BSA Strategies - Bank Secrecy Act Risk Assessment and Compliance


Bank Consulting & Solutions
Call: 1-877-265-7475
Contact Us  
  bsa-risk-assessment-our-company patriot-act-compliance-our-services bsa-risk-assessment-bsa-aml-compliance patriot-act-compliance bsa-risk-assessment-risk-exposure patriot-act-compliance-knowledge-base bsa-risk-assessment-new-and-events  
 
Nightmare on Main Street
_________________________________________________________________________________
 
1st Quarter 2008
Bank Director Magazine • By Charles Keenan
 

Financial institutions consider how best to comply with Bank Secrecy Act and anti-money-laundering regulations and still keep the paper monster at bay.

Since 9/11, regulatory agencies have ratcheted up the pressure each year to get banks to comply with the Bank Secrecy Act, severely punishing those that have failed to heed warnings on noncompliance, meting out memorandums of understanding, cease-and-desist orders, enforcement actions, and civil money penalties. And in a more recent twist, the Justice Department has been entering into deferred prosecution agreements with negligent financial institutions, with settlements totaling in the tens of millions of dollars to the Justice Department and related regulators.

Recent notable cases include fines of $31.6 million to Union Bank of California, announced in September, and $65 million for American Express International Bank the previous month. The banks agreed to settlements of deferred prosecutions brought by the Justice Department, which had charged each with one count of failing to maintain an effective anti-money-laundering program.

Those cases followed an $80 million fine a year ago to Holland-based ABN Amro, which disclosed last April that it took an additional charge of €365 million ($498 million at that time) to account for expenses it expects to incur from the result of an ongoing investigation by the Justice Department.

These large penalties dovetail with regulators’ stepped-up emphasis on BSA in their annual examinations. “The heat has been turned up,” says Barry Zadworny, senior vice president of compliance at Roma Bank, a $900 million thrift headquartered in Robbinsville, New Jersey. “The banking agencies are all zeroing in and have made BSA compliance a priority item with their examining staff—more so than in previous years.”

Expect more of the same in 2008. For banks that fall behind and fail to heed the warnings of regulators, the stakes are high. Some banks that have received large penalties have ended up selling out to others: Riggs Bank, for example, received fines totaling $41 million in early 2005 and eventually was sold to PNC Corp; ABN Amro’s trouble precipitated the sale of its U.S. subsidiary LaSalle Bank to Bank of America Corp. and its own sale to a consortium of three European banks last year.

The bottom line, experts say, is bank boards need to be attentive to their financial institution’s BSA program. Aside from a long list of requirements, regulators are looking for a strong corporate culture in terms of anti-money-laundering compliance, says Peter Djinis, a lawyer in Sarasota, Florida and former official at the Financial Crimes Enforcement Network (FinCEN), an arm of the Department of the Treasury that fights money laundering and other financial crimes by collecting and analyzing information on financial transactions.

“Regulators want to know, does it come from the top down? Are the directors on board? Are they paying attention? Is management giving them the support they need? Is the board being informed when there are lapses?” Djinis says.

“We look for the board of directors to set up appropriate BSA/AML policies, procedures, and practices throughout the institution,” says Randall Howe, BSA director at the Office of Thrift Supervision. The board needs to make certain “the institution has implemented proper policies that will ensure it complies with all aspects of BSA.”

Djinis notes that while he hasn’t yet seen board members having their hands slapped, that could be next. “One of these days, regulators are going to take action against the board in an enforcement matter,” he says.

A considerable downside
The costs for banks that get into trouble are great, and regulatory scrutiny can haunt them for years after their infractions. San Francisco-based Union Bank of California, majority owned by Japan’s Mitsubishi UFJ Financial Group, spent $100 million over the last three years revamping its program with line items such as hiring additional staff, boosting training, and creating a financial intelligence unit, according to a spokesman. Yet the $52 billion bank still received penalties that arose out of transactions conducted between May 2003 and April 2004, regarding accounts held by licensed Mexican currency exchange houses. According to Justice Department documents, the bank failed to detect, identify, and report suspicious transactions in the accounts, due to deficiencies in its anti-money laundering program. After warnings, it also failed to correct the problem.

