From June 2004 through March 2007, FinCEN found just 121 SARs with narrative references to credit union shared branches and just 23 of those came from the shared branches themselves. According to the report, the 23 filed by shared branches used 16 different filer name variations, 10 different filer FEINs, and 17 different combinations of FEINs and filer names. Other errors were discovered in 15 of the 23.

"At least 65.21% of SARs filed by credit union cooperatives contained other potential data quality problems," the SAR Activity Review stated. Approximately 30.43% of the total filings had either blank or incomplete narrative fields." Additionally, some of these "credit union cooperatives," as they are referred to in the report, input narratives in the Violation Type Other field while other reports had inaccurate branch addresses, dollar amounts or lacked FEINs. The report also reminded filers that "only information that is in an explicit, narrative format is entered into the system" so attached information is not entered into the

SAR database.

"They seem to spend a lot of time on quality issues," NAFCU Director of Compliance Anthony Demangone observed. "So for me, that's a red flag. If I'm in a shared branch, that's going to be on my to do list."

However, he pointed out that the time frame FinCEN was working with went back before the agencies issued the BSA manual in the summer of 2005. "That publication turned night into day. It really did change the way BSA was handled in America," Demangone said. He hypothesized that the quality of all SAR filings and others improved since that time and wondered at exactly what point the filings came that triggered FinCEN's concerns. Then again, he added, it never hurts to take a second look at your credit unions policies and programs when it comes to something as crucial as BSA compliance.

FinCEN concluded, "The number of filer-name and FEIN variations in BSA filings related to these cooperatives could complicate future efforts to correctly identify and aggregate SAR filings involving the cooperatives and their affiliated entities. Data consistency problems and other data-quality issues prolonged and hindered efforts to collect and evaluate data for this analysis."

Correcting these problems should not be much of a hassle, FinCEN said because most of the appropriate information is already at credit unions' fingertips. The agency directed credit unions also to its Oct. 10 Suggestions for Addressing Common Errors Noted in Suspicious Activity Reporting, in which FinCEN identified three key areas to focus on: SAR narratives, certain critical fields for analysis, and fields that identify the type, category, and character of the suspicious activity.

Financial Services Center Cooperatives, Inc. Executive Vice President/Chief Operating Officer Bonnie Kramer explained that her organization requires training for new credit unions as they sign up. They also offer follow up training that is highly recommended. FSCC's policy on BSA filings outlines the necessary reports to be filed and states that they must be filed with FinCEN in a timely manner, she said.

"I think some of the credit unions depending on size, probably don't think they have to do it," she said of SAR filing, noting that FSCC's average member is $430 million in assets.

CUSC President Carroll Beach explained that his Michigan branches have undergone a BSA audit. "We did an audit recently to make sure we were complying with BSA and we have had some training here as well," he said. So far the results of the audit have come back positively.

Beach also met with FinCEN a little over a year ago, and while the agency offered no shared branching specific guidance, "We had the impression that what we were doing was right."

"The fact that they're doing this," Dreyer said, "means it's on the radar screen so the credit unions in shared branching should be taking this to heart." He noted that most of the guidance up until now has dealt with individual institution situations leaving a gray area when you mix staff. "Shared branching, while a good business model, represents a little more risk," he said.

Beach differed, stating, "The shared branch is really just an extension of the credit union."

Neither CUSC nor FSCC had any knowledge of pending guidance regarding shared branching and SAR filings.

NCUA was not prepared to comment in time for press and FinCEN had not responded to requests for comment as of press time.

In-Convenience Checks

Another focus of the SAR report from FinCEN was convenience or credit card check fraud. FinCEN noted, "Credit card checks may be mailed to customers without the customer's request. They do not require activation, thereby creating a heightened risk for identity theft by providing thieves an opportunity to gain access to customer's information by simply stealing their mail." From April 1, 1996 through March 31, 2007, FinCEN found 14,816 SARs filed related to convenience checks, and of those 14,670 were filed by depository institutions. The total dollar amount of the SARs filed by financial institutions was nearly $1.2 billion with one-third of reports falling between $5,000 and $9,999.

This type of check fraud included checks stolen and deposited for illegal gain or credit card "bust-out" schemes where the criminal opened a credit account, ran up the limit then paid it off with a fraudulent convenience check and charged it up again. Nearly 300 covered accounts were opened under someone else's name.

Financial institutions suffered financial losses in cases where the suspect withdrew funds, wrote checks and made purchases, then the checks were returned for not sufficient funds.

Proper Filing

While FinCEN noted the value of the "other" filing category to describe a suspicious activity in identifying new frauds or trends, it is used quite frequently for activities already provided for on the form. Improper entries include: see attached; overly broad, one-word descriptions; or leaving it blank. "Although additional information can be, and in many cases was, provided in the narrative portion of the report, a blank, incomplete, confusing, or otherwise inadequate entry in the description section of the Other fixed-field make the SAR less searchable by law enforcement and the regulatory community," FinCEN explained.

Additionally, SARs were improperly filed for robberies, insufficient funds/overdraft, mail fraud, and bank error; in these instances, SARs are not required, according to FinCEN.

Others indicated that a SAR was filed because of a subpoena. FinCEN has issued guidance on Grand Jury Subpoenas stating that in and of themselves they do not require a SAR. However, a financial institution may look deeper into its records because of a subpoena. "It is incumbent upon a financial institution to assess all of the information it knows about its customer, including the receipt of a law enforcement inquiry, when determining whether a SAR should be filed," the report read.

As scrutiny of BSA matters heightened, credit unions responded. According to a Government Accountability Office report, in 2004 NCUA reported 12,254 filings submitted, that more than doubled in 2005 to 25,875, and jumped to 43,097 in 2006. Additionally, NCUA took 1,824 enforcement actions in 2005.

While the bank violations have grabbed national media headlines with their multi-million dollar fines, credit union missteps have been less public. "NCUA doesn't always handle things with a cease & desist or fine. It doesn't mean they aren't still having findings," Demangone said.

Dreyer, a former attorney with the Office of Thrift Supervision, agreed, saying they used the enforcement action that was just enough to get the job done.

Getting Results

The SAR Review even notes an instance where a credit union-filed SAR helped launch a bank fraud and international wire investigation. An unnamed federal credit union filed a SAR and helped initiate an investigation into a counterfeit check scheme similar to the Nigerian 419 fraud schemes in which a "victim" asks for money to help recover funds being withheld. At the time of the filing, the defendant began making large, structured cash deposits. Two years later a financial institution filed numerous SARs on wire transfers to Nigeria. "The information recounted in the SARs supports the charges prosecutors made that the defendant was part of a long-running scheme to defraud financial institutions. Prosecutors showed that he repeatedly attempted to cash counterfeit checks in the area despite warnings from authorities to stop. The defendant pleaded guilty to bank fraud and engaging in monetary transactions in criminally derived property. He had obtained $190,000 from this fraud.

With credit unions and other financial institutions complaining of the burden, they have consistently wanted to see the results of their hard work, which has been tricky due to the confidential nature of the information. FinCEN has been working to be more transparent.

"They are definitely working more diligently to make that case. They've bent over backward to get data to NAFCU," Demangone said. However, with the burden so high, he feels there can never be enough information sharing.

–[email protected]