Bank Secrecy Act:

FinCEN and IRS Need to Improve and Better Coordinate Compliance and Data Management Efforts

GAO-07-212: Published: Dec 15, 2006. Publicly Released: Dec 15, 2006.

Additional Materials:

Contact:

James R. White
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In 2005, over 16 million Bank Secrecy Act (BSA) reports were filed by more than 200,000 U.S. financial institutions. Enacted in 1970, BSA is the centerpiece of the nation's efforts to detect and deter criminal financial activities. Treasury's Financial Crimes Enforcement Network (FinCEN) and the Internal Revenue Service (IRS) play key roles in BSA compliance, enforcement, and data management. GAO was asked to describe FinCEN's and IRS's roles and assess their effectiveness at ensuring BSA compliance and efforts to reengineer BSA data management.

FinCEN and IRS have distinct roles, but share some responsibilities in implementing BSA. FinCEN's role is to oversee the administration of BSA by numerous agencies including IRS. IRS's role is to (1) examine nonbank financial institutions (NBFI), such as money transmitters and check cashers, for compliance with BSA; (2) investigate potential criminal BSA violations; and (3) collect and store BSA reported data by all financial institutions. IRS continues to face challenges in identifying NBFIs subject to BSA and then using its limited resources to ensure compliance. First, IRS has identified approximately 107,000 potential NBFIs, yet FinCEN, IRS, and others agree there is a portion of the NBFI population IRS has not identified. Identifying NBFIs is inherently challenging and made even more difficult because FinCEN regulations about who is covered are confusing, especially for smaller businesses. Second, IRS currently lacks, but is working to develop, a statistically valid risk-based approach for selecting NBFIs for compliance examinations. IRS only examines a small fraction of NBFIs, less than 3.5 percent in 2005, highlighting the need for building risk into the selection process. IRS is statistically validating a risk-based approach for targeting compliance examinations on certain NBFIs suspected of noncompliance. IRS's validation study is a step in the right direction, but IRS's approach will continue to have limitations because the study was not designed to be representative of all potential NBFIs. And lastly, IRS established a new office accountable for BSA compliance, and is working to improve examination guidance. However, IRS's management of BSA compliance has limitations, such as a lack of a compliance rate measure and a comprehensive manual that NBFIs can use to develop anti-money laundering programs compliant with BSA. Addressing program challenges, such as identifying NBFIs and examining those of greatest risk of noncompliance will take time and require prioritizing actions and identifying resource needs. However, FinCEN and IRS lack a documented and coordinated strategy with time frames, priorities, and resource needs for improving NBFI compliance with BSA requirements. FinCEN has undertaken a broad and long-term effort to reengineer, and transition from the IRS, all BSA data management activities. FinCEN, however, missed opportunities to effectively plan this effort and to coordinate its implementation with IRS. For example, FinCEN began making significant investments in information technology projects before a comprehensive plan to guide the reengineering effort was in place. When a key project--BSA Direct Retrieval and Sharing--failed, it jeopardized the future of the broader reengineering effort. After investing over $14 million (nearly $6 million over the original budget) in a failed project, FinCEN is now reassessing BSA Direct but does not yet have a plan for moving forward with the broader effort to reengineer BSA data management activities.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In direct response to GAO's recommendation in GAO-07-212, in spring of 2008 the Financial Crimes Enforcement Network (FinCEN) and Internal Revenue Service (IRS) established and began implementation of a coordinated and documented strategy for improving non-bank financial institution (NBFI) compliance with Bank Secrecy Act (BSA) requirements. The strategy includes over 80 actions for improving the effectiveness of the BSA compliance program, several of which are in direct response to 7 additional GAO recommendations. The strategy outlines priorities, time frames, responsibilities and resource needs and is divided into the following categories:(1) Evaluating the money service business regulatory framework; (2) Better identifying the NBFI population; (3) Better selecting NBFIs for examination; (4) Supporting risk-based examinations; and (5) Conducting outreach to NBFIs.

    Recommendation: To improve BSA compliance, the Secretary of the Treasury should direct the Director of FinCEN and the Commissioner of Internal Revenue to develop a documented and coordinated strategy that outlines priorities, time frames, and resource needs for better identifying and selecting NBFIs for examination. This strategy should include the full complement of actions that FinCEN and IRS can take to build a more effective BSA compliance program, including the specific compliance program recommendations.

