The Real Impact of Aggressive AML/BSA Enforcement
We all have read the AML/BSA enforcement headlines – big banks, big settlements in the hundreds of millions, monitors and overhauls of bank operations. We know all the players, all the enforcement agencies, and the news conferences to announce enforcement actions.
Underneath these enforcement actions, there is a lot more to the story. Medium and small-sized banks, and other “financial institutions” are facing a very tough environment in which the rules of the game have changed. When federal prosecutors toughen their stance, so do bank regulators like FinCEN, the Office of Comptroller of the Currency, the FDIC and the Federal Reserve. Tough regulators have translated into tough regulation and enforcement.
It is important to remember how broad the definition of the term “financial institution” is under federal AML/BSA law. The regulators are also flexing their muscles by focusing enforcement efforts on individuals.
The list of enforcement actions reflects the broad focus and includes (as examples): (1) Thomas Haider, former CCO at MoneyGram; (2) North Dade Community Development FCU; (3) Associated Bank, N.A.; (4) New Millennium Cash Exchange, Inc.; (5) Old National Bank; and (6) Saddle River Valley Bank.
Regulators have made strong public statements confirming their intention to hold board members and officers accountable for AML/BSA violations. Members of Congress have repeatedly raised this issue in the aftermath of the HSBC settlement where no individuals were charged criminally or civilly for “egregious” violations.
Stricter enforcement is evident from the basic facts – since 2007, regulators have imposed nearly $5 billion in penalties on financial institutions for AML/BSA violations. Two-thirds of enforcement actions since 2012 have included monetary penalties – only one-third included monetary penalties from 2007 to 2011. Almost $4 billion of the $5 billion has been imposed since 2012. What is striking about the last two years is the willingness of regulators to impose heavy fines, especially when considering the financial institution’s total equity capital.
Aside from financial penalties, FinCEN for example has modified its settlement policies to require financial institutions to admit responsibility for the deficiencies in AML/BSA requirements. This has raised civil liability concerns for board members and officers.
Directors and officers are responsible for overseeing a bank’s AML/BSA compliance program, which has to be approved by the board and documented in the corporate board minutes. A compliance program has to include four basic elements:
- A system of internal controls to ensure ongoing compliance;
- Independent testing of AML/BSA compliance;
- Designation of an individual or individuals responsible for managing AML/BSA compliance; and
- Compliance training for appropriate personnel.
In terms of board members and officers who have been assessed monetary penalties, there are plenty of examples: (1) The directors of Sykesville Federal Savings Association were collectively fined $10,500 (2009); and (2) Five directors and officers of Security Bank were cited by the OCC for $20,000 per person for BSA and SARs violations.
In September 2013, the Justice Department criminally charged the CEO of Public Savings Bank for failure to file a SAR and maintain adequate AML compliance controls in connection with a single transaction – an $86,000 wire transfer of suspected drug money.
The response of many financial institutions to this aggressive environment has been compliance overkill. Since 2006, the number of SARs filed has increased by 36 percent. In addition, financial institutions are reviewing and reducing customers who may be contrary to a conservative risk profile. This process has led to the shedding of customers and even lines of business.
The benefit of the increased SARs filings has not yet been determined. It is hard to measure whether the additional SARs have provided helpful intelligence and leads to law enforcement for significant criminal prosecutions. In some cases, financial institutions are filing “defensive” SARs that identify a number of transactions but are lacking in detail. Regulators are now turning to these defensive filings and starting enforcement actions for insufficient SARs filings.
Finding the right balance in the AML/BSA area is difficult and can lead to “over” or “under” compliance. Regulators need to make sure that standards are clear before they initiate enforcement actions for regulatory violations.