Bank Secrecy Act: FinCEN and IRS Need to Improve and Better Coordinate Compliance and Data Management Efforts

GAO-07-212 Published: Dec 15, 2006. Publicly Released: Dec 15, 2006.
Jump To:
Skip to Highlights
Highlights

In 2005, over 16 million Bank Secrecy Act (BSA) reports were filed by more than 200,000 U.S. financial institutions. Enacted in 1970, BSA is the centerpiece of the nation's efforts to detect and deter criminal financial activities. Treasury's Financial Crimes Enforcement Network (FinCEN) and the Internal Revenue Service (IRS) play key roles in BSA compliance, enforcement, and data management. GAO was asked to describe FinCEN's and IRS's roles and assess their effectiveness at ensuring BSA compliance and efforts to reengineer BSA data management.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of the Treasury To improve BSA compliance, the Secretary of the Treasury should direct the Director of FinCEN and the Commissioner of Internal Revenue to develop a documented and coordinated strategy that outlines priorities, time frames, and resource needs for better identifying and selecting NBFIs for examination. This strategy should include the full complement of actions that FinCEN and IRS can take to build a more effective BSA compliance program, including the specific compliance program recommendations.
Closed - Implemented
In direct response to GAO's recommendation in GAO-07-212, in spring of 2008 the Financial Crimes Enforcement Network (FinCEN) and Internal Revenue Service (IRS) established and began implementation of a coordinated and documented strategy for improving non-bank financial institution (NBFI) compliance with Bank Secrecy Act (BSA) requirements. The strategy includes over 80 actions for improving the effectiveness of the BSA compliance program, several of which are in direct response to 7 additional GAO recommendations. The strategy outlines priorities, time frames, responsibilities and resource needs and is divided into the following categories:(1) Evaluating the money service business regulatory framework; (2) Better identifying the NBFI population; (3) Better selecting NBFIs for examination; (4) Supporting risk-based examinations; and (5) Conducting outreach to NBFIs.
Financial Crimes Enforcement Network To improve BSA compliance, the Director of FinCEN should establish a time frame for revising MSB regulations and guidance, including registration requirements.
Closed - Implemented
On July 18, 2011, FinCEN released a final rule more clearly defining which business entities qualify as MSBs and, therefore subject to anti-money laundering rules in the Bank Secrecy Act. By taking this action, FinCEN is making progress in identifying the population of business entities subject to Bank Secrecy regulations, addressing the known deficiencies in the current regulations, and helping ensure compliance with Bank Secrecy Act compliance.
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should decide whether to pursue gaining access to taxpayer data for better identifying NBFIs.
Closed - Implemented
In response to our recommendation, the Internal Revenue Service(IRS) conducted a research project to evaluate the potential usefulness of taxpayer data for identifying nonbank financial institutions previously unknown to IRS. In 2009, the IRS research project found no evidence that taxpayer data could be used to identify previously unknown nonbank financial institutions. As a result, the IRS made a decision not to pursue gaining access to taxpayer data for identifying nonbank financial institutions.
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to build upon the study to validate compliance risk factors by developing a plan to assess the noncompliance risks posed by all NBFIs.
Closed - Not Implemented
In an April 2011 meeting with IRS Fraud/BSA, officials noted they completed the risk factor validation study but planned no additional actions to assess the noncompliance risks posed by nonbank financial institutions (NBFIs).
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to establish time frames for finalizing and publishing the Internal Revenue Manual with updated BSA compliance program policies and procedures.
Closed - Implemented
As reported by GAO-09-227 in February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to develop a NBFI compliance examiner's manual that examiners can use to guide examinations and businesses can use to ensure they are in compliance with BSA requirements, and establish time frames for its publication.
Closed - Implemented
In February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to create a more functional and secure mechanism for storing and accessing the information contained in the Title 31 database.
Closed - Implemented
In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. Additionally, the Modernization program will include additional layers of authentication and users, such as law enforcement and regulators, will be provided with enhanced analytical tools. During 2011, FinCEN reported the program successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.
Internal Revenue Service To improve BSA compliance, the Commissioner of Internal Revenue should direct the Office of Fraud/BSA to use the results of the forthcoming risk factor validation study to estimate the compliance rate for the population of money service businesses from which the study sample was drawn.
Closed - Not Implemented
On February 22, 2007, IRS and FinCEN responded to our report that IRS and FinCEN were working collaboratively on Bank Secrecy Act (BSA) compliance issues. In a June 2011 meeting, IRS said they were closing the recommendation as unattainable because it was not possible to estimate a compliance rate for the population of money service businesses based on their workload and risk validation studies.
Financial Crimes Enforcement Network To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct Retrieval and Sharing (BSA Direct R&S) project. This plan, at a minimum, should take a broad and crosscutting approach to the reengineering effort, and not focus solely on one component, such as BSA Direct.
Closed - Implemented
In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. FinCEN's strategy is to establish an enterprise-wide information management framework by aligning its Information Technology portfolio with its business processes. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.
Financial Crimes Enforcement Network To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should include short- and intermediate-term goals for reengineering BSA data management processes, including the transition of IRS's data management responsibilities to FinCEN.
Closed - Implemented
In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. The program has short term goals to improve analytical capabilities and execute data conversion from an IRS database into the BSA database. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.
Financial Crimes Enforcement Network To improve BSA data management, the Director of FinCEN, in cooperation with the Commissioner of Internal Revenue, should develop and implement a comprehensive and long-term plan for reengineering BSA data management activities before moving forward with the BSA Direct R&S project. This plan, at a minimum, should incorporate collaboration strategies into the plan by clearly defining the role of IRS's Enterprise Computing Center at Detroit in the transition process and more actively involving it as a key stakeholder in the reengineering effort.
Closed - Implemented
In July 2006, we reported that an effort by the Financial Crimes Enforcement Network (FinCEN) to modernize Bank Secrecy Act (BSA) data systems failed, in part, because it lacked sufficient investment control techniques. We determined that FinCEN's inadequate application of sound information technology investment management processes and controls to oversee the project contributed to cost, schedule, and performance. As a result of these deficiencies, FinCEN ended the effort and reexamined the overall approach to technology investments and improvements, which included hiring a new IT Leadership Team. In fiscal year 2010, FinCEN began a new BSA IT Modernization Program and completed it in fiscal year 2014. The program modernized FinCEN's entire technical environment resulting in a number of efficiency and functionality improvements, including enabling electronic filing capabilities. This allowed FinCEN to mandate electronic filing for all BSA-related reports which, based on FinCEN's estimates, would result in approximately $40 million in savings by eliminating the costs of paper processing these forms. A member of the IT leadership team at FinCEN stated that GAO's findings and recommendations regarding the previous modernization effort provided lessons learned and reinforced key guiding principles that were incorporated into the development and implementation of the BSA IT Modernization Program. According to this official, the report helped FinCEN get the executive support it needed to lead this type of IT effort, and these lessons learned and key principles contributed considerably to the program's successful completion.

Full Report