FinCEN and The Independent ATM Operators

FinCEN has issued a Statement on Bank Secrecy Act Due Diligence for Independent ATM Owners or Operators, focusing on the analysis that financial service providers should use to make a risk based determination about offering services. John and Elliot discuss the statement and their views of why this topic received the attention of FinCEN given all of the initiatives it is working on at this time.

FinCEN and The Independent ATM Operators TRANSCRIPT

Elliot Berman: Hi, John, how are you today?

John Byrne: Good, Elliot. How are you doing today as well?

Elliot Berman: I'm doing well. It's a beautiful day here in Milwaukee. And, here to talk with you about the latest thing coming out of FinCEN, which is a statement on bank secrecy act due diligence for independent ATM owners or operators. Did you see that?

John Byrne: Gee, I thought we were gonna talk about the NBA draft, but I guess we'll do this instead. Yeah, I did see that.

Elliot Berman: We'd probably have to do the NBA draft later since they haven't started yet. 

John Byrne: Well, I know. Our predictions, though. Are our predictions the Nicks gonna move up? I mean, that's important.

So anyway, yeah, I did see that, and I had a couple of quick thoughts and then obviously wanna hear yours. One is working as closely as I have. NGOs over the course of the past, you know, half-decade trying to ensure that they're not automatically de-risked for just fear of not being able to mitigate risk.

It was pretty interesting. Maybe even ironic of a strong statement from Vincent on independent ATM owners because of the same issue, apparently that they deal with as institutions. Who have been told, and I would argue correctly. That many independent ATMs do present some versions of risk higher than others. That there needs to be a more careful due diligence so that some of these institutions, some of these entities, you know, don't have problems getting banking relationships.

So the fact that they put this statement out is, again, pretty interesting, to say the least.

Elliot Berman: Yes. It did strike me as I was reading it. It was like, why this and why now? I know you follow some of the hearings and things like that in Washington closer than I do, but it felt like it was in part the result of maybe some lobbying effort that then got moved this up the urgency list at FinCEN because they have a huge list of things on their plates. As we know, many sets of regulations and notices of proposed rulemaking are pending, and all of that is coming out of AMLA, and this one just felt like it was a little out of the blue in terms of its magnitude. There's certainly a tieback appropriately to the 2016 CDD rule and things like that and an emphasis on the risk-based approach and things like that. Which I, you know, agree with conceptually. I thought it was very interesting. There's a sentence in here, or at least a phrase that I think is maybe not how it comes out on the ground. And it was about taking a risk-based approach, and it says no specific customer type, including independent ATM owners and operators, automatically presents a higher risk of LTF or other illicit financial activity.

And I thought, well, that's interesting because I am sure that some of our colleagues in financial institutions have experienced a different view during the examination process over the last many years. So, it's good to hear that statement made, but I wonder how well it translates to the ground.

John Byrne: You know yeah. And a couple of things again about the irony of this particular statement. If you look at some toward the end of the statement, they talk about some of the information gatherings that might be useful. And there are a series of bullet points, but one of them is the location where the independent ATM owner is organized and where they maintain their place of business, including locations of owned or operated ATMs.

But part of the reason for making this statement is to make sure that people that need banking services get them. Well, then, if that's true, that people should get banking services, but I don't dispute. If you look at a location and look at areas that they're in, you know, whatever it might be, where they actually do need banking services, that then becomes a high-risk flag.

So it's a little bit counterintuitive, at least that bullet point, I think if that's gonna give you a level of comfort. So I find that a little strange.

Elliot Berman: Yeah. Again a lot of the comments or statements, you know, tracks the CDD rule talks about the way, you know, the same kinds of information that we've heard appropriately again, about how to make risk assessment or risk determinations and things like.

As we've each said, it just seems a little strange. It's definitely one of those businesses that's a little challenging. I mean, in some cases, it makes a lot of sense where you find these machines and these services being provided. And they do fill gaps, as you just pointed out, in the geographies where banking services or access to funds are available.

But there's something there, something in here that just felt kind of odd.

John Byrne: Yeah. You know, and I mentioned the non-profits. I actually sent this along to a colleague that I've worked with on some of these projects. And the response from the colleague was that this particular sentence, that the CDD rule does not require banks to conduct additional due diligence on independent ATM owners.

She said, I don't recall seeing anything like that for non-profits, which meant not wrong. So again, I think that was also telling another colleague of ours that we've worked with, I was watching the earlier FinCEN hearings, and I think I got appropriations. I can't remember exactly what a few weeks ago.

And there was a lot of comments from some of the members about independent ATM owners. Like very strange high level of comments about that. That just seemed to be a result of what I would argue has been, as we've said, you know, heavy lobbying from that group. And I actually testified before I joined RightSOURCE at a hearing on AML-related topics, probably like five years ago, maybe even longer.

And separate panel from the one I was on was independent ATM owners complaining back then that they were not high risk. They're basically being a little facetious here, mom and apple pie. And why is it that they're having struggles getting bank relationships or having to provide additional information that they weren't prepared for?

You know? Um, the other thing I would highlight is again, going back to a colleague of ours that's written about this and in one of her postings says, remember, ATMs are not regulated. And so, there are no requirements for stringent CDD measures. It's also quite easy to buy one online and establish an ACH connection through various unrelated, unregulated ISOs, and then, you know, you get an ATM. So some folks have been looking at this. So going back to our original thought. Really interesting that Sen decided to issue this. I would say one other thing, and you know, I know this isn't part of what we're talking about today, but also separately we've been working on, and we've commented before about the fact that now antiquities dealers and advisors will be covered under the Bank Secrecy Act.

I just saw something that indicates that the notice of proposed rulemaking will not even be issued until January of 2023 because of all the work that Fen has on its plate, which it does. But I would ask why are we doing this? I mean, I know it doesn't take that long to put a statement together, but let's talk priorities here. So I think there are a lot of questions that this raises from my perspective.

Elliot Berman: Yeah, agreed. So we're recording this on Thursday. Later today, our latest webinar is going to be done on customer risk rating models. So I would urge people to watch for clips of that to post to our website. Starting in July. And I know you've got at least a couple things in the pipeline. Anything you'd like to talk about?

John Byrne: Sure. We just posted a blog that I wrote based on the June plenary outcome. So that's out on our website now and on social media. Also, there's a couple of interviews that we are scheduling.

I don't wanna announce 'em yet until they're done. Some more that have an international focus and flavor. One that will be with a FinTech-related company to get their sense of their challenges. So that's coming up as well. I guess going back to the statement again, the one thing I will say that is positive is the reiteration of the importance of a risk-based approach. So I think we shouldn't get away from the fact that we need FinCEN. And the regulators continue to talk about any risk mitigation should be done through risk-based assessments. As long as the examiners follow suit and look at institutions for doing it that way, it's hard to quibble.

So risk-based, of course, means looking at a series of factors before you make a decision. But I would also say it also references that if something is considered in a high-risk bucket, the institution still, at the end of the day, has to make a tough call. Do we process, do we onboard? Do we exit based on our ability, our perceived ability, and the regulatory view of our ability to mitigate risk?

So risk-based is important. Let's continue to hope that our regulatory partners utilize that when they look at our clients and the customers of our clients.

Elliot Berman: You have a great weekend, and I will talk with you next week on some new topic that I'm sure will become clear between now and then

John Byrne: Sounds good, Elliot, and enjoy the rest of your birthday.

Take care. 

Elliot Berman: Thank you very much. Bye-bye.