Anti-Money Laundering Trends: 2008
TOM FIELD: Hi. This is Tom Field with Information Security Media Group. I'm talking today about anti-money laundering, speaking with Kevin Sullivan, an investigator with the New York State Police. Now, he doesn't like to be called an expert in the area, but he has been investigating money laundering for about 11 years.
Kevin, thanks so much for joining me today.
KEVIN SULLIVAN: You are very welcome, Tom.
FIELD: Kevin, what do you see as the hot trends in anti-money laundering so far in 2008?
SULLIVAN: Well, I think it's important to remember that the bad guys are always experimenting. They constantly are testing the system from the outside and the in. Every new technology that financial institutions come up with will be poked and prodded to find the soft spots and the vulnerabilities. I'm currently looking into exposure of the virtual reality world on the internet. I would have to say though that perhaps the most significant development of the year is the concept of micro structuring. Now, traditionally structuring is kept to cash transactions just below $10,000. And the current advanced AML software systems are designed within a certain set of parameters that each institution sets to detect that structure. However, with micro structuring, the bad guys are keeping their transactions very low, 2500, 2800, $3,000, or in that area. The aim of software that the banks have are usually not set up to detect that smaller amount unless there's another red flag associated with it. So the bad guys know this, and the bad guys are exploiting it.
So if we go back to my first sentence, the bad guys are always, always experimenting with new methods. And this is the newest method.
FIELD: Now, Kevin, as you know, anti-money laundering is all in support of the Bank Secrecy Act. What significant changes have we seen regarding BSA this year?
SULLIVAN: I think the most significant change is just in awareness and compliance. I mean, in New York we look at over 4,000 BSA related [Suspicious Activity Reports] SARs each month. That wasn't happening years ago, and it certainly wasn't happening prior to 9/11. I think more institutions are now understanding their role in AML process and they're doing a pretty good job to support the objective.
FIELD: Now, Kevin, as you say, you've got 10-11 years in anti money laundering investigation. How have you seen this whole area evolve in the time you've been an investigator?
SULLIVAN: Well, I understand very well that it's not a money maker for the financial institutions, and it's always difficult to put a dollar sign on or to quantify prevention. However, I see a greater awareness in the financial community of what the true implications of money laundering are. The same goes in the law enforcement community. I tell people all the time that crimes are committed for only three reasons: you know, crimes of passion; there are crimes committed by crazy people; and there are crimes committed for greed. And the vast majority of crimes fall into the greed category. So, if greed is the common denominator of most crimes, then it is very prudent to establish a financial component into most investigations.
FIELD: As you know, our audience is coming from banks and credit unions primarily. Regarding financial institutions in your experience, what's least understood about anti-money laundering?
SULLIVAN: I think it's a couple things. The first one I think is that the banks and the financial institutions should be aware that the SARs that they write are being reviewed. We look at every single one in New York, and I understand that not everyone is going to get picked up. Not every SAR is going to turn into a case. There are SARs done for defensive purposes and then SARs done just to cover everyone's collective butts so that they don't have to worry about regulators. I grasp that. But what you have to realize is that even though a SAR that Bank A completes might not turn into an investigation; however, Bank A is not reading all the SARs, and they don't know what Bank B and Bank C are doing. I will read that. So I'll see that, you know, I have a $35,000 SAR from your bank, but yet I see the same thing from Banks B, C, D, and E. And suddenly, that will prompt me to start a case on that.
Also, I constantly preach to the AML folks to please remove any rose-covered glasses that you might have on and to think due diligence, enhanced due diligence. Super duper due diligence or whatever label that you want to put on it. The thing to remember is that the case came across your desk for a reason. You know, perhaps a software kicked it out or it came from another department, but something somewhere triggered it. So you have to always think to yourself, okay, now prove it, prove where the money came from or where the money is going to or does that transaction make sense. If it doesn't pass the test, then that's fine; then you write it up and do what you have to do. But don't make excuses or don't assume anything for anybody, and always deal with the facts.
FIELD: I want to take you back to something you mentioned a few minutes ago, Kevin, because I know you recently wrote a piece about virtual money laundering over in Second Life in particular. What's the virtual money laundering threat to the real world?
SULLIVAN: Well, I'm still working on that case. But right now the casinos and the virtual casinos and the virtual banks have been shut down, but that was mostly due to fraud concerns. People always see the fraud issues before they see the money laundering issues, basically because there are victims complaining, and fraud is much more transparent. I had a similar concern a few years back with private ATMs. However, I do believe that virtual money laundering is yet another method for bad guys to move money, which banks will question that if people can legitimately move money in the virtual world, should it be considered a financial institution, much like an MSB.
Now, you hear from some people that in the virtual world you can't move that much money at one time and it's not a very good method to launder the cash. And on one hand, that's true. However, you know, that's exactly what makes it a good method. Now, remember what I said earlier about the bad guys are always trying new methods. This is what the bad guys do. This is their life. They look for ways and methods to remove you from your cash. And if they believe that you think a method is not good and you don't give it much attention, then that's exactly where they're going to go. The bad guys would prefer to travel the path of least resistance every time.
FIELD: Makes sense. Now, Kevin, you've got an upcoming webinar on anti-money laundering. What are going to be some of the key takeaways of that presentation?
SULLIVAN: There will be quite a few things that the audience will leave with, besides a headache and an uncontrollable desire to speed down the highway. They will learn the dynamics of an investigation and just when to conduct the investigation. We'll talk a whole lot about SARs and about how to deal with law enforcement guys like me when I come knocking on the door.
FIELD: One last question for you, Kevin. What advice would you offer to banking institutions that need to improve their BSA compliance?
SULLIVAN: Well, I think that they're already ahead of the game if they've recognized the need that they need to improve. Now, the [federal regulators] have recommended the following, and quite frankly I can't put it any better than this: They have said that they need to develop internal policies and procedures, designate a compliance officer, maintain an ongoing training program, and have an independent audit to test your programs. And if you're doing those four things, then you should be pretty secure.
FIELD: Well, Kevin, for someone who doesn't want to call himself an expert, you sure sound like one.
SULLIVAN: Well, thank you very much, Tom. I appreciate that.
FIELD: I appreciate your time and insight this morning. Thanks so much for sharing some thoughts with us on anti-money laundering.
SULLIVAN: Thank you.
FIELD: We've been talking with Kevin Sullivan, investigator with the New York State Police. For Information Security Media Group, I'm Tom Field. Thank you very much.