X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
As a soldier in the war on terrorism, Thomas Haider is posted at America’s financial borders. It’s not an easy place to patrol, given that there are no physical boundaries — just vast databases of customer accounts and labyrinthine virtual highways transporting some $2 trillion a day. In December, as U.S. troops waged war against the al-Qaida terrorist ring in Afghanistan, Haider grew increasingly anxious about doing his part at home. While the Pentagon has a state-of-the-art arsenal to destroy terrorists, as the chief compliance lawyer at Travelers Express Company Inc., the world’s second-largest money-order seller, Haider has software, government forms and a sweeping new law to help him. From his perch at company headquarters in Minneapolis, Haider agonizes over how corporate America is going to meet the new requirements being devised by the federal government. “I don’t know if it’s shock or frustration [I'm feeling],” says Haider, the company’s associate corporate counsel. Like everyone horrified by the death and destruction on Sept. 11, he wants to help choke off Osama bin Laden and what experts now believe to be his sophisticated, multimillion dollar operation (comprised of charities, underground banks and shady businesses). And Haider isn’t just being patriotic; he’s also doing his job as a compliance officer. One of the Sept. 11 hijackers may have used Travelers to transfer about $4,000 in cash before the attacks. But now thinking about how little money — about $250,000 — it took to pull off the Sept. 11 attacks, Haider wonders how he and his banking colleagues are supposed to stop the flow of terrorist dollars. He worries that their mission may be impossible. BIG AMBITION, LITTLE DIRECTION Those concerns haven’t stopped lawmakers. In less than six weeks, the 342-page anti-terrorism USA Patriot Act was proposed, debated, and signed into law by President George W. Bush. It covers 350 subject areas and 40 federal agencies. Short for the tongue-twisting “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001,” it is the largest overhaul of anti-money-laundering rules since 1986, when “cleaning” ill-gotten gains first became a federal crime in an effort to stop drug traffickers and Mafia dons. The Patriot Act impacts thousands of banks in the United States and abroad. But here’s the rub: It also may affect countless other enterprises that are suddenly deemed to be “financial institutions” and worthy under the new law of more stringent oversight. This can include any kind of business — from a car dealership to a corner grocery store with an ATM machine. Around the country, lawyers are telling clients to be on the alert, that the new rules may apply to their companies. But the attorneys can only offer broad warnings so far, because the Treasury Department has yet to issue more detailed regulations explaining businesses’ obligations. Those rules are expected to come throughout the year [see " The Treasury's Deadline Pressure"]. Among the provisions that will cause the biggest changes: Financial institutions must step up customer identification and account monitoring, but they’re given a safe harbor from privacy lawsuits when they swap (with Treasury’s approval) information on certain customers and former employees. Companies also will be required to establish, or beef up, anti-money-laundering programs through the “development of internal policies, procedures, and controls,” independent audits, employee training and a designated compliance officer. The law doesn’t elaborate on these requirements, other than to order Treasury to factor in the “size, location, and activities” of financial institutions when devising the regulations. The law also calls for the July launch of a “highly secure” computer network to improve communication between the financial industry and the government. It’s supposed to let financial institutions file reports online and let the government issue instant alerts about possible terrorist activity. What the law doesn’t say, though, is how this network is supposed to operate (Internet-based or through private connections?); who’s going to pay for it; and any other information it might contain. MANY DOUBTING THOMASES Bankers and lawyers from Wall Street to Main Street are shaking their heads. They’re worried that Congress has delivered a massive directive for combating terrorism through the pocketbook, but offered little guidance about how these new weapons are to be manufactured or used. For starters, the Patriot Act requires every financial institution — not just traditional banks — to monitor and to report suspicious customers to federal officials. But how closely must customers be watched in order to detect suspicious activity? What kinds of systems will be necessary to conduct enhanced monitoring? And what will be the cost to customer privacy and the banks? Answers to these questions won’t be known at least until the Treasury Department figures out what the act’s various provisions should mean in practice. And that could take a while. While Congress set rigid deadlines for Treasury to issue a raft of new regulations throughout 2002, it didn’t give the agency extra money or much direction on how to get the job done. So, a full two months after the law was passed, Sheri James, a spokeswoman for Treasury’s Financial Crimes Enforcement Network — the body charged with investigating terrorist funds — admits, “People here are still sorting through this and asking, ‘What did [Congress] mean by this [provision]? What do they want us to do?’ ” No wonder compliance officers and their counsel expect the agency to miss the crushing deadlines. In the months, possibly the years ahead, lawyers at financial institutions say, they’re going to be on their own figuring out their obligations — and overreporting to protect themselves against the government’s wrath. Even when Treasury lays out the new rules, these attorneys expect businesses to shower Washington with paperwork about suspicious account activity, just to be safe. And many think the feds won’t be able to sort through it all. Haider warns, “You’re going to get too much chaff, and not enough wheat.” READY AND WILLING Intent isn’t the problem. Some financial services companies already were trying to do their part to thwart terrorists before the Patriot Act became law. As Haider watched the horror unfold on an office television at the Travelers Minneapolis headquarters Sept. 11, he was primed for action. Three days after the attacks, when Cable News Network posted an initial list of the hijackers, he ordered a search of Travelers’ customer databases. That’s when he discovered that one of the 19 hijackers had been a Travelers customer. Within hours Haider’s deputy was on the phone with the Federal Bureau of Investigation. At the same time, in downtown Manhattan, a mere four blocks from ground zero, Stephen Shine also was volunteering his services. Senior counsel and head of compliance at Prudential Securities Inc., he reacted to rumors that airline stocks were shorted right before the attacks by immediately ordering a search through Prudential’s accounts. That early effort quickly dissolved into chaos. Haider, Shine and other compliance officials at financial institutions around the country were overwhelmed by government lists of Middle Eastern names — some rosters were incomplete, others conflicted — and calls from federal officials scrambling to follow the money trail. After several days of this madness, Shine realized that industry and government had to “get on the same page” or risk acting like the Keystone Kops. So, working with Alan Sorcher, associate general counsel of the Securities Industry Association, Shine put together a meeting of about 100 in-house Wall Street lawyers, law enforcement personnel and regulators from multiple government agencies at Prudential’s offices in early October. There, with the air thick from the still-burning World Trade Center wreckage, it was agreed that the banks would establish a primary contact person and that government officials would look into consolidating their lists of suspects. (As one in-house lawyer in attendance remarked, running checks on the Middle Eastern names, with their many spelling mutations, isn’t as simple as “feeding in a list, pressing a button, and ‘Presto!’ “) By mid-October, the government’s roster was whittled down to two lists. One is a compilation put out by Treasury’s Office of Foreign Assets Control, which has historically released names of crime suspects and ordered the freezing of their assets. The other is a new, secret list, put together by the FBI and U.S. Department of Justice and containing names of individuals or groups who are under investigation, but not yet the targets of formal asset-forfeiture orders. HARDEST HIT Such piecemeal efforts weren’t enough for President Bush’s war on terrorism. Just as lists of suspicious customers were being consolidated, he signed the sweeping Patriot Act. If Haider, of Travelers Express, hadn’t already volunteered for the cause, the new law would have served as his draft notice. While every company in the financial services sector faces a host of new, complicated requirements under the act, two groups are likely to be hardest hit: brokerage houses and so-called money services businesses, an umbrella category that includes Travelers, Western Union, casinos and real estate companies. Unlike banks, these businesses had not previously been required to file reports of suspicious customer account activity. Now, under the Patriot Act, they must follow the same guidelines as banks in setting up formal anti-money-laundering programs designed to alert government to suspicious account activity. Lacking specific instruction until Treasury issues regulations, in-house compliance officers and their lawyers are reserving judgment on the pain ahead. As Prudential’s Shine put it: “The devil is in the details.” That’s a huge understatement. Industry heavyweights like Travelers and Prudential Securities voluntarily have submitted Suspicious Activity Reports (SARs) since 1997 and 1992, respectively. But they are in the minority. An October report released by the General Accounting Office found that 80 percent of the country’s broker-dealers do not have voluntary anti-money-laundering programs. As a result, the GAO said, these financial institutions are vulnerable to criminal activity. Even the broker-dealers with such programs may be processing outlaws’ money. The voluntary programs are largely unregulated, so there’s no telling how sophisticated or effective they are. And federal officials are skeptical. A former federal investigator called these monitoring systems “one of the eternal mysteries” of the financial world. The feds have reason to believe there’s some room for improvement, given scandals like The Bank of New York Company Inc.-Russian money-laundering debacle that broke in 1999 and last summer’s $10 million fine against U.S. Trust Corporation (now owned by The Charles Schwab Corporation) for lax reporting of account activity. At the Securities Industry Association, Sorcher acknowledges that there’s room for improvement with the voluntary programs, but he suggests that part of the problem lies with government. For years, securities firms and Treasury have been trying to design, without success, an industry-specific form with which to report suspicious customers (they’ve had to use the bank ones). What’s more, securities shops don’t always hear back after they’ve sent an alert. “It’s hard for us to know [how effective our money-laundering programs are],” says Sorcher. “You take a test but you never know how you did.” Admits one in-house lawyer at a brokerage firm: “We were taking baby steps. Now we have to grow up in a hurry.” But the cost of this education could be enormous — first to implement the system, then to defend it. This lawyer says that her securities firm could easily shell out upwards of $10 million for a state-of-the-art surveillance system to