports. We have a number of 
liaisons from law enforcement who sit within FinCEN and that we 
work closely with in terms of the use of SARs, priorities that 
law enforcement has, as well as feedback that we get. When we 
work with law enforcement and provide them with reports, we 
often communicate with them on the value of the suspicious 
activity reports that we have or other information that we give 
to law enforcement, and we, across-the-board, get positive 
feedback from law enforcement.
    Mr. Steil. That is good. Let me just scale this, because I 
think it is important. In March of this year, 325,378 SARs were 
filed by financial institutions. What percentage of those might 
receive feedback in a given month?
    Mr. Das. Again, we do not collect SAR-by-SAR feedback. 
There are a number of challenges in doing so.
    Mr. Steil. Understood. Rough math, just to scale it, 
because I think it is relevant on this feedback loop because I 
will tell you, on my side, many people feel that the SARs 
information is just going into a black hole. My concern is that 
people are filing what I call defensive SARs. They are filing 
SARs to be protective of themselves so they don't have an 
investigation coming upon them rather than doing what we are 
really trying to do, which is to identify suspicious activity 
which is actually helpful in your operations. Not that you 
aren't providing feedback to some and, in particular, cases 
where that information is useful. But I think many people feel 
that there is a giant black hole, and my concern is then that 
perception can become reality for many of these banks who then 
engage in filing what I view as defensive SARs, which doesn't 
really help us. Finding the needle in a haystack is dependent 
on a handful of things, one of them being how big the haystack 
is.
    And so, if we can find a way to bring this haystack down, I 
think we may actually find ourselves in a position to more 
easily find the needle, if you will. And I think that is one of 
the things that this committee should spend time on, in 
particular on the regulatory side. And on the legal side of how 
we set the thresholds to file these SARs, I think it would be 
quite beneficial to remove some of the noise that is in these 
documentations.
    Let me shift gears, because we have hit that a couple of 
times today. One of the things I just want to touch base with 
you on is there has been a lot of concern among some of my 
colleagues, and some of the media, talking about the use of 
digital assets to avoid U.S. sanctions. I think some of it is 
unfounded and misplaced, especially given some of the level of 
visibility we have in open ledgers maintained on blockchain. A 
counselor to the Deputy Treasury Secretary recently commented 
that crypto wasn't a major concern, given the huge scale of 
what bad actors would have to move. Do you agree that digital 
assets aren't a major sanctions-evasion mechanism?
    Mr. Das. Again, in our sanctions evasion alert, we have 
alerted financial institutions to the potential for 
cryptocurrency being used as a channel for sanctions evasion. 
We have not seen significant activity, large-scale activity, in 
terms of the use of cryptocurrency for sanctions evasion. But 
again, there is potential for cryptocurrency to be used for 
sanctions evasion, and we are ensuring that financial 
institutions are alert to this issue, and if there is such 
sanctions evasion, to submit a suspicious activity report 
highlighting it.
    Mr. Steil. I appreciate your feedback on this. In the very 
limited time we have left, one of the things I have been very 
concerned about is fentanyl coming into our communities. It is 
the number-one cause of death among individuals aged 18 to 45. 
You are not involved in securing our borders. I am going to 
park that for a moment. But I am curious as to what FinCEN is 
doing to stop illicit fentanyl traffickers from laundering 
their profits through our financial system.
    Mr. Das. We receive suspicious activity reports with 
respect to drug trafficking, narco trafficking, fentanyl as 
well. We work very closely with law enforcement in terms of our 
efforts to help them understand money laundering organizations 
that are related to drug trafficking organizations. We work 
closely with HSI, with the FBI, and with DEA, and we have a 
close partnership with them in terms of helping them understand 
the information that we have and helping them analyze the 
information that we have to be able to better target this 
issue.
    Mr. Steil. Thank you very much. Thank you for being here. 
Mr. Chairman, I yield back.
    Mr. Himes. The gentleman's time has expired.
    I would like to thank Acting Director Das for his testimony 
today.
    The Chair notes that some Members may have additional 
questions for this witness, which they may wish to submit in 
writing. Without objection, the hearing record will remain open 
for 5 legislative days for Members to submit written questions 
to this witness and to place his responses in the record. Also, 
without objection, Members will have 5 legislative days to 
submit extraneous materials to the Chair for inclusion in the 
record.
    The hearing is now adjourned.
    Mr. Das. Thank you.
    [Whereupon, at 12:50 p.m., the hearing was adjourned.]

                            A P P E N D I X                            
                            
                             April 28, 2022
                             
                             
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]