Compliance Blog

On December 16, 2021, the Financial Crimes Enforcement Network (FinCEN) announced an $8 million civil penalty and the filing of a consent order against CommunityBank of Texas, N.A. (CBOT) for willful violations of the Bank Secrecy Act and its implementing regulations. In coordination with FinCEN the Office of the Comptroller of the Currency also levied a $1 million civil penalty against CBOT. This will be credited toward FinCEN’s $8 million civil penalty.

Alleged Conduct

1.       Failure to provide adequate resources for is AML office, including adequate staffing

According to the consent order, CBOT employed six to eight BSA staff. Of the staff, three BSA analysts were allocated to review case alerts on a regular basis and provide quality control for each other’s work. These three analysts were responsible for reviewing an average of 100 case alerts per day. Due to the understaffing, the analysts “often did not review supporting documents (cash deposit slips, wire transcripts, check images, etc.), although all of this information was readily available.” As FinCEN specifically brought this staffing issue up in their consent order, credit unions may want to ensure that their BSA department does not suffer from the same inadequate staffing that CBOTs did.

2.       Failure to conduct adequate ongoing customer due diligence

According to FinCEN, CBOT’s policies required front-line staff to have customers complete questionnaires through which CBOT would then assign a risk rating score. However, these questionnaires were rarely updated and when a customer failed to complete a questionnaire, AML staff were directed to obtain information from bank employees rather than the customer themselves. For example, CBOT’s standard questionnaire was insufficient for a business that operated in international “High Intensity Drug Trafficking Areas” and when the questionnaire was eventually updated, CBOT failed to provide the updated questionnaire to the business.

Beyond the questionnaire, CBOT reviewed its customers at account opening and again 90 days later to determine whether the customer’s activity conformed to the filled out questionnaire. After this initial review, CBOT relied on an automated system to monitor ongoing customer activity. Unfortunately, the automated system failed to adequately identify potential issues with the legitimacy of CBOT customer activity. Furthermore, CBOT failed to use the automated system to its fullest effect.

3.       Failure to review or document responses to case alerts generated by CBOT’s automated AML monitoring system

Despite issues with the automated monitoring system, the system generated a “substantial number of case alerts.” In order to reduce the number of case alerts for review, CBOT’s BSA officer applied exemptions to numerous customers. Some of these customers were later arrested or convicted of financial crimes. In 2019 alone, CBOT eliminated 1,000 case alerts without review or documentation supporting the elimination.

When CBOT staff did review case alerts, they often closed cases without analyzing conduct or providing an adequate reason to support the closure. When cases were elevated, a number of them were closed with only discussions between CBOT staff occurring and no research or discussion with the customer.

4.       Failure to file at least 17 SARs, including the following three examples:

a.       Customer A, who owned a used car dealership and finance company, received suspicious deposits from persons known to be gamblers or received large deposits from sequentially numbered checks on the same day. Customer A would make large withdrawals  from his accounts or transfer funds between his many accounts at the bank, including between his business and personal accounts. Despite Customer A being rated as “high-risk” and the lack of an apparent legitimate business purpose, CBOT’s BSA officer accepted an “implausible explanation about the transfers of funds… and ultimately decided not to file a SAR.” When SAR’s were filed, the majority were only filed due to structuring. In 2019, Customer A pleaded guilty to criminal charges including money laundering associated with an illegal sports gambling operation.

b.       CBOT permitted Customer B, a former CPA who had previously pled guilt to a tax crime, to open an account for a gambling establishment. CBOT also permitted an associate of Customer B to open accounts for medical/healthcare businesses. CBOT failed to complete due diligence on Customer B’s gambling business. Furthermore, despite red flags on Customer B’s account and transactions, CBOT failed to file accurately and timely SARs. In the SARs that were filed, CBOT failed to name Customer B or investigate the underlying activity. In 2019, Customer B was arrested for allegedly operating an illegal gambling ring. After the arrest, CBOT filed an amended SAR reporting “over $30 million in suspicious activity through Customer B’s accounts.”

c.       CBOT permitted Customer C and family to open multiple accounts. Collectively, the accounts “exhibited multiple red flag indicators of illicit activity.” Furthermore in 2018, CBOT learned of law enforcement interest in Customer C and family. The bank subsequently elevated the status Customer C, Customer C’s family, and their accounts to high-risk customers. After the elevation, not only did CBOT fail to complete enhanced due diligence, CBOT failed to file any SARs until 2020. The SARs that were filed, were “inadequate.” In 2020, Customer C and several family members were arrested for running a chemical trafficking organization.

Credit unions may benefit from a review of FinCEN’s discussion on CBOT’s conduct. These discussions can help a credit union review its own AML program so that it does not fall prey to the same mistakes that CBOT did.

Credit unions may also want to review the consent order for the discussion of the enforcement factors that it used to determine CBOT’s civil penalty. It provides an insight into FinCEN’s enforcement approach, as outlined in FinCEN’s 2020 Statement on Enforcement of the Bank Secrecy Act.

For more information regarding SARs and BSA compliance in general, credit unions may want to review the FFIEC BSA/AML Manual. The manual contains useful information regarding the various BSA requirements. NAFCU member credit unions may want to keep in mind that they can also ask the NAFCU compliance team regarding non-legal compliance questions, including questions on BSA compliance.