To be sure, enforcement actions hardly appear out of the blue sky, says Lisa Arquette, the associate director for financial crimes at the Federal Deposit Insurance Corp. “None of these have been surprises for the banks,” Arquette says. “There generally has been a long supervisory history between a federal regulator and a bank before there is a public action. It is generally an escalated approach.”

Thus, boards are aware of infractions well before regulators start levying fines, adds James Freis Jr., director of Fincen: “I want to dispel the myth that minor technical violations would somehow result in a major monetary penalty. That is just not the case. That is not the way we exercise our authority.”

Nevertheless, boards and management that fail to be proactive will pay a severe price in terms of time and energy, says David Caruso, chief executive and managing director of Dominion Advisory Group, an AML consulting firm based in Centreville, Virginia.

A bank under increased scrutiny forces management and the board to concentrate their time and energy on fixing the problem. “The compliance failures are so draining that it takes away the focus of the executive team and board,” Caruso says. “By the time they emerge from AML failures in 18 or 24 months, they in essence have been standing still while the competition has been moving forward.”

Adding to the pressure are Justice Department efforts to prosecute banks that have harbored criminal activity and didn’t report it, whether knowingly or unwittingly. “If that’s not caught, and the bank didn’t have systems in place, then [that] … is enough to lead you to a deferred prosecution,” says Ellen Zimiles, cofounder and chief executive officer of Daylight Forensic and Advisory, a New York-based consulting firm.

The increased scrutiny comes at a time when banks as a whole face worsening credit portfolios and slower loan production in the wake of the subprime lending crisis. That might make decisions on how to invest wisely on BSA more difficult in the current climate. Yet, even small community banks have little choice but to buckle down, says Ron Janis, a partner at the New York law firm of Day Pitney. “The examiners have been into other, larger banks and have seen how many resources have been thrown at this,” Janis says. “I don’t think there is anything that will allow the smaller banks to do a less-resource-intensive job than the larger banks.”

Unlike other regulatory issues that banks have mastered over time, they are far from mastering BSA. “Bankers love to get to a point where they can put compliance issues on remote control, where it is so regularized that it doesn’t require continual upgrading and monitoring and where the bar isn’t changing all the time,” says James Rockett, a partner at San Francisco law firm Bingham McCutchen. “With BSA and AML, they have not been able to get into a routine where everybody can feel comfortable.”

But all that change is part of a natural progression, says William Fox, global AML executive at $1.3 trillion Bank of America and a former director of FinCEN. “Regulators have become better educated about what it means to have a good, solid BSA/AML program,” he says. “And so as they have become better educated about what that is, and what types of risk management you need to perform, they have drilled down further than they have in the past.”

Likewise, the sky isn’t falling for most banks. While the agencies and Justice Department have handed out some large fines, those transgressions represent a minority of the nation’s approximately 8,600 banks and thrifts. And there are signs depository institutions are doing a better job. For example, the OTS handed out 276 BSA-related violations in 2006, down from 421 in 2005.

When banks fail to comply with BSA, they generally aren’t focusing on root causes of inadequacies, such as training, talent, systems, and controls, says Edward Ferraro, BSA/AML officer at Foster Bank, a $500 million financial institution in Chicago. Ferraro likens the lack of focus on root causes to driving a car into a garage and getting a flat tire. Once the flat is fixed, the incident repeats itself and the flat is repaired again. “Fixing the flat tire 100 times is not going to fix the problem,” he says, because “there is something on the garage floor that is causing you to get a flat tire.”

Ferraro, an ex-regulator, took over as Foster Bank’s BSA/AML officer in 2004 to help improve the bank’s AML program. The bank serves Chicago’s Korean-American community, which has a high number of cash businesses such as restaurants, dry cleaners, and gas stations. The bank was assessed a civil money penalty of $2 million by FincCEN in 2006 for lapses found in transaction monitoring during the period before Ferraro’s tenure. The bank was cited for improper independent testing, among other measures used to detect and report potential money laundering, terrorist financing, and other suspicious activity. “The environment wasn’t as structured [as it should be] as far as policies, procedures, and automated systems,” Ferraro says.

