The Bank Secrecy Act in the USA was first established in 1970. Under the Bank Secrecy Act, financial institutions must report suspicious activities to the government. Historically, financial institutions train frontline personnel (e.g., bank tellers) to observe and identify suspicious activities. Most financial institutions, however, could not effectively comply with the Bank Secrecy Act. After the 9/11 tragedy, U.S. lawmakers believed that true compliance with the Bank Secrecy Act by financial institutions could have prevented the 9/11 tragedy.
To further enforce the Bank Secrecy Act, the U.S. Congress passed the USA PATRIOT Act which enacted severe civil and/or criminal penalties for violations of the Bank Secrecy Act. Furthermore, the U.S. government agencies, such as Financial Crimes Enforcement Network (FinCEN), Office of Comptroller of Currency (OCC), Federal Reserve Bank (FRB), Federal Deposit Insurance Company (FDIC), National Credit Unions Administration (NCUA), State Banking Departments, Department of Financial Institutions, etc., strictly require financial institutions to comply with the Bank Secrecy Act, especially in their obligations to file Suspicious Activities Reports (SARs) to FinCEN.
Suspicious activities cover a very broad scope. For example, money laundering, terrorist financing, fraud, embezzlement, identity theft, computer intrusion, self-dealing, bribery, false statement, counterfeit instruments, mysterious disappearance, etc., are all classified as suspicious activities.
Nevertheless, many financial institutions have failed to detect and report suspicious activities. In fact, many financial institutions use products that are effective for preventing fraud, but ineffective for preventing money laundering or other financial crimes. In general, fraud can be detected based on change of behavior because a fraudster that has stolen a victim's identity (or financial instrument) behaves differently from the victim. A computer system can detect a fraud case if an account's activities are different from expected activities as derived from historical activities.
For example, U.S. application (Publication No. 2003/0177087) specifies that a high risk variable can include a change in an account's usual behavior indicated, for example, when a transaction falls outside its profile. According to this publication, Beta, Delta, and Theta models are used to detect transactions that fall outside the profile of a customer.
However, money laundering and some other financial crimes can be committed without any change in behavior. As a result, the traditional approach of detecting fraud based on a change in behavior cannot detect some basic money laundering activities or other financial crimes. In the money laundering arena, a high-risk customer may not be suspicious. For example, money services businesses (MSBs), pawn shops, ATM vendors, flight attendants, etc., are typically classified as high-risk customers by banks in their Anti-Money Laundering program. Nevertheless, it does not mean that these high-risk customers conduct money laundering activities. Although high risks are associated with these customers, there may be nothing wrong with these customers.
Some businesses are very difficult to monitor. For example, an MSB deals with a large number of transactions every day and a single money laundering transaction, mixed with a large number of transactions, may not be detected by the traditional approach.
The challenges noted for complying with the USA PATRIOT Act and the Bank Secrecy Act (BSA) are just some examples to illustrate the importance of identifying suspicious activities. Identifying suspicious activities can also be used to comply with other laws, such as the Fair and Accurate Credit Transactions Act (FACT Act), the Unlawful Internet Gambling Enforcement Act (UIGEA), the Elder Abuse Reporting Act, (EARA), the Sarbanes-Oxley Act (SOX), the regulations set by the Office of Foreign Assets Control (OFAC), and other laws and regulations.
Regulatory compliance is traditionally implemented through policies and procedures that require human workers to take some specific actions in response to certain conditions. For example, banks train their tellers in the branches to observe and report anything they see as suspicious to comply with the Bank Secrecy Act.
This traditional approach is no longer effective in the modern age because a bank's customers no longer need to appear in a branch of the bank. Customers can conduct electronic transactions remotely (e.g., ATM, Internet, etc.) and there are many financial instruments available to customers (e.g., checks, credit cards, debit cards, etc.). Furthermore, perpetrators are sophisticated and know how to avoid attracting attention from tellers. As a result, depending on tellers to detect suspicious activities for compliance with the Bank Secrecy Act is insufficient.
Moreover, the cost of this human-based approach is very expensive. Intensive training must be conducted periodically to ensure that human workers truly know how to respond to each different situation in compliance with different laws and regulations. Human workers, however, are prone to mistakes. In fact, due to human oversight, many financial institutions have received severe penalties from government agencies for failure to comply with different laws and regulations.
The present disclosure provides some solutions that can detect different types of suspicious activities and help businesses comply with different types of laws and regulations.