Having a solid culture of compliance is critical to avoiding AML penalties. Regulators take risk seriously, and knowing just how much risk your institution can take while remaining compliant is essential. Significant risk doesn't always mean a big reward for financial institutions.
A few years ago, a small credit union in Miami Gardens, FL, shut its doors due to a $300,000 civil money penalty assessed for their anti-money laundering (AML) failures. With only $4 million in assets and five employees, this fine was detrimental to the viability of the small credit union. Despite their size, this Miami credit union still took on giant risks that, according to FinCEN, exposed the United States financial system to significant opportunities for money laundering and terrorist financing.
One of the significant risks it took on was a contract with a third-party money services business (MSB) to provide services and sub-accounts to other MSBs. These MSBs were located in high-risk jurisdictions outside the Miami credit union’s field of membership and outside the United States. In one year, the credit union facilitated over $1 billion in outgoing wires and $984 million in remotely captured deposits with this third-party relationship. The revenue generated from this relationship made up over 90% of the credit union's annual income.
FinCEN said this was done with little to no risk management program. The credit union was not reviewing 314(a) requests, not conducting independent testing, and could not provide regulators with a meaningful risk assessment. This story offers several examples of pillar violations and systemic failure to meet the requirements of AML compliance. Although this is an extreme example of a willful violation of regulatory requirements, the thought of AML penalties is a fear amongst many institutions.