Earlier this year, reports on the voluminous document leak known as the Panama Papers provided a jarring reminder of the massive global problem that money laundering poses in the world today.
The scandal demonstrated that financial institutions often fall short of complying with laws designed to prevent bad actors from making illicit proceeds appear legal. This is big business, as estimated proceeds from all forms of financial crime in the United States, excluding tax evasion, are $300 billion, or about 2% of U.S. GDP, according to the U.S. Treasury's National Money Laundering Risk Assessment 2015 (see the chart, "Money Laundering: The Numbers at a Glance").
Common methods of money laundering include hiding the source of the proceeds, changing the form of the proceeds, and funneling the proceeds—often through legitimate financial institutions and businesses—to a place where they are less likely to attract attention. Money launderers use many different and sophisticated types of schemes, techniques, and transactions to accomplish their ends. They are becoming increasingly skillful in developing and deploying new techniques to stay ahead of law enforcement (see the sidebar "Money Laundering Methods"). Crowdfunding websites and the cyberpayments technology sector are emerging areas of the economy where money laundering risks have been identified.
The Panama Papers revelations underscore the importance of global efforts to combat money laundering. These efforts are coordinated by the Financial Action Task Force (FATF) of the Organisation for Economic Co-operation and Development (OECD) and other FATF-style regional bodies. The FATF has made 40 recommendations on anti-money laundering (and nine supplemental recommendations to combat terror financing) that form the basis for a coordinated response to threats to the integrity of the financial system. FATF recommendations call for actions by member governments to establish new statutes, regulations, or supervisory actions. The FATF monitors the progress of its members in implementing necessary measures, reviews money laundering financing techniques and countermeasures, and promotes the adoption and implementation of appropriate measures globally.
The FATF calls for member governments, including the United States, to establish anti-money laundering (AML) responsibilities and oversight over practicing accountants in firms and other "Designated Non-Financial Businesses or Professions," including lawyers, casinos, real estate agents, dealers in precious metals and stones, notaries, and other independent legal professionals. Although the accounting profession, lawyers, and members of certain other professions have important responsibilities and play key roles in combating money laundering, the United States currently has not adopted the FATF recommendation on establishing AML responsibilities over these professions in the same manner as industries or financial sectors. Those responsibilities include customer identification and recordkeeping, reporting of suspicious activities, and implementing AML programs and controls. The European Union has actively embraced the FATF recommendations. This is an issue that may be again highlighted in a "mutual assessment" the FATF is undertaking to evaluate the effectiveness of the U.S. AML system.
ROLE OF CPAs
CPAs have important roles to play in combating this problem. The U.S. accounting profession is not separately regulated under the Bank Secrecy Act (BSA) in a manner parallel to the banking, capital markets, insurance, or gaming sectors. But accountants are meaningfully engaged in essentially all BSA-covered financial services sectors in detecting and preventing money laundering, fraud, terror financing, and related financial crime—and in a big way. Accountants in business and industry working for, managing, or governing BSA-covered financial institutions are fully subject to the BSA requirements imposed on those entities. In fact, those entities are required to provide adequate AML training to accountants and other external service providers as if they were actual employees. This includes the obligation to detect and report suspicious activity to Treasury's Financial Crimes Enforcement Network (FinCEN) on a Suspicious Activity Report.
Accountants who are tax professionals, meanwhile, may be involved in the preparation of IRS Form 8300, Report of Cash Payments Over $10,000 Received in a Trade or Business. Persons involved in a trade or business are required to prepare and file Form 8300 when, in the course of that trade or business, they receive more than $10,000 in cash in one transaction (or two or more related transactions). CPAs also may have a role in the filing of FinCEN Form 114, Report of Foreign Bank and Financial Accounts (FBAR). U.S. persons or companies with a financial interest in or signature authority over a foreign financial account, including a bank account, brokerage account, mutual fund, trust, or other type of foreign financial account, with an aggregate value exceeding $10,000 at any time during the year are required to report the account annually by electronically filing FinCEN Form 114.
