FinCEN recently announced an $8 million civil money penalty (CMP) for Bank Secrecy Act (BSA) violations. We often say it’s helpful to learn from others’ mistakes and that may never be more true than when it comes to BSA/AML compliance. In this particular case, the Bank had a reasonably designed BSA program but it was not operating as intended.
Here are some of the shortcomings mentioned:
- While an automated AML monitoring system was used, the Bank simply wasn’t able to keep up with the alerts it generated. Analysts were reviewing 100 alerts a day on average and, due to the high volume, did not review other available supporting documents.
- Although the Bank had policies and procedures in place to require Customer Due Diligence (CDD) information be obtained at account opening and upon any change in signature authority, the information was often missed. BSA/AML staff then tried to get the missing information from account officers and, as a result, critical information was missing.
- Account activity was reviewed 90 days after account opening to determine whether it was in line with the information provided at account opening. The automated system was then relied on to monitor daily activity and provide monthly reports that compared actual to expected account activity. The Bank, however, was unable to “fully understand the nature and legitimacy” of account activity. While a customer’s activity may have remained consistent, it wasn’t necessarily legitimate activity.
- The automated monitoring system was not used to its full capacity. For instance, “High Risk Reports” and other “monthly worklist items” were not used on a regular basis.
- To reduce the number of alerts needing attention, certain exemptions were given to customers with “well-known” activity. This resulted in specific alerts not being generated that, in some cases, were tied to individuals arrested for or convicted of financial crimes.
- The Bank often relied on the system’s ability to close out alerts based on a “pre-set” list of reasons, without additional analysis, even after a Suspicious Activity Report (SAR) had been previously filed.
It’s no surprise that these failures resulted in SARs not being filed when they should have been. Now is a good time to ensure your institution isn’t making the same mistakes. The CMP Order provides additional details and specific examples of account activity that can provide real-world credibility to your BSA/AML training efforts.
Want to make sure your BSA/AML program is on the right track? Our store has a wide variety of webinars on BSA/AML-related topics that are available now OnDemand.