WikiLeaks Document Release http://wikileaks.org/wiki/CRS-RS22003 February 2, 2009 Congressional Research Service Report RS22003 Enforcement of the Bank Secrecy Act Requirements: Money Services Businesses Nathan Brooks, American Law Division December 13, 2004 Abstract. Questions have been raised regarding the IRSs ability to effectively monitor the compliance of money services businesses (e.g., check cashing and money order businesses) with the Bank Secrecy Act (BSA), given the large number of such institutions and the IRSs limited resources. In response, the IRS has announced a forthcoming model pact for coordination between the IRS and states with regard to money services businesses and BSA enforcement. This report provides background on the BSA, the IRSs BSA responsibilities, and an overview of some of the criticism leveled at the IRS with respect to BSA compliance. Order Code RS22003 December 13, 2004 CRS Report for Congress Received through the CRS Web Enforcement of Bank Secrecy Act Requirements: Money Services Businesses Nathan Brooks Legislative Attorney American Law Division Summary http://wikileaks.org/wiki/CRS-RS22003 Questions have been raised regarding the IRS's ability to effectively monitor the compliance of money services businesses (e.g., check cashing and money order businesses) with the Bank Secrecy Act (BSA), given the large number of such institutions and the IRS's limited resources. In response, the IRS has announced a forthcoming model pact for coordination between the IRS and states with regard to money services businesses and BSA enforcement. This report provides background on the BSA, the IRS's BSA responsibilities, and an overview of some of the criticism leveled at the IRS with respect to BSA compliance. This report will be updated as events warrant. Introduction. The Internal Revenue Service (IRS) is charged with monitoring compliance with the Bank Secrecy Act (BSA)1 by most nonbank financial institutions, which include money services businesses (MSBs). Recently, concerns have been raised regarding the IRS's ability to effectively carry out this duty with respect to MSBs,2 as repeated investigations by the Department of the Treasury have found failings in the IRS's BSA compliance program generally, and the New York State Banking Superintendent has called for federal legislation allowing states to enforce the BSA and other federal anti- money laundering/terrorist financing laws3 against MSBs.4 This report provides background on the BSA, an overview of the IRS's examination responsibilities with respect to MSBs, and a discussion of some of the criticism leveled at the IRS. 1 Codified, as amended, at 12 U.S.C. §§ 1829b, 1951-1959; 31 U.S.C. § 5311 et seq. 2 See, e.g., "IRS May Fail to Detect Noncompliance with Bank Secrecy Act, TIGTA Concludes," BNA's Banking Report, Vol. 82, No. 12, at 499 (March 24, 2004). 3 For a detailed discussion of the anti-money laundering/terrorist financing legal framework, see CRS Report RL32539, Terrorist Financing: Current Efforts and Policy Efforts for Congress, coordinated by Martin Weiss. 4 See, e.g., "New York Bank Chief Urges Legislation Giving States BSA Authority for Money Firms," BNA's Banking Report, Vol. 83, No. 12, at 518 (October 4, 2004). Congressional Research Service ~ The Library of Congress CRS-2 The Bank Secrecy Act. Congress laid the foundations for the federal anti-money laundering (AML) framework in 1970 when it passed the BSA.5 The BSA has been amended a number of times, most notably by Title III of the USA PATRIOT Act6 in 2001. Among other things, Title III expanded the BSA framework beyond AML to also fight terrorist financing. The BSA framework focuses on financial institutions' record- keeping, so that federal agencies are able to apprehend criminals by tracing their money trails. "Financial institutions" is defined very broadly under the BSA to include everything from banks to casinos to the United States Post Office.7 Under the BSA framework, primary responsibility rests with the financial institutions themselves in gathering information and passing it on to federal officials. The BSA also contains civil8 and criminal9 penalties for violations of its reporting requirements, ranging from $500 for negligence10 to $500,000 and/or ten years in jail for certain willful violations.11 Under the BSA, financial institutions must file reports of cash transactions (CTRs) exceeding the amount set by the Secretary of the Treasury in regulations.12 The Secretary also requires financial institutions to file suspicious activity reports (SARs) for http://wikileaks.org/wiki/CRS-RS22003 transactions that cross a certain monetary threshold where the bank suspects or has reason to suspect that the transaction involves illegally-obtained funds or is intended to evade reporting requirements.13 The BSA contains significant requirements related to foreign-based monetary transactions. Citizens are required to keep records and file reports regarding transactions with foreign financial agencies, and the Treasury Secretary must promulgate regulations in this area.14 The statute also requires the filing of reports by anyone who exports from the United States or imports into the United States a monetary instrument of more than $10,000.15 5 P.L. 91-508 (codified, as amended, at 12 U.S.C. § 1829b; 12 U.S.C. §§ 1951-1959; 31 U.S.C. § 5311 et seq.). 6 P.L. 107-56. For a detailed discussion of Title III of the USA PATRIOT Act, see CRS Report RL31208, International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, Title III of P.L. 107-56 (USA PATRIOT Act), by M. Maureen Murphy. 7 31 U.S.C. § 5312(a)(2). 8 Id. at § 5321. 9 Id. at § 5322. 10 31 C.F.R. § 103.57(h). 11 31 U.S.C. § 5322(b). 12 31 U.S.C. § 5313(a). 13 31 C.F.R. § 103.18. 14 31 U.S.C. § 5314. 15 31 U.S.C. § 5316. CRS-3 The BSA and MSBs. Included within the BSA's reporting and record-keeping requirements are MSBs. A business is generally considered to be a MSB if: 1) it offers one or more of the following services: money orders, traveler's checks, check cashing, currency dealing or exchange, stored value; and 2) the business either conducts more than $1,000 in these activities with the same person in one day or provides money transfer services in any amount.16 MSBs tend to be smaller and harder to track than banks; as one official from the Financial Crimes Enforcement Network (FinCEN) put it in testimony before Congress, "Identifying the universe of businesses subject to our [MSB] anti-money laundering regulatory regime is a basic yet challenging initial step. Many of these businesses are small, one- or two-person operations ... The challenge of merely identifying these businesses cannot be understated."17 The regulations governing MSBs' BSA responsibilities reflect the unique challenges these businesses pose to regulators. Each business (not including branches) that fits within the definition of a MSB is required to register with FinCEN, except for the U.S. Postal Service and other agents of the federal, state, or local government, and those businesses that are considered MSBs only because they: 1) act as agents for other MSBs; or 2) act as an issuer, seller, or redeemer of stored value.18 Certain MSBs19 are required to file Suspicious Activity http://wikileaks.org/wiki/CRS-RS22003 Reports - MSB (SAR-MSBs) for transactions involving at least $2,000 in which the MSB believes or has reason to believe that the transaction: 1) involves funds derived from illegal activity or is intended to hide such activity; 2) is otherwise designed to evade the reporting requirements under the BSA; 3) has no business or apparent lawful purpose or is not the type of transaction in which the customer would normally be expected to engage; or 4) involves the use of a MSB to facilitate criminal activity.20 All MSBs are required to develop and implement risk-based BSA compliance programs.21 MSBs are also required to file CTRs for cash transactions of over $10,000,22 and must maintain information pertaining to the sale of and verify the identity of those 16 See 31 C.F.R. § 103.11(uu). See also FinCEN, Money Laundering Prevention: A Money Services Business Guide, available at [http://www.fincen.gov/msb_prevention_guide.pdf] (Last visited December 3, 2004). 17 The hearing, yet to be published at the time of this report, was titled, Policies to Enforce the Bank Secrecy Act and Prevent Money Laundering in Money Services Businesses and the Gaming Industry (September 28, 2004) [hereinafter "Hearing"] the testimony from which can be found at [http://banking.senate.gov/index.cfm?Fuseaction=Hearings.Detail&HearingID=131] (last visited December 3, 2004). 18 31 C.F.R. § 103.41. These registrations must be renewed every two years. Id. MSBs are required to prepare and maintain a list of their agents every year, and to make this list available upon request to FinCEN, the IRS, and any other appropriate law enforcement agency. Id. at § 103.41(d). 19 These are: 1) currency dealers/exchangers; 2) issuers, sellers, or redeemeers of money orders, traveler's checks, or stored value; 3) money transmitters; and 4) the U.S. Postal Service. Id. at § 103.20(a)(1). 