Public cried 'no' to know-your-customer regulations.

Uproar over potential invasions of privacy forced anti-money-laundering proposals to be withdrawn, maybe only temporarily.

ON MARCH 23, federal banking regulators withdrew one of their most controversial proposals in recent history: the "know your customer" rules. The rules capped an almost 15-year effort by the Treasury Department, bank regulatory agencies and the banking industry to find a workable means of strengthening law enforcement measures against money laundering. Given the storm of protests over the rules' apparent invasion of personal privacy, the fate of "know your customer" is unclear. The agencies, however, made clear in their press release that regulatory efforts to battle money laundering would not diminish.

Proposals made last December (1) were intended to implement §8(s) of the Federal Deposit Insurance Act, (2) which requires federal banking agencies to prescribe regulations requiring depository institutions to establish and maintain procedures reasonably designed to ensure and monitor compliance with the Currency and Foreign Transaction Reporting Act.(3)

The proposals would have required banking institutions to determine prospective customers' identities; identify the sources of funds for customer's transaction; determine the types of transactions customers normally conduct; monitor customer's transactions and identify those that are inconsistent with normal or expected transactions; and determine whether transactions are unusual or suspicious and if appropriate, report any suspicious transactions.

In withdrawing the proposals, the agencies noted that they had received an unprecedented number of negative comments from the public, banking organization, industry trade associations and members of Congress. New reports indicated that more than 300,000 comments were submitted and that extraordinarily few were positive. The agencies reports that most comments reflected public concern over the privacy of the information that would be collected and held by financial institutions, and that many comments addressed the expected burden the proposed rule would impose on banks and savings associations.

A review of the history of "know your customer" rules reveals that public opposition probably was an overreaction. Neither the withdrawal of the rules, nor their adoption had they been finalized, likely would have much impact on individual privacy. Moreover, given the existing statutory mandates for stronger enforcement efforts against money laundering, if more acceptable versions of the rules are not adopted, more onerous transactional reporting and record-keeping burdens likely will be placed on financial services intermediaries, resulting in higher transaction costs for all financial services customer.

The rules in retrospect
Know-your-customer has been around longer than the public realizes. The mandate is well-established in the securities industry, albeit to assure the suitability of investments rather than to prevent criminal activity. (4)

These rules require securities firms to learn essential facts about customers, accounts and transactions. For example, the National Association of Securities Dealers rule requires brokers to make reasonable efforts to obtain information on a customer's financial and tax status, investment objectives and other information used or considered reasonable in making recommendations, and to have reasonable grounds for believing recommendations to be suitable. This belief must be based on any facts disclosed by the customer regarding financial situation and needs.

In connection with law enforcement efforts against money laundering, know-your-customer concepts developed from a dialogue among Congress, the Treasury Department's Office of Financial Enforcement, federal bank regulators and the banking industry. As early as 1989, the American Bankers Association and individual members of the industry, seeking to avoid onerous costs of additional reporting and record keeping under the Bank Secrecy Act (BSA), (5) urged Congress to focus on more practical know-your-customer rules for financial services intermediaries. (6)

In response, the Treasury Department broached the idea of know-your-customer rules in Advance Notice of Proposed Rulemaking published on Oct. 31, 1989. (7) It noted the increasing role of international wire transfers in money-laundering schemes, identified deficiencies in existing transaction reporting requirements and outlined various regulatory options that it was considering to strengthen law enforcement efforts.

One listed alternative was to use model know-your-customer procedures to verify both the legitimate nature of customer's business and that wire transfers would be commensurate with legitimate business activities. The Treasury Department temporarily withdrew the proposal in a notice published on Oct. 15, 1990, primarily because of banking industry concerns about feasibility and the appropriateness of prying so deeply into customers' affairs. (8) As the Treasury Department said, individual institutions had begun to adopt their own know-your-customer polices and procedures, apparently hoping to forestall potentially ineffective or costly regulatory mandates.

Partly in respond to difficulties posed by increasing enforcement demands on the banking industry, Congress, in 1992 legislation, (9) authorized the Treasury Department to establish a BSA Advisory Group to be drawn from government and private sources, to advise the Treasury Department of effective means of combating money laundering through financial services intermediaries. On June 4, 1993, the Treasury Department announced the group's formation.

