Last year, a large community bank was fined $9 million by the OCC and FinCEN for failure to implement an effective anti-money laundering compliance program. Such failure resulted in the bank’s not filing Suspicious Activity Reports (SARs) worth some $100 million with FinCEN.
The OCC issued a $1 million civil money penalty against the bank, while FinCEN issued a fine of $8 million. The OCC’s penalty, though separate, was coordinated with FinCEN’s settlement agreement with the bank. In recent years, there has been increased interagency coordination when dealing with regulated entities’ failure to implement effective AML requirements.
FinCEN’s consent order is well-articulated and draws a road map that could be very useful to banks and other financial institutions to help them avoid becoming part of AML fine statistics. It is worth reviewing FinCEN’s Consent Order to identify where banks can go wrong with their AML compliance efforts and how they can do better – regardless of whether they are a local community bank or a global financial institution.
An Effective AML Program
At the outset, it is important to fully understand the Bank Secrecy Act’s requirements for an effective AML Program, which is one that (i) provides for a system of internal controls to ensure ongoing compliance; (ii) provides for independent testing for compliance conducted by a qualified person [that is independent from the compliance function]; (iii) designates an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and (iv) provides training for appropriate personnel.
It is one thing to have such an AML program in place, it is quite another to implement it effectively. And, it’s important to remember that implementation failures are specifically what draw the ire of regulators, complete with sometimes very hefty monetary and other penalties.
Below are some tips for avoiding becoming an AML fine statistic.
Enterprise-wide Monitoring System
A bank may rely on an enterprise-wide monitoring system that generates alerts of suspicious transactions which may then result in filing of a SAR with FinCEN. When such a monitoring system fails to be implemented adequately, for example, by leaving some alerts unreported or unattended to, regulators have often considered this to be a gap and have imposed fines – in some cases, quite large ones!
Under-staffed Compliance Department
In most banks, many alerts are generated each day and they have to be reviewed and dispositioned by an adequate team of qualified analysts. When a bank falls short by having a small staff that is unable to handle the volume of alerts, this may create a gap in the reporting of suspicious activity. It is, therefore, important for Compliance departments to be well-staffed in order to meet this rigorous demand.
Customer Due Diligence (CDD) Gaps
Banks and other financial institutions are required to have risk-based procedures for implementing customer due diligence. When they fail to obtain required information at account-opening or update CDD as required by regulations and their own procedures, banks and financial institutions may be faulted by regulators. Furthermore, an essential part of the CDD process is being able to demonstrate that the bank fully understands the nature and legitimacy of its customers’ activity and patterns.
Activity Monitoring and Cleared Case Alerts
According to FinCEN’s Consent Order, the bank’s “automated AML monitoring system generated a substantial number of case alerts on potentially suspicious activity. To reduce the number of case alerts AML staff had to review, the BSA Officer applied exemptions for customers whose activity was thought to be “well-known,” including those individuals later arrested for or convicted of financial crimes, which resulted in lowering the case alerts generated for those customers.”
Generally, taking such short cuts in order to reduce the number of alerts that have to be researched and dispositioned is a huge compliance gap that must be avoided.
Failure to File SARs
Whenever a financial institution decides not to file a SAR, such a decision must be documented with a proper justification. In the Consent Order, FinCEN mentions that the bank had 17 unfiled SARs during the period covered by the Consent Order. The Consent Order goes on to give several specific examples of cases where a SAR should have been filed but was not.
As a result of these and other failures, FinCEN determined that the bank willfully violated the Bank Secrecy Act and its implementing regulations. Specifically, FinCEN determined that the bank willfully failed to implement and maintain an effective AML program that was reasonably designed to guard against money laundering. Furthermore, FinCEN found that the bank willfully failed to accurately and timely report suspicious transactions to FinCEN.
The detailed manner in which FinCEN outlined its findings provides great insight to regulated entities on the areas that are of major concern to regulators. Of course, this highlights only some aspects of AML compliance; others include risk assessments, record-keeping, other internal controls, sanctions compliance and correspondent banking. Regulated entities are encouraged to keep up on emerging digital transformation trends (a topic of one of our upcoming blogs) and regulatory findings so as to stay ahead of the curve and avoid becoming another AML fine statistic.
If you need assistance with shoring up your AML compliance and/or staffing in any of the following areas, please contact us by completing the form below or by calling us at (212) 590-2333.
- Annual end-to-end AML Compliance training
- AML transaction monitoring and Suspicious Activity Report writing
- Know Your Customer due diligence during onboarding, periodic reviews, and remediations
- AMLA 2020 and Beneficial Ownership for legal entities and arrangements
- AML Policies and Procedures
- AML-related Risk Assessments
Milimo Moyo is a Certified Anti-Money Laundering Specialist (CAMS) with more than 16 years’ experience in the AML/CFT space. She has had both public and private sector experience including being in various compliance roles at big US banks and US branches of European banks. She has a legal background with a Master of Laws Degree from NYU School of Law.