detect behavior patterns by customers across multiple accounts. Now, reporting is done piecemeal. But if the goal is to ward off future terrorist attacks, this Wall Street lawyer says, more sophisticated analysis is necessary — not just internally, but in cooperation with other institutions. THE NEW SPIES The first, and biggest, problems for financial institutions to figure out are: Whom should they be spying on, exactly, and how deeply should they delve into customers’ backgrounds? Before Sept. 11 the government sought — unsuccessfully — to get bankers to do in-depth profiling of customers. Banks also resisted government attempts to force them to track account activities of shady foreign political leaders and their so-called close associates. Banks found the request unreasonable because the government refused to identify by name those who qualified for this kind of surveillance. Sorcher says that the industry doesn’t have a problem with the regulation in theory, but it’s the government’s job to tell financial institutions “who the foreign bad guys are.” [See " Master List of Evildoers?"]. Under the Patriot Act those disputes now seem trivial. It looks like under the new law financial institutions will be required to monitor a much wider range of accounts and to divulge greater quantities of information about customers. Suddenly, instead of the relatively simple, albeit vague, directive, to “know your customer,” lawyers and compliance officers at financial institutions are thrust into a new world of “special due diligence,” “enhanced due diligence,” and “enhanced, enhanced due diligence.” They’ll likely spend years trying to understand and implement these terms. Publicly, they’re not complaining. Privately, though, many worry about digging deep into customers’ backgrounds — and having the customers bite back. The Patriot Act promises to protect banks engaged in high-level account monitoring from consumer claims of privacy violations. While customers have challenged safe harbors in the past, so far courts have shielded banks cooperating with law enforcement from civil liability, even when those banks may have acted in bad faith, says Gordon Greenberg, a former federal prosecutor and partner in the Los Angeles office of Chicago’s McDermott, Will & Emery. But, Greenberg says, profiling terrorist suspects and those deemed “closely associated with” them can get very sticky. For example, Greenberg says, “if the prime minister of Pakistan gives to a charity that also gives to bin Laden, is that ‘closely associated with’?” INFORMATION OVERLOAD Besides the question of “who?” there also are troubling questions of “how much?” The Patriot Act doesn’t explicitly tell financial services companies to file more SARs on customer accounts. But all observers say that this will be the law’s practical effect — because financial institutions are bound to err on the side of caution. After all, as an in-house lawyer at one of the country’s largest banks explains: “Nobody [in government] is going to fault us for filing one [report] in error. But somebody is going to fault us if our customer happens to be a terrorist,” and no report was filed. Under the Patriot Act, fines run as high as $1 million for each violation of anti-money-laundering regulations. Yet here’s the Catch-22: Too much paperwork defeats the mission. (Already, the government has a problem with Cash Transaction Reports, which banks are required to file to the federal government for all money transfers over $10,000. With nearly 13 million filed each year, CTRs have long been criticized as virtually useless.) Some compliance officers and their lawyers predict that filing more SARs will only stymie the crackdown on terrorist financing. Because these reports are filed now in paper form or on magnetic tape, it can take two months for an SAR to become available on a Treasury-operated database accessible to local, state and federal authorities. And, as an in-house bank lawyer notes: “Sixty days could be 59 days too many” to stop a terrorist attack. But help may be on the way. The electronic filing system, outlined in the act, is supposed to take care of that problem. Besides, John Byrne, senior counsel and compliance manager with the American Bankers Association and a vocal proponent of SARs, says, they are like police reports. “Does every one get looked at?” asks Byrne. “No. But not every police report gets looked at or investigated either.” DEFINE ‘VICTORY’ Treasury officials seem confident about achieving the Patriot Act’s long-term goals. And some early triumphs support that optimism. Within weeks of the Sept. 11 attacks, Treasury Secretary Paul O’Neill boasted that more than $25 million in Al Qaeda money had been frozen in the U.S. A Minnesota bank and Texas charity, both thought to be part of bin Laden’s al-Qaida network, were shut down. And at last count, Treasury was claiming that $67.6 million in terrorist assets had been blocked worldwide. Crowed one Senate staffer in December: “The last three months have shown that, if you put the government onto a concerted financial investigation, it can do pretty well.” But even if the feds manage to process all of the paperwork, the historic law may not live up to its billing. After all, short of abolishing cash altogether, there always will be Samsonites full of $100 bills crossing borders undetected. What’s more, memories fade. The history of financial crimes “moves from scandal to action to forgetting, and then the cycle starts again,” says the Senate staffer, pointing to the savings and loan crisis, BCCI, Bank of New York and other high-profile debacles that have racked the industry. Prudential’s Shine has been around long enough to know. Though determined to nab bin Laden and other like-minded terrorists, Shine warns that cracking down on money laundering is mind-numbingly complicated. “You hit it with a hammer and it goes off into 10 different directions,” he cautions. “You’re always playing catch-up.”

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.