Compliance Blog

Oct 16, 2023
Categories: BSA

FinCEN Imposes Civil Money Penalty on Bank for BSA Violations

FinCEN has been quiet on the rule front and while that may change with the newly appointed FinCEN director, FinCEN has continued to be busy with its oversight duties with a recent consent order against Shinihan Bank America (Shinihan Bank) for willfully violating the Bank Secrecy Act (BSA). Consent orders are nothing new but do provide an opportunity to see what types of behavior get the regulators’ attention.

This is not the first time Shinihan Bank has been fined by regulators for lax BSA compliance. Shinihan Bank entered a consent order in 2017 with the Federal Deposit Insurance Corporation (FDIC) and a memorandum of understanding in 2020 with New York State’s Department of Financial Services (NYDFS). It was found that Shinihan Bank was out of compliance with both the 2017 consent order and the 2020 memorandum.

FinCEN found Shinihan Bank had an inadequate anti-money laundering program. Generally, an anti-money laundering program must include, at a minimum:

(a) the development of internal policies, procedures, and controls;

(b) an independent audit function to test programs;

(c) designation of a compliance officer;

(d) an ongoing employee training program; and

(e) appropriate risk-based procedures for conducting ongoing customer due diligence (CDD).

However, the consent order states that Shinihan Bank failed to implement these minimum requirements.

Overall, the consent order describes that Shinihan Bank failed in several categories that are important to maintain an effective BSA compliance program. FinCEN found that Shinihan Bank’s customer due diligence was lacking. Shinihan Bank failed to conduct CDD and assign a customer risk rating score to those customers. Moreover, Shinihan Bank failed to monitor customer transactions to measure overall risk. Shinihan Bank failed to establish adequate transaction monitoring baselines. This impaired the bank’s ability “to determine whether the actual account activity was unusual for the customer or not.” In addition, the risk rating applied to its customers was not comprehensive or risk-based. According to FinCEN, this led to the bank failing to capture and document “cash-intensive individuals with a high volume of domestic and international wire activity” in its CDD.

FinCEN also alleges Shinihan Bank’s transaction monitoring was ineffective. FinCEN found the monitoring system “lacked basic predetermined scenarios needed to flag abnormal activity.” FinCEN found gaps in Shinihan Bank’s transaction monitoring that failed to aggregate volume deposit and withdrawals or sudden successions of transactions. FinCEN also outlined in its consent order a fragmented transaction monitoring system that included different systems for different types of banking activity.

The consent order found several other issues. For example, there were no formalized procedures for filing suspicious activity reports leading to delays in filings and the BSA compliance team from the line level all the way up to the management level was understaffed and stretched thin. Shinihan Bank also faced corporate governance issues with its own board of directors failing to properly supervise the remediation of the bank’s anti-money laundering program, which was required under the 2017 FDIC consent order.

While this consent order is not without examples of Shinihan Bank attempting to cure its deficiencies and ailments, FinCEN still found Shinihan Bank failed to meet its regulatory obligations under the BSA. As a result, this is a great review and example to others of what makes or breaks an anti-money laundering program.

If there are any additional questions, please do not hesitate to contact NAFCU’s compliance team at

🏫 Registration is now open for NAFCU’s 2024 Regulatory Compliance School 

Hurry – this conference sold out in record time in 2023! Join your peers in Arlington, VA March 18 – 22, 2024 for a fundamental course on CU compliance from A to Z. Plus, earn your NAFCU Certified Compliance Officer (NCCO) credential when you pass the optional exams.  

🎯 Online Compliance Training Subscriptions: For just one price, your entire credit union receives access to over 40 hot-topic compliance webinars per year, so your team can master challenges like BSA, data security, risk management, loss prevention, and more. Learn more