SPEAKERS       CONTENTS       INSERTS    
 Page 1       TOP OF DOC

RISK MANAGEMENT AND REGULATORY
FAILURES AT RIGGS BANK AND UBS:
LESSONS LEARNED

Wednesday, June 2, 2004
U.S. House of Representatives,
Subcommittee on Oversight and Investigations,
Committee on Financial Services,
Washington, D.C.
    The subcommittee met, pursuant to call, at 2:13 p.m., in Room 2128, Rayburn House Office Building, Hon. Sue W. Kelly [chairwoman of the subcommittee] Presiding.
    Present: Representatives Kelly, Gutierrez, Moore, Maloney, and Matheson.
    Chairwoman KELLY. The subcommittee on Oversight and Investigations will examine risk management and regulatory failures at Riggs Bank and UBS, lessons learned this afternoon.
    Two weeks ago, this subcommittee explored proposals to streamline and federalize our current system to prevent money-laundering and terror financing. The recent cases involving Riggs Bank and UBS reveal regulatory and risk-management breakdowns that also must be examined in order to strengthen our Government's ability to enforce our anti-money laundering laws.
    This afternoon, the subcommittee will investigate the noncompliant and inexcusable behavior of these two banks, along with the inadequate response of our regulators. In the OCC's oversight of the Riggs Bank's case, we find no better illustration of the inherent weaknesses of a fragmented regulatory regime.
 Page 2       PREV PAGE       TOP OF DOC
    We find a regulator that was reportedly aware of noncompliance by Riggs with high-risk foreign clientele as far back as 1997, perhaps even earlier, and does nothing about it. We find a regulator that was slow to act even after the September 11 terrorist attacks inside our borders made the threat posed by terror-funding networks all too clear. We find a regulator with credibility so diminished that Riggs shamelessly continued to violate the Bank Secrecy Act even after a full-time OCC examiner was placed on the bank's premises following last summer's consent order.
    I am very interested in hearing directly from the OCC about how this happened. I am also deeply concerned that we are combating illicit funding networks inside our country with the regulatory structure that was not designed to be part of our arsenal in a war on terror.
    Though a lot of great strides forward have been taken, particularly with the creation of the Office of Terrorism and Financial Intelligence, the TFI, and with an elevated focus on improving FinCEN's capability, it is evident that this is still a work in progress. The time has come to replace slow-footed regulatory systems with one that is centralized, multi-dimensional and focused intentionally on preventing our financial institutions from being exploited by criminals and terrorists.
    Therefore, this subcommittee will continue to pursue proposals that centralize our examination and compliance assets, that establish a criminal enforcement authority, that will restore the credibility of our regulators. Such reforms should establish clear lines of oversight, improve our ability to quickly detect and respond to suspicious activity and will make clear to financial institutions that, from now on, brazen violators are going to be going to jail instead of just paying a civil fine.
    Our hearing today also focuses on UBS's contract with the Federal Reserve Bank of New York to serve as an extended custodial inventory which facilitates the international distribution of U.S. Currency. Beginning with its contract in 1996, UBS was in violation of its agreement to repatriate old U.S. banknotes and distribute—re-distribute new banknotes on behalf of the Federal Reserve. The bank knowingly traded U.S. currency through the ECI with countries subject to restrictions from the Office of Foreign Asset Control, including Cuba, Iran, Libya, and Yugoslavia. The most serious and disturbing violation has been the discovery that officers and employees at UBS intentionally falsified documents to side-step detection by U.S. authorities.
 Page 3       PREV PAGE       TOP OF DOC
    Though these actions and the company's failure to implement internal controls made it exponentially more difficult to detect suspicious activity, it is also important to examine how and why routine oversight by the Federal Reserve and the OCC didn't raise any concerns. In fact, this subcommittee is deeply concerned that contract violations would likely still be occurring today had our military not been in a position to find U.S. dollars from the Federal Reserve Bank of New York on the ground in Iraq. As such, I believe that we must investigate all ECI contracts to ensure that foreign governments and financial institutions are cooperating with our Government.
    While Riggs Bank and UBS illustrate two distinct regulatory meltdowns, they both speak clearly to the need for improving our efforts to stop terrorist financing. It may create new and unfamiliar responsibilities for financial institutions, but it is a moral and ethical responsibility and a license required to do business in this country.
    We thank our witnesses for their testimony and hope that they can shed some light on these issues. I look forward to continuing this discussion in the subcommittee's hearing next week regarding the oversight of the Department of Treasury and the agency's anti-money laundering efforts.
    I turn now to Mr. Gutierrez.
    [The prepared statement of Hon. Sue W. Kelly can be found on page 32 in the appendix.]
    Mr. GUTIERREZ. Thank you Madam Chairwoman. Thank you for calling this hearing today. It is important, especially given recent events, as we closely examine our anti-money laundering efforts and whether they are sufficient. I am pleased we will be looking—we will hear from the regulators about how these problems occur and what steps have been taken to prevent their re-occurrence.
    The last time Congress was this concerned with the actions of UBS was when the Senate Banking Committee was investigating the sources of Holocaust financing and UBS attempted to shred documents which showed the extent of its involvement. I would have hoped that UBS would have learned from the experience to take U.S. law and the U.S. Congress much more seriously. I also recall the reluctance of Swiss banking authorities to cooperate at that time. While I understand that the Swiss Federal banking economist was much more helpful in this effort, most foreign bank supervisors simply lack the supervisory tools and authority of our regulators here in the U.S.
 Page 4       PREV PAGE       TOP OF DOC
    I think, perhaps, this extended custodial inventory, ECI, business should be restricted to U.S. Institutions so that we can ensure no dealings with OFAC nations, and nations' activities can be closely supervised by U.S. Regulators who need to take an active role in monitoring these activities.
    While this fine of a $100 million seems very large, it is merely, I believe, a drop in a bucket of a $1 trillion institution. It is a one-time penalty that may not have the deterrent effect against misconduct that we may have hoped for. In this case, the ECI business wasn't particularly profitable for the bank—or they say—so the termination of the contract and the exclusion from the part of their business isn't likely to hurt their financial bottom line very much. It might make more sense to punish an institution of the size of UBS by restricting their conduct in a more profitable area, such as their ability to operate in the United States or making them sell off certain aspects of their business which we know to be profitable.
    I am also deeply troubled by the Riggs situation. It represents not merely a failure of one institution's internal controls, but a fundamental flaw in its regulation. It is my understanding that the flaws in Riggs systems were long outstanding and systematic, dating well before the Patriot Act. The recent consent order is something that should have happened 2 years ago, if not earlier. I don't understand why the OCC was not more vigilant on this front and why it took them so long to take these actions.
    I also understand that Rigg's problems were initially discovered by the FBI, rather than the OCC, and that the irregularities in New Guinea were discovered by the bank itself and not the OCC. I don't understand, in a risk-based supervisory system, why the OCC was not more closely monitoring Riggs and why these actions were not brought to light much sooner and appropriate action taken. 9/11 was a wake up call for the industry and should have been for all regulators as well. Our safety depends on banks and bank regulators to be on the front lines to prevent terrorists from using international financial systems to fund their activities.
 Page 5       PREV PAGE       TOP OF DOC
    I am gravely concerned that the regulator has not made this responsibility a higher priority, and their resources may be spread too thin to fulfill their obligations. I have previously expressed this concern about the OCC's attempt to broaden their portfolio into areas the Congress has not authorized. And I think, in fact, the financial services committee is on the record in agreeing with me on this point.
    One final point which I mentioned at our May 18 hearing, the OCC issued, its fine, late on a Thursday. On that Friday, a Maryland woman called her Congressman. She was very concerned about her bank account at Riggs Bank. She was referred to the Banking Committee staff. And she said that she wanted to talk to the regulator. My staff supplied the phone number for the OCC's Customer Assistance Group. But unfortunately, they don't operate on Fridays. They only talk to consumers 4 days a week and then only from 9 to 4, so that woman had to wait from Thursday night till Monday before she could possibly reach someone at the OCC.
    I would like to know what consumers are supposed to do when the OCC is not operating its call center. I think this agency is not concerned about consumers, and I have to doubt its commitment to an anti-money laundering effort.
    Thank you again, Chairwoman Kelly, for calling this hearing, on this hearing, on this issue.
    Chairwoman KELLY. Thank you, Mr. Gutierrez.
    Ms. Maloney? Whoops. Mr. Moore?
    Mr. MOORE. Madam Chairperson, I will simply welcome the witnesses here today.
    I want to listen and learn, and I appreciate your convening this hearing.
    Chairwoman KELLY. Thank you.
    Mr. Matheson?
    Mr. MATHESON. I will just reiterate what Mr. Moore said. I am looking forward to the hearing. Thank you, Madam Chairwoman, for calling it.
 Page 6       PREV PAGE       TOP OF DOC
    Chairwoman KELLY. Thank you.
    I am going to just simply say that, without all objection, all Members' opening statements will be made part of the record. One of the reasons for this is that we have a very busy schedule right now, and we were going to, with unanimous consent, we will just make them all part of the record.
    Chairwoman KELLY. Now, I would like to introduce our panel. With us today are the representatives from the Office of the Comptroller of Currency and the Federal Reserve Bank of New York.
