Book Description

In 2005, over 16 million Bank Secrecy Act (BSA) reports were filed by more than 200,000 U.S. financial institutions. Enacted in 1970, BSA is the centerpiece of the nation's efforts to detect and deter criminal financial activities. Treasury's Financial Crimes Enforcement Network (FinCEN) and the Internal Revenue Service (IRS) play key roles in BSA compliance, enforcement, and data management. GAO was asked to describe FinCEN's and IRS's roles and assess their effectiveness at ensuring BSA compliance and efforts to reengineer BSA data management. FinCEN and IRS have distinct roles, but share some responsibilities in implementing BSA. FinCEN's role is to oversee the administration of BSA by numerous agencies including IRS. IRS's role is to (1) examine nonbank financial institutions (NBFI), such as money transmitters and check cashers, for compliance with BSA; (2) investigate potential criminal BSA violations; and (3) collect and store BSA reported data by all financial institutions. IRS continues to face challenges in identifying NBFIs subject to BSA and then using its limited resources to ensure compliance. First, IRS has identified approximately 107,000 potential NBFIs, yet FinCEN, IRS, and others agree there is a portion of the NBFI population IRS has not identified. Identifying NBFIs is inherently challenging and made even more difficult because FinCEN regulations about who is covered are confusing, especially for smaller businesses. Second, IRS currently lacks, but is working to develop, a statistically valid risk-based approach for selecting NBFIs for compliance examinations. IRS only examines a small fraction of NBFIs, less than 3.5 percent in 2005, highlighting the need for building risk into the selection process. IRS is statistically validating a risk-based approach for targeting compliance examinations on certain NBFIs suspected of noncompliance. IRS's validation study is a step in the right direction, but IRS's approach will continue to have limitations because the study was not designed to be representative of all potential NBFIs. And lastly, IRS established a new office accountable for BSA compliance, and is working to improve examination guidance. However, IRS's management of BSA compliance has limitations, such as a lack of a compliance rate measure and a comprehensive manual that NBFIs can use to develop anti-money laundering programs compliant with BSA. Addressing program challenges, such as identifying NBFIs and examining those of greatest risk of noncompliance will take time and require prioritizing actions and identifying resource needs. However, FinCEN and IRS lack a documented and coordinated strategy with time frames, priorities, and resource needs for improving NBFI compliance with BSA requirements. FinCEN has undertaken a broad and long-term effort to reengineer, and transition from the IRS, all BSA data management activities. FinCEN, however, missed opportunities to effectively plan this effort and to coordinate its implementation with IRS. For example, FinCEN began making significant investments in information technology projects before a comprehensive plan to guide the reengineering effort was in place. When a key project--BSA Direct Retrieval and Sharing--failed, it jeopardized the future of the broader reengineering effort. After investing over $14 million (nearly $6 million over the original budget) in a failed project, FinCEN is now reassessing BSA Direct but does not yet have a plan for moving forward with the broader effort to reengineer BSA data management activities.