Push Not Pull
In my previous post, I proposed a new, virtual model for regulatory reviews, one that leverages the enterprise-wide lens furnished by modern compliance software. This commentary highlights some potential pitfalls of remote monitoring and points to some interesting precedent.
There are many areas where government and financial institutions are already digitally connected. One is anti-money laundering. The Financial Crimes Enforcement Network (FinCEN) serves as a digital funnel or clearinghouse for federal, state, local, and even foreign law enforcement to post data on questionable accounts and transactions. Financial institutions are obliged to review this data (which is cloud-based and encrypted) and where appropriate, submit a suspicious activity report, or SAR.
Source of Leads
It is worth pointing out that FinCEN does not “pull” or subpoena information. Rather, it steers clear of legal and data privacy pitfalls (such as set out in the California Consumer Privacy Act and Europe's GDPR) by serving as a source of leads. This clearinghouse model, as FinCen puts it, “allows disparate bits of information to be identified, centralized and rapidly evaluated.” While the tactics and priorities of law enforcement and entities like the SEC are not identical, could not such a “push” approach be a template for the regulator?