Over the past few years regulators and examiners concentrated their efforts on problems stemming from the recent financial crisis. The trend has now turned back to money laundering and the Bank Secrecy Act.
Authorities are now investigating several big banks for failure to monitor cash transactions and thereby allowing drug dealers and terrorists to use financial institutions to assist in furthering their criminal activities.
Banks’ Failure to Take Action
HSBC, Citi, Zions Bank, The Royal Bank of Scotland, Wachovia and Standard Chartered, to name a few, have all fallen under the regulators’ lash for not implementing sufficient BSA/AML/OFAC monitoring programs. Since adequate programs were not in place, it created lapses that allowed criminal activity to flow through their institutions. Millions of dollars in penalties are being assessed.
In many of these cases, deficiencies were previously noted, but the financial institutions failed to take action. This stresses the point of always addressing exam findings before your next exam. In some cases, especially if the violation was found to be egregious, financial institutions are publicly taken to task without any prior violation noted.
Not Just a Big Bank Problem
An important thing to keep in mind is that this is not just a big bank problem; all financial institutions are at risk. I have been to many institutions of various sizes over the past couple of months where examiners have severely criticized and written up institutions for not doing enough to look for and track suspicious activity.
In many of these situations, the organizations were small, low-risk institutions with no evidence of suspicious activity. The examiners’ concerns were that if there had been suspicious activity, it wouldn't have been caught because the credit unions were not looking for it.
What Examiners Want to See
Even if you have the same examiner as previous years, you are not in the clear. I spoke to a few institutions that had the same examiner as their previous exam, and they still had their programs ripped apart, analyzed and criticized.
So, what can you do to put up a strong defense against regulatory scrutiny? Here are a couple of tips:
Evaluate your BSA/AML program.
Examiners are putting emphasis on the last time you evaluated your program to make sure it is still sufficient for "current" risk. Are you validating the data is coming into your AML system accurately?
Conduct an independent evaluation on a regular basis.
Not only is it important, but it is required to get an outside opinion on your institution’s suspicious activity monitoring program.
The FFIEC BSA/AML Manual stresses that your program must be risk-based, periodically reviewed by the BSA Officer and also independently reviewed to ensure that if suspicious activity is or was to occur at your institution it will not go unidentified and unreported.
Periodically has unofficially been accepted as annually, unless there has been an acquisition, merger or other major event at your institution.
Examiners are cracking down, and you need to be prepared. Are you doing enough?