20 Id. at § 103.20(a)(2). Many issuers of money orders and traveler's checks are only required to file SAR-MSBs for transactions or patterns of transactions of at least $5,000. 21 31 U.S.C. § 5318(h); 31 C.F.R. § 103.125. 22 31 C.F.R. § 103.30. CRS-4 purchasing certain monetary instruments (e.g., money orders and traveler's checks) valued from $3,000 to $10,000.23 MSBs must also maintain information on funds transfers of $3,000 or more.24 The IRS and the BSA. The IRS has been delegated the responsibility for ensuring that MSBs (as well as most so-called "nonbank financial institutions") comply with BSA reporting requirements.25 Primary responsibility for this duty rests with the IRS's Small Business and Self-Employed Taxpayers Division (SB/SE). There are four aspects of the IRS's BSA program: 1) identifying non-banks subject to the law; 2) educating non-banks on their reporting and record-keeping responsibilities; 3) conducting examinations of the non-banks' compliance with the BSA reporting requirements; and 4) referring to FinCEN for possible assessment of penalties.26 Internal audits have been critical of the IRS with regard specifically to MSBs, leading some to doubt the IRS's ability to effectively enforce the BSA against MSBs.27 The controversy surrounds the large number of MSBs operating in this country ­ estimated at over 160,000, licensed and unlicensed ­ compared to the IRS's limited resources. In December, 2000, the Treasury Department's Inspector General for Tax http://wikileaks.org/wiki/CRS-RS22003 Administration conducted an internal audit and found that the IRS had identified less than half of the MSBs subject to the BSA.28 The findings were part of an audit critical of the IRS's BSA compliance program for all non-banks, not just MSBs. Some of the major faults found in the audit included inadequate resources for educating non-banks as to applicable BSA requirements; not enough compliance examinations overall; neglect of entire geographic regions by the IRS in administering compliance examinations; not enough referrals made to FinCEN for possible assessment of penalties.29 The primary reason cited in the audit for the deficiencies in the IRS's BSA program was that the IRS had not placed responsibility for achieving its BSA goals with local field managers. In essence, the audit found that the BSA compliance program was not a uniform priority for most agents in the field, and that BSA compliance was somehow seen as outside of the IRS's main mission, i.e., tax enforcement.30 The audit made nine recommendations for improving the IRS BSA compliance program, including establishing 23 31 C.F.R. § 103.29. 24 Id. at § 103.33(f). Further, currency dealers and exchangers are required to maintain records of every currency exchange over $1,000. Id. at § 103.37. 25 31 C.F.R. § 103.56(b)(8); Treasury Directive 15-41 (December 1, 1992). 26 See U.S. Treasury Inspector General for Tax Administration (TIGTA), The Program for Ensuring Compliance with the Anti-Money Laundering Reporting Requirements Should Be Improved, p. i (Ref. No. 2001-40-024) (December 2000). 27 28 TIGTA, The Program for Ensuring Compliance with the Anti-Money Laundering Reporting Requirements Should Be Improved, p. i (Ref. No. 2001-40-024) (December 2000). 29 Id. at 6-14. 30 Id. at 12. CRS-5 performance-based indicators and tracking achievement of those indicators; assigning more analysts to BSA responsibilities; ensuring accountability of field managers.31 Subsequently, the IRS established a national Program Manager for BSA compliance and established dedicated groups of field officers to focus exclusively on BSA compliance. In addition, field officers were given more extensive BSA training, and the IRS entered into an agreement with FinCEN to increase by 70 the number of IRS BSA examiners. To improve education, the IRS contracted out an initiative to distribute an information package to roughly 10,000 potential MSBs.32 On March 12, 2004 the Treasury Department released its findings from a second audit and found that, although the IRS has made some improvements to its BSA compliance program, significant problems persist.33 First, the 2004 audit found that the IRS does not employ standardized, risk-based criteria for choosing which non-banks to inspect, or which ones to visit for follow-up investigations. Similar to findings in the 2000 audit, the 2004 audit found that the IRS is lacking in its ability to respond to regions that become hot money laundering areas. The audit concluded that, given the IRS's limited resources