Compliance Blog

On April 26, 2023, the Financial Crimes Enforcement Network (FinCEN) announced a $1.5 million civil penalty and the filing of a consent order against Kingdom Trust Company (Kingdom) for violations of the Bank Secrecy Act and its implementing regulations.

Alleged Conduct

In the Consent Order, FinCEN alleges the following conduct:

·       Failure to implement a sufficient process to identify and report suspicious activity such as:

o   Failure to recruit sufficient personnel with AML compliance experience;

o   Relied on a manual review of daily transactions by one employee who did not have sufficient information to determine whether suspicious activity occurred;

o   Relied on non-BSA/AML compliance personnel to report suspicious activity; and

o   Failed to timely implement an automated transaction monitoring system.

·       Expanded services to high-risk customers in Latin America without sufficient controls:

o   This included customers such as:

 “[A] Panamanian holding company with a United Kingdom subsidiary, one of the directors of which has been the subject of adverse media related to his involvement in potential money laundering. The United Kingdom subsidiary also used an address associated with numerous other legal entities and, on its account opening form with Kingdom Trust, provided a vague and unclear description of its business as consisting of ‘exporters and import[ers] trading . . . logistics in general.’”

o   Kingdom engaged in a high volume of activity and was told by a bank that Kingdom processed more payments than all of the other bank’s customers;

o   Finally, Kingdom did not make changes to its controls or file SARs related to this new business line.

·       Failed to report suspicious activity from Kingdom’s high-risk customers including the following two examples:

o   Kingdom processed nearly 200 transactions for Customer B, a tourism business. Even though tourism is outside of its area of expertise, Kingdom failed to sufficiently monitor Customer B’s payment activity. Multiple Customer B payments were inconsistent with a company operating in the tourism sector and should have led to the filing of a SAR.

o   Kingdom processed over 400 transactions for Customer C. Customer C claimed to operate in the private funds sector but continuously made payments inconsistent with a financial services company. Some of these payments were to companies that have since been indicted for involvement with illegal drug sales.

Credit unions may benefit from a review of FinCEN’s discussion on Kingdom’s conduct. FinCEN goes into much greater detail on what Kingdom did wrong and credit unions can use this discussion to ensure that they do not make the same mistakes with their AML program that Kingdom did.

Enforcement Factors

FinCEN discussed the following enforcement factors it used to evaluate the appropriate penalty in this case:

·       Nature and seriousness of the violations, including extent of possible harm to the public and systemic nature of the violations;

·       Impact or harm of the violations on FinCEN’s mission to safeguard the financial system from illicit use, combat money laundering, and promote national security;

·       Pervasiveness of wrongdoing within the entity, including management’s complicity;

·       History of similar violations or misconduct in general;

·       Financial gain or benefit resulting from or attributable to the violations;

·       Presence or absence of prompt, effective action to terminate the violations upon discovery, including self-initiated remedial measures;

·       Timely and voluntary disclosure of the violations to FinCEN;

·       Quality and extent of cooperation with FinCEN and other relevant agencies;

·       Systemic nature of the violations, including:

o   Number and extent of violations;

o   Failure rates; and

o   Duration of violation; and

·       Whether another agency took enforcement action for related activity.

Credit unions may find a review of FinCEN’s discussion of the above enforcement factors useful, as it provides an insight into FinCEN’s view of BSA/AML violations that credit unions can use to assess their own systems.

For more information regarding SARs and BSA compliance in general, credit unions may want to review the FFIEC BSA/AML Manual which contains useful information regarding the various BSA requirements. NAFCU member credit unions may want to keep in mind that they can also ask the NAFCU compliance team regarding non-legal compliance questions, including questions on BSA compliance.