The de-risking of businesses slowly began within banking. Many trace its start back to 1994 with the passing of the Money Laundering Suppression Act (MLSA). The MLSA required money transmitter businesses (MTBs)—now known as money services businesses (MSBs)—to have Bank Secrecy Act (BSA) programs similar to depository institutions. At first, the financial institutions providing banking services to these entities were required to perform the independent assessment of those MTBs’ BSA/AML programs. This resulted in no small uproar among bankers. Shortly afterwards, the responsibility for the independent review was shifted, appropriately, to the MTBs. Nevertheless, banks and credit unions were put on higher alert by the regulators who identified the increasing risk of servicing these firms.
Fueled by the events of September 11, 2001, and a number of years of anti-terrorist financing oversight, another de-risking spike came in 2005 when Riggs Bank in Washington, D.C. (since purchased by PNC Bank) was fined $41 million for anti-money laundering (AML) deficiencies, particularly pertaining to foreign embassy accounts. Since then, foreign embassy accounts began to be deemed high risk by regulators. Once this word got out, large banks began closing foreign embassy accounts deemed to be medium to high risk by the banks or examiners. This created a diplomatic quagmire that required intervention by the U.S. Department of State.
From 2005 on, federal bank examiners began applying different yardsticks of risk—some advised bankers to apply various levels of caution in banking certain types of businesses, while others maintained the need to assess the risk of each client independently. Others still suggest a most questionable risk mantra: “Once high risk, always high risk.”
In 2011, the Federal Deposit Insurance Corporation (FDIC) issued a list of business categories—ultimately more than 30—it deemed to be inherently high risk, encouraging banks to establish adequate controls, particularly monitoring of account transaction activity, to ensure such businesses do not pose excessive risk to the bank. Bank examiner pressures increased, as did the de-risking—with some depository institutions’ putting a freeze on accepting new accounts from any of the listed business categories and others opting to close existing accounts.
The pressure from the government increased even more in 2013, when the U.S. Department of Justice (DOJ) began its initiative to try to “choke out” businesses that were potential operatives in the money laundering world. Some businesses seemingly in disfavor with the administration, such as gun dealers, were targeted for other reasons beyond being a money laundering threat. From this initiative, the name Operation Choke Point was born.
On January 8, 2014, Four Oaks Bank in Four Oaks, North Carolina, settled with the DOJ, paying $1.2 million in fines. The DOJ’s issue: numerous complaints regarding Four Oaks’ allowing payday lenders “to rack up exorbitant fees” and permitting third-party processors direct access to the Federal Reserve System to debit customer accounts without necessary authorizations.1 This was the first and primary monetary blow of Operation Choke Point. To many financial institutions’ boards and senior management, this penalty was the proverbial “last straw,” accelerating the closing of doors to new accounts of payday lenders and other businesses on the FDIC’s list of high-risk business categories and/or to the termination of existing relationships.
Banks should stop treating entire industries as pariahs and exercise sound judgment, conduct due diligence and evaluate customers individually
In March 2014, Comptroller of the Currency Tom Curry spoke at the ACAMS moneylaundering.com 19th Annual International AML and Financial Crime Conference in Florida where, in referencing the accelerating de-risking trend, he said banks should stop treating entire industries as pariahs and exercise sound judgment, conduct due diligence and evaluate customers individually. He implored the bankers to communicate risk concerns to their regulators. Furthermore, Curry said, “You shouldn’t feel that you can’t bank a customer just because they fall into a category that on its face appears to carry an elevated level of risk.” He added that he was not suggesting that certain customers not be turned away, but rather to do so through prudent risk management due diligence and the documentation processes within the bank.2
In May 2014, the U.S. House of Representatives’ Committee on Oversight and Government Reform, led by Rep. Blaine Luetkemeyer (R-Mo), published a staff report titled The Department of Justice’s “Operation Choke Point:” Illegally Choking Off Legitimate Businesses, which claimed that the intent of Operation Choke Point was “to ‘choke out’ companies the administration considers ‘high risk’ or otherwise objectionable, despite the fact that they are legal. The goal of the initiative was to deny these merchants access to the banking and payments networks that every business needs to survive.”3
On July 28, 2014, the FDIC removed its list of merchant categories and issued a clarification in a Financial Institution Letter (FIL) to the nearly 4,000 banks it supervises, updating its 2011 guidance. The FIL stated that “the lists of examples of merchant categories have led to misunderstandings regarding the FDIC’s supervisory approach to institutions’ relationships with [third-party payment processors] resulting in the misperception that the listed examples of merchant categories were prohibited or discouraged.” The FIL further reiterated that it is the FDIC’s policy that insured institutions that properly managed customer relationships are neither prohibited nor discouraged from providing services to customers operating in compliance with applicable federal and state law.