The Advisory Group played a significant role throughout the Treasury Department's subsequent rule-making efforts. (10) It reasonably can be surmised that the group, perhaps reluctantly, urged reasonable and flexible know-your-customer rules as a less costly, less burdensome alternative to expanded transaction reporting and record keeping.

Federal banking agencies played a less public role in the know-your-customer drama, but were not passive prior to last December. On May 14, 1996, the Federal Deposit Insurance Corp. revised its examiner guidelines for monitoring BSA compliance by institutions subject to FDIC regulation. (11) These already require banks to establish know-your-customer policies.

The policies require proper identification of a customer when an account is opened to prevent establishment of fictitious accounts, and require that a financial institution be able to predict with relative certainty the types of transactions in which a customer is likely to be engaged. The guidelines require development of internal systems for identifying and monitoring transactions inconsistent with a customer's "transaction profile." Banks must also maintain employee education programs that provide examples of customer behavior or activity that may warrant investigation.

No big change or Big Brother
These existing examination requirements and current bank practices are not significantly different from the formal proposals published last December and withdrawn in March. The major difference is that the 1998 proposals would have established industry wide standards, made them more easily enforceable and established objectivity with which they could be applied, rather than relying on sometime-inconsistent interpretations at the examiner level.

Thus, although banks are not eager to play Big Brother to customers, it is easy to see how the industry might accept, reluctantly, the 1998 proposals: They are not largely different from present examination guidelines and are a lesser evil than more comprehensive transaction reporting and record-keeping rules under consideration by Congress and the Treasury Department for a decade.

Nevertheless, enforcement authorities, regulatory agencies and the banking industry may not have appreciated the degree to which the public's concerns about privacy have increased.

Heightened awareness of privacy concerns found its way into recent amendments to H.R. 10, the proposed financial serves legislation. The Clinton administration has appointed a new "privacy czar" (12) and appears to be struggling to establish "financial privacy initiatives." (13)

Electronic communications and the Internet exacerbate these privacy concerns and provide more effective means of focusing and communicating them. Members of interest groups communicate electronically. Perhaps more important, electronic communications makes it easy for interested citizens to comment on pending federal regulations. In light of these developments, it is not surprising that the know-your-customer rules provoked a vocal response.
Consequently, "know your customer" clearly must be reconsidered. Perhaps more dialogue on competing goals of crime prevention and privacy will be in order. Regulators' critical need to act against money laundering, however, cannot be underestimated.

The Salinas scandal
Perhaps nothing illustrates this so vividly as a recent U. S. General Accounting Office (GAO) report to Congress on an alleged money-laundering scandal involving Raul Salinas de Gortari, brother of former Mexico President Carlos Salinas de Gortari. (14) The report also illustrates how know-your-customer practices have been established in the banking industry since 1992, and yet how easily banks can overlook important details, despite having know-your-customer policies in place.

The report describes how Citibank allegedly helped Mr. Salinas transfer $90 million to $100 million from Mexico into foreign accounts between 1992 and 1994. It summarizes actions Citibank purportedly took and failed to take, and describes one omission---failure to prepare Mr. Salinas' financial profile---that Citibank acknowledged as an abrogation of established know-your-customer policies.

Preparation of the profile would have verified Mr. Salinas' financial history and the source of wealth, according to the GAO. The report suggests that Citibank might have been able to identify the large transfers of funds as unusual or suspicious and hence been in a position to deter or report the activity.

The Salinas matter remains under investigation and is the subject of pending litigation, so all facts of the case and their implications for law enforcement and privacy are not yet clear. A Citibank spokesman is reported to have said at the time that the report contained factual errors but that the bank was cooperating with federal investigators. (15)

Before the scandal, Citibank had been lauded as a model of know-your-customer and BSA compliance. (16) The revelations shook the industry when they became public, and the case may be instructive to those considering the need for more formal know-your-customer rules. The case suggests that there is a need for effective rules, but also shows that a bank's mere adoption of know-your-customer rules may be insufficient to prevent it form becoming a tool in the commission of financial crimes.

It is not enough, however, to conclude simply that stronger enforcement is needed. Today's financial services industry labors under the heaviest regulatory compliance burden in its history. In the face of competition from unregulated lenders, relatively unregulated investment banks and foreign financial service providers, it is vital that institutions' compliance costs not be increased.

Know-your-customer rules are an attempt by industry and government to balance the need for 'stronger enforcement measures against regulatory costs'. Now that privacy concerns form part of the dialogue, a more sophisticated response may be required. Creative means of deterring money laundering, that encroach less on personal privacy and impose less of a compliance burden or financial institutions, must be found.

