Nightmare on Main Street

Since 9/11, regulatory agencies have ratcheted up the pressure each year to get banks to comply with the Bank Secrecy Act, severely punishing those that have failed to heed warnings on noncompliance, meting out memorandums of understanding, cease-and-desist orders, enforcement actions, and civil money penalties. And in a more recent twist, the Justice Department has been entering into deferred prosecution agreements with negligent financial institutions, with settlements totaling in the tens of millions of dollars to the Justice Department and related regulators.

Recent notable cases include fines of $31.6 million to Union Bank of California, announced in September, and $65 million for American Express International Bank the previous month. The banks agreed to settlements of deferred prosecutions brought by the Justice Department, which had charged each with one count of failing to maintain an effective anti-money-laundering program.

Those cases followed an $80 million fine a year ago to Holland-based ABN Amro, which disclosed last April that it took an additional charge of u00e2u201au00ac365 million ($498 million at that time) to account for expenses it expects to incur from the result of an ongoing investigation by the Justice Department.

These large penalties dovetail with regulatorsu00e2u20acu2122 stepped-up emphasis on BSA in their annual examinations. u00e2u20acu0153The heat has been turned up,u00e2u20ac says Barry Zadworny, senior vice president of compliance at Roma Bank, a $900 million thrift headquartered in Robbinsville, New Jersey. u00e2u20acu0153The banking agencies are all zeroing in and have made BSA compliance a priority item with their examining staffu00e2u20ac”more so than in previous years.u00e2u20ac

Expect more of the same in 2008. For banks that fall behind and fail to heed the warnings of regulators, the stakes are high. Some banks that have received large penalties have ended up selling out to others: Riggs Bank, for example, received fines totaling $41 million in early 2005 and eventually was sold to PNC Corp; ABN Amrou00e2u20acu2122s trouble precipitated the sale of its U.S. subsidiary LaSalle Bank to Bank of America Corp. and its own sale to a consortium of three European banks last year.

The bottom line, experts say, is bank boards need to be attentive to their financial institutionu00e2u20acu2122s BSA program. Aside from a long list of requirements, regulators are looking for a strong corporate culture in terms of anti-money-laundering compliance, says Peter Djinis, a lawyer in Sarasota, Florida and former official at the Financial Crimes Enforcement Network (FinCEN), an arm of the Department of the Treasury that fights money laundering and other financial crimes by collecting and analyzing information on financial transactions.

u00e2u20acu0153Regulators want to know, does it come from the top down? Are the directors on board? Are they paying attention? Is management giving them the support they need? Is the board being informed when there are lapses?u00e2u20ac Djinis says.

u00e2u20acu0153We look for the board of directors to set up appropriate BSA/AML policies, procedures, and practices throughout the institution,u00e2u20ac says Randall Howe, BSA director at the Office of Thrift Supervision. The board needs to make certain u00e2u20acu0153the institution has implemented proper policies that will ensure it complies with all aspects of BSA.u00e2u20ac

Djinis notes that while he hasnu00e2u20acu2122t yet seen board members having their hands slapped, that could be next. u00e2u20acu0153One of these days, regulators are going to take action against the board in an enforcement matter,u00e2u20ac he says.

A considerable downside

The costs for banks that get into trouble are great, and regulatory scrutiny can haunt them for years after their infractions. San Francisco-based Union Bank of California, majority owned by Japanu00e2u20acu2122s Mitsubishi UFJ Financial Group, spent $100 million over the last three years revamping its program with line items such as hiring additional staff, boosting training, and creating a financial intelligence unit, according to a spokesman. Yet the $52 billion bank still received penalties that arose out of transactions conducted between May 2003 and April 2004, regarding accounts held by licensed Mexican currency exchange houses. According to Justice Department documents, the bank failed to detect, identify, and report suspicious transactions in the accounts, due to deficiencies in its anti-money laundering program. After warnings, it also failed to correct the problem.

To be sure, enforcement actions hardly appear out of the blue sky, says Lisa Arquette, the associate director for financial crimes at the Federal Deposit Insurance Corp. u00e2u20acu0153None of these have been surprises for the banks,u00e2u20ac Arquette says. u00e2u20acu0153There generally has been a long supervisory history between a federal regulator and a bank before there is a public action. It is generally an escalated approach.u00e2u20ac

Thus, boards are aware of infractions well before regulators start levying fines, adds James Freis Jr., director of Fincen: u00e2u20acu0153I want to dispel the myth that minor technical violations would somehow result in a major monetary penalty. That is just not the case. That is not the way we exercise our authority.u00e2u20ac

Nevertheless, boards and management that fail to be proactive will pay a severe price in terms of time and energy, says David Caruso, chief executive and managing director of Dominion Advisory Group, an AML consulting firm based in Centreville, Virginia.