A common misperception and not infrequent expectation is that accountants engaged to independently audit financial statements have the affirmative obligation and the ability to detect possible money laundering. It is highly unlikely that accountants will "stumble" on money laundering because, unlike fraud, money laundering almost never affects financial statements or the results of operations. Unlike fraudsters, money launderers aim to use an organization as a conduit through which to launder money undetected—as quickly as possible. Nevertheless, accountants engaged as external financial statement auditors must adhere to professional auditing standards that require them to understand the entity being audited, its environment, and its system of internal control; exercise professional skepticism; and consider the possibility of illegal acts by a client.
The BSA, its implementing regulators, and law enforcement require covered financial institutions to have comprehensive AML compliance programs with strong systems of internal control. Boards and senior management are held squarely accountable for effective BSA/AML compliance (see the sidebar "Board Oversight Can Bolster AML Efforts"). The Committee of Sponsoring Organizations of the Treadway Commission's (COSO's) Integrated Framework provides valuable technical guidance to help business organizations assess and enhance their AML internal control systems. COSO's Enterprise Risk Management—Integrated Framework, which is being updated, provides expanded, supplemental technical guidance on what has become increasingly referred to as AML risk management. Accountants engaged to provide nonaudit AML-related services including agreed-upon-procedures should consider these tools as nonauthoritative, technical guidance.
FULFILLING BSA COMPLIANCE REQUIREMENTS
Perhaps the greatest deployment of accounting professionals in the AML world is in fulfilling the independent testing requirement of BSA compliance programs for most BSA-covered financial services sectors, frequently referred to as one of the "Four Pillars" (see the sidebar "The 'Four Pillars' of a BSA/AML Compliance Program"). Regulators expect this role to be performed by internal audit reporting to a board audit committee. While the audit committee may engage external subject-matter experts and delegate activity, it may not delegate responsibility for BSA compliance.
While no implementing regulator has specified rules requiring independent testing to be performed by credentialed CPAs or certified internal auditors, enforcement actions stemming from systemic noncompliance and program failures have increasingly required greater competence of accounting professionals in recurring and sustainable business-as-usual environments and in regulatory remediation environments.
The Association of Certified Anti-Money Laundering Specialists, many of whom are accounting professionals, has rapidly grown to 30,000 members as of this writing. Today, legions of accountants are meaningfully deployed in both types of environments and are highly visible to senior management, boards, regulators, and law enforcement.
In addition, accountants are meaningfully engaged in large numbers in providing other AML-related services such as:
- AML compliance program management and monitoring.
- Customer, counterparty, and third-party due diligence.
- Promoting transparency of beneficial and controlling ownership around the globe.
- All manner of AML risk assessment and risk response, usually with a regulation-mandated focus on customers, products, services, geographies, and, in a rapidly technologically advancing world, channels of distribution.
- Monitoring for unusual and suspicious activity. This importantly includes managing and staffing financial investigation units or FIUs (both private sector and public sector). Most employees of these units perform analysis of alerts and investigations of cases, bringing all manner of forensic and other technical skills to the table.
- Performing enforcement action-mandated "lookbacks" of possibly missed suspicious and reportable activities.
- A broad spectrum of forensic and investigation services.
- Designing, developing, and implementing monitoring systems or integrating vendor transaction monitoring systems and configuring them.
- Senior management and board governance.
- AML training and awareness.
- Model risk management, including designing and implementing customer risk-scoring models, and systems validation, and setting and tuning monitoring parameters and thresholds.
- Process and control improvement consulting.
- Tax practitioners who are requested to prepare required BSA reports or IRS forms (e.g., currency transaction reports or Forms 8300).
The demand for AML-related services for accounting professionals has steadily increased in response to regulatory and law enforcement concerns since the BSA was enacted in 1970. As regulators continue to issue new rules for BSA-covered financial services sectors and as law enforcement continues to expand its reach and scrutiny into other industries, there is no indication that this trend will abate any time soon.