    Our first witness, Mr. Daniel Stipano, was appointed deputy chief counsel of the OCC in December of 2000. He is also a member of the Treasury Department's Bank Secrecy Act Advisory Group and the National Interagency Bank Fraud Working Group. Prior to this appointment, Mr. Stipano served as director of the OCC's Enforcement and Compliance Division since 1995.
    Our second witness is Mr. Thomas C. Baxter, Jr., general counsel and executive vice president of the legal group at the Federal Reserve Bank of New York. Mr. Baxter has assumed this role since 1995 and also serves as its deputy general counsel of the Federal Open Market Committee. His principal responsibility is to supervise the day-to-day operation of the New York Fed's legal group. That is a big job. We thank you.
    And we thank you for being here. We thank you for your testimony today. And without objection, your written statements will be made part of the record.
    If you have not testified before a committee before, you will be recognized for a 5-minute summary of your testimony. There are lights there that will come on the boxes. The green light means you have 5 minutes. The yellow light means, please sum up in 1 minute, and the red light means, if you haven't already summed up, please try to do that as quickly as possible. Thank you very much.
    And we will begin with you, Mr. Stipano.
 Page 7       PREV PAGE       TOP OF DOC
STATEMENT OF DANIEL P. STIPANO, DEPUTY CHIEF COUNSEL, OFFICE OF THE COMPTROLLER OF THE CURRENCY
    Mr. STIPANO. Chairwoman Kelly, Ranking Member Gutierrez and members of the Subcommittee, I appreciate this opportunity to discuss the OCC's supervision of Riggs Bank N.A. and particularly our efforts to bring Riggs into compliance with the Bank Secrecy Act. The OCC and FinCEN recently assessed a $25 million civil money penalty against Riggs for violations of the BSA. The OCC also took a separate cease and desist action to supplement the Order issued against the bank in July 2003.
    The OCC first identified deficiencies in Riggs procedures several years ago. Beginning in the late 1990s, we recognized the need for improved processes at Riggs and for improvements in the training in, and awareness of, the BSA's requirements and in the controls over their BSA processes. Prior to 9/11, the OCC visited the bank at least once a year and sometimes more often to either examine or review the bank's BSA compliance program.
    Over this time frame, OCC examiners consistently found that Riggs' program was either satisfactory or generally adequate, meaning it met the minimum requirements of the BSA, but we nonetheless continued to find weaknesses and areas of its program that needed improvement. We addressed those weaknesses using various informal supervisory actions.
    After 9/11, the OCC escalated its supervisory efforts to bring Riggs' compliance program to a level commensurate with the risks that were undertaken by the bank. In 2002, the OCC conducted a series of anti-terrorist financing reviews at our large or high-risk banks, including Riggs. As a result of these reviews and other internal assessments, plus published reports of suspicious money transfers involving the Saudi Embassy accounts, our concerns regarding Riggs' anti-money laundering program were heightened. Thus we conducted another examination of Riggs in January 2003.
    The focus of that examination was on Riggs' embassy banking business and, in particular, the Saudi Embassy accounts. The examination lasted for approximately 5 months and involved agency experts in the BSA and anti-money laundering area. It disclosed serious BSA compliance program deficiencies that resulted in the bank's failure to identify and report suspicious transactions occurring in the Saudi Embassy accounts.
 Page 8       PREV PAGE       TOP OF DOC
    The finding from the January 2003 examination formed the basis for the July 2003 cease and desist order.
    Throughout this examination, there was regular contact with the FBI investigators. We provided the FBI with voluminous amounts of documents and information on the suspicious transactions, and we hosted a meeting with the FBI to discuss these documents and findings. Throughout this process, we provided the FBI with expertise on both general banking matters and on some of the complex financial transactions that were identified.
    The OCC began its next examination of the bank's BSA compliance in October 2003. The purpose of this examination was to assess compliance with the Order and the USA PATRIOT Act and to review accounts related to the Embassy of Equatorial Guinea. The examiners found that, as with the Saudi Embassy accounts, the bank lacked sufficient policies, procedures, systems and controls to identify suspicious transactions concerning the bank's relationship with Equatorial Guinea. The findings from this examination as well as from previous examinations formed the basis for the OCC's recent civil money penalty and cease and desist actions.
    In retrospect, as we review our BSA-compliance supervision of Riggs during this period, we should have been more aggressive in our insistence on remedial steps at an earlier time. We also should have done more extensive probing and transaction testing of the Embassy accounts. As described more fully in my written testimony, we have reevaluated our BSA supervision processes in light of this experience, and we will be implementing changes to improve how we conduct supervision in this area.
    While not to be minimized, the Riggs situation must be put in broader context. Unlike other financial institutions which have only recently become subject to compliance program and suspicious activity reporting requirements, banks have been under such requirements for years. Not surprisingly, banks are widely recognized as the leaders among the financial services industry in the anti-money laundering area. The role of the OCC and the other Federal banking agencies is not that of criminal investigators, but rather to ensure that the institutions we supervise have strong anti-money laundering programs in place. As a consequence of our supervision, most banks today have strong anti-money laundering programs, and many of the largest national banks have programs that are among the best in the world.
 Page 9       PREV PAGE       TOP OF DOC
    In conclusion, the OCC is committed to preventing national banks from being used wittingly or unwittingly to engage in money laundering, terrorist financing or other illicit activities. We are ready to work with Congress, the other financial institutions regulatory agencies, law enforcement and the banking industry to continue to develop and implement a coordinated and comprehensive response to the threat posed to the Nation's financial system by money laundering and terrorist financing.
    [The prepared statement of Daniel P. Stipano can be found on page 54 in the appendix.]
    Chairwoman KELLY. Thank you very much.
    Mr. Baxter.
STATEMENT OF THOMAS BAXTER, JR., GENERAL COUNSEL AND EXECUTIVE VICE PRESIDENT, FEDERAL RESERVE BANK OF NEW YORK, ACCOMPANIED BY KATHERINE WHEATLEY, ASSISTANT GENERAL COUNSEL, AND MICHAEL LAMBERT, FINANCIAL SERVICES CASH MANAGER
    Mr. BAXTER. Chairwoman Kelly, Representative Gutierrez and Members of the subcommittee, my name is Thomas Baxter, and I am the general counsel and executive vice president of the Federal Reserve Bank of New York.
    At the New York Fed, I have responsibility for the Legal Department, Security and the Court Secretary's Office. With me today are two representatives of the Federal Reserve Board, Katherine Wheatley, assistant general counsel, and Michael Lambert, financial services cash manager.
    Chairwoman KELLY. We welcome their presence. Thank you very much, Mr. Baxter.
    Mr. BAXTER. We appreciate your invitation and are privileged to appear before you to discuss the Federal Reserve's operation of the extended custodial inventory, or ECI program, and our responses to UBS's misconduct in operating one of our ECI facilities.
 Page 10       PREV PAGE       TOP OF DOC
    The U.S. dollar is the most desired form of money in the world. In many ways, our dollar represents the strength of the American economy. The dollar is so desired around the world because it is a stable, always-reliable medium of exchange and store of value. Today, I will be speaking about the Federal Reserve's operation of the ECI program, and I should start by describing that program.
    In operation since 1996, when the Treasury, Secret Service and Federal Reserve collectively decided to launch it, the ECI program has been a great success. The program sustains the quality of the U.S. dollar banknote, helps to deter counterfeiting and provides an efficient and effective mechanism for the distribution of those notes in our largest market, the market outside of the United States. We estimate that up to two-thirds of our currency, or over $400 billion, circulates outside of the United States.
    The ECI program involves the use of financial institutions, mainly commercial banks, that are highly active in the international currency distribution business as Federal Reserve contractors. These institutions agreed to extend the Federal Reserve's reach into major financial centers of other countries and hold inventory of our most popular product, that is the Federal Reserve note. They do this by holding in custody for us in their vaults U.S. dollar notes that we expect to distribute abroad or old and unfit notes that we wish to repatriate. The, quote, ''extended custodial inventory,'' unquote, facility, helps to assure the quality of our product and its efficient distribution.
    With respect to quality, the ECI facility performs two important functions. First, it positions us to better monitor and control the quality of our product by identifying counterfeit notes. The ECIs are well situated to detect such notes, to remove them from circulation, to provide intelligence to law enforcement authorities, both here and abroad, and to distribute new authentic notes. They perform similar functions with respect to what we at the Federal Reserve call unfit notes, which is a cash-processing codeword for worn and dirty.
 Page 11       PREV PAGE       TOP OF DOC
    As for the efficiency of our distribution network, through our ECI contract partners, we are positioned in high-volume, wholesale banknote markets. Currently, these markets are located in London, Frankfurt, Zurich, Hong Kong and Singapore. At the present time, we have ECI contracts with American Express Bank, Bank of America, HSBC Bank USA, the Royal Bank of Scotland and United Overseas Bank. Our ECI contractors bring into the markets they serve new fit notes quickly, and with similar expedition, they repatriate unfit or old-design notes to the United States for destruction.
    They have ready a substantial inventory of notes to satisfy the periodic spikes in supply and demand encountered in a world full of uncertainties. Because these notes are Federal Reserve property, the ECI contractors do not have to finance the inventory when it is not needed. This leads me to my first point.
    The experience that we have had with UBS does not change the fact that the ECI program is a success, nor should it detract from the importance of the program to the Federal Reserve, the Treasury, and the Secret Service. I hasten to add that I am in no way trying to minimize what UBS did. The breach by UBS of our contract was wrongful, and the concerted acts of deception by UBS carried out over a long period of time, violated our laws.