compared to the mammoth task of monitoring non-bank BSA http://wikileaks.org/wiki/CRS-RS22003 compliance, the IRS needs to use risk assessment and data collection to determine which regions and specific businesses need to be examined.34 In addition, the 2004 audit found that IRS Area Offices frequently do not retain sufficient documentation to support their final compliance determinations.35 Perhaps most significantly, the audit found that IRS examiners often do not have access to SARs filed by non-banks.36 In fact, the audit found a general lack of coordination between FinCEN ­ which has legal custody of SARs ­ and the IRS on BSA matters, and that the IRS is not referring enough cases to FinCEN for assessment of possible civil penalties.37 While the IRS continues to implement reforms in response to the Treasury Department audit ­ one being negotiations with FinCEN to secure access to SARs ­ some have questioned whether the IRS alone can handle the responsibility of monitoring BSA 31 Id. at 13-14. 32 See TIGTA, Final Audit Report ­ Additional Efforts are Needed to Improve the Bank Secrecy Act Compliance Program (Audit # 200330004) 4-5 (March 12, 2004). 33 Id. 34 Id. at 10-11. Relatedly, the Treasury auditor studied the violations reported in three different field offices, and the results raise important questions. For example, Office A reported violations in 50% of closed cases, while Offices B and C only reported violations in 10% and 11% of closed cases, respectively. If the IRS had a more effective monitoring program in place and conducted this study on its own, the auditor argued, "this type of analysis might lead management to try to determine why more violations are not being identified in Area Offices B and C." Id. at 8-9. 35 Id. at 11-13. Significantly, in its study, the audit found that those Area Offices with more complete documentation reported more BSA violations overall. 36 Id. at 13-14. FinCEN ­ which has legal custody of SARs ­ believes there are certain legal impediments preventing FinCEN from sharing SARs with IRS examiners, although it appears that these two agencies are working out an agreement to coordinate IRS access to SARs. Id. 37 Id. at 16-17. CRS-6 compliance within the vast MSB community.38 On September 28, 2004, the Senate Banking Committee held a hearing focusing in part on this issue. At the hearing, Diana L. Taylor, the New York State Banking Superintendent, urged Congress to pass legislation allowing states to enforce the BSA against MSBs.39 In response, the Commissioner of SB/SE, testified that the IRS has recently created within SB/SE a new Office of Fraud/BSA ­ with 310 field examiners divided into four territories ­ that will work closely with FinCEN.40 The Commissioner also testified that the IRS is negotiating a model pact for coordination between states and the IRS with respect to the enforcement of the BSA against MSBs.41 In addition, the pact would offer federal training to state regulators to assist in BSA examination of MSBs.42 Conclusion. While the IRS has made significant strides in improving its BSA compliance program, internal audits reveal that important questions remain as to whether the IRS is stretched too thin with regard to: 1) monitoring BSA compliance; and 2) analyzing data collected in examinations and drawing conclusions from that data. Both of these problems stem from the large number of nonbank financial institutions nationwide, and attention has focused largely on MSBs. MSBs are believed to number http://wikileaks.org/wiki/CRS-RS22003 over 160,000, the majority of which are not registered, and are hard to track because of their traditionally small size. 38 Congress has shown interest in this question before; in section 357 of the USA PATRIOT Act, Congress directed the Treasury Secretary to submit a report addressing, among other things, whether the IRS should continue to be responsible for monitoring BSA compliance of MSBs. The Secretary submitted this report on April 26, 2002, finding that the IRS has the expertise and resources to carry out this function, but that ­ as the IRS internal audit concluded ­ more of these resources need to be committed to the BSA enforcement program. The report can be found at [http://www.treas.gov/press/releases/reports/357.pdf] (Last visited December 3, 2004). 39 See note 17, supra. 40 Hearing, Written Statement of Kevin Brown, Commissioner, SB/SE, at 2-3. 41 See "Model Pact for State-Federal Cooperation on MSBs to Be Unveiled Soon, Official Says," BNA's Banking Report, Vol. 83, No. 12, at 505 (October 4, 2004). 42 Id.