A bank under increased scrutiny forces management and the board to concentrate their time and energy on fixing the problem. u00e2u20acu0153The compliance failures are so draining that it takes away the focus of the executive team and board,u00e2u20ac Caruso says. u00e2u20acu0153By the time they emerge from AML failures in 18 or 24 months, they in essence have been standing still while the competition has been moving forward.u00e2u20ac

Adding to the pressure are Justice Department efforts to prosecute banks that have harbored criminal activity and didnu00e2u20acu2122t report it, whether knowingly or unwittingly. u00e2u20acu0153If thatu00e2u20acu2122s not caught, and the bank didnu00e2u20acu2122t have systems in place, then [that] u00e2u20acu00a6 is enough to lead you to a deferred prosecution,u00e2u20ac says Ellen Zimiles, cofounder and chief executive officer of Daylight Forensic and Advisory, a New York-based consulting firm.

The increased scrutiny comes at a time when banks as a whole face worsening credit portfolios and slower loan production in the wake of the subprime lending crisis. That might make decisions on how to invest wisely on BSA more difficult in the current climate. Yet, even small community banks have little choice but to buckle down, says Ron Janis, a partner at the New York law firm of Day Pitney. u00e2u20acu0153The examiners have been into other, larger banks and have seen how many resources have been thrown at this,u00e2u20ac Janis says. u00e2u20acu0153I donu00e2u20acu2122t think there is anything that will allow the smaller banks to do a less-resource-intensive job than the larger banks.u00e2u20ac

Unlike other regulatory issues that banks have mastered over time, they are far from mastering BSA. u00e2u20acu0153Bankers love to get to a point where they can put compliance issues on remote control, where it is so regularized that it doesnu00e2u20acu2122t require continual upgrading and monitoring and where the bar isnu00e2u20acu2122t changing all the time,u00e2u20ac says James Rockett, a partner at San Francisco law firm Bingham McCutchen. u00e2u20acu0153With BSA and AML, they have not been able to get into a routine where everybody can feel comfortable.u00e2u20ac

But all that change is part of a natural progression, says William Fox, global AML executive at $1.3 trillion Bank of America and a former director of FinCEN. u00e2u20acu0153Regulators have become better educated about what it means to have a good, solid BSA/AML program,u00e2u20ac he says. u00e2u20acu0153And so as they have become better educated about what that is, and what types of risk management you need to perform, they have drilled down further than they have in the past.u00e2u20ac

Likewise, the sky isnu00e2u20acu2122t falling for most banks. While the agencies and Justice Department have handed out some large fines, those transgressions represent a minority of the nationu00e2u20acu2122s approximately 8,600 banks and thrifts. And there are signs depository institutions are doing a better job. For example, the OTS handed out 276 BSA-related violations in 2006, down from 421 in 2005.

When banks fail to comply with BSA, they generally arenu00e2u20acu2122t focusing on root causes of inadequacies, such as training, talent, systems, and controls, says Edward Ferraro, BSA/AML officer at Foster Bank, a $500 million financial institution in Chicago. Ferraro likens the lack of focus on root causes to driving a car into a garage and getting a flat tire. Once the flat is fixed, the incident repeats itself and the flat is repaired again. u00e2u20acu0153Fixing the flat tire 100 times is not going to fix the problem,u00e2u20ac he says, because u00e2u20acu0153there is something on the garage floor that is causing you to get a flat tire.u00e2u20ac

Ferraro, an ex-regulator, took over as Foster Banku00e2u20acu2122s BSA/AML officer in 2004 to help improve the banku00e2u20acu2122s AML program. The bank serves Chicagou00e2u20acu2122s Korean-American community, which has a high number of cash businesses such as restaurants, dry cleaners, and gas stations. The bank was assessed a civil money penalty of $2 million by FincCEN in 2006 for lapses found in transaction monitoring during the period before Ferrarou00e2u20acu2122s tenure. The bank was cited for improper independent testing, among other measures used to detect and report potential money laundering, terrorist financing, and other suspicious activity. u00e2u20acu0153The environment wasnu00e2u20acu2122t as structured [as it should be] as far as policies, procedures, and automated systems,u00e2u20ac Ferraro says.