    The Federal Reserve terminated the contract with UBS in October of 2003. And we assessed a $100 million civil money penalty against UBS on May 10, thereby remedying the breach and punishing UBS's deception. This leads to my second point, which looks at how we respond when someone doing our business performs badly.
    The prompt corrective action taken to terminate the Federal Reserve's contractual relationship with UBS and to punish deception by UBS with a large monetary penalty demonstrates a resolve that Federal Reserve operations will be conducted to the highest standards and in full compliance with U.S. legal requirements. In this regard, it is noteworthy that our ECI contracts in essence export U.S. legal requirements, including OFAC restrictions, to offshore facilities. The U.S. sanctions regime generally cannot be applied extra-territorially.
 Page 12       PREV PAGE       TOP OF DOC
    When the Federal Reserve learned that UBS breached its contractual obligations to abide by the restrictions of the U.S. sanctions program and engaged in U.S. dollar transactions with impermissible jurisdictions, we acted swiftly and surely. We terminated our contract with UBS and debited UBS's account with us for the entire inventory maintained in the Zurich vault.
    In a day, UBS lost an entire business line that had been profitable throughout the 8 years that UBS served as an ECI contractor. The forfeiture of profitable business is a financial consequence. UBS also suffered a reputational injury. Through the related action of our colleagues at the Swiss Federal Banking Commission, UBS is forbidden from reentering the wholesale external banknote business without the permission of the commission. This leads to my third point.
    The Federal Reserve will not tolerate deception. We will not tolerate deception from those banking organizations that we supervise, and we will not tolerate deception from those with whom we contract to execute important Federal programs. The ECI program is one such program. To transact business out of the Zurich facility with Iran, Cuba, Libya, and Yugoslavia, as UBS did, UBS personnel needed to act covertly and to hide their activity from the Federal Reserve. The people who engaged in such conduct in Switzerland have lost their jobs. The business franchise is no more. In the civil money penalty that we announced on May 10, UBS paid a heavy price for the deceit of the banknote personnel which it formally employed.
    Turning for just a moment back to the ECI program, the imposed penalty gave our remaining ECI operators 100 million reasons to be truthful. And on top of all of that, the Swiss Federal Banking Commission issued a formal, public, quote, ''reprimand,'' unquote to the largest bank in Switzerland. The banknote personnel of UBS deceived people at the Banking Commission just as they deceived us. Our colleagues at the Banking Commission joined with us in finding such deception inexcusable and warranting that reprimand. This brings me to my fourth and my final point.
 Page 13       PREV PAGE       TOP OF DOC
    At the Federal Reserve, we are dedicated to continuous improvement, and we know that all internal controls can be bolstered through the lessons of experience, including our own unfortunate experience in the UBS matter. That experience has shown that our primary control for compliance with the country restrictions in the contract, namely, truthful monthly reporting of currency transactions by country, was just not sufficient. With the country reports that we received from UBS, we did not follow the old audit admonition, quote, ''trust but verify,'' unquote. Since February of this year, our ECI contracts have a number of new features that enhance the control environment and provide for the necessary verification. One is the requirement that management of our ECI contractors attest yearly on contract compliance and accurate reporting and that an independent public accounting firm certify to the Federal Reserve that the management attestation is fairly stated. This Sarbanes-Oxley inspired change shows our commitment to continuous improvement.
    Another new feature is a 17-point procedural program that spells out the ECI contractor's responsibilities for OFAC and anti-money laundering compliance. This program provides for OFAC risk-assessments, requires the implementation of ECI program internal controls, establishes operational responsibility for compliance and specifies internal and external audit requirements. Moreover, each ECI operators policies and procedures directed at OFAC's compliance will be reviewed by a team of experts from both the New York Feds and OFAC.
    Let me conclude by summarizing my four points. The ECI program is important and successful because it fosters the excellent quality of U.S. currency, and it has efficient distribution outside the United States. When someone performs poorly in the ECI program, you can be assured that the Federal Reserve will respond with prompt force, full corrective action. If there is deception in addition to poor performance, as was the case with UBS, the consequences will be severe. Finally, we will strive to continuously improve our internal controls and the ECI program by borrowing the best ideas and by learning lessons from our experiences. Thank you for your attention. And I look forward to answering any questions you may have.
 Page 14       PREV PAGE       TOP OF DOC
    [The prepared statement of Thomas Baxter Jr. can be found on page 36 in the appendix.]
    Chairwoman KELLY. Thank you Mr. Baxter. I am sure there will be questions.
    I am going to turn to you, Mr. Stipano. I have seen news reports that indicate that your agency was aware of compliance problems at Riggs as far back as 1998, 1997 or 1999 and I see your testimony says late 1990s. When exactly, what month and year, did the OCC recognize problems and violations were occurring at Riggs?
    Mr. STIPANO. Well, I can't give you the month, but I can give you the year. As far back as 1997, we cited the bank for deficiencies in its Bank Secrecy Act compliance program. The types of deficiencies that were flagged at the time tended to have to do with the individual elements of a compliance program, in other words, with training, internal controls, testing, et cetera. Those deficiencies were somewhat technical in nature and were not really at a level that would normally require use of formal enforcement action to correct.
    Chairwoman KELLY. Is there—Mr. Stipano, I am going to ask you this again.
    Mr. STIPANO. Okay.
    Chairwoman KELLY. I would like to know a month. If it was 1997, what month?
    Mr. STIPANO. I don't have that information at my fingertips. We would be happy to provide it to you though.
    Chairwoman KELLY. I would appreciate if you will do that.

    [Subsequently Mr. Stipano advised Mrs. Kelly that the month was August of 1997.]
 Page 15       PREV PAGE       TOP OF DOC

    Mr. STIPANO. We will do that.
    Chairwoman KELLY. I think that is important for us to know.
    Mr. STIPANO. Understood.
    Chairwoman KELLY. The problems you just outlined, training, testing, internal controls, why did it take 6 years for the SAR reports, that problem not to come to light? Your agency knew that there were violations at Riggs. It took an unusual step in 2003 to put a full-time examiner on-site, but it wasn't until 2004 that you took some action by assessing a fine.
    I think you would agree that eradicating terror financing is one of the most time-sensitive issues that has ever faced our financial regulatory system. I want to know why the agency dawdled before taking any real action if you knew about these problems. You knew about them 3 years before 9/11. But even after that wake-up call, it took another 2 years before you got a full-time examiner on site, and the violations were still continuing with your full-time examiner.
    I just—you know, I just—it boggles my mind. I am sure it probably boggles yours. But I would like to know why the agency dawdled in not taking any real action here.
    Mr. STIPANO. I don't know that I would characterize us as having dawdled.
    But I would agree that, with hindsight, there certainly were judgments that we made that turned out not to be the correct ones. Let me go back a little bit in time because I think it is useful to look at our supervision of Riggs, both pre-9/11 and post 9/11. Pre-9/11, we did many examinations of the bank focusing on the adequacy of their BSA compliance program, which is our charge. The bank had a program and was in compliance with the regulation. In other words, the regulation requires that all banks have a program in place and that it cover four areas. The bank had that. But it didn't perform on each of those elements as well as it needed to. There were deficiencies. The training needed to be better. The controls needed to be beefed up. What we did not know at that time were the types of substantive violations of the BSA that were discovered as a result of our examination in 2003.
 Page 16       PREV PAGE       TOP OF DOC
    I think there are a couple of reasons for that. And I will be very up front with you. The first is that we trusted management too much to get the problems fixed. In the vast majority of cases where you have these types of violations, the examiners bring them to the attention of management and the board, and the problems get fixed. And that is usually the end of it. That didn't happen at Riggs. There was an effort made to fix the problems, but the effort took a long time. It took longer than it should have, and we were willing to give management too much slack.
    The other error in judgment that was made during that time frame was that we under-estimated the risk in the Embassy accounts. Pre-9/11, embassy accounts were not viewed by the OCC or anyone else that I know of as high-risk accounts. The types of things that we were focusing on for in-depth examinations were foreign private banking, foreign correspondent, accounts, accounts with Russian entities, accounts with countries that are on the Financial Action Task Force list, but not embassy accounts. As it turned out, there was a lot of risk in those embassy accounts, but it did not come to light until after 9/11.
    Chairwoman KELLY. I am looking now at an OCC examination. It is entitled Bank Secrecy Act, the OCC Examination Coverage of Trust and Private Banking Services issued by the Office of Inspector General, November 29, 2001. In there, there is a chart that lists your rate of coverage and testing high-risk transactions for foreign correspondent banking at 0 percent. In other words, in November of 2001, the IG's report says you weren't even looking at this stuff. And that's November of 2001. You still weren't looking at this. With unanimous consent, I am going to insert this into the record.
    [The following information can be found on page 74 in the appendix.]
    Chairwoman KELLY. But that, sir, begs the question about what those people were doing between 2001, November, and 2003, when you finally put somebody in the bank. I am not asking you a question. I am simply making a statement here that there had to be some knowledge somewhere, institutionally within the OCC I suspect, that would have brought to bear some more information gathering and better oversight on foreign transactions.
