History Repeats Itself, Especially When You Ignore It: A 10-Year Look Back at BSA Enforcement Actions
Written by Alma Calcano, Regulatory Compliance Specialist
"The one who does not remember history is bound to live through it again”- George Santayana
This phrase applies to everything in life, including regulatory compliance. Under the Bank Secrecy Act (BSA), the Financial Crimes Enforcement Network (FinCEN) may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA, which may result in a variety of remedies, including the assessment of civil money penalties. As a BSA aficionado, I was reviewing some enforcement actions issued by FinCEN during the last 10 years; it quickly became evident there were trends. These are the most common reasons banks and credit unions over the years have faced civil money penalties assessed by FinCEN and other regulators:
These are the most common reasons banks and credit unions over the years have faced civil money penalties assessed by FinCEN and other regulators:
- Failure to establish and implement an adequate Anti-Money Laundering (AML) program;
- Failure to develop and implement an adequate Customer Identification Program (CIP); and
- Failure to comply with recordkeeping, transaction monitoring, and reporting requirements.
History should motivate us to be proactive in identifying any BSA deficiencies we may have at our financial institutions and to learn from our peers' mistakes. Regulatory violations result in costly fines and civil penalties, which can (in the worst-case scenario) take our institutions out of business. The purpose of this blog is to give you a glimpse of some of these enforcement actions:
FinCEN determined U.S. Bank willfully violated the BSA’s program and reporting requirements from 2011 to 2015. The bank capped the number of alerts its automated transaction monitoring system would generate for investigation, causing the bank to fail to investigate and report large numbers of suspicious transactions. It allowed non-customers to conduct currency transfers at its branches through a large money transmitter and failed to include such transfers in its automated transaction monitoring system. It also employed inadequate procedures to identify and address high-risk customers that caused it to fail to effectively analyze and report the transactions of such customers. The bank failed to timely file over 2,000 Suspicious Activity Reports (SARs) on transactions worth more than $700 million, and filed thousands of Currency Transaction Reports (CTRs) that provided materially inaccurate information. FinCEN assessed a civil money penalty of $185 million, while the Office of the Comptroller of the Currency (OCC), U.S. Bank’s primary regulator, assessed a $75 million civil money penalty against the bank.
Bethex was a federally-chartered, low-income-designated, community development financial institution in the Bronx, New York. According to FinCEN, Bethex willfully violated the BSA’s AML program and reporting requirements by failing to implement an adequate AML program and to detect and adequately report suspicious transactions. Bethex provided banking services to Money Service Businesses (MSBs) for which it did not adequately assess or mitigate the risks of money laundering and terrorist financing. Systemic and continuing AML program deficiencies were cited in ten of the thirteen examinations conducted on Bethex between 2005 and 2013. In 2012, Bethex continued to have internal control deficiencies, as well as training, customer identification program, recordkeeping and reporting deficiencies, and failed to designate an appropriately competent compliance officer. Weaknesses in Bethex’s BSA/AML compliance program caused significant reputational and regulatory damage to the Credit Union, contributing in part to its eventual conservatorship by the NCUA in September 2015. The NCUA liquidated Bethex and discontinued its operations in December 2015. FinCEN determined the appropriate civil penalty in this matter as $500,000.
North Dade’s BSA failures derived significantly from its banking services to certain MSBs. These MSBs were located outside of its geographic field of membership and were engaged in high-risk activities, such as wiring millions of dollars per month to high-risk foreign jurisdictions. FinCEN indicated North Dade willfully violated the BSA’s program, reporting, and recordkeeping requirements. NCUA cited North Dade for many of these violations in a Cease and Desist Order issued on September 6, 2013. The credit union failed to implement an adequate AML program, to develop and implement an adequate customer identification program, to detect and adequately report suspicious transactions, and to access or review FinCEN’s 314(a) lists. FinCEN assessed a civil money penalty of $300,000.
According to FinCEN, JPMorgan Chase Bank (“JPMorgan”) violated the BSA by failing to detect and adequately report suspicious transactions arising out of Bernard Madoff’s fraudulent investment scheme. The deficiencies in JPMorgan’s AML program also resulted in a Consent Cease and Desist Order issued by the OCC, its primary regulator, on January 14, 2013 that required JPMorgan to take a number of steps to improve its BSA compliance. FinCEN determined the penalty in this matter as $461 million. JPMorgan also agreed to a $350 million civil money penalty assessed by the OCC. The U.S. Attorney’s Office for the Southern District of New York also collected $1.7 billion from JPMorgan through asset forfeiture. In total, JPMorgan agreed to a combined collection amount of $2.05 billion.
FinCEN determined TD Bank willfully violated the BSA’s reporting requirements by failing to detect and adequately report suspicious activities in a timely manner. From April 2008 through September 2009, Scott Rothstein orchestrated a “Ponzi” scheme using multiple accounts at TD Bank and other financial institutions. Rothstein was an attorney in Florida who convinced individuals to invest in purported confidential structured settlements involving whistleblower and sexual harassment lawsuits. He falsely informed investors that the confidential settlement agreements were available for purchase. Rothstein maintained multiple attorney trust accounts, also known as Interest on Lawyers Trust Accounts (IOLTAs), at TD Bank to receive the investor funds and give the appearance of legitimacy and security. Rothstein furthered his scheme by taking investors to TD Bank branches and providing them with fraudulent balance printouts. The bank failed to properly identify, monitor, and report suspicious activity in Rothstein’s accounts, which were used to conduct thousands of transactions with an approximate value of $4 billion. TD Bank’s policies, procedures, and training regarding IOLTAs were inadequate. While the Rothstein law firm’s accounts triggered alerts in TD Bank’s AML surveillance software for suspicious activity for 17 months between April 2008 and September 2009, TD Bank employees failed to recognize the suspicious activity and file SARs in a timely manner. FinCEN assessed a civil money penalty in the amount of $37.5 million. TD Bank also agreed to a $37.5 million civil money penalty assessed by the OCC.
Between 2008 and 2012, First Bank lacked an AML program reasonably designed to manage risks of potential money laundering and other illicit activity and failed to detect and adequately report evidence of money laundering. FinCEN explained the bank failed to effectively assess and implement policies and procedures to mitigate potential money laundering risks, given its high-risk products and clients, failed identify suspicious activity, and to timely file SARs. FinCEN assessed a civil money penalty of $15,000,000. Concurrent with a $15,000,000 civil money penalty assessed by the Office of the U.S. Attorney’s Office for the Eastern District of Pennsylvania, and a $15,000,000 civil money penalty assessed by the Federal Deposit Insurance Corporation (FDIC), First Bank’s federal functional regulator.
FinCEN determined that Doha Bank violated the requirement to establish and implement a reasonably designed AML program, by failing to implement an adequate system of internal controls to ensure compliance with the BSA and manage the risk of money laundering or other suspicious activity. It also failed to conduct adequate independent testing to allow for the timely identification and correction of BSA compliance deficiencies. The Branch lacked adequate policies, procedures and controls necessary to monitor for, detect and timely report suspicious activity. As a result, it filed 610 late suspicious activity reports involving suspicious transactions totaling approximately $7.4 billion. Moreover, it processed a substantial volume of funds transfers that should have been identified as suspicious transactions including transactions involving entities with potential connections to terrorist financing and/or in jurisdictions that posed heightened risk of terrorist financing. FinCEN determined that the appropriate penalty in this matter was $5,000,000, which was concurrent with a civil money penalty in the same amount assessed by the OCC, its primary regulator.