Detecting questionable activity

At the heart of a banku00e2u20acu2122s BSA compliance is its ability to unearth suspicious activity and send the information to the government. To do so, it files suspicious activity reports (SARs) with FinCEN. After 9/11, government enforcement actions have been assessed on banks that didnu00e2u20acu2122t file SARs timely or accurately. That has contributed to a spike in SAR filings, with many banks filing whenever in doubt in order to cover themselves. Because regulators can dig back into past activity and judge banks retroactivelyu00e2u20ac”leading to criminal enforcement and money penaltiesu00e2u20ac”many banks have filed so-called defensive SARs, Djinis notes.

As a result, annual SAR filings by depository institutions rose 88% three years after 9/11 to 382,000 in 2004. And they continue to rise, but at a slower pace, totaling 567,000 in 2006, up from 523,000 a year earlier.

Regulators are sending the message to banks that they canu00e2u20acu2122t file SARs willy-nilly. Often SARs are not complete enough. FinCEN released a memo in October pointing out common errors in SARs, including inadequate narratives, missing employer identification numbers, and incorrect characterization of suspicious activities. Expectations of SAR filings by regulators are very different now versus a few years ago, Zimiles warns. u00e2u20acu0153Compliance officers need to be doing more quality control of their own output,u00e2u20ac she says. u00e2u20acu0153You donu00e2u20acu2122t see a lot of that. There needs to be a strong quality control process.u00e2u20ac

Simpler beginnings

Anti-money-laundering compliance has gotten much more complicated since its debut when in 1970 Congress passed the Bank Secrecy Act, which established requirements for recordkeeping and reporting by private individuals, banks, and other financial institutions. The goal was to help identify the source, volume, and movement of money and other financial instruments into or out of the United States or deposited at financial institutions. The law was augmented piecemeal over the decades, but no more so than in 2001 with the passage of the USA Patriot Act. Among its provisions, the Patriot Act criminalized the financing of terrorism, boosted customer identification procedures, and prohibited financial institutions from engaging in business with foreign shell banks. It also required financial institutions to have enhanced due diligence procedures for foreign correspondent and private banking accounts, and called for improved information sharing between financial institutions and the federal government.

In short, since 9/11, financial institutions have had to be increasingly thorough with key AML information they file with government agencies: currency transaction reports for transactions in excess of $10,000 and SARs, which forward information on criminal or potentially criminal money flows. u00e2u20acu0153It used to be that if you filed your currency transaction reports on time and you were reporting suspicious activity,u00e2u20ac you were in line, says Bill Richards, vice president and compliance manager at Sterling Savings Bank, an $11 billion financial institution headquartered in Spokane, Washington. u00e2u20acu0153There was not so much emphasis on the quality of it, but that it was getting done. Today, that kind of stuff better be second nature.u00e2u20ac

Since the passage of the Patriot Act, regulatory agencies have phased in all the lawu00e2u20acu2122s requirements for banks, with the most noteworthy this year being enhanced due diligence for banks with foreign correspondent accounts. To help financial institutions keep track of all the developments, the Federal Financial Institutions Examination Council (FFIEC), an intergovernmental agency, publishes the Bank Secrecy Act/Anti-Money-Laundering Examination Manual, a 300-page guide that provides banks with guidance on risk-based policies, procedures, and processes. It updates the guide annually.

The manual has become the bible for compliance officers to help them keep up with refinements and additional requirements. u00e2u20acu0153BSA is an animal you never stop chasing,u00e2u20ac says Robin Fujio, vice president, deposit operations manager, and BSA and OFAC officer at Liberty Bank, a $2.6 billion thrift in Middletown, Connecticut.

What it takes

The list of requirements for BSA is exhaustive, but banks can stay out of trouble by following some basic rules. Above all, they should know the types of customers they are dealing with, says Fox of Bank of America. u00e2u20acu0153You have to understand your banku00e2u20acu2122s business,u00e2u20ac he says. u00e2u20acu0153You have to understand how your particular bank works. And you have to design a program for your bank. There is no cookie-cutter model; every bank is different.u00e2u20ac

For all the spending and marshalling of resources for BSA compliance, some experts point out that the work can actually benefit the bank. Knowing customers, an essential requirement by regulators, can help a bank better market products and services. u00e2u20acu0153Good AML is good business, and good business is good AML,u00e2u20ac Fox says.

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.