 Page 17       PREV PAGE       TOP OF DOC
    What kind of an interaction did you have with bureaus like FinCEN and the Fed after the OCC became aware of the Riggs problems? When did the law enforcement get involved? And I would like to know what—it was a result of the investigation into the report of the financial link between the Saudi ambassador's wife and the 9/11 hijackers. Was that what triggered this? What triggered this?
    Mr. STIPANO. Maybe it would be useful for me to walk you through the chronology, post 9/11. You are absolutely correct; 9/11 turned the world on its head, including our world in the regulatory agencies. Our immediate response in the aftermath of 9/11 was to work with law enforcement to identify where the accounts of the 9/11 hijackers were, as well as where the accounts of other individuals and entities that were linked with the hijackers were.
    A process was put into place 5 weeks after 9/11 whereby the FBI could provide us with the names of suspected terrorists and people who were linked to terrorism, and we would blast it out by e-mail to every one of our financial institutions, who would then be obligated to report back and identify the account. So that was something we did immediately after 9/11.
    Another major initiative at that point was to implement the PATRIOT Act, which was passed a few weeks after 9/11. It put some requirements in place very quickly. But very little of that statute was self-effectuating. It required that regulations be written. So we worked on various work teams with the Treasury Department and the other Federal financial institutions regulators to write regs to implement the PATRIOT Act.
    Another step that had to be taken was to write new exam procedures. Pre-9/11, our focus in this area was on money laundering. Post-9/11, now we are looking at something relatively new, terrorist financing. So we needed new exam procedures. These were all things that were done in the immediate month after 9/11.
 Page 18       PREV PAGE       TOP OF DOC
    In the summer of 2002, we embarked on a series of anti-terrorist financing reviews at most of our large banks and our other high-risk banks, including Riggs. The purpose of those reviews was to, determine the extent of compliance with the PATRIOT Act requirements that were in place as of that time, and to see what the banks were doing to deter and prevent terrorist financing. And to the extent that we discerned weaknesses, we would then follow up with a more full-scope exam.
    Riggs was, as I said, part of that group that was examined with these anti-terrorist-finance exams. And it disclosed weaknesses. So that was part of our impetus for doing the January of 2003 exam.
    Now, in the meantime, that fall, there were published accounts of Riggs accounts related to the Saudi Embassy that may have been used to funnel information to people associated with the hijackers. Obviously, became aware of that and that caused us to focus with particularity on the Saudi Embassy accounts. Up to that point, other than the normal types of supervisory interactions that we would have with the Fed on any bank that has a holding company, there was not extensive contact with other agencies. There was not with FinCEN, and to my knowledge, there was not with the FBI.
    Once that examination began, that all changed. The exam we did in January of 2003 involved some of our best agency experts. It went on for 5 months. It was an intensive drill-down type of look at the Saudi accounts, and it discovered all kinds of problems, mainly a lack of sufficient know-your-customer documentation and a failure to file suspicious activity reports in noncompliance with the BSA.
    This information was provided to the FBI. We had many meetings with the FBI. I shared a lot of information with them, and at the conclusion of the examination, we made a referral to FinCEN for the assessment of civil money penalties under the Bank Secrecy Act.
    Chairwoman KELLY. Okay. I think that we can talk about that further because it brings questions in my mind about when you say that there was no contact between your agency, FinCEN, FBI and the Treasury prior to this. It just—I hope that that has changed.
 Page 19       PREV PAGE       TOP OF DOC
    Mr. STIPANO. But at that point, there really wouldn't have been a reason to. I mean, we would normally make a referral to FinCEN under guidelines that FinCEN and the banking agencies agreed to many years ago. Prior to that January 2003 exam, systemic BSA violations had not been discovered, so there would not have been a basis for a referral to FinCEN. And we were unaware of any criminal violations that would have necessitated a contact with the FBI.
    Chairwoman KELLY. Well, in 1997, there were some areas of concern. And it didn't improve, and it continued to not improve. I think we should—I think we should maybe get into another dialogue about this, and I will have some further follow-up questions on it as I think.
    But the report that was—a report that was issued by the Treasury Inspector General found that you really lacked, as I pointed out, sufficient testing of the high risk transactions that were commonly associated with money laundering or lacked review and evaluation of critical BSA reports that banks are required to file. Now, that is—I am quoting from the inspector general's report that I put into the record. Specifically, examiners did not test wire transfers, transactions with foreign correspondent banks, currency transaction reports or suspicious activity reports. In fact, when they looked at that, you had a 0 percent score.
    The report concluded that the OCC should ensure that examiners complete transactional testing of high-risk BSA areas, and this was November 2001. And it notes that the OCC management concurred with that recommendation. So the management, the OCC knew in 2001 that there were shortcomings there. And, you know, if you—the OCC scored 0 percent in high-risk areas. You wonder then, there are some other things on that chart. You wonder about some of these other areas. And if you thought you were performing at a certain standard, you think that you maybe now might be overstating your ability to handle the issues? I was adding up this—your testimony, the number of people who worked for the OCC. You have taken on a lot. And I am wondering if you are overstating your ability to handle the issues.
 Page 20       PREV PAGE       TOP OF DOC
    In the Riggs case, that bank is located just a couple miles from its own regulator, the OCC, in a high-threat area with the largest embassy banking clientele. You begin to wonder how many warning signs it takes, how many IG reports it takes. And you begin to wonder that—how can the American people have any confidence to handle this financial oversight? You know, banking regulators have had every warning and every opportunity, and I am not so sure we can win any longer.
    On a scale of 1 to 10, how would you rate banking regulators' ability to oversee the BSA compliance right now?
    Mr. STIPANO. 9. This is not a new area for us, Chairwoman Kelly. This is something that we have been doing for decades. And I am not saying that we are perfect and that—I am not saying that the supervision that we did in Riggs was perfect. But our job is to ensure that banks have strong anti-money laundering programs, and banks have been under that requirement for 17 years.
    The OCC has been very aggressive and vigorous in this area. For example, since 1998, we have taken 78 formal enforcement actions against banks and their institution-affiliated parties that were based in whole or in part on violations of the Bank Secrecy Act. Some of those cases are among the most significant money-laundering cases that the United States Government has ever brought, and the OCC played a key role in those cases.
    As a consequence of our vigilance in this area, most banks have excellent BSA compliance programs, and some of the largest national banks have programs that are among the best in the world. They are the model that nonbanking financial institutions are trying to achieve.
    And, frankly, I think the real area of concern and one of the best things that the PATRIOT Act did was it extended the types of requirements that banks are under, like the compliance program requirement and the SAR filing requirement, to a whole host of industries that previously had not been subject to those requirements: money transmitters, pawn brokers, broker-dealers, et cetera. And the task now is to get those industries up to the level where the banks are.
 Page 21       PREV PAGE       TOP OF DOC
    Chairwoman KELLY. Finally, I look inside here, and you say you have nearly 17,000 examiners in the field. It seems to me that what happened with Riggs may not be an isolated case. I think that there may be difficulty in communications with other agencies. I think that maybe it might be time, for the sake of the American people's trust in our financial system, to let the agency egos be put aside and start recommitting to working together so that you can share information.
    I am very concerned that information has not and may still not be shared between agencies. The problem is, one, when a regulator goes in and begins to look at the things they are charged to look at, they get very involved in the paper work, the appropriate forms filled out, the appropriate forms filed and the appropriate filing cabinets. It does us no good, in terms of bank regulation and enforcement, to have everything go into a filing cabinet and not be enforced. And I am very concerned that we maybe think about not only civil but criminal enforcement and possibly think about ensuring that compliance is assisted by a criminal enforcement program within the Treasury.
    Do you think it would have made a difference last year, if Riggs—when Riggs was kind of shamelessly flaunting all your regulations in your face—-if someone had been able to pick up in Treasury, at that moment, and had criminal enforcement powers for the BSA? I mean, right now, the IRS is the only one that has that power. Wouldn't it be helpful that maybe we have criminal enforcement capability with people who are familiar with the controls and the systems of the financial institutions to put it all together?
    When your reports come in and say, wait a minute, this is a red flag, something needs to happen. What do you think about that?
    Mr. STIPANO. I think it would be very, very difficult for another agency or group of agencies to duplicate or improve on the job that the banking agencies do when it comes to assessing the adequacy of a BSA compliance program for a couple of reasons. One is that we have at our disposal thousands of bank examiners who are skilled experts at doing this, and that would not be true with another agency. And the type of work that is involved, assessing controls, assessing training, testing, is within the particularized skill sets of most bank examiners. So handing that function to another agency, in my view, would be a step backward and would not improve compliance in the anti-money laundering area.
 Page 22       PREV PAGE       TOP OF DOC
    That said, I agree with you that there is room for improvement when it comes to coordination among Government agencies and information-sharing. One area where I think that the Government is lacking is that information-sharing often is a one-way street from the banks and from the banking agencies to criminal law enforcement. There has been improvement since the PATRIOT Act. The process that I described to you previously, of sending out the control list, has now been codified under Section 314 of the PATRIOT Act. That is a significant development that has made it much easier for law enforcement to target accounts of potential terrorists. But that is relatively new.
    What I think would help the banking agencies probably more than anything would be for the Treasury Department and FinCEN in particular to better utilize the data that they have to provide us with analytical reports that would allow us to be better at identifying the risks and concentrating our resources on the high-risk banks and the areas within the banks that pose the greatest degree of risk. That is something that I understand is a very high priority with FinCEN presently and something that they hope to accomplish.
