The law is still hugely controversial. Civil libertarians argue that it infringes on people's privacy by giving law-enforcement agencies more power to get customer information from banks. It's a small price to pay if it succeeds, goes the counterargument. But what's becoming clear is that a major national priority to starve terrorists and others of dirty money -- the September 11 hijackers used U.S. banks to transfer funds -- is, in fact, failing. "I don't see a lot of terrorists and money launderers going to jail," says Donald T. Vangel, Ernst & Young's director for bank regulatory and advisory services. "I'm not sure all the investment is having the desired effect."
It's easy to see how the Patriot Act was botched so badly. It's an old Washington story: A sudden event forces Congress to react to a long-festering problem, but the resulting feel-good legislation doesn't get to the nub of the issue. Worse, the law imposes huge costs on the affected industry while providing no new money for enforcement agencies.
Two years later, some 3,200 banks, 6,000 brokerage firms, and 4,400 insurance companies have yet to implement basic watch lists to screen new customers, according to Celent. In many cases, small outfits would rather pay a fine than install costly new technology.UNDERSTAFFED, UNDERFUNDED
The General Accounting Office, Congress' investigative arm, says the problems don't end there. Its September report, Combating Money Laundering, concludes that a lack of cooperation between law enforcement officials and regulators and a severe shortage of federal funding have undermined the law. The Treasury Dept., the main watchdog on money laundering, says cooperation with other agencies is improving.
In any case, the result is understaffed, underfunded agencies drowning in the reports that institutions must now file. The law has always required banks to report and keep records on any suspicious transactions -- such as frequent wire deposits that are immediately withdrawn, or the use of multiple accounts for no apparent purpose -- and all cash transactions of at least $10,000. What's more, all bank drafts, money orders, and traveler's checks of $3,000 or more had to be reported. Financial companies filed millions of these so-called suspicious-activities reports and cash transactions with the Treasury in 2001 -- none of which pinpointed the September 11 hijackers. However, the Patriot Act brought thousands of new players -- including casinos and car dealerships -- into the reporting net. The result: Suspicious activity reports alone jumped 35% in the first year.
Even companies spending big bucks to comply with the law seem to be fighting a losing battle. No institution has figured out a way, for example, to install a centralized customer-identification system for the entire company, says Bob Molloy, director of Deloitte & Touche's Operational Risk Management. "Brokerage firms are still struggling to comply, insurance companies don't have the right systems, and many of the largest universal banks created through mergers" still have divisions that can't communicate with each other, he says.
Meanwhile, criminals are regularly hatching new schemes. The District Attorney's office in Manhattan has uncovered several money-laundering setups this year, including one in June, for instance, in which launderers used credit cards at ATMs to retrieve more than $100 million deposited in offshore banks. One person has pleaded guilty, and the investigation is continuing. "I don't think we're gaining," says James Kindler, chief assistant DA. "We are trying to catch up."
The weakest links in the effort to stop dirty money are firms that were drawn into the fight for the first time after September 11. Celent estimates that banks handle about 47% of the illicit funds, with the rest passing through outfits -- such as insurers, travel agents, pawnbrokers, precious-metals dealers, credit-card companies, and mutual-fund firms -- that were never required to comply with money-laundering laws before. Lawrence A. Cunningham, a Boston College professor of law and business, estimates that there are also hordes of check cashers -- roughly 16,000 neighborhood shops nationwide -- that likely are not even aware of the new law.
Few banks are willing to give precise details of what they've done so far. New York's U.S. Trust, a unit of Charles Schwab Corp. (SCH
), paid a $10 million penalty in July, 2001, for allegedly violating the old money-laundering rules. That was one of the largest such fines ever levied. The company did not admit to any wrongdoing in its settlement with regulators and says it has hired new compliance officers, trained staff, and installed new technology. Also without admitting or denying fault, HSBC Bank USA entered into an agreement with the New York Federal Reserve Bank and the New York State Banking Dept. in April to improve its money-laundering controls and says it has since "submitted all of the reports required." In September, the bank hired its first compliance officer to focus on money laundering full time.
Those few in the industry who are willing to discuss the problem put the blame squarely on Washington. They say the feds should make available several government databases that could help track criminals and illegal immigrants, but they won't because of privacy and national-security concerns. John J. Byrne, senior counsel for the American Bankers Assn., says it is beyond the ability of any bank to implement a system sophisticated enough to track "$2,000 checking accounts to find out if that's going to advance terrorist financing. Congress doesn't recognize that, and it's one of our biggest frustrations."EASY TO BE ANONYMOUS
There's more grumbling in Europe, especially over the high cost of compliance for foreign banks that do business in the U.S. The problem is particularly acute for European banks that have a large number of Internet customers. No staff member ever sees transactions done over the Internet, so banks must install systems to ferret out anything questionable and report it to a compliance officer. Says the head of compliance at one of Europe's largest banks: "Even the most sophisticated systems may not catch money launderers and terrorists. They are using the derivatives markets, for instance, which are huge and liquid and where it is easy to be anonymous."
Naysayers think that no matter how much money the financial industry pours into compliance, new technology, security upgrades, and staff training, the problem won't be solved anytime soon. "Money laundering has been supercharged with technology and globalization," says John Auerbach, director of anti-money-laundering services for investigative firm Kroll Inc. "It's an extremely sophisticated process that uses hundreds of ways to get the job done." For the criminals who continue to slip though, the game is as good as money in the bank. By Mara Der Hovanesian in New York, with David Fairlamb in Frankfurt