ACAMS Today interviewed Lisa D. Arquette for International Women’s Day 2023. Arquette is the associate director for the Anti-Money Laundering (AML) and Cyber Fraud Branch, Division of Risk Management Supervision, of the Federal Deposit Insurance Corporation (FDIC), where she leads policy development, rulemaking, supervision support, enforcement consultation and training in the areas of Bank Secrecy Act (BSA), AML, counter-terrorist financing (CTF), sanctions, bank fraud, critical infrastructure resilience and cyber security. She also oversees the background check process for certain individuals. Her previous FDIC management responsibilities included administering programs for bank trust supervisory activities, offsite monitoring and private capital applications to acquire or establish insured depository institutions. Arquette developed a safety and soundness foundation as a bank examiner, senior capital markets specialist and risk management review examiner.
Arquette served as Chairperson for the Federal Financial Institutions Examination Council’s BSA/AML Working Group. She is a member of the Basel Committee’s AML /CFT Expert Group and the BSA Advisory Group and participates in the Financial and Banking Information Infrastructure Committee. Arquette earned a Master of Business Administration degree and a Bachelor of Science in criminal justice. She graduated from the Stonier Graduate School of Banking. Arquette is also a Certified Anti-Money Laundering Specialist (CAMS).
ACAMS Today (AT): You have extensive experience working with supervisory authorities. How has working in a supervisory position helped you make a difference in deterring financial crimes?
Lisa D. Arquette (LDA): I began my career with the FDIC as an examiner, which involved a comprehensive training program covering all aspects of bank supervision, including evaluating capital adequacy, asset quality, management, earnings, liquidity, market sensitivity, AML/CTF compliance, consumer protection, information technology (IT) risk management and trust activities. Developing this foundation and working closely with experienced examiners and dedicated bankers, I learned to differentiate safe and sound practices from weak practices (which could lead to a troubled condition or bank failure).
Now, I coordinate closely with regulatory legal professionals, law enforcement, Financial Crimes Enforcement Network (FinCEN) staff and international regulators on enforcement matters, AML/CTF compliance and bank fraud. Through those professional and diverse relationships, I have worked on many enforcement cases related to bank fraud and systemic AML/CTF program failures. In many of those instances, operational vulnerabilities and ineffective internal control frameworks provided opportunities to exploit bank systems and processes, allowed access to the U.S. financial system by bad actors and caused losses to financial institutions (FIs).
Bad actors seek vulnerabilities in FIs regardless of size, location or complexity. Offers of high fee income and shared compliance can entice institutions trying to expand in saturated markets and during economic downturns. As those opportunities present themselves, it is imperative to evaluate the expertise of bank staff and capabilities of systems and procedures to identify, manage and mitigate money laundering, terrorist financing and other illicit financial activity risk related to new products, services, customers, third-party relationships and exposure to different geographic areas or jurisdictions.
AT: What are some of the challenges in recommending policies to penalize cyber fraud and how do you overcome them?
LDA: Threats from malicious cyber actors continue to be a significant and evolving risk for banks and their service providers. Activities that emanate from non-U.S. jurisdictions can hamper bankers’ and regulators’ ability to identify malicious actors and effectively address cyber fraud. Geopolitical tensions have further increased cyber risks and highlighted the importance of heightened threat monitoring, greater public-private sector information sharing and safeguarding against disruptive attacks targeting the financial sector.
We continue to see ransomware attacks affecting financial services. These attacks typically leverage phishing emails that target FI employees to compromise credentials and gain access to networks. After gaining access, the bad actors conduct ransomware and other extortion campaigns.
Evaluating cybersecurity practices at supervised institutions remains a high-priority focus for the FDIC. We have enhanced the cybersecurity education of our examination force and are creating examiner work programs related to particular threats. Examiners have identified effective control examples used by FIs, including high-quality multi-factor authentication to govern access to systems and network segmentation to limit the ability of a malicious actor to move laterally in a network. Where we find these controls to be missing, our feedback, as well as a bank or service provider’s response, could make a big difference in the company’s cybersecurity effectiveness.
AT: Which professional goal do you feel most proud of achieving?
LDA: Recently, the FDIC announced my promotion to operational risk deputy director, which should occur soon. I am transitioning out of my current role and into the new position. I will be responsible for IT policy and supervision in addition to the areas I currently lead. The synergies between and among these areas present a great opportunity to address operational risk more broadly.
AT: This year’s theme for International Women’s Day is #EmbraceEquity. How would you like to see this theme exemplified in the workplace?
LDA: My unique journey began in the small community of Taos, New Mexico, and led me to a rewarding FDIC career in Washington, D.C. My experience demonstrates that dedication and hard work can result in a successful, productive and satisfying career. I have learned important lessons during my career, which include: (1) recognizing and thanking those who contribute to successes, (2) respectfully and regularly communicating with colleagues, (3) dealing thoughtfully and effectively with obstacles and (4) scaling back unnecessary or unproductive tasks. These lessons have helped me to advance in my career, which happened with the help and support of many strong, dedicated colleagues.
As a woman who has navigated the bank regulatory framework for many years, I do not equate challenges with impossibilities. Rather, I see challenges as opportunities to learn, exercise patience, and approach tasks and situations differently. Ultimately, I try to reach higher than before the challenge arises.
Based on my journey, it has been easy to support the mission of the FDIC, which is to maintain stability and public confidence in the nation's financial system by: (1) insuring deposits, (2) examining and supervising FIs for safety and soundness and consumer protection, (3) making large and complex FIs resolvable and (4) managing receiverships. Examining for and evaluating AML/CTF compliance, IT risk management, corporate governance and internal controls frameworks fit squarely into our safety and soundness work, which is an important part of the FDIC’s mission.
AT: What is the most memorable lesson you learned from a mentor?
LDA: Create your own board of directors—a group that can separately or collectively help guide you through successes and obstacles, encourage you when you fall and remind you of your value as a person and colleague.
AT: What advice would you give to the new generation of women who want to lead efforts to stop financial crime?
LDA: Develop strong working relationships with a variety of professionals; collect facts and have discussions with stakeholders before drawing conclusions; embrace critical thinking; adopt a fair, measured, and balanced approach to problem-solving at work and in life. Exercise integrity and do the right thing. It may be uncomfortable, and you may be challenged, but support your decisions, state the facts, be open to hearing all sides and above all, exercise integrity.
Financial crimes were tethered to financial services early on. Financial services are intended to serve and support consumers and their families, communities and businesses. Bad actors view the financial marketplace as a pathway.
In a rapidly evolving marketplace, adopting new technologies, products and services is a vital part of maintaining FIs’ competitiveness. Be vigilant. Changes can introduce new vulnerabilities. While the global financial system eliminates borders and quickly facilitates transactions, it also provides an infrastructure for financial crime. New technologies allow for the quick transmission of information but may also facilitate identity theft schemes and can be used by malicious actors to rapidly and anonymously move funds around the globe.
Although advancements in technology may expose the industry to the risk of financial crime, those same advancements may help FIs to monitor for suspicious activity, screen for sanctioned individuals, manage and reconcile customer due diligence data, sort and combine data forensics, aggregate currency transactions across large organizations, and support the development of money laundering and terrorist financing risk assessments.
Financial crime presents a perverse dichotomy to the intended purpose of financial services. It is important to collectively ensure that our work addresses the vulnerabilities and threats bad actors intend to exploit. Be vigilant.
Interviewed by: ACAMS Today Editorial, editor@acams.org