    Chairwoman KELLY. Well, right now, FinCEN doesn't have the ability to enforce anything. They are collecting. And they are collecting information. Streamlining and centralizing.
    I heard you talk about streamlining, but I think also maybe we need to think about centralizing information so that it can be appropriately examined with one oversight and be responded to, so we don't have another instance where it has taken since 1997 before people throw up their hands and said, ''Oh my goodness, there is something happening here.'' that is—streamlining and centralizing might be good. It is not necessarily always one of the things that we do with the Federal Government, but in this instance, it might be a good thing. So maybe we can talk about that also.
    Mr. STIPANO. I just want to be clear on this point though because our view is that, while errors in judgment were made on Riggs, Riggs was an anomaly and the system as a whole presently functions very well. It can be improved, and we hope to improve it. And the way to improve it is through better coordination among agencies and increased information-sharing. The solution, in our view, is not to junk the present system and replace it with something else, because I don't believe that you will replace it with a system that is better than the one you have right now.
 Page 23       PREV PAGE       TOP OF DOC
    Chairwoman KELLY. Well, Mr. Stipano, I am not interested in junking the present system, but I am interested in making sure that we don't walk out of here this afternoon and find that, on the front pages of the newspapers tomorrow morning, there is another Riggs situation.
    I think it is very important that we look at how the examinations are being done, how information is being collected, how it can be better collected in a place so that it can be reacted to by the people who have the enforcement capability. And if there is not an appropriate enforcement capability at the agency in charge, which in this case is the Treasury, then the Treasury probably should have that enforcement capability. And it may be something that we want to think about.
    It is just—I am just throwing this out here, because I think it is clear there was a break down in the system. And when that happens, we need—it is right and appropriate for us to take a look at how to better that system so that doesn't happen again.
    Mr. Baxter, I would like to ask you a couple of questions. There are indications that the Fed saw hints of OFAC related problems at UBS early in the ECI program and had some conversations with the bank. Please tell us if those concerns were ever communicated to OFAC. Also, please tell us why there was not much more stringent attention to the problem if there was even a hint of OFAC-related problems.
    Mr. BAXTER. Chairwoman Kelly, first, with respect to whether we had an early warning of a problem at UBS involving OFAC, the answer is no.
    In 1998, following the merger between UBS and Swiss Bank Corporation, Federal Reserve officers felt it was appropriate to remind the UBS management that came in at the time of the responsibilities for OFAC compliance under the contract. But that was triggered not by concern that there was a compliance failure. It was a concern about management change that attended the merger of Swiss Bank Corp and UBS.
 Page 24       PREV PAGE       TOP OF DOC
    With respect to notification to the office of foreign assets control, we first learned of an OFAC problem on June 25 of 2003 when an officer who was visiting the Zurich facility learned that there had been transactions of cash with Iran, which of course was not permitted under the contract in early July. All of that information was communicated to our colleagues at OFAC, and I should emphasize that we communicated the information that we had at the time, information that was not correct in several different respects, but the information was timely communicated by the Federal Reserve to OFAC as soon as we learned that we had a problem.
    Chairwoman KELLY. Did the Fed send correspondence after the UBS merger to warn them of interaction with OFAC-listed countries?
    Mr. BAXTER. I wouldn't characterize it as a warning. I would characterize it as a reminder, and the concern was specifically generated by the fact that anytime there is a merger, particularly a merger of the dimension of the UBS-Swiss Bancorp that with management change come new people, and the new people might not be mindful of the special contractual requirements that we exported through our contract to Switzerland. And in Switzerland there were no prohibitions on transactions by Swiss banks with Cuba, with Iran; there were restrictions with Libya and Yugoslavia. So it was appropriate for us to remind periodically not only UBS, but other ECI operators that there were special restrictions exported from the United States by contract.
    Chairwoman KELLY. I just turned to Mr. Gutierrez, because earlier in his opening statement he talked about whether or not the ECI should be with American-owned banks only.
    Why wouldn't some aggressive steps, having been taken in 1996, make certain that ECIs around the world were operated by U.S. banks? Why wouldn't they, by definition, have to observe the OFAC sanctions? Is there some reason why that didn't happen?
    Mr. BAXTER. First, with respect to the point about U.S. institutions—and it is a very good point because, as U.S. persons, branches abroad of U.S. banking organizations are subject to OFAC requirements, so they would not need to be reminded or they would not need to be required in a contract. But there are also specific reasons why the Federal Reserve looks to foreign institutions in certain locations. And let me give you a case in point, and the case in point happens to be UBS.
 Page 25       PREV PAGE       TOP OF DOC
    At the time we started our ECI program, we were particularly concerned about replacing a $100 note with a new note, and one of the places that the old $100 note was very, very popular was in the former Soviet Union. At that point in time, there was an American bank called Republic National Bank that was serving the former Soviet Union. That American bank decided that it was no longer interested in the Russian business. And so we were in the position of wanting to reach into Russia to deal with the replacement of the $100 note, and we needed to find an ECI contractor who could do that.
    UBS was the contractor who stepped forward. So in that particular case, we looked to a foreign institution to fill in for a U.S. institution that no longer exists, but at the time it was withdrawing voluntarily from that particular business, business that the Federal Reserve, the Treasury, and the Secret Service and the American ambassador at the time felt was very important to pay attention to with respect to the replacement of that $100 note.
    So there are reasons that we look to particular foreign institutions to extend our reach into certain jurisdictions, like Zurich back in 1996, like Singapore with respect to United Overseas Bank; and those are reasons to look to foreign institutions to service us. And what we do with the foreign institutions is, we basically apply through the contract the OFAC restrictions.
    Chairwoman KELLY. Thank you.
    Mr. Gutierrez.
    Mr. GUTIERREZ. Thank you very much. Welcome to you all and thank you for your testimony. I want to go back to Mr. Stipano.
    The chairwoman and you, through her questions, spoke a little bit about the Riggs situation in 1998 and 1999. Now, I will put words in your mouth, so you can correct anything that you said, that one of the reasons was that your auditors believed what was being said by the answers that were given by Riggs employees back to your regulators and auditors; is that what you said?
 Page 26       PREV PAGE       TOP OF DOC
    Mr. STIPANO. I don't know if I would characterize it exactly that way.
    Mr. GUTIERREZ. Why don't you recharacterize it, because I want to know exactly what happened.
    Chairwoman Kelly said, well, what happened, you were there for 1 year, 2 years, 3 years; and you said, well, one of the reasons was—I understood that they lied to you. And you kind of phrased it a little nicer and said, they didn't quite—we kind of believed them.
    Mr. STIPANO. I wouldn't say that they lied to us, but I think that what was going on in that pre-9/11 period was that our examiners were finding deficiencies with the bank's BSA compliance program at every exam. They weren't the kinds of deficiencies that were flagged in the 2003 exam where we looked in depth at the Saudi Embassy accounts, but there were problems, and we brought these problems to the attention of bank management and the board. They were discussed during the exams. They were written up in the exam reports, and we secured what we believed was a commitment from bank management to fix them.
    What would happen is really what I would term more accurately as ''foot dragging.'' The changes that we wanted to have made were made, but they were made slowly. There was not a real responsiveness. And looking back at this with hindsight, I think that——
    Mr. GUTIERREZ. You trusted them.
    Mr. STIPANO. We trusted them. And in hindsight, we shouldn't have done it.
    Mr. GUTIERREZ. I guess we finally found a word to describe why it might have taken the OCC as long, because you trusted them. But it seemed to me that an organization such as yours, which is safety and soundness and is the regulator, there shouldn't be issues of trust. I mean, you know, was it trust but verify? And I don't think you were verifying, because similar things popped up later on.
 Page 27       PREV PAGE       TOP OF DOC
    It should have been caught earlier. And just so that we don't think it is the chairwoman and I who have decided, because they sent you down here—they usually send one of the counsels down here. Mr. Hawke is good at doing that, but he acknowledged, and these are his words in the New York Times, he says ''We should have gotten tougher earlier, and I don't make any excuses for it. It's a fair criticism of our supervision of Riggs that we let things go on too long.''
    So when you describe a situation, which is a 9, in which Mr. Hawke, who I would characterize as a very self-assured person—I wouldn't say arrogant, but self-assured person, doesn't take much from anybody, right, tough—says, we took too long and which his deputy counsel, yourself, said, we trusted them too much, I think you can start wondering.
    I mean, if the FBI came and said, yeah, we talked to the terrorists, but we trusted them and so the buildings came down, I think people might think it wasn't a 9-out-of-ten system that was working there. I mean, just understand that from our point of view that—just we trusted them, they took too long, there was foot dragging. You are the boss. I mean, when a regulator sends down bank examiners, I want them to shake up that bank. I want them to go all the way up the chain of command and say, we have a problem and we have to clean it up or—I think you know what the problem is, Mr. Stipano, it is always the ''or.'' Maybe they take the risk of getting caught and the fines and the penalties, which was one of my earlier questions.
    We have to think of new fines and new penalties. I mean, this is like risk: What is my risk as a financial institution if I foot drag? What is the most that the OCC—maybe we need tougher penalties, and we have been doing some of that.
    So it just seems to me that to say we trusted them, especially in this new age after we passed the PATRIOT Act, you can't trust anybody anymore. We can't trust the Riggs. We can't trust UBS.