The ripple effects of prior regulatory scrutiny are still evident. Through the first eight months of 2014, bankers were receiving a flow of discouraging remarks from examiners and regulatory applications departments. At an ACAMS Atlanta Chapter meeting held in February 2015, one of the meeting’s moderators reported that in 2014, one bank submitted an application to its regulator only to be told that since they had MSBs the application could face “delays.” The moderator said the bank’s board immediately ordered the closing of its approximately 50 MSB accounts. Although this meant the loss of about $600,000 of annual fee income, the board did not want application delays or to risk regulatory disapproval in general.
Similarly, in a BSA/AML review of a check cashing company in Georgia last summer, the company was notified by its bank that it would be terminating their banking relationship. The owner indicated that their “last resort” to stay in business was to use National Check and Currency (NCC), which boasts a limited number of “sealed envelope” banks willing to bank MSBs. It should be noted that the company had already been forced to find an out-of-state bank to service its accounts. However, the loss of their direct banking relationship and the use of NCC, according to the company, would significantly increase costs.
Another concern surfaced during an independent BSA/AML review of a currency transmitter with agents in nine states. The owner requested that the reviewer not give the identity of their banks to other MSBs for fear that if other MSBs were to attempt to open an account with one of his banks, that bank would end their relationship with all MSB accounts, and, as a result be forced out of business.
As a result of industry-wide angst and confusion, as well as increasing Congressional pressure responding to the same concerns, the FDIC on January 28, 2015, took an unprecedented move, providing its regulated institutions—and implicitly the rest of the banking and credit union world—with assurance that it does not wish to label entire categories of business as high risk. It announced in a FIL that its institutions “should examine their customer relationships on a case-by-case basis and not by industry.” To be sure of the pronouncement’s effectiveness, it added in its press release, that FDIC examiners will give banks formal written notice when ordering them to discontinue the accounts of risky customers suspected of breaking the law. The Wall Street Journal reported, citing an internal FDIC memo, that “recommendations or requirements for termination of deposit accounts should not be made through informal suggestions,” but must be done formally in writing in cases where examiners find banks are not managing the risks of account activity. The process also called for a regional director’s written approval and thorough vetting by legal and regional offices.4
This is a solid step forward that will hopefully reverse the trend of financial institutions either not opening or closing existing accounts based solely on misunderstandings and perceptions that certain business categories were frowned upon by federal and state examiners. Hopefully, the Consumer Financial Protection Bureau (CFPB) will follow with its own similar initiative toward MSBs and non-bank financial institutions (NBFIs) to provide a consistent regulatory front.
Given the FDIC’s latest proclamation, coupled with Tom Curry’s referenced remarks, banks should feel some renewed confidence that they do not have to “leave money on the table,” and can provide services to customers with moderate-to-high risk by properly managing that risk with reasonable controls. This is not saying, however, that Operation Choke Point is dead, but only that it is being dismantled. For bank boards and executive management, there needs to be a return to prudent risk management, replacing the falsely sounded alarm by some to de-risk and un-bank by category. Rather, board members and management should take notice in what the FDIC and OCC leadership is saying about changing from category assessment back to individual client assessment. Still, for certain categories known to be sources of money laundering abuse—such as MSBs, payday lenders, third-party payment processors, unsecured and title lenders—management needs to apply prudent customer due diligence/know your customer (CDD/KYC) and monitoring measures tailored to the individual client. However, this begs the question, “Are you now leaving money on the table?”
Conclusion
A financial institution that has either terminated or stopped opening new MSB and/or NBFI accounts over the last 20 years may be reluctant or cautious in returning to the MSB and NBFI markets. It should nevertheless consider doing so with prudence. Together, banks and consultants should develop and present to the bank’s board revised strategies for recouping lost ground and get the missing revenue back to the bottom line while minimizing risk.
In recouping this lost ground, institutions should use the FFIEC BSA/AML Examination Manual as a starting point. The FFIEC’s risk management elements, if properly employed, coupled with timely reporting to senior management and the board, can yield the necessary assurances to bring on board what previously were deemed high-risk businesses.
Now that the FDIC has driven the proverbial stake into the heart of Operation Choke Point, it is time to dispel the need to rule out entire classes of businesses.
The views expressed in this article are those of the author(s) and are not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.
- Bruce Mildwurf, “Four Oaks Bank Agrees to $1M Fine to Settle DOJ Suit,” January 9, 2014, http://www.wral.com/government-accuses-four-oaks-bank-of-turning-blind-eye-to-illegal-activity/13285954/
- Thomas J. Curry, Remarks Before ACAMS Hollywood Conference, March 17, 2014, http://www.occ.gov/news-issuances/speeches/2014/pub-speech-2014-39.pdf
- U.S. House of Representatives, “The Department of Justice’s ‘Operation Choke Point:’ Illegally Chocking Off Legitimate Businesses?,” May 29, 2014, http://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf
- Alan Zibel, “FDIC: Examiners Must Give Banks Written Notice on Risky Accounts,” The Wall Street Journal, January 28, 2015, http://www.wsj.com/articles/fdic-examiners-must-give-banks-written-notice-on-risky-accounts-1422476562