    Agency Affected: Department of the Treasury

  2. Status: Closed - Implemented

    Comments: On July 18, 2011, FinCEN released a final rule more clearly defining which business entities qualify as MSBs and, therefore subject to anti-money laundering rules in the Bank Secrecy Act. By taking this action, FinCEN is making progress in identifying the population of business entities subject to Bank Secrecy regulations, addressing the known deficiencies in the current regulations, and helping ensure compliance with Bank Secrecy Act compliance.

    Recommendation: To improve BSA compliance, the Director of FinCEN should establish a time frame for revising MSB regulations and guidance, including registration requirements.

    Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network

  3. Status: Closed - Implemented

    Comments: In response to our recommendation, the Internal Revenue Service(IRS) conducted a research project to evaluate the potential usefulness of taxpayer data for identifying nonbank financial institutions previously unknown to IRS. In 2009, the IRS research project found no evidence that taxpayer data could be used to identify previously unknown nonbank financial institutions. As a result, the IRS made a decision not to pursue gaining access to taxpayer data for identifying nonbank financial institutions.

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should decide whether to pursue gaining access to taxpayer data for better identifying NBFIs.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  4. Status: Closed - Not Implemented

    Comments: In an April 2011 meeting with IRS Fraud/BSA, officials noted they completed the risk factor validation study but planned no additional actions to assess the noncompliance risks posed by nonbank financial institutions (NBFIs).

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to build upon the study to validate compliance risk factors by developing a plan to assess the noncompliance risks posed by all NBFIs.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  5. Status: Closed - Implemented

    Comments: As reported by GAO-09-227 in February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to establish time frames for finalizing and publishing the Internal Revenue Manual with updated BSA compliance program policies and procedures.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  6. Status: Closed - Implemented

    Comments: In February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to develop a NBFI compliance examiner's manual that examiners can use to guide examinations and businesses can use to ensure they are in compliance with BSA requirements, and establish time frames for its publication.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  7. Status: Closed - Implemented

    Comments: In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. Additionally, the Modernization program will include additional layers of authentication and users, such as law enforcement and regulators, will be provided with enhanced analytical tools. During 2011, FinCEN reported the program successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to create a more functional and secure mechanism for storing and accessing the information contained in the Title 31 database.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  8. Status: Closed - Not Implemented

    Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN were working collaboratively on Bank Secrecy Act (BSA) compliance issues. In a June 2011 meeting, IRS said they were closing the recommendation as unattainable because it was not possible to estimate a compliance rate for the population of money service businesses based on their workload and risk validation studies.

    Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to use the results of the forthcoming risk factor validation study to estimate the compliance rate for the population of money service businesses from which the study sample was drawn.

    Agency Affected: Department of the Treasury: Internal Revenue Service

  9. Status: Closed - Implemented

    Comments: In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. FinCEN's strategy is to establish an enterprise-wide information management framework by aligning its Information Technology portfolio with its business processes. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.

    Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct Retrieval and Sharing (BSA Direct R&S) project. This plan, at a minimum, should take a broad and crosscutting approach to the reengineering effort, and not focus solely on one component, such as BSA Direct.

    Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network

  10. Status: Closed - Implemented

    Comments: In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. The program has short term goals to improve analytical capabilities and execute data conversion from an IRS database into the BSA database. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.

    Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should include short- and intermediate-term goals for reengineering BSA data management processes, including the transition of IRS's data management responsibilities to FinCEN.

    Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network

  11. Status: Open

    Comments: In 2006, FinCEN initiated the Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer and improve the collection, analysis, and sharing of bank secrecy data. The program is estimated to cost $120 million and is expected to be completed in 2014. In March 2013, the Treasury Office of Inspector General reported the BSA Information Technology Modernization Program was proceeding mostly on schedule and within budgeted costs. We are waiting on an agency response about the role of IRS's Enterprise Computing Center.

    Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should incorporate collaboration strategies into the plan by clearly defining the role of IRS's Enterprise Computing Center at Detroit in the transition process and more actively involving it as a key stakeholder in the reengineering effort.

    Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network

 

Explore the full database of GAO's Open Recommendations »

Sep 17, 2014

Aug 5, 2014

Jul 31, 2014

Jun 18, 2014

Apr 29, 2014

Apr 7, 2014

Jan 8, 2014

Dec 11, 2013

Nov 14, 2013

Looking for more? Browse all our products here