An AML Regulatory View on Human Trafficking & CSAM

An AML Regulatory View on Human Trafficking & CSAM

Experts say that financial institutions are struggling to spot the tell-tale signs of human trafficking due to resource constraints and the nature of the anti-money laundering (AML) compliance environment. To date, there hasn’t been a lot of collaboration between regulators, banks, and law enforcement to put together best practices and impactful updates to regulations. 

Statistics show that since smuggling was lumped with human trafficking in the 2020 Anti-Money Laundering Act, reporting numbers were down 4% between 2020 and 2021. This number is absurd when you think about it because we know that human trafficking is on the rise, especially since COVID catapulted online usage and the ongoing displacement of children during the Ukrainian crisis.

FinCEN’s Suspicious Activity Report (SAR) combines human trafficking with smuggling and this umbrella-like grouping makes it difficult to understand how much of the reporting was human trafficking versus smuggling and to go even further, how much of the human trafficking was labor trafficking, sex trafficking, or even organ trafficking. Lumping smuggling with trafficking might not have been the best thing, but it was a great development to have those national priorities because the important thing about that SAR section is that it compels financial institutions to include those priorities in their programs and for the regulatory agencies to examine they and to track how they have implemented these priorities in their policies and procedures.

How Financial Institutions Detect Human Trafficking

There is a burden on capturing information from financial institutions about the appearance of human trafficking and what they are actually reporting. The regulatory burden is for bank staff to “see something say something”. To do this, each staff member must be equipped with useful knowledge and red flag resources so that they can detect and report accurately.

Many financial institutions are turning to technology to help with actively looking for human trafficking within their customer base. We know that trafficking is a $150 billion industry and that money funding both trafficking and child exploitation is flowing through a variety of financial institutions (i.e., banks, MSBs, crypto exchanges, mobile payment services) and other financial products like credit & gift cards. Because transaction monitoring can be difficult and costly, institutions have historically struggled to operationalize monitoring for trafficking without creating a burden on staff and making sure they are complying with the regulatory requirements model, validation, and most importantly, how to account for the operational impact and the resources that are needed.

When institutions prioritize operationalizing technology that connects email addresses and phone numbers from external websites and then leverage that data into “knowing your customer” practices, they can start to make an impact in reporting forms of trafficking. The ingested data can point out commonalities between women linked to massage parlors, for example, and how that parlor is showing nothing in the form of payroll in their transactions. That would be a red flag and gives enough facts to warrant a Suspicious Activity Report.

Technology to increase detection and reporting has been developed by using traditional human trafficking typologies and looking at the flow model of low-value payment channels, like ATMs and p2p payments. Some technology platforms are showing success rates of 50% and in some cases 90%.

What can smaller financial institutions do that don’t have the budget for sophisticated technology?

If a financial institution is lacking a technology budget, a simple way to start is to look at adverse media, using open internet research. They can look at who’s being charged or convicted and examine the financial patterns. From this news information, financial institutions can supply Law Enforcement agencies with much-needed financial information. You can also increase awareness within your organization to show that human trafficking is real and is happening everywhere.

First and foremost, institutions should do an analysis of what is human trafficking and what’s going on, what are the resources and have a matrix of that information. Then bounce that off of the bank’s objectives, its products and services, its clients, and its footprint to get an assessment of what the risk is in these areas. Some banks are going to be at more risk than others with sex trafficking versus labor trafficking. 

As you start this in-flight analysis you’ll also get exposed to various programs created by for-profit and non-profit entities. So now you’ve got a lot of potential external partners to work with, some are free some are not. There are other avenues for building a program so that at some point during the assessment by the authors and examiners they could say with confidence that you’ve got an adequate program. And we know “adequate”  is a beautiful world in a regulatory dictionary. 

There are other pillars to a successful program. It is important for all staff members to ingest all the red flags and to develop a training program to help staff understand the customer-facing flags, so that when you see something this is exactly what you do. The next step in the training program is for staff to fill out some sort of observation that goes from the first line of defense to the second line of offense so that further due diligence can be initiated. 

There are ways of also making an impact on your local community, for human trafficking awareness, and it could be a double win for financial institutions because it could be a direct connection with your ESG or CSR anti-human trafficking initiatives by tying that into the community reinvestment act. Why not start making an effort to work with junior high or middle school? There are many ways that organizations can get started and technically be in flight, and then build an anti-human trafficking program based on risk assessment and resources. 

What more can FinCEN do?

