Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

8 compliance lessons from recent enforcement actions: Part one

By: Jennifer Morrison, VP, Senior Risk Manager

Jennifer MorrisonFebruary 19, 2015 -- At a recent Association of Certified Anti-Money Laundering Specialists (ACAMS) conference, attendee surveys found that compliance officers universally react to and learn from recent enforcement actions that come from federal agencies.

The Financial Crimes Enforcement Network (FinCEN) affirms the same in its FIN-2014-A007, “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance.” FinCEN states “Although enforcement actions are specific to the subject financial institution and the characteristics of the situation, certain general lessons could be gleaned from these actions that could be instructive to the leadership of all financial institutions required to comply with the Bank Secrecy Act (BSA).”1

On November 25, 2014, the FinCEN announced $300,000 in civil money penalties against North Dade Community Development Federal Credit Union (North Dade) covering activities conducted between December 2009 and January 2014. The penalties are severe given the $4 million asset size of the credit union and follow a September 6, 2013 Cease and Desist Order issued by the National Credit Union Association (NCUA).

During 2014, there were four instances of civil money penalties, among other infractions, assessed directly against unregistered money services businesses (MSBs) by FinCEN.2

And on December 18, 2014, FinCEN got every compliance officer’s attention when it assessed a $1 million civil money penalty against Thomas E. Haider, the former chief compliance officer and senior vice president at MoneyGram International Inc. The action covers the period of Haider’s employment in the senior compliance role, beginning in 2003 until his May 23, 2008 termination.

While I suggest you read the enforcement actions3 (if you have not already), the following three lessons summarize a few of the compliance lessons we can learn. (The remaining five lessons will be featured in part two of this article, which will be published next month.)

Lesson 1: You’re not too small to be fined.

Similar to the mistaken belief that you’re “too big to fail,” the North Dade fines and findings remind us that you cannot be a small institution and “fly under the radar.” This fact brings me to the next point.

Lesson 2: FinCEN means it.

The year 2014 was FinCEN’s “year of the MSB.” To be sure, of the eight enforcement actions posted to the federal register (compared with just two enforcement actions in 2013), five focused on MSBs. North Dade’s activities were largely related to MSBs as well. In addition, on November 10, 2014, FinCEN issued a “Statement on Providing Banking Services to Money Services Businesses.”

On December 19, 2014, the NCUA issued LCU 14-CU-02 regarding MSBs, emphasizing the FFIEC Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual procedures as the guide to establish a consistent framework for the exam and supervision process of credit unions that maintain an account relationship with MSBs. The NCUA clearly stated their supervisory focus for 2014 included raised awareness for credit unions that provide services to MSBs.4 In its January 2015 LCU 15-CU-01,5 the supervisory priorities for 2015 continue to focus on Bank Secrecy Act compliance and credit unions’ relationships with MSBs.

FinCEN also “means it” when deficiencies go without remedy. North Dade had been previously cited for BSA failures, yet during subsequent examinations, the deficiencies were not corrected or addressed. FinCEN found that North Dade “willfully violated the BSA’s program, reporting, and recordkeeping requirements” from December 2009 through January 2014. Here are two specific examples:

  • North Dade was deficient in the form and timeliness of its Suspicious Activity Report (SAR) filings, filing only 15 SARs between April 2010 and April 2013. During that time, law enforcement seized more than $1.5 million from an owner of an MSB with an account at North Dade; however, North Dade never filed a SAR on the MSB or its owner.
  • North Dade also failed to access or review FinCEN’s 314(a)6 lists from 2012 through 2013and had just a single individual designated to receive the email requests during that time. Making timely responses were dependent on that single staff person’s availability. Lesson here: have multiple 314(a) designees.

The spate of civil money penalties assessed against unregistered MSBs reminds us, too, of an obligation to verify the registration and license of any MSB we have identified. A SAR must be filed when an unlicensed or unregistered MSB is identified and the information reported in Part II, item 35r of the SAR form. With the list updated weekly, you can use the search function at FinCEN’s new MSB Registrant Search Web page.

Lesson 3: Internal Controls Matter.

A credit union is expected to establish a system of internal controls that effectively ensures compliance with BSA/AML and OFAC regulations. Risk assessment is a critical component of an adequate BSA program. It is impossible to draft appropriate controls for risks that one does not adequately or accurately identify or understand. North Dade made a conscious choice to serve a large number of high-risk MSBs outside its field of membership, yet the decision was made without concern for how these risks might be managed. As cited in the civil money penalty by FinCEN, North Dade did not complete a BSA/AML risk assessment until November 2013.

Failing to maintain an effective AML program

MoneyGram’s chief compliance officer (Haider) was responsible for ensuring that the company implemented and maintained an effective AML program. But FinCEN found that Haider did not act in accordance with MoneyGram’s own program. The MoneyGram AML program specifically called for discipline for agents and outlets that MoneyGram personnel knew or suspected were involved in fraud and/or money laundering.

Performing due diligence

In addition, MoneyGram’s program called for due diligence on agents and outlets to ensure that licenses were not granted to agents or outlets previously terminated by other money transmission businesses. The program was also meant to ensure that those suspected of fraud and/or money laundering were not granted additional licenses.

Conducting proper audits, filing SARs

The MoneyGram program also called for audits of agents and outlets, including audits of agents and outlets MoneyGram personnel knew or suspected were involved in fraud and/or money laundering. And last but not least, Haider maintained MoneyGram’s AML program so that the individuals responsible for filing SARs were not provided with information possessed by MoneyGram’s own fraud department, which should have resulted in the filing of SARs on specific agents or outlets.

Under the BSA and implementing regulations, individuals responsible for a company’s failure to implement and maintain an effective AML program are liable for a daily, civil money penalty of $25,000. Further, individuals responsible for a company’s failure to file required SARs are liable for a civil money penalty of no less than $25,000 (and up to $100,000) for each instance.

(Side note to all the BSA compliance officers out there: don’t quit your jobs out of fear. The Haider matter was particularly egregious.)

FinCEN is sending an important reminder to compliance officers that there is an individual obligation for compliance with a credit union’s statutes and regulations. Did Mr. Haider intentionally miss the warning signs, or was he just lazy or oblivious? In the end, FinCEN is saying it does not matter.

Reinforcing the importance of BSA/AML programs

These lessons from recent enforcement actions should definitely become more “tools in our compliance toolbox.” Not only does it appear that FinCEN is emphasizing its focus on MSBs, but it is also reinforcing the message that we must be serious in constructing and managing a risk-focused BSA/AML program designed to prevent terrorist financing and money laundering.

Part two of this article (to be featured next month) will reveal the remaining five compliance lessons. Stay tuned!

2 2/7/14 Saleh H. Adam dba Adam Service; 4/23/14 New Milenium Cash Exchange, Inc. and Flor Angella Lopez; 7/15/14 Mian, Inc. d/b/a Tower Package Store; and 8/28/14 BPI, Inc.