The new emphasis by U.S. intelligence and law enforcement agencies on cooperation and information-sharing is about to undergo an interesting test within the financial community.
Complying with provisions of the USA Patriot Act, which Congress passed a month after the September 11 attacks, the Treasury Department is linking the country’s financial institutions together on an electronic network to gather and disseminate information about possible money-laundering transactions. The hope is that the network, scheduled to go live late this month, will help nab terrorists, arms merchants, drug runners and other criminals making illicit use of banking and payment systems.
Run by Treasury’s Financial Crimes Enforcement Network, or FinCen, and known as the Patriot Act Communications System, or Pacs, the program is designed to streamline the collection and analysis of the millions of reports that banks file on large cash deposits and other potentially questionable transactions. Those reports, now also required of brokerages and a growing list of other financial and retailing businesses, will for the first time be filed over a secure Internet connection. When FinCen discerns suspicious patterns, it can transmit timely alerts to participating institutions, which in turn can use the network to communicate and coordinate among themselves.
Indeed, Pacs, which has received virtually no media or public attention to date, represents the kind of coordinated intelligence-gathering and information-sharing that President George Bush wants to promote by establishing a cabinet-level Department of Homeland Security.
“Hopefully, we will be able to avoid the situation we seem to have had, where different intelligence agencies had information like puzzle pieces but failed to see the big picture,” says David Gilles, special assistant to FinCen director James Sloan and head of the Pacs project.
Success will depend not only on the ability of Treasury to piece information together but also on sufficient participation by financial institutions , membership in Pacs is voluntary , and on unusually close cooperation between the public and private sectors. Ever since enactment of the principal anti-money-laundering statute, the Bank Secrecy Act of 1970, U.S. banks and policymakers have repeatedly tussled over each new set of compliance requirements. Banks have typically resisted changes on grounds that they were either impractical or threatened customers, privacy; usually, a compromise is reached.
Although the Patriot Act enjoyed almost unanimous support in Congress and among financial lobbyists, it requires banks to exchange information on customers more than ever before , in ways that in the past could have left them vulnerable to costly libel judgments for improper disclosures. Lawyers predict that bankers will react cautiously and won,t modify their information-protection practices overnight.
“Will financial institutions become policemen and inform on their customers? Ultimately, that will become a very daunting issue. I don,t think banks are going to do it willingly,” says Stanley Ragalevsky, a partner in the Boston office of law firm Kirkpatrick & Lockhart.
Charles Bock, senior vice president and director of fraud prevention and investigation at J.P. Morgan Chase & Co., says he’s optimistic about Pacs’s success as an information-sharing tool but concedes that procedural questions abound. “Information- sharing is a great idea,” says the bank executive. “I don,t think banks and the government have gotten into exactly how it would work yet. But in time, the information- sharing processes will be worked out.”
FinCen’s Gilles and many of his peers in the anti-money-laundering community think adequate privacy safeguards already exist. What’s more, they believe that Pacs’s benefits far outweigh the complications.
Running on readily available Internet technology with military-grade security protection, the network’s most immediate improvement will be the online filing of currency transaction and suspicious activity reports. About 14 million of these documents, known as CTRs and SARs, flow into FinCen every year; until now they have been on paper or encoded on magnetic tape and had to be delivered physically to an Internal Revenue Service computer center. Between shipping time and processing on the receiving end, it could take several days for the data to be entered into electronic databases. With Pacs the reports can be posted and ready for analysis almost instantaneously.
In theory, FinCen will be able to “connect the dots” between suspicious transactions at different banks and send out alerts much more quickly than it can under the current system.
Says J.P. Morgan’s Bock: “We are optimistic that we,ll get valuable information via Pacs , trends and analyses and alerts. Today we receive control lists [specifying suspect accounts] and advisories by e-mail or by postings to various government Web sites. Pacs will provide a central point for us to obtain relevant information.”
