In November, FinCEN, along with the OCC, imposed an $8 million BSA Civil Money Penalty against a Texas Bank for willful violations of the Bank Secrecy Act regulations. While the Consent Order leaves a number of questions unanswered, it does provide examples of the violations. In this post we highlight what we consider to be some of the most relevant facts alleged by FinCEN in the Consent Order.
The Bank had an AML program and automated monitoring system in place, but the program failed to “operate as designed.” The number of BSA staff was not commensurate with the Bank’s BSA risk, as BSA analysts were reviewing 100 alerts per day (on average). “The Bank’s BSA Officer undertook, without sufficient justification of AML risk considerations, steps to reduce the number of case alerts reviewed by the Bank’s AML analysts.” FinCEN determined that the Bank willfully failed to file SARs, and by agreeing to the Consent Order, the Bank agreed that it willfully violated the BSA regulations. This is not the first time that FinCEN has imposed CMPs on financial institutions who conduct a practice of adjusting their risk tolerance to fit their budget rather than fitting the budget to the banks risk tolerance. FinCEN considers such practices as “willful violations.” See, IN THE MATTER OF: U.S. Bank National Association, Assessment of Civil Money Penalty, FinCEN, Consent Order Number 2018-01, February 15, 2018.
As part of its AML program, the Bank conducted, or attempted to conduct, appropriate customer due diligence on new customers using questionnaires completed by front-line staff. The questionnaires were often incomplete and BSA staff were expected to find the missing answers from customer account officers. When the questionnaires were updated, such as adding whether the business conducts international transactions, the existing businesses were not questioned, nor were risk levels adjusted for businesses that do international transactions.
In one of the examples provided in the Consent Order, the Bank opened accounts for medical or healthcare businesses even though the individuals opening the accounts did not have “any apparent background in managing medical businesses.” This observation leads to the question of just how far supervisory agencies expect financial institutions to go with their customer due diligence programs. Should institutions be collecting resumes from every individual who opens a business account?
While the Consent Order identifies numerous BSA violations, it also states that the Bank “received satisfactory or strong BSA/AML examination findings from outside examiners.” This brings to question how good were the examiners, and did staff hide issues from the examiners? After FinCEN served the Bank with a notice of investigation on November 1, 2018, all the Bank’s former AML office employees voluntarily resigned from the Bank and the BSA Officer retired.
Institutions need to have a transparent relationship with outside auditors & examiners. CSG is exceptional at identifying potential issues, and helps institutions find solutions to any issues identified during one of our reviews. Our staff has years of experience in front-line operations, as BSA Compliance Officers, and also as auditors. We are familiar with most BSA automated monitoring systems and know the reporting requirements.
If you have questions or are looking for a review of your BSA program, or any other compliance program at your institution, contact us.
Please be advised that CSG provides financial services compliance audit and consulting services to our clients. The services that we provide include certain tasks that may be characterized as “law-related services” under Rule 5.7 of the Rules of Professional Conduct governing lawyers. Since some of our employees are lawyers with an active bar license but are NOT engaged in the private practice of law, that Rule requires us to make disclosures clarifying that the services we perform may be law-related services, but they are not legal services. Because they are not legal services, those services and our relationship will not be governed by the Rules of Professional Conduct that guide the client-lawyer relationship, such as rules applicable to privileged communications and prohibitions of conflicts of interest. Notwithstanding this disclaimer, we will continue to govern our relationship with you using reasonable ethical and professional standards that are expected to meet your expectations.