Money laundering methods
Methods that exploit vulnerabilities in the anti-money laundering system:
- Using cash and monetary instruments in amounts under regulatory recordkeeping and reporting thresholds.
- Opening bank and brokerage accounts using third parties to disguise the identity of the individuals in control.
- Creating legal entities without accurate information about the identity of the beneficial owner.
- Misusing products and services resulting from deficient compliance with anti-money laundering obligations.
- Merchants and financial institutions wittingly facilitating illicit activity.
Source: U.S. Treasury’s National Money Laundering Risk Assessment 2015.
The ‘Four Pillars’ of a BSA/AML compliance program
- A system of internal controls to ensure ongoing compliance.
- Independent testing of BSA compliance.
- A specifically designated person or persons responsible for managing BSA compliance (BSA compliance officer).
- Training for appropriate personnel.
Source: Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual.
Board oversight can bolster AML efforts
Understanding the financial crime risk profile is a key.
Increasingly, regulators around the globe expect to see compelling evidence that the businesses they license and supervise govern themselves well in all respects, and that importantly includes anti-money laundering (AML) compliance and risk management. This requires that boards are kept well-informed of meaningful events and activity inside and outside of the organization.
At a minimum, boards should know the organization’s financial crime risk profile. Regulators expect boards to define risk appetite in all respects, and this requires a good understanding of AML risk. Management should perform an annual enterprise-wide financial crime risk assessment and report meaningful results to the board. Conventional banks and nonbank financial institutions will have much higher AML risk than other types of businesses, but even boards of lower-risk organizations that do not provide financial services are well-advised that in today’s world no one is immune from being penetrated by financial criminals (e.g., terror financing), and all organizations and persons are subject to severe economic sanctions and national interdiction. Boards that can demonstrate that they know their organization’s AML risk profile are much better-prepared for supervisory and law enforcement inquiries and protected against their actions.
In addition, boards need to know how management is responding to assessed risk in order to gain assurance that money laundering vulnerability is adequately addressed, and this importantly includes how management is complying with numerous recordkeeping, reporting, and other compliance requirements. For example, in the United States the Bank Secrecy Act now requires hundreds of thousands of bank and nonbank financial institutions and other business organizations to have strong monitoring controls for detecting, and processes for reporting, numerous conditions of suspicious activity. Money laundering vulnerability manifests itself in terms of compliance, reputational, operational, and strategic risks, and the risk assessment should adequately cover these areas.
As is the case with other governance areas, boards should not be bombarded or overwhelmed with large volumes of detailed reports that could cloud key points and impair clear thinking on policy, program, and other actions. AML program and event information should be sufficiently high-level and meaningful.
Boards through their audit committees should also assure themselves that AML programs and controls are effectively designed and performing as intended and are appropriately modified for business and regulatory changes that affect AML risk.
About the authors
Alan S. Abel (firstname.lastname@example.org) is the global anti-money laundering practice leader of Crowe Horwath LLP. He represents the AICPA to Treasury's Bank Secrecy Act Advisory Group and also represented the AICPA to the International Federation of Accountants in connection with contributing to global anti-money laundering guidance. Ian A. MacKay (email@example.com) is director—Federal Regulatory Affairs for the AICPA in Washington.
To comment on this article or to suggest an idea for another article, contact Ken Tysiac, editorial director, at firstname.lastname@example.org or 919-402-2112.
- "CPAs: Criminal-Pursuing Agents," Oct. 2015
- "What CPAs Need to Know About Organized Crime," April 2012
- Fraud Update: Detecting and Preventing the Top Ten Fraud Schemes (#741203, text; #158012, one-year online access)
- Forensic Accounting: Fraudulent Reporting and Concealed Assets (#158022, one-year online access)
For more information or to make a purchase, go to aicpastore.com or call the Institute at 888-777-7077.
Committee of Sponsoring Organizations of the Treadway Commission, coso.org