When OFAC ‘hits’ are really misses
Technology helps with—but doesn't perfect—CUs' BSA compliance processes.
A challenging area where credit union managers have to deal with false positives is in compliance with the federal Office of Foreign Assets Control and Bank Secrecy Act regulations. This means running a CU’s list of persons, transactions and accounts against periodically issued government lists of potential bad guys or suspicious transactions and then investigating hits that almost always turn out to be false alarms.
“You have to review every account, every member, every co-signer or joint owner against the government’s ‘bad boys list’ and prove that every hit is not a case of money laundering or dealings with a suspected terrorist or drug dealer,” explains CUES member Paul Meissner, CFO/SVP/finance at $765 million Credit Union of America, Wichita, Kan. “You get a lot of hits, and it’s a big waste of time because the commercial systems credit unions can buy to do the screening often use stupid logic.”
For example, Bin Laden was an appropriate name to screen for, but if someone connected to the CU lived on a street named Bin Laden Ave., that would trigger a hit. The system doesn’t discriminate between a person’s name and a street name, he points out.
“Heaven help you if you have a connection to … a drug dealer anywhere in the world … , you’ll have a lot of hits to resolve,” he says. “We had a member with a post office box address here in Kansas. Somewhere in the Middle East, a person [the government was] watching had that same P.O. box number. That was kicked out as a potential hit.”
continue reading »