 Page 28       PREV PAGE       TOP OF DOC
    I am sure the folks at the Federal Reserve Bank trusted them. They said, what a great company, they are really going to come on and do this job. And we can't do that. We need to monitor them, don't you think?
    So 9 out of ten, I don't think in this particular case to say that this is just one. Which are the other cases in which you are trusting people today that tomorrow we are going to find out that that trust was ill conceived?
    Mr. STIPANO. First of all, I always agree with Mr. Hawke. So I'd like to get that on the record.
    Mr. GUTIERREZ. I don't, and in that, we don't share a common opinion.
    Mr. STIPANO. Secondly, while I would characterize our overall efforts in this area as a 9, I certainly would not characterize our efforts with respect to Riggs as a 9. We made errors in judgment, and I think they are obvious and we have discussed them. But I don't think that Riggs is emblematic of our supervision broadly in any area and certainly not in the BSA area.
    Mr. GUTIERREZ. Let me ask you a question. Do you still trust people? Do you still send your bank auditors out and say, we trust them, and walk away?
    Mr. STIPANO. I believe you have to trust but verify.
    Mr. GUTIERREZ. Okay. Well, I would like to know what kind of things you are doing differently, given that Riggs started in 1997, 1998, 1999, and finally, voila, this year we got a fine. So that is a long time, as we sit here, to watch an institution such as yours, that wants to expand.
    Now you are sending out preemption notices to the States saying, not only do we want to do all the great things we did while Riggs was doing all of these nefarious things, we want to expand our authority; but we don't want to actually charge any more fees to our customers, the banks, in order to hire more employees in order to expand that authority.
 Page 29       PREV PAGE       TOP OF DOC
    So I see an institution that walks up here and says, we are doing everything fine, we are doing everything so great—this is Mr. Hawke, of course, not yourself—doing everything so great and now we want to preempt attorneys general and bank regulators and other people at the State level from issues and consumer complaints, that you want to now preempt stateside.
    So I think you get my worry.
    Let me just say that I read your testimony, and it was like on page 19 on the top that says ''The examiners found that, as with the Saudi Embassy accounts, the bank lacked sufficient policies, procedures and controls to identify suspicious transactions concerning the bank's relationship.''
    You found out about those irregularities at the Equatorial Bank, or did the Riggs people tell you about them or the FBI tell you about them? Because as I read that, it kind of sounds like, voila, our examiners found out about it. Did your examiners find out about it as I was led to believe when I first read that paragraph or did others bring it to your attention?
    Mr. STIPANO. Let me give you an answer to that question. First of all, I don't think the sentence says that we found problems in the Equatorial Guinea accounts.
    Mr. GUTIERREZ. It says ''The examiners found that, as with the Saudi Embassy accounts, the bank lacked sufficient policies, procedures and controls,'' ''the examiners found.''
    Mr. STIPANO. Right.
    Mr. GUTIERREZ. Did the FBI or Riggs find it?
    Mr. STIPANO. No. The examiners found that, just like with the Saudi accounts, the bank did not have policies and procedures with respect to Equatorial Guinea. What happened with Equatorial Guinea was that this was actually something that was going to be looked at during the January 2003 examination. There were published accounts of problems——
 Page 30       PREV PAGE       TOP OF DOC
    Mr. GUTIERREZ. I just read it and I just want to see. So if you can only find something once between the OCC, the FBI—what agency, who brought it to public attention first? Did the bank examiners show up and say, voila, we found this or did Riggs say it?
    Mr. STIPANO. The examiners did not find the problems at Equatorial Guinea.
    Mr. GUTIERREZ. That's what I am trying to say. So then, in other words, when I read your testimony and when I first read it, I said, hey, look, the examiners did a great job. They found this.
    Actually, they didn't find it.
    Mr. STIPANO. Congressman, with all due respect, I don't believe that is what that sentence says. The sentence says that they didn't find adequate policies and procedures with respect to those accounts, just as they didn't find adequate policies and——
    Mr. GUTIERREZ. But really Riggs is the one that brought this to the attention of the OCC about the lack of procedures?
    Mr. STIPANO. Not exactly.
    Mr. GUTIERREZ. Fine. It is all right. What is, is. It will come up again——
    Mr. STIPANO. Can I just finish the answer?
    At the conclusion of the 2003 examination, we told the bank that the next time we are in there, this was going to be an area that we were going to look at. So the bank was on notice that this was priority and, frankly, that was one of the problems. And the reason for such a big sum of money penalty was that despite having been put on notice, they still did not clean up those accounts.
    Mr. GUTIERREZ. All right. Let me just say that when your boss, Mr. Hawke, says nonsense about what banks are going to do, and I hear you give yourself a 9 out of 10, and I think that I with my staff kind of set the tone. So if I am out there saying that Congress, even though there has been a vote of the Banking Committee saying basically, the OCC is wrong, this committee has voted—and we are kind of elected, the last time I checked. At least with everybody else there was no dispute in their election by the people.
 Page 31       PREV PAGE       TOP OF DOC
    When he says, nonsense, and this committee says to Mr. Hawke, let's sit down, which we have done on a number of occasions, and let's sit down with bank regulators and let's sit down with attorneys general and let's sit down with this committee and let's try to resolve our differences after this committee has taken a vote—not the Congress, but this committee has taken a vote—saying we think you have exceeded your authority and he says, no, nonsense, everything is fine, I guess that can, I believe, create a sense of arrogance within the institution when the boss basically says to Congress, after it has taken a vote in the committee, and uses those kinds of words when we believe we have a concern—and not only we, but a lot of other people think that there is concern.
    Let me just ask you that when consumers now call you folks up, have a consumer complaint, am I right that those phones only operate Monday through Thursday from 9:00 to 4:00?
    Mr. STIPANO. Congressman Gutierrez, I have to confess here. I am not the expert on our Customer Assistance Group.
    Mr. GUTIERREZ. We called on a Friday, and it said it was closed. So you won't dispute that?
    Mr. STIPANO. I don't know whether it is or not.
    Mr. GUTIERREZ. Let me just tell you, we tried it, and it said 9:00 to 4:00 Monday through Thursday.
    I was a former city council member back in Chicago, and I loved that job a lot, and one of the things that kept us very close was that if your cable didn't come on because the city council would authorize who got the cable license, people would call me up and say, I called the cable company and they won't fix it; and if I told them that I was allowing the cable company, which I had voted, as the city council, to only open up their offices from Monday through Thursday from 9:00 to 4:00, I don't know how long I would have stayed in the city council.
 Page 32       PREV PAGE       TOP OF DOC
    I think if people call up the gas company in Chicago or Commonwealth Edison that has the franchise to serve electricity, and they were only going to open from 9:00 to 4:00, as a matter of fact, if I decided that my city council office or my congressional office tomorrow was only going to operate from 9:00 to 4:00 Monday through Thursday, I think you would agree with me that I would have a problem in doing that.
    And I think that you should understand that you have a problem and that when people complain to us that their complaint is well grounded, that government should work Monday through Friday 9:00 to 4:00—maybe that is not an 8-hour day—and that if you need more help, since you want to expand your authority and preempt the States, that maybe you should say, Congress, we don't agree with you, but we are going to open Monday through Friday.
    Does it sound legitimate to you as the deputy counsel that you should operate Monday through Friday?
    Mr. STIPANO. I do not deal with the Customer Assistance Group. I am open Monday through Friday, and I don't leave at 4:00. And I get calls from people all the time. In fact, usually if there is a problem in the BSA area, the call ultimately comes to me. I am not suggesting that I want to function as a shadow Customer Assistance Group, but there are other people in the agency that can take calls——
    Mr. GUTIERREZ. But the rest of the agency functions Monday through Friday, right?
    Mr. STIPANO. The agency functions Monday through Friday.
    Mr. GUTIERREZ. I suggest that all parts of the agency should function Monday through Friday, and I think we can probably give a lot of different examples about what would be wrong with not functioning Monday through Friday. It seems to me that that is the work week and that the financial institutions are open and people have problems; and it is wrong for agencies such as yours to want to preempt States and then say, we are only going to open our offices from Monday through Thursday from 9:00 to 4:00. It should be a better operation so that the public, which I have a concern about, is well served so that we are not getting messages that say we don't have to deal with you, Attorney General, the OCC says that has been preempted; let's call their offices, only to find your offices aren't open.
 Page 33       PREV PAGE       TOP OF DOC
    Because you want to know something. My State bank regulators in Illinois are open Monday through Friday. The attorney general of the State of Illinois is open Monday through Friday. And across this country I have yet to find a State bank regulator or attorney general, which your agency wishes to preempt, that is not open Monday through Friday. So I would expect that if you want to take over the responsibilities of those State agencies that at least you afford the public the same customer service that is currently being afforded them by attorneys general and State bank examiners, that we don't reduce the quality of service to the American people which you and I have made a vocation to carry out. I guess that is our point.
    I have other questions, and we will submit them for the record. Thank you very much, Madam Chairman.
    Chairwoman KELLY. Okay. Thank you.
    Mrs. Maloney.
    Mrs. MALONEY. Thank you, Madam Chair, for your hard work on this, and Ranking Member Gutierrez.
