FinCEN recently announced an $8 million civil money penalty (CMP) for Bank Secrecy Act (BSA) violations. We often say it’s helpful to learn from others’ mistakes and that may never be more true than when it comes to BSA/AML compliance. In this particular case, the Bank had a reasonably designed BSA program but it was not operating as intended.
Here are some of the shortcomings mentioned:
- While an automated AML monitoring system was used, the Bank simply wasn’t able to keep up with the alerts it generated. Analysts were reviewing 100 alerts a day on average and, due to the high volume, did not review other available supporting documents.
- Although the Bank had policies and procedures in place to require Customer Due Diligence (CDD) information be obtained at account opening and upon any change in signature authority, the information was often missed. BSA/AML staff then tried to get the missing information from account officers and, as a result, critical information was missing.
- Account activity was reviewed 90 days after account opening to determine whether it was in line with the information provided at account opening. The automated system was then relied on to monitor daily activity and provide monthly reports that compared actual to expected account activity. The Bank, however, was unable to “fully understand the nature and legitimacy” of account activity. While a customer’s activity may have remained consistent, it wasn’t necessarily legitimate activity.
- The automated monitoring system was not used to its full capacity. For instance, “High Risk Reports” and other “monthly worklist items” were not used on a regular basis.
- To reduce the number of alerts needing attention, certain exemptions were given to customers with “well-known” activity. This resulted in specific alerts not being generated that, in some cases, were tied to individuals arrested for or convicted of financial crimes.
- The Bank often relied on the system’s ability to close out alerts based on a “pre-set” list of reasons, without additional analysis, even after a Suspicious Activity Report (SAR) had been previously filed.
It’s no surprise that these failures resulted in SARs not being filed when they should have been. Now is a good time to ensure your institution isn’t making the same mistakes. The CMP Order provides additional details and specific examples of account activity that can provide real-world credibility to your BSA/AML training efforts.
Diane joined Banker’s Compliance Consulting with over 10 years of compliance experience and over 15 years of experience within the financial industry. Diane is a Certified Regulatory Compliance Manager (CRCM) and has a Bachelor’s Degree in Sociology with a concentration in Criminal Justice. She is a graduate of the Schools of Banking Compliance School and has participated in various other training opportunities throughout her career. Diane understands firsthand the struggles banks face in building and maintaining successful compliance programs. Her experience and common sense approach to consumer compliance is a great asset to our clients.
Diane and her husband have two kids who keep them busy. She enjoys running and other sports and is a big Bugs Bunny fan! She’s a bit crazy in that she does enjoy reading some of these regulations and she’s a “crazy cat lady!” Her cat tales are hilarious!