Credit Unions Must Comply With the Bank Secrecy Act Or Else

Riggs Bank in Washington, D.C. was recently fined $25 million for Bank Secrecy Act (BSA) violations. This is the largest penalty ever for BSA violations. In the recent past, NCUA has issued a Cease and Desist order to correct deficiencies in a credit union’s BSA program and placed another credit union in conservatorship for multiple BSA violations. In 2003, NCUA issued a Letter of Understanding to a credit union for numerous violations of BSA and a letter to another credit union for failing to have a BSA program. Are these isolated instances or do they indicate a trend towards closer scrutiny for BSA compliance? Every indication is that these are not isolated but rather a clear harbinger of things to come. Your credit union will be subject to closer scrutiny for BSA compliance. If you are found out of compliance in certain key areas, substantial penalties could very well ensue. Lets start with Riggs Bank. The $25 million dollar penalty is enormous. Riggs Bank began violating BSA way back in 1999. The Office of the Comptroller of the Currency (OCC) detected violations but apparently did not impose tough enough sanctions. As a result, Riggs Bank continued to commit numerous BSA violations including failing to file suspicious activity reports on questionable transactions. The OCC finally issued filed a consent order against the bank in July 2003. JoAnn Johnson, NCUA Chairman, was recently invited by the Senate Banking Committee to testify on the NCUA’s enforcement of BSA. She characterized credit unions as having a good record of BSA compliance. According to Johnson’s testimony, officials in smaller credit unions and single common bond credit unions often have a more intimate understanding of their members’ transactions, which facilitates their compliance with the requirements of the BSA. Consequently, she noted that money laundering has not been a major problem for credit unions. Could it ever be? There are those that might question whether a “small” credit union can have an intimate enough understanding of every member’s transactions to adequately detect money laundering or suspicious transactions. An argument can be made that even small credit unions need to have proper Bank Secrecy Act and anti-money laundering programs or else run the risk of BSA violations. Just because a credit union is small, that does not mean that they necessarily know all of their members well enough to detect money laundering or suspicious transactions. Small credit unions and larger ones alike must have sufficient BSA and Anti-Money laundering policies and procedures. With Congress feeling that the regulators are not giving enough priority to anti-money laundering enforcement, regulators including NCUA are under pressure to conduct more thorough BSA examinations. More thorough BSA examinations mean more violations detected and potentially more penalties assessed. What can you do to prepare? Have a BSA program. The first item examiners ask for is your BSA compliance program. If you cannot produce this, a red flag immediately goes up. If you do not have a BSA program, as required by NCUA Rules and Regulations, then how are you going to comply with the Currency Transaction Report and Suspicious Activity Report reporting requirements? Not having a BSA compliance program almost invites examiners to dig deeper. The BSA compliance program must be written, approved by the board of directors, provide for a system of internal controls to assure ongoing compliance, provide for independent testing for compliance to be conducted by credit union personnel or outside parties, designate an individual responsible for coordinating and monitoring day-to-day compliance and provide training for appropriate personnel. Next, you must have a system in place to file Currency Transaction Reports. A Currency Transaction Report is required on all currency transactions that are over $10,000, including multiples totaling more than $10,000 and transactions made by different individuals for the same account holder. This is black and white with no grey. Grey? If you want grey, look no further than Suspicious Activity Reports (SARs). SARs must be filed if you spot a crime or suspected crime and certain threshold amounts are met. Crime or suspected crime means any transaction involving funds derived from illegal activity, attempts to evade any requirements under the Bank Secrecy Act, or a transaction with no apparent business or lawful purpose or is not the sort of transaction in which the particular member would normally be expected to be engaged in. So, if you think a transaction is suspicious, you are to file an SAR. Unlike a Currency Transaction Report, this is not as clear-cut as it would seem. What you think is not suspicious may be considered suspicious by someone else, like an examiner. No area of BSA is receiving more attention today than SARs. Every employee of the credit union should understand the necessity of filing SARs. Assume for a moment that the threshold filing amounts are met. An employee terminated for suspected theft? File a SAR. Member attempts identity theft via your web site? File an SAR. Member possibly structuring cash transactions to evade the Currency Transaction Reporting requirements? File an SAR. Many of the recent regulatory actions for BSA violations centered on inadequate procedures for filing SARs. There is no magic number as to how many SARs your credit union must file per year? However, if your credit union is $200 million in assets and you have not filed any SARs in the last two years, it would make me take pause. It would be hard to believe that no attempted identity theft or no suspected monetary structuring took place over the last two years. I would want to look closely at your BSA program. To your chagrin, so would an examiner. There are other requirements in BSA, including numerous recordkeeping requirements. This article only highlights a few. The most important thing is to recognize the potential liability for BSA violations and understand that examiners will be focusing more attention on BSA program. Your response to this should be ensuring you have a BSA program, a BSA officer, staff training, and a sound system in place to file CTRs, SARs and appropriate recordkeeping. Do not make the mistake of doing nothing. The cost for doing nothing could be $25 million.