Avoiding AML Penalties – Tips from a Former Regulator
Having a strong culture of compliance is key to avoiding AML penalties. Regulators take risk seriously and it’s important to know just how much risk your institution can take on while remaining compliant. Big risk doesn’t always mean big reward when it comes to financial institutions.
A couple of years ago, a small credit union in Miami Gardens, FL shut its doors as a result of a $300,000 civil money penalty assessed for their anti-money laundering (AML) failures. With only $4 million in assets and five employees, this fine was detrimental to the viability of the small credit union. Despite their size, this Miami credit union still took on giant risks – risk that, according to FinCEN, exposed the United States financial system to significant opportunities for money laundering and terrorist financing.
One of the major risks it took on was a contract with a third party money services business (MSB) to provide services and sub-accounts to other MSBs. These MSBs were located in high risk jurisdictions which were outside of the Miami credit union’s field of membership and outside of the United States. In one year the credit union facilitated over $1 billion in outgoing wires and $984 million in remotely captured deposits with this third party relationship. The revenue generated from this relationship made up over 90% of the credit union’s annual revenue.
According to FinCEN, all of this was being done with little to no risk management program in place. The credit union was not reviewing 314(a) requests, not conducting independent testing, and was not able to provide regulators with a meaningful risk assessment. This story provides several examples of pillar violations and systemic failure to meet the requirements of AML regulations. Although, this is an extreme example of willful violation of regulatory requirements, the thought of AML penalties is a fear amongst many institutions.
3 Tips to Avoiding AML Penalties within your Institution
Regardless of your institution’s asset size or risk tolerance, it is important to have a strong culture of compliance across your institution and BSA program. Remember to:
- Know Your Customer and Know Your Customer’s Customer: Evaluate the business model and the principles of a business before you enter into a third party relationship. Assess how entering into this third party relationship will impact your institution’s risk profile and ensure that your institution has the resources to appropriately mitigate the risks presented by the relationship.
- Avoid Concentrations: This Miami credit union was receiving 90% of their annual income from a third party relationship, which creates major concentration risk! Along with the massive amounts of compliance risk, the credit union was most likely not financially viable without this third party relationship. This does not make for a safe and sound institution.
- Fight for Compliance: As a BSA officer, it is your duty to educate the Board and Senior Leadership about potential compliance concerns presented by risky third party relationships. Remind the decision makers, that compliance is key. The cost an AML violation fine from FinCEN, will outweigh the income received from a high risk/high reward money making opportunity. Make your voice heard and document your dissension.
The amount of risk taken on by this credit union in relation to their size is astounding and leaves no room to question the actions taken by FinCEN. Short term financial gains proved not to be worth it when the institution was forced to close their doors in 2015. There are several lessons we can all learn from this occurrence– appropriately manage third party risks, avoid concentrations, and voice any compliance concerns you may have in relation to third party relationships your financial institution may be considering.
In the end, it is important to remember that FinCEN stresses a Culture of Compliance and mandates that financial institutions have a solid, efficient risk based BSA/AML program in place. Understanding your institution’s risk profile enables you to apply appropriate risk management processes to your BSA/AML compliance program.