Federal Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Oversight Brief Overview of BSA/AML Requirements and Regulatory Expectations Enforcement Authority Recent Consent Orders / Deferred Prosecution Agreements and Lessons Learned BSA/AML and Enterprise Risk Management PAGE 1
Federal Banking Agencies BSA Compliance Program Regulation Requires written, Board-approved program reasonably designed to assure and monitor compliance with the BSA BSA program requirements: 1. Internal controls to ensure ongoing compliance 2. Independent testing for compliance 3. Designated individual responsible for coordinating and monitoring day to day compliance 4. Training for appropriate personnel Customer Identification Program PAGE 2
When is a BSA Program Violation Cited By The Banking Agencies? Federal banking agencies have cited BSA program violations and taken formal action where a bank or foreign bank branch: Fails to adopt a BSA/AML program that covers the four required elements Fails to implement the approved BSA/AML program Exhibits program deficiencies coupled with aggravating factors (e.g., material failure to file SARs; undetected violations of law) Fails to respond to supervisory warnings, or continues a history of prior BSA/AML deficiencies Engages in one-time, non-technical violation that demonstrates willful or reckless disregard or creates substantial risk of money laundering or terrorist financing PAGE 3
Banking Agencies Suspicious Activity Reporting Compliance Regulation Interagency regulation promulgated in 1996 SAR violations Banking agencies will cite violation if failure to file is accompanied by evidence of bad faith, represents a significant or egregious situation, involves a pattern or practice, or otherwise evidences a systemic breakdown Agencies published policy is to not cite a violation for isolated failures to file so long as there is an adequate SAR filing process and controls in place, unless failure is significant or accompanied by evidence of bad faith (This policy has not always been followed in our experience.) PAGE 4
How are BSA Program Violations Treated Differently From SAR Violations? BSA Program Violation If a program violation is cited, Section 1818(s) mandates issuance of a C&D SAR Violation Banking agencies have discretion to cite a violation and discretion to select type of enforcement action (e.g., Board Resolution, MOU, Written Agreement or C&D) PAGE 5
FinCEN s Enforcement Authority Independent authority to assess penalties for BSA program violations and SAR reporting violations FinCEN has cited violations of applicable regulations and assessed substantial civil penalties where banks: Engaged in systemic or pervasive BSA reporting or recordkeeping violations Exhibited disregard for BSA compliance coupled with a material failure to file SARs Back-filed a substantial volume of SARs in response to banking agencies criticisms or mandates PAGE 6
US Department of Justice Authority Authority to charge banks for criminal violation of BSA/AML program violations, and seek assessment of criminal penalties and/or forfeiture of funds DOJ has charged banks for criminal violations of BSA/AML statutes and obtained substantial penalties and forfeitures where banks: Engaged in systemic or pervasive BSA reporting or recordkeeping violations Failed to detect and/or report money laundering schemes by bank customers Exhibited disregard for BSA compliance coupled with a material failure to file SARs PAGE 7
Trends in BSA/AML Enforcement and Criminal Cases Number and severity of banking agency enforcement actions are increasing against banks Number and severity of FinCEN civil penalty actions are increasing against banks Number and severity of DOJ cases for criminal sanctions is increasing against banks The banking agencies, FinCEN and DOJ bring actions against banks of all sizes PAGE 8
Recent Federal Reserve Consent Orders Large National Bank #1 (January 2014 CMP) Failure to identify and assess the risks associated with correspondent banking Lack of transaction monitoring systems, due diligence processes, risk management, and quality assurance programs Failure to correct previously identified systemic weaknesses in the customer due diligence process and monitoring of transaction activity $350 million fine and $1.7 billion forfeiture Small Community Bank (September 2013 CMP) Failed to conduct adequate due diligence of foreign correspondent accounts Inadequate BSA/AML expertise, training, and audit Despite small size of bank, executed $1.5 billion worth of transactions on behalf of Mexican and Dominican money exchange houses Concurrent FinCEN and OCC $4.1 million CMP Surrender of charter PAGE 9
Recent DOJ Deferred Prosecution Agreement Ocean Bank (August 2011) Deferred prosecution agreement with DOJ required compliance with consent order and $10.9 million CMP assessed by the FDIC, FinCEN, and the Florida Office of Financial Regulation (OFR) Between 2001 to 2009, Ocean Bank failed to comply with numerous federal and state BSA/AML regulations Violations resulted in numerous citations over this period, including a 2007 joint FDIC and OFR C&D Failed to monitor accounts through which drug proceeds were laundered (including wire transfers from Mexican Casa de Cambios) PAGE 10
Commonly Cited BSA Deficiencies BSA Program and SAR Reporting Violations Lack of monitoring wire transfers Failure to implement an automated system to review wire transfers Granting blanket exceptions to Bank policy to high-risk customers Failure to detect large funds transfers through MSBs Failure to monitor non-resident alien accounts Failure to address adverse internal audit findings Failure to timely file SARs as determined by back-filed SARs in compliance with enforcement action PAGE 11
Lessons Learned from Recent Enforcement and Criminal Actions Federal Agencies and DOJ continue to focus on BSA/ AML compliance relating to wire transfers, particularly whether: manual systems are effective to monitor domestic and international wire transfer activity automated systems are effective and fully operational publicly available information is incorporated into manual or automated monitoring systems PAGE 12
Lessons Learned from Recent Enforcement and Criminal Actions (cont d) Increased regulatory attention also is focused on whether: Enhanced due diligence is performed on high risk accounts, foreign correspondents, private banking accounts and nonresident aliens BSA audit process is performed independent of management BSA deficiencies identified by internal audit are being addressed, with updates regularly provided to the board PAGE 13
Lessons Learned from Recent Enforcement and Criminal Actions (cont d) Regulators increasingly looking to boards of directors to play a significant role in oversight, particularly where enforcement action is issued Enforcement actions often contain so-called lookback provisions, requiring comprehensive review of prior transactions; subjects banks to additional civil or criminal sanctions for late-filed SARs PAGE 14
BSA/AML Compliance Is Part of Robust Enterprise Risk Management (ERM) Program Board and management are required to monitor compliance with BSA/AML laws. Tone at the Top Board should: Promote open communication of risks Promote escalation of problems to higher levels in the bank Discourage excessive risk taking BSA/AML compliance, and ERM generally, should be engrained in the culture of the institution PAGE 15
For additional information, please contact: Michael A. Mancusi Michael.Mancusi@aporter.com 202.942.5302 PAGE 16