In the past decade, there has been an increased interest on the part of legislatures and regulators in imposing rules upon financial institutions (i.e., banks, securities dealers, mutual funds, insurance providers and others as defined by the Bank Secrecy Act (USC Title 31)) that require these institutions to better identify, investigate, and report customer and/or transaction activity that is suspicious. Suspicious activities include those involving or relating to theft or fraud. Since the passage of the USA PATRIOT Act in October, 2001, significant emphasis has been placed on a financial institution's capability to detect and report potential money laundering and terrorist financing activity.
The USA PATRIOT Act requires financial institutions to meet certain requirements in order to be compliant with the expectations of regulators. Among these are the requirements that financial institutions must have designated compliance officers focusing on abiding by the regulations set forth in the Bank Secrecy Act; detailed written policies and procedures for internal controls related to anti-money laundering and terrorist financing activity, and comprehensive anti-money laundering and terrorist financing training and education programs. In addition, the law requires financial institutions to design and implement a robust Customer Identification Program (“CIP”).
A financial institution's CIP is required to (1) obtain and verify the identity of customers; (2) obtain a physical address of customers; (3) obtain a customer's date of birth; and, (4) obtain an identifying number of a customer such as a Social Security Number of passport number. For non-individual customers such as businesses or organizations, the financial institution is required to have procedures for ensuring the full and proper identity of each business or organization, as well as the identity of the individuals who exercise control over the accounts of the business or organization.
A further requirement of the law is that financial institutions have risk-based procedures to identify, investigate, and report suspicious activity related to potential money laundering and/or terror financing. Regulatory expectations are that financial institutions will have some form of automated information technology system to accomplish this task. The enormity of the task cannot be understated. Many financial institutions have hundreds of thousands or even millions of customers who each day engage in comparable numbers of transactions. Nevertheless, regulatory authorities expect financial institutions to be able to filter these transactions and identify those that need further review to determine if they are suspicious. As a result, there is a growing market for software products capable of sifting and filtering the millions of transactions to find those anomalies potentially related to money laundering or terror financing. Such products are often referred to as “back end” systems, in that they filter information from transactions after they have occurred. In other words, these systems look back on activities occurring over a period of time in order to identify those that are or may be unusual or suspicious.
Back end investigation systems, by definition, cannot assist a financial institution in identifying at the start of a business relationship those individuals and/or organizations that are more likely to be involved in suspicious or unusual activity. Accordingly, there is a need for an efficient “front end” system for gathering information and identifying those relationships that present a higher than normal risk for money laundering or terrorist financing prior to or simultaneous to the opening of an account. Such a system would identify risk, not on past behavior, but on certain personal characteristics and anticipated transaction characteristics that are known to the regulatory and financial industry communities as presenting a higher probability for non compliance with anti-money laundering laws.