Subcommittees of the House Committee on Banking and Financial Services held joint hearings on April 15 and April 20 to examine the roles played by financial institutions, currency transaction reporting and know-your-customer rules in the fight against money laundering. Based on transcript of hearing testimony posted on the committee's Web site, (17) little constructive progress was made.

Know-your-customer and personal privacy issues clearly were on participants' minds, but law enforcement testimony focused primarily on the role of currency transaction reporting in the fight against organized crime, while rights advocates seemed to focus only on attacking currency transaction reporting as an unacceptable invasion of privacy. The testimony did not appear to suggest new ways to balance privacy rights with legitimate law enforcement needs.

endnotes
(1) Proposed Rules, Federal Reserve System, 12 C.F.R. parts 208, 211 and 225. "Membership of State Banking Institutions in the Federal Reserve System: International Banking Operations: Bank Holding Companies and Change in Bank Control." 63 Fed. Reg. 6751601: Proposed Rules, Department of the Treasury, Office of the Comptroller of the Currency, 12 C.F.R. Part 21, "Know Your Customer" Requirements." 63 Fed. Reg. 67524-01; Proposed Rules, Federal Deposit Insurance Corp., 12 C.F.R. Part 236, "Minimum Security Devices and Procedures and Bank Secrecy Proposed Rules, Department of the Treasury, Office of Thrift Supervision, 12 S.F.R. Part 563, "Know Your Customer" 63 Fed. Reg. 67536-01 (Dec. 7, 1998).
(2) 12 U.S.C. 1818(s). Act of Sept. 21, 1950, c. 967, 64 Stat. 879, as amended.
(3) 31 U.S.C. 5311 et seq. Pub. L. 97-258, Sept. 13, 1982, 96 Stat 995, as amended.
(4) See, e.g., New York Stock Exchange rule 405, American Stock Exchange rule 411 and the rules of Fair Practice of the National Association of Securities Dealers, Art. III.ss2.
(5) Pub. L 91-508. Titles I and II. Act of Oct. 26, 1970. Ss4 Stat. 1114, as amended.
(6) See, e.g., Kelly Shannon, "Bankers Oppose Money Laundering Laws," Houston Chronicle, Dec. 8, 1989, at 34.
(7) 54 Fed. Reg. 45769.
(8) 55 Fed. Reg. 41696-01.
(9) Annunzio-Whllie Anti-Money Laundering Act of 1992. Act of Oct. 28, 1992. Pub L. 102-550. 106 Stat. 4044.
(10) For example, in publishing on Oct. 17, 1994, notice of new initiatives designed to ease BSA burdens of financial institutions, the Treasury Department stated that it was "working with the BSA Advisory Group on---developing anti-money laundering compliance programs which go beyond routine currency reporting to include more sophisticated training and "Know Your Customer' procedures."
(11) Financial Institution Letter No. 29-96.
(12) Joel Brinkley, "U.S. Appoints Privacy Czar." Milwaukee Journal Sentinel March 7, 1999, at 8.
(13) Scott Barancik, "Financial Privacy Initiative Delayed by White House as Yugoslavia is Bombed". American Banker, March 25, 1999, at 2.
(14) General Accounting Office, "Private Banking: Raul Salinas, Citibank, and Alleged Money Laundering". Report to the Banking Minority Member. Permanent Subcommittee on Investigations, Committee on Government Affairs, U.S. Senate GAO/051-99-1 (Oct. 30, 1998)
(15) Jaret Seiberg and Dean Anason, "Despite Citi, Plan to Fight Laundering Gets Diluted." American Banker, Dec. 7, 1991, at 1.
(16) See. E.g., Matt Schulz, "Charges Against Citibank Put Spotlight on Laundering rules." American Banker, June 13, 1996, at 13.
(17) Financial Institutions/General Oversight Subcommittees, Joint Hearing on Trends In Money Laundering, April 15, 1999. www.house.gov/banking/41599loc.htm (April 23, 199: General Oversight/Financial Institutions Subcommittees, Joint Hearing on Bank Secrecy Act Reporting Requirements, April 20, 1999. www.house.gov/banking/42099loc.htm (April 23, 1999).

This article is reprinted with permission from the May 10, 1999 edition of The National Law Journal. ©1999 NLP IP Company.