Detecting questionable activity
At the heart of a bank’s BSA compliance is its ability to unearth suspicious activity and send the information to the government. To do so, it files suspicious activity reports (SARs) with FinCEN. After 9/11, government enforcement actions have been assessed on banks that didn’t file SARs timely or accurately. That has contributed to a spike in SAR filings, with many banks filing whenever in doubt in order to cover themselves. Because regulators can dig back into past activity and judge banks retroactively—leading to criminal enforcement and money penalties—many banks have filed so-called defensive SARs, Djinis notes.

As a result, annual SAR filings by depository institutions rose 88% three years after 9/11 to 382,000 in 2004. And they continue to rise, but at a slower pace, totaling 567,000 in 2006, up from 523,000 a year earlier.

Regulators are sending the message to banks that they can’t file SARs willy-nilly. Often SARs are not complete enough. FinCEN released a memo in October pointing out common errors in SARs, including inadequate narratives, missing employer identification numbers, and incorrect characterization of suspicious activities. Expectations of SAR filings by regulators are very different now versus a few years ago, Zimiles warns. “Compliance officers need to be doing more quality control of their own output,” she says. “You don’t see a lot of that. There needs to be a strong quality control process.”

Simpler beginnings
Anti-money-laundering compliance has gotten much more complicated since its debut when in 1970 Congress passed the Bank Secrecy Act, which established requirements for recordkeeping and reporting by private individuals, banks, and other financial institutions. The goal was to help identify the source, volume, and movement of money and other financial instruments into or out of the United States or deposited at financial institutions. The law was augmented piecemeal over the decades, but no more so than in 2001 with the passage of the USA Patriot Act. Among its provisions, the Patriot Act criminalized the financing of terrorism, boosted customer identification procedures, and prohibited financial institutions from engaging in business with foreign shell banks. It also required financial institutions to have enhanced due diligence procedures for foreign correspondent and private banking accounts, and called for improved information sharing between financial institutions and the federal government.

In short, since 9/11, financial institutions have had to be increasingly thorough with key AML information they file with government agencies: currency transaction reports for transactions in excess of $10,000 and SARs, which forward information on criminal or potentially criminal money flows. “It used to be that if you filed your currency transaction reports on time and you were reporting suspicious activity,” you were in line, says Bill Richards, vice president and compliance manager at Sterling Savings Bank, an $11 billion financial institution headquartered in Spokane, Washington. “There was not so much emphasis on the quality of it, but that it was getting done. Today, that kind of stuff better be second nature.”

Since the passage of the Patriot Act, regulatory agencies have phased in all the law’s requirements for banks, with the most noteworthy this year being enhanced due diligence for banks with foreign correspondent accounts. To help financial institutions keep track of all the developments, the Federal Financial Institutions Examination Council (FFIEC), an intergovernmental agency, publishes the Bank Secrecy Act/Anti-Money-Laundering Examination Manual, a 300-page guide that provides banks with guidance on risk-based policies, procedures, and processes. It updates the guide annually.

The manual has become the bible for compliance officers to help them keep up with refinements and additional requirements. “BSA is an animal you never stop chasing,” says Robin Fujio, vice president, deposit operations manager, and BSA and OFAC officer at Liberty Bank, a $2.6 billion thrift in Middletown, Connecticut.

What it takes
The list of requirements for BSA is exhaustive, but banks can stay out of trouble by following some basic rules. Above all, they should know the types of customers they are dealing with, says Fox of Bank of America. “You have to understand your bank’s business,” he says. “You have to understand how your particular bank works. And you have to design a program for your bank. There is no cookie-cutter model; every bank is different.”

For all the spending and marshalling of resources for BSA compliance, some experts point out that the work can actually benefit the bank. Knowing customers, an essential requirement by regulators, can help a bank better market products and services. “Good AML is good business, and good business is good AML,” Fox says.
 
For more information or to view a copy of the article visit the Bank Director Magazine Archives.
 

Copyright © 2009 BSA Strategies. All rights reserved