Good compliance officers know that just reading the text of a regulation is not enough to actually understand the requirements, nor to meet examiner expectations. That’s because the world of regulation presents a lot of gray area.
To get to a higher level of understanding, it’s a good idea to review guidance, FAQs and supervisory letters. Something else credit union compliance officers should consider is researching and reviewing enforcement actions. While you may be tempted to believe these only highlight the most egregious violations, there are often good lessons that can be applied to your own program.
For example, FinCEN recently has levied several large-dollar penalties against a casino, a money service business (MSB) and a bank from which credit unions can learn.
Three Cautionary Tales
In April, FinCEN assessed a $1 million penalty against a casino for failing to file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs). Software resources, as well as data the casino collected from its customers, were used to improve profits instead of the casino’s anti-money laundering (AML) program.
The director of FinCEN said, “Despite the fact that [the casino] hosted convicted embezzlers and had been repeatedly alerted to suspicious transactions by its own BSA compliance manager, [leadership] saw no need to re-think [the casino’s] AML defenses.” FinCEN also noted the casino failed to document decisions not to file a SAR and prevented the BSA officer from reviewing the exam report.
In March, FinCEN issued a penalty against both an MSB, as well as the compliance officer and owner of the MSB. Four years earlier, FinCEN had issued a warning letter to the MSB citing record-keeping failures, reporting violations and systematic AML program violations. In 2016, the agency found the MSB had not taken any action on that letter, failing to hire an adequate compliance officer, conduct appropriate training or initiate an independent test of its compliance program. FinCEN also found 95 percent of the MSB’s CTRs were either inaccurate or incomplete.
In another instance, this time in February, FinCEN found a bank did not heed earlier warnings about deficiencies in its AML program. The bank did not monitor nor detect suspicious activity despite red flags, which resulted in the bank failing to report 120 SARs in a timely manner. At the time, FinCEN was investigating a Ponzi scheme, an investigation that could have been significantly supported by the bank timely filing its SARs. FinCEN also noted the bank’s account opening and risk profile procedures and information were insufficient. As a result, compliance staff were unable to identify suspicious activity.
What Credit Unions Can Learn
While the three enforcement actions detailed above could be characterized as extreme, the roots of the problems FinCEN found are important for credit unions to understand. Here are the key take-aways from these cautionary tales:
Heed warnings of the compliance officer – It is important to note how much emphasis FinCEN has placed on listening to the BSA compliance officer. Be sure leadership, board members and staff are hearing your compliance officer and taking his or her recommendations seriously.
Fix mistakes promptly – FinCEN explicitly cited the MSB’s failure to address the short comings it had been warned about. A credit union’s board of directors should ensure the cooperative is fixing any gaps identified by regulators and/or their independent audit.
File on time, every time – The bank example highlights how critical timely SAR and CTR filing is to helping FinCEN with its investigations. It can be hard to see the tangible results of everyone’s hard work to stop financial crimes. However, it’s clear the efforts make a difference in the community.