The Financial Crimes Enforcement Network (FinCEN) recently assessed a significant civil penalty against a nationwide bank pursuant to the Bank Secrecy Act (BSA) and related regulations. FinCEN has the authority to assess civil money penalties on banks and financial institutions that violate the BSA.
FinCEN determined that the bank violated the BSA’s program and reporting requirements by, among other things, failing to establish and implement an adequate anti-money laundering (AML) program and for failing to report suspicious activity. With respect to the determination that the bank failed to devote an adequate amount of resources to its AML program, FinCEN requires banks to have an AML program that complies with the requirements imposed by its federal regulator. The OCC – under authority delegated from FinCEN – examines banks for compliance with the BSA. As outlined by FinCEN, a bank’s AML compliance program must: (1) provide for a system of internal controls to assure compliance, (2) provide for independent compliance testing, (3) designate an individual(s) responsible for coordinating and monitoring day-to-day AML compliance, and (4) provide for training of personnel.
The civil penalty related to FinCEN ’s determination that the bank had failed to develop an AML compliance program that satisfied the essential elements required by the BSA. In that regard, FinCEN found that the bank had a deficient system of internal controls due to its failure to conduct risk-based monitoring of customers’ accounts and, instead, set fixed limits on the number of transactions that it would monitor for suspicious activity. Also, FinCEN determined the bank had inadequate staffing levels and outdated systems necessary to perform appropriate monitoring and due diligence, manage alerts for suspicious activity, and handle law enforcement inquiries. In addition, FinCEN found that the bank failed to have its monitoring system validated by an independent party.
As to the failure to report suspicious transactions, the BSA requires banks to report transactions that involve at least $5,000 that a bank knows or has reason to suspect are suspicious. Among other things, FinCEN determined that the bank had a deficient customer risk-rating program and failed to review fund transmissions which non-customers conducted by way of the bank’s facilities through a large money transmitter. As a result of these deficient monitoring practices, FinCEN found the bank failed to file over 2,000 suspicious activity reports on transactions worth hundreds of millions of dollars.
FinCEN’s assessment highlights specific practices that it considered willful violations of the BSA, meriting the significant civil money penalty. In that regard, the $70 million civil penalty appears to have been driven by these (and other )findings: (1) the bank manipulated its AML software to cap the number of suspicious activity reports rather than increasing capacity to comply with AML laws,(2) the bank’s own AML personnel had warned against the risk of placing caps on the number of suspicious activity reports, but the bank’s management ignored these warnings, and (3) the bank systemically and continually devoted an inadequate amount of resources to its AML program.
To read the Assessment of Civil Money Penalty issued by FinCEN, please click here.