In early 2016, FinCEN began seeking comments on potential changes to the forms used by banks and other financial services organizations to report currency transactions greater than $10,000.1 The enhancements under consideration are only proposals at this point and are by no means finalized; nevertheless, they are causing many organizations to re-evaluate the adequacy and effectiveness of the data systems they use to identify and track such transactions.
It's time for banks to review the capabilities of their legacy systems in light of the expected enhanced requirements and to define an approach that will facilitate compliance while also offering additional functionality and added value.
CTR Data Requirements – A Changing Picture
The currency transaction reporting form now in use by FinCEN was published in March 2011. Since April 2013, the form has been accepted only in electronic format through the Bank Secrecy Act E-Filing System.2 In the years since the form was published, FinCEN says it has observed an increase in the number of holding or parent companies filing for their subsidiary institutions – a situation that is not adequately recorded on the current CTR form.
FinCEN also noted shortcomings in the way the current form records the value of smaller transactions that could reveal instances of “structuring” – the practice of engaging in multiple transactions just below the $10,000 reporting threshold in order to avoid triggering a report. The expected CTR modifications are likely to require additional functionality from the systems banks use to identify and track such related transactions.
Concurrent with these anticipated changes, many financial services organizations also are recognizing that their existing data systems fail to reflect some of the significant changes that have occurred in terms of how they interact with customers and acquire transaction-related data. In a recent webinar survey sponsored by Crowe, fewer than half of the participants said their existing CTR implementation meets all their needs. (See Exhibit 1.)
Altogether, 54 percent of the webinar survey participants said they are looking to upgrade their existing systems, make incremental improvements, or retire their legacy systems altogether.
Potential Changes to CTR Formats
Some of the changes under consideration by FinCEN are relatively straightforward, such as renaming and redefining some common terms that appear in CTR data fields. Others, however, could be more substantial, such as inserting new fields to capture additional information. Among the CTR modifications FinCEN is now considering are changes that would:
- Clarify who is responsible for initiating and filing a CTR in the case of parent or holding companies that report on behalf of their affiliates or subsidiaries
- Provide more detailed reporting of transaction amounts when multiple transactions are aggregated into a CTR, particularly in terms of identifying cash-in and cash-out by location
- Make accommodations for institutions that share branch locations, clarifying who is responsible for filing CTRs in such cases
Although these changes have not been finalized, they do provide an indication of the areas with which regulators are concerned. The issues they raise are very likely to be areas of continuing concern that create compliance challenges in coming years.
Aggregation – A Complex Challenge
Obviously, a single $10,000 cash deposit or withdrawal generally is easily recognized and automatically captured by CTR data systems. But challenges can arise in identifying and correlating multiple smaller transactions that, when aggregated, exceed the $10,000 threshold for reporting.
FinCEN requires financial services organizations to report such transactions when they have knowledge that they are (or are on behalf of any person) conducting cash-in or cash-out transactions that total more than $10,000 during any one business day.3 The unanswered question in that requirement is what is embedded in the term “knowledge” – that is, what information should an organization be expected to capture and monitor in order to identify such related transactions?
For example, when an individual conducts multiple cash deposits or withdrawals at nonbank ATMs, who is responsible for identifying, aggregating, and reporting these transactions? Although FinCEN does not provide definitive guidance on what knowledge an organization should have, industry practices set useful benchmarks.
Most banks aggregate on the basis of account identifiers, tax identification numbers, and other common data fields in order to identify transactions involving the same transaction conductors or beneficiaries. Typically, this aggregation occurs on the teller platform or other front-end data capture system and is capable of identifying joint account holders and other types of related beneficial ownership.
Broadly speaking, FinCEN expects to see good faith efforts to identify, capture, and record such information, and it is expected to impose severe sanctions if it suspects willful blindness on the part of a financial services organization.
Data Capture – The Critical First Step
The process of identifying and correlating multiple transactions begins up front – at the initial point of data input, such as a teller or cashier transaction. In implementing data capture systems, banks and other organizations must strike a balance that supports compliance without adversely affecting the customer experience. The data input must be thorough and complete but not so onerous that customers are put off by extensive and intrusive questions at every transaction.
Here again, many banks seem to recognize they have shortcomings in this area. In the Crowe webinar survey cited earlier, fewer than half of the participants said their current policies and data capture processes work well together. Nearly four out of 10 (39 percent) acknowledged there are ways to circumvent their policies, and 15 percent said they are not capturing enough information at the outset. (See Exhibit 2.)
The cash transaction recording processes and policies used by banks vary widely. For example, some organizations collect customer identification information on all cash transactions that are more than $500. Others capture such information only on cash transactions greater than $1,000 or $3,000. Still others have varying data capture policies for cash-in and cash-out transactions.
Among the most common shortcomings are the “known customer” exceptions that are allowed by most systems to give a teller the means to move quickly through a transaction when working with a regular customer. Some systems present this exception as a free-form data field for tellers to populate. Others offer a simple radio button selection with no additional information required. Either approach can allow related transactions to go undetected, since the identification information is either entered inconsistently or missing entirely.
The inability to recognize these relationships seriously diminishes the effectiveness of the bank’s aggregation algorithms. Automated swipe cards or scan identification systems can eliminate some such gaps, but the costs of such enhancements can lead many organizations to delay their adoption.
Getting the Data House in Order
Looking beyond specific improvements to the data capture components of the currency transaction reporting system, most financial services organizations can benefit by upgrading their overall data management capabilities. This involves addressing all three pillars of data governance – people, processes, and technology.
Processes and technology can enable the effective capture of CTR information, but in the end it is people who must be held accountable for capturing and managing transaction data. Inevitably, there will be ways that data capture policies and procedures can be circumvented, so it is important that all those involved be regarded as owners in the process with incentives for compliance.
Another crucial element is establishing a cultural foundation and management direction that go beyond compliance, recognizing information as a critical business asset. Building on this foundation, organizations can put in place operational processes that support not only the initial capture of needed data, but also the ongoing management, maintenance, and retention of information. As noted earlier, the possible compliance advantages that these new or updated operational processes offer must be balanced against their potential impact on the overall customer experience.
While technology upgrades often are viewed as an important first step, they should be regarded primarily as the enablers of the necessary processes and the people who perform them. Usually, the most effective technology solutions are implemented as an integrated approach linking transactions across all systems, rather than as add-on solutions that respond to individual gaps or shortcomings.
Although compliance with the anticipated changes in CTR formats will be a motivating factor in the near future, the more important long-term objective should be to move beyond compliance alone. Ultimately, the most successful financial services organizations will be those that also find opportunities to improve the customer experience while capturing useful data that can lead to improved decision-making and added value.
3 31 CFR § 1010.313 (2011), https://www.gpo.gov/fdsys/pkg/CFR-2011-title31-vol3/pdf/CFR-2011-title31-vol3-sec1010-313.pdf