Bank Secrecy Act: FinCEN and IRS Need to Improve and Better Coordinate Compliance and Data Management Efforts

In direct response to GAO's recommendation in GAO-07-212, in spring of 2008 the Financial Crimes Enforcement Network (FinCEN) and Internal Revenue Service (IRS) established and began implementation of a coordinated and documented strategy for improving non-bank financial institution (NBFI) compliance with Bank Secrecy Act (BSA) requirements. The strategy includes over 80 actions for improving the effectiveness of the BSA compliance program, several of which are in direct response to 7 additional GAO recommendations. The strategy outlines priorities, time frames, responsibilities and resource needs and is divided into the following categories:(1) Evaluating the money service business regulatory framework; (2) Better identifying the NBFI population; (3) Better selecting NBFIs for examination; (4) Supporting risk-based examinations; and (5) Conducting outreach to NBFIs.

On July 18, 2011, FinCEN released a final rule more clearly defining which business entities qualify as MSBs and, therefore subject to anti-money laundering rules in the Bank Secrecy Act. By taking this action, FinCEN is making progress in identifying the population of business entities subject to Bank Secrecy regulations, addressing the known deficiencies in the current regulations, and helping ensure compliance with Bank Secrecy Act compliance.

In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. FinCEN's strategy is to establish an enterprise-wide information management framework by aligning its Information Technology portfolio with its business processes. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.

In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. The program has short term goals to improve analytical capabilities and execute data conversion from an IRS database into the BSA database. During 2011, FinCEN reported the project successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.

In July 2006, we reported that an effort by the Financial Crimes Enforcement Network (FinCEN) to modernize Bank Secrecy Act (BSA) data systems failed, in part, because it lacked sufficient investment control techniques. We determined that FinCEN's inadequate application of sound information technology investment management processes and controls to oversee the project contributed to cost, schedule, and performance. As a result of these deficiencies, FinCEN ended the effort and reexamined the overall approach to technology investments and improvements, which included hiring a new IT Leadership Team. In fiscal year 2010, FinCEN began a new BSA IT Modernization Program and completed it in fiscal year 2014. The program modernized FinCEN's entire technical environment resulting in a number of efficiency and functionality improvements, including enabling electronic filing capabilities. This allowed FinCEN to mandate electronic filing for all BSA-related reports which, based on FinCEN's estimates, would result in approximately $40 million in savings by eliminating the costs of paper processing these forms. A member of the IT leadership team at FinCEN stated that GAO's findings and recommendations regarding the previous modernization effort provided lessons learned and reinforced key guiding principles that were incorporated into the development and implementation of the BSA IT Modernization Program. According to this official, the report helped FinCEN get the executive support it needed to lead this type of IT effort, and these lessons learned and key principles contributed considerably to the program's successful completion.

In response to our recommendation, the Internal Revenue Service(IRS) conducted a research project to evaluate the potential usefulness of taxpayer data for identifying nonbank financial institutions previously unknown to IRS. In 2009, the IRS research project found no evidence that taxpayer data could be used to identify previously unknown nonbank financial institutions. As a result, the IRS made a decision not to pursue gaining access to taxpayer data for identifying nonbank financial institutions.

As reported by GAO-09-227 in February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.

In February 2009, IRS addressed our recommendation by updating the Internal Revenue Manual to reflect the latest policies and procedures. As a result, IRS staff has greater certainty that the Internal Revenue Manual has the most current guidance on BSA compliance and IRS management has greater confidence in consistent implementation of the BSA compliance program.

In May, 2010 FinCEN embarked on a multi-year Bank Secrecy Act (BSA) Information Technology Modernization program to reengineer BSA data management. The program is designed to improve quality and accessibility of BSA information in support of national and global law enforcement efforts. Additionally, the Modernization program will include additional layers of authentication and users, such as law enforcement and regulators, will be provided with enhanced analytical tools. During 2011, FinCEN reported the program successfully passed its initial milestones and is proceeding with oversight from the Treasury and the Office of Management and Budget through each phase. While the program will continue through fiscal year 2013, FinCEN's action represent a credible step towards addressing weaknesses in BSA data management.