Summary
In 2005, over 16 million Bank Secrecy Act (BSA) reports were filed by more than 200,000 U.S. financial institutions. Enacted in 1970, BSA is the centerpiece of the nation's efforts to detect and deter criminal financial activities. Treasury's Financial Crimes Enforcement Network (FinCEN) and the Internal Revenue Service (IRS) play key roles in BSA compliance, enforcement, and data management. GAO was asked to describe FinCEN's and IRS's roles and assess their effectiveness at ensuring BSA compliance and efforts to reengineer BSA data management.
FinCEN and IRS have distinct roles, but share some responsibilities in implementing BSA. FinCEN's role is to oversee the administration of BSA by numerous agencies including IRS. IRS's role is to (1) examine nonbank financial institutions (NBFI), such as money transmitters and check cashers, for compliance with BSA; (2) investigate potential criminal BSA violations; and (3) collect and store BSA reported data by all financial institutions. IRS continues to face challenges in identifying NBFIs subject to BSA and then using its limited resources to ensure compliance. First, IRS has identified approximately 107,000 potential NBFIs, yet FinCEN, IRS, and others agree there is a portion of the NBFI population IRS has not identified. Identifying NBFIs is inherently challenging and made even more difficult because FinCEN regulations about who is covered are confusing, especially for smaller businesses. Second, IRS currently lacks, but is working to develop, a statistically valid risk-based approach for selecting NBFIs for compliance examinations. IRS only examines a small fraction of NBFIs, less than 3.5 percent in 2005, highlighting the need for building risk into the selection process. IRS is statistically validating a risk-based approach for targeting compliance examinations on certain NBFIs suspected of noncompliance. IRS's validation study is a step in the right direction, but IRS's approach will continue to have limitations because the study was not designed to be representative of all potential NBFIs. And lastly, IRS established a new office accountable for BSA compliance, and is working to improve examination guidance. However, IRS's management of BSA compliance has limitations, such as a lack of a compliance rate measure and a comprehensive manual that NBFIs can use to develop anti-money laundering programs compliant with BSA. Addressing program challenges, such as identifying NBFIs and examining those of greatest risk of noncompliance will take time and require prioritizing actions and identifying resource needs. However, FinCEN and IRS lack a documented and coordinated strategy with time frames, priorities, and resource needs for improving NBFI compliance with BSA requirements. FinCEN has undertaken a broad and long-term effort to reengineer, and transition from the IRS, all BSA data management activities. FinCEN, however, missed opportunities to effectively plan this effort and to coordinate its implementation with IRS. For example, FinCEN began making significant investments in information technology projects before a comprehensive plan to guide the reengineering effort was in place. When a key project--BSA Direct Retrieval and Sharing--failed, it jeopardized the future of the broader reengineering effort. After investing over $14 million (nearly $6 million over the original budget) in a failed project, FinCEN is now reassessing BSA Direct but does not yet have a plan for moving forward with the broader effort to reengineer BSA data management activities.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
James R. White
Government Accountability Office: Strategic Issues
(202) 512-5594
Recommendations for Executive Action
Recommendation: To improve BSA compliance, the Secretary of the Treasury should direct the Director of FinCEN and the Commissioner of Internal Revenue to develop a documented and coordinated strategy that outlines priorities, time frames, and resource needs for better identifying and selecting NBFIs for examination. This strategy should include the full complement of actions that FinCEN and IRS can take to build a more effective BSA compliance program, including the specific compliance program recommendations.
Agency Affected: Department of the Treasury
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations.
Recommendation: To improve BSA compliance, the Director of FinCEN should establish a time frame for revising MSB regulations and guidance, including registration requirements.
Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to 3/2008.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should decide whether to pursue gaining access to taxpayer data for better identifying NBFIs.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. IRS changed its implementation date for corrective actions to October 2008.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to build upon the study to validate compliance risk factors by developing a plan to assess the noncompliance risks posed by all NBFIs.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to Jan 2009.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to establish time frames for finalizing and publishing the Internal Revenue Manual with updated BSA compliance program policies and procedures.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to 3/2008.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to develop a NBFI compliance examiner's manual that examiners can use to guide examinations and businesses can use to ensure they are in compliance with BSA requirements, and establish time frames for its publication.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. IRS changed its implementation date for corrective actions to 3/2008.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to create a more functional and secure mechanism for storing and accessing the information contained in the Title 31 database.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. IRS changed its implementation date for corrective actions to 5/2008.
Recommendation: To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to use the results of the forthcoming risk factor validation study to estimate the compliance rate for the population of money service businesses from which the study sample was drawn.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. IRS changed its implementation date for corrective actions to 4/2009.
Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct Retrieval and Sharing (BSA Direct R&S) project. This plan, at a minimum, should take a broad and crosscutting approach to the reengineering effort, and not focus solely on one component, such as BSA Direct.
Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to 3/2008.
Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should include short- and intermediate-term goals for reengineering BSA data management processes, including the transition of IRS's data management responsibilities to FinCEN.
Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to 3/2008.
Recommendation: To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should incorporate collaboration strategies into the plan by clearly defining the role of IRS's Enterprise Computing Center at Detroit in the transition process and more actively involving it as a key stakeholder in the reengineering effort.
Agency Affected: Department of the Treasury: Financial Crimes Enforcement Network
Status: In process
Comments: On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN are working collaboratively on BSA compliance issues. The agencies noted many efforts are already underway that will address our recommendations. FinCEN changed its implementation date for corrective actions to 3/2008.