It’d be wonderful for FinCEN to give a little bit more clarity on how you should report labor trafficking compared to sex trafficking but also feedback on the SAR filings with useful information. They’ve gotten better about recognizing certain institutions for their SARs, but they could do something a little bit more public, which could be a little tricky because then the perps get that information, but to the extent that there’s an incentive to entice banks to “see something say something”. This is where the regulatory burden is and FinCEN is tasked, in the anti-laundering act of 2020, with coming up with a better feedback loop. 

With this new focus baked into programs, it would be helpful to see the exam manual changed because now it actually states that banks are not obligated to investigate or confirm the underlying crime. As a result, in 2021 out of 3 million SARs filed, only 4 000 instances of using human trafficking were reported. The exam manual could be changed to encourage banks to go that extra step if they suspect human trafficking is occurring. The regulators have to give a little forbearance to allow financial institutions to investigate because this is arguably the ultimate risk that we’re facing today.

What more can Banks do?

Under the Community Reinvestment Act (CRA), the regulators do evaluation programs and issue public ratings (outstanding, satisfactory, needs to improve, or substantial non-compliance). But in BSA AML you only hear when a bank gets in trouble. Wouldn’t it be great if BSA took a CRA-like approach? For example, the regulators can examine 15 or 20 larger banks every year and issue a public report to reward and congratulate them for having an outstanding program.

We are noticing that Environmental Social Governance (ESG) initiatives are moving forward without much government input because people care. People (AKA customers) care about human trafficking and they care about social justice. Banks would benefit from people knowing the resources and the effort they’re putting into some of their human trafficking programs. Because of the absence of the government stepping in, there is a push from private NGO-type organizations to provide an ESG score that rates human impact – much like the Dow Jones Sustainability Index but specifically around human crime. 

Every branch is obligated to share their community reinvestment act performance evaluation with customers who ask for it. Customers should go to their bank and say “Hey, I want to see your CRA evaluation” and see if there is an anti-human trafficking effort being made. Many times, it has taken consumer advocacy to nudge companies to prioritize positive social impact.

What can governments do to help financial institutions do what they need to do?

A good framework for addressing human trafficking is the 4P paradigm that the state department uses, which is leveraged on the protocols. Prevention is the first “P”. Awareness and education around trafficking protection are paramount in making sure that survivors have the resources and help they need. 

The second “P” is Protection. Recently the U.S. Consumer Federal Protection Bureau came out with a proposal that would prohibit credit reporting agencies from using adverse information that developed during the period in which someone was trafficked, from affecting their credit standing. 

The next “P” is Prosecution from a government standpoint. If you look at the stats globally, the prosecution of traffickers is pretty low so there’s certainly an effort to raise prosecution as a greater deterrent. 

The last “P” is Partnership. To be effective,  the broadest possible partnership is ideal so that you are including not just government and businesses, but also the media and law enforcement. If you take those four “P”s and look at them from a government perspective, particularly a regulatory perspective, the majority of the focus should be on the Prevention. There is such an opportunity for the regulators to help in the education side of this. 

The OCC, FDIC, NCUA, and Federal Reserve have to step up and they have to issue, if not regulations, then certainly guidance because when it comes to human trafficking there’s no model risk management. 

Branch Training

The regulators could come up with standards for how financial institutions should train front-line branch employees. A majority of tellers are really good at spotting human trafficking red flags, but they may be nervous about reporting it because they don’t want to upset their branch manager or for some similar reason. If organizations could provide some solid training for tellers, we could make a big difference locally.

“If you look at suspicious activity reporting and look at the conversion rates from transaction monitoring, anywhere from 1% to at best 25% (with an enormous amount of investment in technology and rules and the other educational pieces) the conversion rates from branch referrals is upwards of 40%, which proves that branch staff is paying attention to their customers. Knowing how to spot that person is key to accurate reporting. Staff would need to spot indicators like somebody who’s always with someone else and appears nervous about it, or a person who appears to be controlled. There are a lot of behaviors that can be noticed by a teller or frontline associate that could end up helping somebody in danger.”

– Karim Rajwani, Vice Chair ATII Advisory Council and Independent Consultant

Branch staff can take that simple step – whether it’s training your frontline staff, doing an adverse media screening, or contributing to an NGO that aligns with the same anti-human trafficking efforts. The important take-away is to take a step, don’t sit on the fence, because you could save actually someone’s life. At the end of the day, we are focused on saving lives, not passing an audit exam.




Transcribed and edited by Jennifer Moreau, Marketing Director and ESG Advisory for Anti-Human Trafficking Intelligence Initiative. View the full panel discussion from the Follow Money Fight Slavery 2022 Summit here: