Continuing our Exam Focus
by Amy Kleinschmit
Chief Compliance Officer

BSA/AML Exam Focus

Another item from the NCUA’s 2020 Supervisory Priority list is Bank Secrecy Act Compliance/Anti-Money Laundering. This has been a supervisory priority for several years now. As discussed in the Letter to Credit Unions, an ongoing area of emphasis for examinations will be the customer due diligence and beneficial ownership requirements that became effective May 11, 2018. In addition, the NCUA will continue to focus on proper filing of SARs and CTRs. Filing timely and informative SARs and CTRs provides law enforcement, intelligence, and counter-terrorism officials with vital information.

A number of resources are available on the NCUA’s website which can be found here, including recent guidance on serving hemp businesses and BSA expectations regarding Marijuana Related Businesses. InfoSight also as a number of resources for you relating to BSA which can be found here.

FinCEN Enforcement Action

And on the topic of BSA/AML being an exam focus, the Financial Crimes Enforcement Network (FinCEN) recently announced a $425,000 civil money penalty against the former BSA officer at U.S. Bank for his failure to prevent violations of the BSA. This announcement and the assessment of civil money penalty can be found here.

NCUA rules and regulations, section 748.2, requires all federally insured credit unions to establish and maintain a BSA compliance program. Subsection (c) provides, “(c) Contents of compliance program. Such compliance program shall at a minimum—(1) Provide for a system of internal controls to assure ongoing compliance; (2) Provide for independent testing for compliance to be conducted by credit union personnel or outside parties; (3) Designate an individual responsible for coordinating and monitoring day-to-day compliance; and (4) Provide training for appropriate personnel.” [Emphasis added.] While the consent order is against a bank employee, I want to emphasize credit unions have the same requirements under NCUA rules/regulations.

As further discussed in the FFIEC BSA/AML Examination Manual,  “While the title of the individual responsible for overall BSA/AML compliance is not important, his or her level of authority and responsibility within the bank is critical…The board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources (monetary, physical, and personnel) to administer an effective BSA/AML compliance program based on the bank’s risk profile…The BSA compliance officer should be fully knowledgeable of the BSA and all related regulations. The BSA compliance officer should also understand the bank’s products, services, customers, entities, and geographic locations, and the potential money laundering and terrorist financing risks associated with those activities. The appointment of a BSA compliance officer is not sufficient to meet the regulatory requirement if that person does not have the expertise, authority, or time to satisfactorily complete the job.” [More emphasis added]

With regard to this enforcement action, FinCEN found the former BSA officer, at various times had responsibility for overseeing the Bank’s compliance program and therefore shares responsibility for the Bank’s violations of the requirements to implement and maintain an effective AML program and file SARs in a timely manner. Both prior to and during this employee’s tenure, the Bank improperly capped the number of alerts generated by its automated transaction monitoring system and failed to adequately staff the BSA compliance function.

The Consent Order at the link above details the numerous ways this former employee failed at this job to the extent he now has to pay a $425,000 civil money penalty. This also serves as a reminder that being the credit union’s BSA compliance officer is not just an honorary title – the individual has a number of responsibilities that must be done.

This employee’s actions – or more correctly inaction – occurred beginning in or about January 2005 and continued through his separation from the bank around June 2014. To highlight some of the things this individual did/didn’t do:

He was advised by two different AML officers that they believed the existing transaction monitoring system used by the bank was inadequate, because caps were set to limit the number of alerts. The OCC warned the Bank on several occasions that using numerical caps to limit the Bank’s monitoring programs based on the size of its staff and available resources could result in a potential enforcement action and FinCEN had taken previous public actions against banks for the same activity. In December 2009, the Bank’s AMLO sent a memo to the BSA officer regarding inadequate staffing concerns - SAR volume for 2009 was projected to be 47% higher than for 2007, law enforcement inquiries were projected to be 123% higher, and closure recommendations were projected to be 160% higher — all with a corresponding staff level increase of only 15.6%. Similar concerns were again expressed in 2010. The BSA officer was verbally and in writing told the Bank did not have enough AML staff to work all of the alerts that it should be working. FinCEN found that the “BSA officer failed to take sufficient action when presented with significant AML program deficiencies in the Bank’s SAR-monitoring system and the number of staff to fulfill the AML compliance role by his AMLO. While he did take certain steps to upgrade the AML Program, including advocating for and receiving funding for the replacement of the system in its entirety, his actions were inadequate to correct the deficiencies.”


As always, CUAD members may contact Amy Kleinschmit with any compliance related questions.




<< Go to Memo List