Companies hooked up to Pacs will not only be notified faster, but they,ll also be able to respond much more quickly, further hastening law enforcement actions that are increasingly global in scope. While banks in recent years have purchased sophisticated pattern-recognition technologies that can help identify the few suspicious transactions hidden among millions of legitimate money transfers, Pacs can help to pool their separate findings and to orchestrate responses more effectively.
“The huge advantage of this network is that it will be real-time,” explains Ragalevsky. “The government is becoming more concerned every day that it picks up on things months after the fact. This is a way to at least partially stop that.”
Construction of the real-time Internet platform began after FinCen outlined its plans for Pacs, as authorized by Section 314 of the Patriot Act, in the March 4 Federal Register. Defense contractor TRW, accounting firm Deloitte & Touche and its Deloitte Consulting affiliate won a competitive bid to build Pacs. About 30 financial institutions , ranging from top commercial banks to small credit unions , are taking part in a pilot test that started in late May.
J.P. Morgan’s Bock says that banks are sure to find online transmission of CTRs and SARs easier and cheaper than physical delivery. “The government is also saving taxpayers, money by cutting costs associated with employees having to manually input information into computers,” he adds.
At FinCen headquarters in Vienna, Virginia, hopes are running high that those cost benefits, coupled with the urge to retaliate against terrorism, will lead financial institutions to adopt Pacs as “their filing tool of choice,” as agency chief Sloan puts it.
But even institutions that like the idea may take some time to get up to speed. Bock says that training and systems integration issues have been significant during the test phase , and that Deloitte consultants have worked hard with the banks to fix them. Donald Temple, an anti-money-laundering expert at Mantas, a Fairfax, Virginia,based provider of pattern-detection software, notes that smaller institutions tend to be behind the technology curve. “A bank in a rural area may have three branches and file only one or two forms a year,” he says. “They,re still used to using the paper method.”
Mantas, whose clients include Citigroup and Charles Schwab & Co., will offer an enhancement of its system for Pacs filers, says Temple. A competitor, London-based Searchspace, will allow data transmitted by Pacs to be incorporated into its analytical systems in an effort to make its detection algorithms more effective, according to Konrad Feldman, CEO of Searchspace’s U.S. subsidiary.
With such internal detection technologies in place and the Pacs launch close at hand, there remain only a few legal questions that might give executives pause , the financial equivalent of the concerns that civil libertarians voice about military detainees.
In authorizing extraordinary information-sharing , and potentially privacy-diluting , measures to fight terrorism, drafters of the Patriot Act inserted a “safe harbor” provision. Banks can be confident that they will not be held liable for wrongful disclosures, collusion or other offenses “as long as they report activity in good faith,” explains Gregory Baldwin, a money-laundering specialist with law firm Holland & Knight in Miami. The exemption is meant to make bankers less hesitant to file SARs or report a suspicious customer to law enforcement.
The Treasury Department has tried to put bankers at ease in its official commentaries, saying that financial institutions , not the government , will make all decisions on maintaining customer confidentiality, closing accounts or declining trans- actions. The Patriot Act also addresses potential concerns of bank clients: It requires Treasury to regulate banks, information-sharing, ensuring that it pertains only to anti-money-laundering and antiterrorist activities. And the law requires institutions to submit an annual certification of the measures they are taking to protect customers, privacy.
FinCen’s Gilles argues that financial institutions need to overcome their fears to realize Pacs’s benefits. “Banks may have a lot of knowledge about one transaction. It may look suspicious, but they may want to contact another bank to look for a wider pattern. That could help them decide whether to file an SAR,” he says. “I think the Patriot Act’s information-sharing goals will eventually work quite well.”
Many bankers agree. “The new system should allow us to more effectively and efficiently file reports, which in turn should assist law enforcement in their efforts,” says Thomas Martin, the vice president responsible for Bank Secrecy Act compliance at Atlanta-based SunTrust Banks.
J.P. Morgan’s Bock says that Pacs remains “a work in progress.” But he adds, “What we,ve seen so far about Pacs, we really like.”
