AML compliance: Why failure is not an option
The consequences of noncompliance
While pulling back on AML compliance spending is tempting, it is especially important today that financial institutions have a robust AML program.
You might also like this webinar, "Best Practices for Writing SARS."
Prioritizing AML compliance resources
The regulations laid out in the Bank Secrecy Act (BSA) are intended to promote financial transparency and identify those who misuse the financial system. Financial institutions must establish and maintain an anti-money laundering (AML) compliance program that provides guidance and policies to comply with these regulations.
When the U.S. economy becomes insecure or unstable, it can be very tempting for financial institutions to consider reducing funding and staffing resources reserved for AML compliance. However, failure to comply can result in civil and criminal penalties against not only the financial institution but individual bank officers and employees. Criminal penalties for BSA-related deficiencies can result in fines of up to $250,000 and up to five years imprisonment. These penalties can double if a pattern of misconduct of more than $100,000 over 12 months is detected. Civil penalties vary, with regulators authorized to penalize between $5000 and $1,000,000 per violation for each day the breach occurs. These penalties are given mainly for deficient compliance programs, failure to file SARs, or when combined with other violations of the BSA.
Basic policies and procedures
AML compliance requirements
Those in the banking industry are well-versed in the following requirements of a compliant AML program:
- Effective internal controls
- BSA Compliance Officer on staff
- Ongoing BSA training
- Independent testing of the AML program
- Proper customer due diligence
To create an effective and efficient AML program, policies and procedures should be robust, detailed, and available to all employees of the AML department as appropriate. All bank employees must have a general understanding of AML regulatory requirements. The policies must also be tailored to the institution’s risk appetite and not open for interpretation. The BSA Compliance Officer must be knowledgeable and able to make appropriate risk-based decisions and have authority for final decision-making related to suspicious activity. The AML training should be relevant to the various lines of business and comprehensive for employees, management, and the Board of Directors, with regular communication regarding risk tolerance.
Recent BSA enforcement actions
The following three cases are examples of recent BSA enforcement actions imposed after organizations failed to hire enough staff and follow proper procedures to ensure AML compliance:
- In 2022, a $140,000,000 civil penalty was imposed against USAA FSB. The consent order found that while USAA FSB had significant growth, it failed to match that growth with AML compliance efforts. The order also cited significant understaffing and the use of third-party contractors who were not adequately trained or lacked qualifications and expertise. Due to case management system deficiencies the institution had a backlog of around 90,000 alerts and 6,900 cases, with those numbers expected to grow before the bank could begin addressing the backlog. These numbers demonstrate the negative consequences of a failure to hire appropriate staff.
- In 2021, an $8,000,000 civil penalty was imposed against CommunityBank of Texas N.A. The consent order noted that the institution needed to implement an adequate AML program, citing an understaffed AML compliance department that had analysts reviewing an average of 100 daily case alerts. The volumes did not allow time to review supporting documents, such as check images, wire details, etc. The analysts performed quality control with no objective or third-party perspective. The consent order also cited exemptions applied by the BSA Officer for customers whose activity was considered “well-known” to reduce the number of alerts requiring review. The exemptions were not appropriately documented, and the exempted customers included individuals later arrested for financial crimes.
- In 2021, a $390,000,000 civil penalty was imposed against Capital One N. A. The consent order noted violated BSA requirements related to its Check Cashing Group, a product of several acquisitions which included a customer base of check cashers and existed between 2006 and 2014. Although these customers were subjected to regular reviews, the reviews relied heavily on comparison to past activity, citing consistent behavior without further investigating potentially suspicious activity. When AML compliance analysts identified suspicious activity such as a “medical fraud ring,” “excessive corporate check cashing,” or “structured third-party checks,” they were instructed to contact relationship managers, who would provide vague or implausible explanations, at times accepted as justification. The customer (check casher), given the highest risk rating by the bank, was ultimately convicted of conspiring to commit money laundering related to loan sharking and illegal gambling proceeds and was connected to the Genovese organized crime family. The bank was made aware of criminal investigations/charges against other group customers yet failed to identify suspicious activity or file timely SARs on the clients. In addition, the consent order noted a failure to identify armored car cash shipments as real cash, resulting in approximately 50,000 transactions (over $16 billion) going unreported through CTR filings.
Each AML compliance case listed above involved a failure to file timely SARs or report suspicious activity due to weaknesses in their AML programs. In many cases, the weaknesses were identified during previous regulatory reviews, and the institutions could have adjusted the program or corrected the deficiencies to avoid backlash.
White House actions
Fed bolsters AML compliance efforts with new whistleblower law
On December 29, 2022, a new whistleblower law was enacted by President Biden, bringing about significant changes that impact both domestic and overseas financial services institutions. These institutions, particularly those involved in anti-money laundering (AML) efforts, now face heightened risks and costs associated with whistleblower claims.
The newly signed act expands the reach of the law to encompass reporting of violations relating to financial management rules within executive agencies, sanctions imposed on foreign nations, entities, or individuals considered enemies of the United States, and sanctions targeting foreign narcotics traffickers. It also introduces a funding structure and establishes minimum statutory awards for successful whistleblowers. In most cases, whistleblowers are entitled to a minimum award of 10 percent.
The primary objective behind this Act is to create a robust financial incentive, motivating potential whistleblowers to come forward and report a wider range of compliance issues. By doing so, the Act seeks to serve the national interests in areas such as AML, sanctions enforcement, and the fight against drug trafficking. To safeguard themselves, financial institutions will need to uphold stringent compliance practices to prevent violations of the law.
Reliable assistance for AML compliance
Given the recent findings, it is in the best interest of financial institutions to make every effort to maintain an effective AML program. Consent orders and the resulting penalties can be quite costly, not to mention the resulting negative publicity. Adopting trusted third-party transaction monitoring and case management AML software can allow institutions to make the most of their existing AML resources. In addition, bringing in knowledgeable and certified professionals as contractors may help alleviate high volumes for your AML staff. An experienced AML advisory team can help with various services that alleviate resource constraints, respond to regulatory feedback, and satisfy examiner expectations. Remember, AML compliance is not optional.