In a recent high-profile case, a major bank faced significant civil and criminal consequences for violating the BSA. FinCEN, the OCC, the DOJ, and the Federal Reserve hit the financial giant with over $3 billion in fines and forfeitures for violations in all Bank Secrecy Act pillars. These violations represent systemic failures in their AML/CFT program, causing material harm to the U.S. financial system.
The violations were significant and included:
- Failure to ensure sufficient staffing and resources for the BSA Officer
- Disincentivized the BSA Officer to incur costs needed to ensure compliance
- The BSA Officer lacked direct authority over an AML Technology Head who oversaw the transaction monitoring system and the head of AML operations
- AML headcount decreased in size despite monitoring alerts continuing to rise, resulting in backlogged alerts and cases
- Insufficient transaction monitoring programs in banks, including failure to monitor insider activity and several transaction types such as ACH, certain funds transfers, P2P channels, checks, and specific monetary instruments
- Relied on contractors that delivered “sub-par, shoddy, and incompetent work”
- Inadequate high-risk customer monitoring
- Scenario tuning, such as above-the-line/below-the-line testing, was inadequate and focused on SAR conversion rates and changing scenario thresholds to minimize false positives
- BSA training was not tailored to specific risks
- Inadequate processes for identifying and adequately risk rating customers due to inadequate staffing and software
This enforcement action underscores the growing regulatory scrutiny and serves as a warning to financial institutions that BSA enforcement actions are not just a risk for larger banks—they can affect institutions of all sizes. As regulatory scrutiny increases for financial institutions, enforcement actions resulting in civil money penalties are growing in size and frequency. Although the above example is a large bank, similar enforcement actions are being handed down to community banks. When reading regulatory enforcement actions, consider the criticisms a checklist for what not to do in your AML/CFT program.