Bank Secrecy Act and Anti-money Laundering (BSA/AML) enforcement is shaping up to be a hot compliance topic this year. We’ve heard from the NCUA that one of its supervisory priorities for 2018 will be BSA compliance. There are also some big changes coming in just a few months with FinCEN’s new customer due diligence and beneficial ownership requirements. What all this means is that you’ll want to pay particularly close attention to your BSA/AML program and procedures throughout 2018. To ensure your AML program is up to scratch, it’s helpful to learn from the mistakes of others. Several months ago, FinCEN and the OCC announced a $7 million civil money penalty against Merchants Bank of California for willful BSA violations. Looking at what went wrong can help you avoid similar mistakes.

In case you were wondering whether BSA/AML problems are really a big deal, that $7 million fine should give you a hint at the answer. Regulators are very serious about violations in this area, and if you think you can slip through the cracks, you may be in for a rude awakening. The best way to keep your institution out of the regulatory hot seat is to ensure that you’ve got an airtight BSA/AML program. Merchants Bank learned this the hard way, and looking at their mistakes can be helpful.
FinCEN identified three distinct areas where Merchants’ BSA program was lacking:

Error #1: AML Program

Merchants Bank failed to establish and implement an adequate anti-money laundering program. At a minimum an institution’s AML program is required to have a system of internal controls, provide for independent tested for compliance, designate a person responsible for monitoring compliance, and provide adequate training for personnel. These are the basic four pillars of BSA. And remember, on May 11, 2018 enforcement of the fifth pillar begins: beneficial ownership.
Merchants had failures in each of the four pillars, but the biggest failure was with internal controls. Several bank insiders owned money service business, or MSBs, that had accounts at Merchants. These insiders encouraged BSA staff to process transactions without any questions and interfered with any attempts to investigate suspicious activity related to insider-owned accounts.

Error #2: Due Diligence

The bank failed to conduct required due diligence on its foreign correspondent accounts. Under the USA PATRIOT Act, any institution that maintains correspondent accounts in the U.S. for foreign financial institutions is required to subject those accounts to due diligence.
Merchants’ first mistake in this area was its lack of required policies and procedures. Sound policies and procedures that are in line with the USA PATRIOT Act requirements would ensure that any foreign correspondent account customers receive the appropriate due diligence. Merchants had four banking customers located in several high-risk countries, but did not identify these customers as foreign correspondent customers. As a result, these four customers sent and received a combined $192 million in high-risk wire transfers that were not included in monthly transactional monitoring.

Error #3: Suspicious Activity Reporting

Lastly, the bank failed to detect and report suspicious activity. BSA regulations are clear about requiring financial institutions to report any transaction of at least $5,000 and that the institution “knows, suspects, or has reason to suspect” is suspicious.
For four years, regulators charged that Merchants Bank failed to monitor billions of dollars of transactions for suspicious activity. Much of this transaction activity was related to its MSB customers’ activity. For example, one of these customers was a money transmitter in the basement of the MSB owner’s private residences in New York. Despite inquiries from law enforcement and rejected wire transfers from other banks, Merchants determined that the activity was not suspicious and did not file a SAR.
What happened at Merchants Bank should be a wake-up call to all financial institutions. While Merchant’s situation had unique elements, all institutions are reminded that undetected money laundering and suspicious activity continue to be at the forefront of risks faced by financial institutions as well as a top concern for regulators. It’s never a bad idea to take a step back from the daily flurry of activity to ensure that your BSA program provides strong pillars and capable of the weight BSA risk.