Bank Secrecy Act Violations Can Be Costly

Recently, FinCEN and the OCC assessed a $140,000,000 civil money penalty against USAA Federal Savings Bank for alleged ongoing compliance deficiencies in its Bank Secrecy Act program.  There were a number of triggers that lead up to the assessment, with many relating to the compliance department not keeping up with USAA’s rapid growth.  Institutions should review the Assessment, and compare to their own programs to identify weaknesses that may lead to examiner findings.

Identified alleged deficiencies in USAA’s Bank Secrecy Act program include:

  • Understaffed compliance department – USAA conducted an internal assessment which determined 178 full time employees were needed to run the compliance functions.  As of early 2021, USAA had 62 vacant positions in the compliance department.
  • Untrained and outsourced staffing – USAA supplemented its compliance department with approximately 76% of staff coming from third-party contractors.  USAA failed to property train or ensure these contractors had sufficient BSA knowledge.
  • Deficient monitoring systems – USAA employed an internally developed monitoring system that failed to capture information, and USAA did not have distinct policies and procedures to govern the validation and adjustment of the system.  USAA updated its system in 2021, but did not perform adequate testing.  During parallel testing, the new system failed to identify over 1,300 cases flagged by the previous system, resulting in at least 160 Suspicious Activity Reports that were not caught by the new system. (USAA reports that “the new system is too sensitive and creates an unmanageable number of alerts and cases.)

The Assessment also discusses deficiencies in USAA’s independent test, training, and customer due diligence.  It also provides three case examples where USAA’s monitoring did not properly identify suspicious activity.

Compliance Services Group has skilled auditors and consultants that are well versed on the latest BSA/AML requirements.  If you are wondering how your program holds up, contact us.


Please be advised that CSG provides financial services compliance audit and consulting services to our clients.  The services that we provide include certain tasks that may be characterized as “law-related services” under Rule 5.7 of the Rules of Professional Conduct governing lawyers.  Since some of our employees are lawyers with an active bar license but are NOT engaged in the private practice of law, that Rule requires us to make disclosures clarifying that the services we perform may be law-related services, but they are not legal services.  Because they are not legal services, those services and our relationship will not be governed by the Rules of Professional Conduct that guide the client-lawyer relationship, such as rules applicable to privileged communications and prohibitions of conflicts of interest.  Notwithstanding this disclaimer, we will continue to govern our relationship with you using reasonable ethical and professional standards that are expected to meet your expectations.


Leave a Reply

Your email address will not be published.