    Welcome, Chief Counsel Stipano and General Counsel Baxter. I request that my opening statement be put in the record. I really would like to ask Mr. Stipano what aspects of the PATRIOT Act could help avert a repeat of the Riggs problem.
    Mr. STIPANO. I think that there are provisions in the PATRIOT Act that are helpful and will be helpful going forward. But I think that the problems——
    Mrs. MALONEY. Specifically, which ones would be helpful going forward?
    Mr. STIPANO. I think that, first of all, section 312, which is the provision that requires due diligence and enhanced due diligence procedures for foreign private banking and correspondent accounts, that would be something that would be helpful because even though the Saudi Embassy accounts were not technically private banking accounts, in some ways they were operated like they were private banking accounts.
 Page 34       PREV PAGE       TOP OF DOC
    There is an interim final rule in place implementing section 312. My understanding is that the Treasury Department will soon be issuing a final regulation which will codify this requirement, and I think——
    Mrs. MALONEY. Why is it taking so long? We passed the PATRIOT Act and the anti-money laundering provisions almost 3 years ago. And we still haven't put the rule in place? I mean this is really outrageous.
    Mr. STIPANO. We have all the other ones in place. I am not a spokesman for the Treasury Department, though. The Treasury Department has the pen on this particular regulation, and it is the Treasury Department that has to issue the rule. So maybe this is a question for your hearing next week. I don't really know the answer to that.
    Mrs. MALONEY. Well, then when you were looking at Riggs, under what standard did you examine Riggs regarding the due diligence and the opening of accounts with the diplomatic community? Were you using the standard before 312 or the intent of 312, section 312?
    Mr. STIPANO. We have a requirement that all banks have a compliance program, and among the things that are required as part of a compliance program are satisfactory internal controls. That would include due diligence procedures for all accounts and enhanced due diligence procedures for high-risk accounts.
    The embassy accounts—at least the Saudi Embassy account is a high-risk account; and what the bank should have done was, first of all, they should have had better systems in place so that they knew the number of accounts that they had. Secondly, they needed to have better information on how those accounts would be used, what the sources of funds would be, where the funds would go.
    Mrs. MALONEY. But when you knew about this in 1998 and 1999—it was well known to the OCC that they were not in compliance with the Bank Secrecy Act at Riggs—did you go to them and suggest that they have standards and procedures and due diligence, and then go back and just make sure they got the job done? I mean, this is serious stuff right now.
 Page 35       PREV PAGE       TOP OF DOC
    Every time I pick up the paper, New York, where I live, is Code Red, at least Code Orange. They are announcing terrorist attacks any day now, and we all know you can't attack without money. So if you crack down on the shipment of money, we can crack down on the ability of terrorists to act.
    I mean, this is extremely serious and not to put the regs in place or even to have followed them or to have gone back—you talk about all the people you have in the field. What about who you have in Washington? You don't even have to leave the office. You are right here in Washington with Riggs. You can walk across the street and see them, practically.
    And we knew, since 1998, they had problems with these high-risk accounts, and yet we didn't come in and crack down on it more. I mean, I find it quite frankly scandalous.
    Mr. STIPANO. I couldn't agree with you more as to the seriousness of this matter, but what we knew in 1998 was very different from what we knew in 2003; and in 1998 what our examinations revealed were deficiencies in the compliance program, not wholesale violations of the Bank Secrecy Act. It was a much less grave type of violation.
    They were brought to the attention of management. They were written up in the exam report. Commitments to fix the problems were obtained. But as I testified earlier, bank management did not follow through on these changes as quickly as they needed to, and hence, there were repeat violations.
    There is no question, looking back at it with hindsight, we should have been more forceful with that bank at that point and not waited until 2003 to take a formal enforcement action.
    Mrs. MALONEY. What does your enforcement action mean? Will they be fined? What is going to happen?
    Mr. STIPANO. There actually are three actions that the OCC has taken. The first one was in July of last year, and that was a cease and desist order. It is a public enforcement document. It is about 20 pages long. It requires the bank basically to take steps to improve its anti-money laundering program.
 Page 36       PREV PAGE       TOP OF DOC
    That cease and desist order was supplemented by a second cease and desist order that was issued a few weeks ago and——
    Mrs. MALONEY. What I don't understand is, why didn't you issue a cease and desist order the minute that the FBI alerted you to the problems at Riggs? It almost makes it sound as if the OCC doesn't take the Banking Secrecy Act issue seriously.
    Is it a priority at the OCC, the BSA?
    Mr. STIPANO. It absolutely is a priority. We were not alerted by the FBI. We found escalating problems with the bank's program through our exam process and because of published reports about connections between the Saudi accounts and the hijackers. That triggered this very extensive examination that we did last year which formed the basis for our subsequent enforcement actions.
    Mrs. MALONEY. But you say that the BSA issues are a high priority of the OCC, but I am told that they are not even part of the National Bank Examiners Handbook, that most of the regulations that were issued in 2002 aren't even part of the examiners handbook. Now is that true——
    Mr. STIPANO. No, that is not true. The——
    Mrs. MALONEY.—that it is not fully updated? That the handbook is not fully updated?
    Mr. STIPANO. We are in the process of updating it, and there should be a revised version out shortly, but——
    Mrs. MALONEY. Why didn't you update it the minute that we passed the PATRIOT Act? This is serious business.
    I can't tell you how quickly New York reacted in a thousand ways. We totally rebuilt the command center that was destroyed, within 19 hours, completely rebuilt it, and I can't believe you can't get the handbook updated with the information that we passed to combat money laundering and terrorist dollars flowing through our country. I mean, really it is beyond—it is a disgrace, I think, an absolute disgrace.
 Page 37       PREV PAGE       TOP OF DOC
    Mr. STIPANO. The PATRIOT Act required us to make lots of changes in our examination procedures and to write regulations, and that took time. We could have come out with a revised handbook earlier, but if the procedures weren't done and the regulations weren't written, it probably would not have been of great value to the examiners.
    Mrs. MALONEY. It would not have been. Well, what more should we be doing to make sure that the type of actions at Riggs don't happen again?
    Mr. STIPANO. I think there are a number of steps that the OCC is prepared to take.
    Mrs. MALONEY. Such as?
    Mr. STIPANO. Comptroller Hawke has directed our Quality Management Division to do a stem-to-stern review of the Riggs matter to find out what happened and to see what lessons we can learn from it. But even before that review is done, there are several steps that we can take right now, and we are taking them.
    Mrs. MALONEY. When is your report on lessons learned from Riggs going to be due? In another 3 years?
    Mr. STIPANO. No, it will not be. It will be a matter of months. In fact, the review has already begun.
    Mrs. MALONEY. I would respectfully request that when it is done, it would be handed in to the chairwoman so she can give it to all of us, so we can all read it.
    Chairwoman KELLY. Mr. Stipano, I would concur with that. We would like that report delivered as soon as possible.
    Mr. STIPANO. As soon as it is completed, we will deliver it.
    Chairwoman KELLY. I thought you said it was completed, sir.
    Mr. STIPANO. No, no. I said the review has begun.
 Page 38       PREV PAGE       TOP OF DOC
    Chairwoman KELLY. The review has been done?
    Mr. STIPANO. The review has begun.
    Chairwoman KELLY. Has begun. And I am sorry, if the gentlewoman would yield, her question was how long do you expect that to take?
    Mr. STIPANO. I don't know exactly how long it will take. My guess is it will probably be several months.
    Chairwoman KELLY. Would you please inform us of the progress of that report on a regular basis?
    Mr. STIPANO. Yes, we will.
    The due date, by the way, is September 1.
    Mrs. MALONEY. Reclaiming my time, what other steps can we take that are concrete to crack down on the terrorist money business?
    Mr. STIPANO. We need to become better at identifying risk. One of the big problems with Riggs was that neither our examiners nor law enforcement nor anyone else recognized the risks in these embassy accounts.
    There are a number of steps that we are taking to do that. One of them is the nationwide implementation of a risk identification system that has been developed by one of our district offices. It involves gathering information on products and services and various types of activities that banks are involved in and putting it in spreadsheet form and developing a methodology to quantify risks and identify banks that may be outliers.
    We are also working on a new database that would use national bank-filed SARS to pinpoint operational risks generally, but also risks in the BSA area.
    Third, we are working with FinCEN and the other banking agencies on ways to better use BSA data. FinCEN is sitting on a gold mine of information with the SARS data and the CTR data and other data that they have. The ability of the government to connect the dots and provide that information to the banking agencies is absolutely essential because once we have that kind of information, we can target our resources to the areas of banks that are truly high risk.
 Page 39       PREV PAGE       TOP OF DOC
    As I mentioned earlier, we have also completed our examination procedures on three sections of the PATRIOT Act and we are about to come out with new procedures on a fourth section.
    Mrs. MALONEY. Quite frankly, you don't need a database or a spreadsheet to know that Riggs, the international bank for most of the foreign governments in the country and the foreigners in the country, is a high-risk bank. I mean, it is common sense, and yet it was not looked at. So I hope that you improve. This should be a priority.
    And I know you have a lot of smart people working in the OCC, and I have great respect for Comptroller Hawke. But it doesn't sound like the BSA issues are at the top of your concerns, and I think it should jump ahead of any concerns that you have to change your charter and everything else you have been trying to do, because this is critically national security and, really, the security of our people is at stake.
