BSA, AML, and Your Credit Union: The New Perils

 

By Robert McGarvey

 

For CU2.0

Ask a senior credit union executive what’s new at his/her institution in regard to anti money laundering (AML), Patriot Act, and Bank Secrecy Act initiatives and the reality is that you will have a longer and friendlier conversation if you asked about his/her last colonoscopy.

Yes, it’s that bad.

And that’s despite the reality that a credit union can be shut down if it grievously botches its BSA and AML analysis.

Buckle up because in December 2016 FinCEN issued a press release where it announced a $500,000 fine against a credit union named Bethex in the Bronx.

Bethex has assets of under $13 million.  

They were folded into USALLIANCE, a Rye NY credit union. Bethex was no more.

FinCEN outlined Bethex’s sins: “In 2011, Bethex began providing banking services to many wholesale, commercial money services businesses (MSBs). Many of these MSBs were located in high-risk jurisdictions outside New York and engaged in high-risk activity, including wiring millions of dollars per month to countries at risk for money laundering. When Bethex began to service these MSBs, it did not take steps to update its AML programs.” 

“Among other violations, Bethex failed to timely detect and report suspicious activity to FinCEN and did not file any Suspicious Activity Reports (SARs) from 2008 through 2011. In 2013, as a result of a mandated review of previous transactions, it late-filed 28 SARs. The majority of the suspicious activity involved high-volume, large amount transfers outside of Bethex’s expected customer base by MSBs capable of exploiting Bethex’s AML weaknesses. Most of those SARs were inadequate and contained short, vague narratives encompassing a broad summary of multiple and unrelated instances of suspicious activity. For example, one SAR covered over $906 million in total aggregate of suspicious transactions, but provided little information useful to law enforcement investigators.”

In 2015, North Dade – a small Florida credit union – was effectively put out of business because of AML and BSA violations.  In 2013, tiny North Dade moved over $1 billion in wires, often overseas. According to FinCEN: “When a small institution opens its doors to the world, takes on greater risks than it can manage, and puts profits before AML controls, bad actors are bound to take advantage,” said FinCEN Director Jennifer Shasky Calvery. “This case raises pretty obvious questions that no one seems to have asked. Why would MSBs located all over the world choose a small Florida credit union to conduct close to $2 billion in transactions? Credit unions pride themselves on close and low- risk relationships with known neighborhood customers. However, North Dade welcomed customers far beyond its field of membership, without adequate policies and procedures to ensure AML compliance.”

Face this reality: the big banks have big teams in place to handle BSA, AML, etc. They also have invested – heavily in many cases – in automation that takes a lot of the heavy lifting out of compliance. Machines do the work.

Credit unions – especially the vast majority with assets under $1 billion – generally have not invested in automation for compliance. “There are case management systems that are good. They can be expensive for a small FI.  A lot of bigger banks are using robotics to get screenshots of bank statements and so on – an analyst doesn’t have to spend an hour collecting it. Only the biggest banks are doing this,” said Alma Angotti, managing director in the Global Investigations & Compliance practice of management consulting firm Navigant Consulting, Inc.

Another issue that many small financial institutions now face: “Many employees in compliance are burning out,” said John Podvin, a Dallas lawyer well known in BSA circles.  He added: “There are people in BSA who are asking themselves, do I want to be second guessed all the time. Some are leaving the field.”

A reality in BSA/AML is that the easier course is to file a SAR (suspicious activity report – this documents flags an action for possible investigation by law enforcement). Do that and a financial institution probably has satisfied its regulators. “There is no downside to filing,” said Angotti.

Where the credit union may find itself in a pothole is when it does not file a SAR. In that case the credit union needs to justify why it did not file – and an examiner may well challenge the credit union.

And that means many more hours get invested in explaining and justifying decisions.  Said Podvin: “There are increasing expectations from examiners – that’s the biggest problem now.”

“It’s one thing for a big bank with a staff of several hundred working in compliance. It’s different for a community bank.”

Or credit union.

A result is that slender compliance staffs may be worn down in many small credit unions.

Another barrier at credit unions: there may be “competition for scarce IT resources,” said Angotti. Doing BSA/AML research is computer intensive and, at least at smaller institutions, there may be a battle for resources and ask yourself this: who will win if the fight is between marketing, which needs IT resources to power a new campaign that may bring in lots of new members, and compliance which wants to research possibly suspicious activity by members?

It’s a fight that compliance usually does does not win.

Don’t expect BSA/AML workloads to magically lighten.  

Possible light at this tunnel’s end, said Podvin, is a federal effort to streamline some BSA/AML compliance.  He pointed to pending legislation, HR 6068, as offering hope to financial institutions. The aim of the bill, in its own words, is to “reduce regulatory burdens, and ensure that the information provided is of a ‘high degree of usefulness’ to law enforcement.”

Don’t count on relief until a bill is signed into law.

Meantime, good advice for top credit union management is keep your ear to the ground and ask – and ask again- your BSA and AML teams what issues are they facing and what resources they need to do their jobs better and smarter.  

No credit union CEO wants to increase the budget for compliance work.

But no credit union CEO wants his/her institution to go the way of Bethex.

That makes the choice easier.

 

Leave a Reply

Your email address will not be published. Required fields are marked *