    But I would like to go to Mr. Baxter and I would like to ask you about the Basle Capital Accords that are coming out that the Fed has been working on with the international community. When we finally solidify and come forward with these decisions on various capital requirements and so forth, do you think having an international standard is going to help us spotlight and see the type of problems that were at UBS? Do you think that would be helpful, or is that really not an issue? What is your feeling on that?
    Mr. BAXTER. One of the things we see in the UBS matter is an example of operational risk, a failure of people, a failure of controls. These failures were observed not here in the United States, but in the operation that was being conducted in Zurich. It is a good illustration of operational risk as a type of risk being addressed in Basle II, and here is one vivid demonstration of operational risk.
    It also, I think, Congresswoman, has relevance to what is being done at the Basle Committee because this occurred in a multinational banking organization.
 Page 40       PREV PAGE       TOP OF DOC
    UBS is an organization that conducts its operations in many countries. It has 65,000 employees around the world; 22,000 of them are in the United States. So you can see an operational risk problem and an institution that conducts its operation cross-border. So it is a good illustration of why operational risk is an important part of the risk quotient that is addressed in Basle II. It is also a good illustration of why the effort needs to be multinational and because this Basle II is being imposed on institutions that conduct their operation cross-border.
    Mrs. MALONEY. Well, I was encouraged somewhat that the U.S. And Swiss authorities worked in cooperation with the U.S. management of UBS to investigate and correct the UBS systemic risk management lapses in Zurich.
    But one of your statements earlier was alarming to me when you said one of the problems is that the personnel at the bank were not informed of the laws of the United States of America, of how we treat these accounts, and that we certainly shouldn't be transferring money and so forth to Libya, et cetera, and these other countries. And it seems to me that that would have to be part of the protocol, to let people know what the laws are.
    I mean, I find that an incredible—I can't believe that someone is that stupid that they don't inform everyone that this is the standard, because it is a U.S. bank, too, even though it is dealing with many different countries and just merged with the Swiss bank and so forth.
    What is your comment on that? It is the stupidity defense, ''I just didn't know.'' I think if you read the paper, you would have known that—any intelligent person reading the paper would have known that we had these certain guidelines and rules about transferring accounts and moneys and so forth to various countries.
    Mr. BAXTER. Congresswoman, you are absolutely right that the people in the bank note trading area of the UBS in Zurich, they knew about the restrictions that were exported in our contract to them. They knew that they had to conceal what they were doing. They had to conceal what they were doing not only from the Federal Reserve, but also from the Swiss Federal Banking Commission, from the more senior management at UBS and from UBS's external and internal auditors.
 Page 41       PREV PAGE       TOP OF DOC
    They did it because they were willing to lie. They did it because they were willing to violate the law, and they paid a price for that. But there is no question that they knew of the limitations in that bank note trading area, and they knew they had to hide. And hide they did.
    Mrs. MALONEY. Well, I misunderstood you in your earlier comments. I thought you stated that they did not know, that there were people with the Swiss bank, and they just merged with another bank and they weren't familiar.
    But you say it is just a matter of just crime, and I am glad that we have cracked down on it, but what could we do in the future to make sure that doesn't happen again? How could we improve our oversight and our monitoring?
    Mr. BAXTER. Well, it won't happen again with UBS because they are no longer in the——
    Mrs. MALONEY. No longer in business, right. But other banks?
    Mr. BAXTER. With the other five contractors, what we have done is implement this 17-point program through contract changes that were effective in February of this year.
    In addition, we are planning visitations to each of our five contractors to review policies and procedures dealing with anti-money laundering and OFAC compliance in our offshore facilities.
    Now, it will come as no surprise that we have heightened attention in those five contractors now, who have watched the $100 million penalty being assessed against UBS and have taken careful notice. So while this iron is hot, we going to make those visitations, we are going to review with our colleagues at OFAC the policies and procedures that are in place, and we are going to make suggestions to our ECI contractors as to how they can be improved.
    So those are the things that we have got in train. We are also expecting in the late summer/early fall to start to receive the public accounting firm certifications, and those certifications will be attesting to the management representations we will receive both with respect to contract compliance and with respect to accurate reporting. And the check of those independent public accounting firms, in our view, is significant. It is significant in a Sarbanes-Oxley context and it is significant because we know those public accounting firms are very mindful of their own liability; and they will be making certifications directly to the Federal Reserve, and we will have a say in our contracts as to who those public accounting firms are and then the policies and procedures that they will follow with respect to their certifications.
 Page 42       PREV PAGE       TOP OF DOC
    So all of those things are in train, and all of those things, we expect, will give us much greater assurance that we will not see a repetition of the conduct we found with UBS in any of our other contractors.
    Mrs. MALONEY. Did the Fed ever consider using only U.S. banks operating abroad for these functions? Wouldn't that have made things simpler since U.S. Banks are not allowed to deal with countries on the OFAC list?
    Mr. BAXTER. You're right, Congresswoman. It does make things simpler, but that, in itself, is no guarantee of perfect compliance. Again, we get to that old audit admonition about trust but verify. So we feel that even with respect to our U.S. ECI contractors—and most of them are U.S. Institutions—that we can't only trust them, we have to trust and verify.
    So the procedures that I mentioned with respect to the new contracts and the external certified public accounting firm attestations, those we are going to implement across the board regardless of nationality. They will apply to the U.S. institutions and the non-U.S. institutions.
    With respect to the specific question, have we considered using only U.S. flag institutions, yes, we have considered that. The difficulty is to penetrate certain markets around the world, we feel we need to turn to some of our foreign commercial institutions for the reasons that led us to the UBS in 1996. And that is why, in Singapore, we are doing business with the United Overseas Bank.
    So we are certainly mindful that the U.S. flag institution might be simpler and has some legal difficulties that are less than we find with the foreign flag carriers or institutions, but we haven't made the decision to use only American institutions at this point.
    Mrs. MALONEY. Thank you very much. And I yield back the balance of my time, although I think I used it all up.
 Page 43       PREV PAGE       TOP OF DOC
    Chairwoman KELLY. That is quite all right. I thank you both.
    But I have one follow-up question for you, Mr. Stipano. What happened to the auditors that failed to find the problems at Riggs? Are they still at OCC?
    Mr. STIPANO. It is hard to answer that because we are talking about——
    Chairwoman KELLY. I thought it was a fairly straight question. Are they still at OCC?
    Mr. STIPANO. There are a lot of examiners who have examined Riggs during this time period. Some of them are still at OCC and some of them are not.
    Chairwoman KELLY. What mechanism do you have in place to assess the performance of the bank examiners regarding the BSA compliance?
    Mr. STIPANO. We have a couple of mechanisms. One is the performance appraisal process that the OCC uses for examiners and for other types of employees and another is the Quality Management Division. That is the division that Comptroller Hawke has directed to do a review of the Riggs matter and to report back on what went wrong.
    Chairwoman KELLY. How long was that Quality Control Division in place?
    Mr. STIPANO. I don't know offhand. It is not something recent.
    Chairwoman KELLY. Years? Months?
    Mr. STIPANO. In some form, I would say years.
    Chairwoman KELLY. I think that this has been a very interesting hearing. I am interested that you were talking about the great amount of information that FinCEN has and talk about the ability to connect the dots. If we streamline what is going on with regard to regulatory agencies and perhaps centralize them, then they perhaps can have access to each other's information in a much more direct way that will result in better oversight, more rapid response. And certainly we don't want to see this kind of thing happen again for such an extended period of time.
 Page 44       PREV PAGE       TOP OF DOC
    We don't live in the world that we lived in prior to 9/11/2001. We live in a very different world. And part of that world is that we now—those of us who are charged with the responsibility of making sure that our country is safe and that our banking system is safe, we must think outside of the box, look outside of the box for solutions; that we will never let this kind of thing happen that happened with the Riggs Bank again.
    I am concerned with not only what happened with OCC, but I also am concerned with the Fed in one aspect. The fine of $100 million sounds like a lot of money, but when you have a bank with more than $1 trillion in assets, that fine seems a mere slap on the wrist. I would hope that when an institution is fined, especially an institution that had in place people who were supposed to find this kind of malfeasance, I would hope that that institution would pay a much steeper price for not regulating and controlling their own employees' behavior.
    Here in the United States we put people like that in jail when there is a fraud in a bank. We have bank fraud laws; those people go to jail. $100 million, it seems they got by on the cheap, and I am quoting a lot of other people who have also mentioned that to me.
    I would hope that when you are considering fines of this nature again that the Fed would consider a healthier fine for any kind of malfeasance that is occurring.
    This is a blow to our financial system in a way—both of these are blows to our financial system in a way that American people have a right to expect should not happen when we have institutions in place whose charge it is to make sure that it doesn't happen.
    I appreciate the fact that you came here today. I appreciate the fact that you spent so much time with us, helping us understand what did happen, what went wrong, and helping us understand how it is possible that we might be able to get through this and come out on the other end with a much better regulatory environment that will help protect America and America's financial institutions in a better way.
    The Chair notes that some members may have additional questions for this panel which they may wish to submit in writing. So, without objection, the hearing record will remain open for 30 days for members to submit written questions to these witnesses and place their responses in the record.
 Page 45       PREV PAGE       TOP OF DOC
    I thank the witnesses for their appearances here today. This hearing is adjourned.
    [Whereupon, at 3:57 p.m., the subcommittee was adjourned.]