As Regulators Turn Focus to BSA Compliance, CUs Better Brush Up

WASHINGTON-The intensity of Bank Secrecy Act regulatory oversight has increased tremendously of late and, if credit unions are not careful, one could be the next financial institution hit with major repercussions, according to one Washington, D.C.-area law firm. Top lawyers with Venable, LLP said that if credit unions do not keep their BSA programs up to snuff, they could be subject to a significant civil monetary penalty or cease and desist order. Credit unions have done well to stay out of trouble thus far with just one Letter of Understanding and Agreement issued (to Suffolk Federal Credit Union in November 2004) for a BSA violation. However, a good rating at one examination may not necessarily hold in following examinations, Venable’s Ralph Sharpe, head of the Financial Services Group Risk Management and Compliance Team, warned. Maintaining an up-to-date BSA program is crucial. “The environment is more complicated every cycle.It’s hard for anyone to keep up,” he said. Credit unions, no matter their size should review their programs annually. Venable Partner Bill Donovan, former NAFCU general counsel, explained, “What we typically find in credit unions is not a willingness or lack of desire for compliance.” “We’ve seen significant gaps in policies primarily because they haven’t updated them,” Sharpe added. This situation will become more of a problem as NCUA and the other regulators continue to crack down on violations. Venable attorney Gwen Baker, another former NAFCU staffer, said that NCUA examiners have been talking about BSA compliance as a priority for the agency in 2005. One of the issues credit unions may face in compliance is lack of resources, particularly the smaller ones. “The same shoe has to fit everybody,” Venable Partner Bruce Jolly said. He also pointed out that there are some small credit unions at greater risk for compliance violations than their larger counterparts because of the complexity of their operations. The positive news is that NCUA and the other Federal Financial Institutions Examination Council regulators have been very public about what they are looking for from the institutions under their jurisdictions. Jolly said NCUA has “done a good job” of getting the word out through their examiners in particular. NCUA just last month issued a Letter to Credit Unions (05-CU-16) alerting credit unions to the FFIEC’s Bank Secrecy Act/Anti-Money Laundering Examination Manual the agencies issued this summer. The letter also includes the Automated Integrated Regulatory Examination System’s (AIRES) BSA questionnaire that examiners began using when reviewing a credit union’s program as of Sept. 30. The three key points of advice in the letter point to: *Risk Assessment *Independent Testing *Monitoring Suspicious Activity The agency encouraged credit unions with questions to contact their appropriate regional office or state supervisory authority. “One of the benefits of the examination manual now is to have one place where credit unions and other financial institutions can go to,” Sharpe said. And, Jolly added, “The new AIRES guidelines that came out at the end of October that NCUA published are very helpful.” He also commended the agencies for not taking a `gotcha’ type approach to these requirements. “The goal is real simple: keep the drug money out and keep the terrorist money out,” Jolly explained. The agencies are really pulling together on this issue. Jolly said that all the banking regulators signed an order of agreement about a year ago to tighten their BSA oversight. If there was a “significant violation”- which was not defined – then the agencies would share their findings with each other. The Financial Crimes Enforcement Network is the center of the enforcement activity. While credit unions would not likely be hit with a Riggs Bank-type penalty, which was around $40 million, it would be commensurate with the size of the institution and the significance of the violation. Of course, beyond the financial damage is the reputational damage, Sharpe said. Riggs Bank no longer exists because of the damage done. The NCUA is wise to come down hard before any egregious violations occur, Jolly noted. If the FBI uncovers terrorist financing laundered through a military or government-related credit union, the industry “can’t afford it.” “Even though 9/11 was four years ago, there is no let up in law enforcement and congressional interest in this area,” Sharpe said. A firm like Venable can help credit unions in comprehending the maze of requirements. “We can do a lot of things. It depends on when we’re called,” he said, chuckling. Some credit unions are getting wise and contact them before the examiner comes knocking at their door, Sharpe pointed out. The important thing is to get someone who is knowledgeable of the issues. One of the most important things a credit union can do is to make sure the board is involved. Board comprehension of this issue is sometimes better than others, Jolly said, because they “get” the seriousness of it. The “basic building blocks” of a BSA program include: *Having a compliance officer; * Undergoing an audit; * Keeping up on internal controls and training; * Establishing a Customer Identification Program; * Identifying targets of Treasury’s Office of Foreign Asset Control; * Complying with law enforcement requests; and * Putting policies in place to support these things. Though not necessary, Sharpe said, it is helpful to have automated systems in place, like aggregation software to track multiple transactions by the same member. It is also important to scrutinize transactions and do basic member due diligence. Specifics of what is needed will depend upon the credit union’s risk assessment, including factors such as geographical area and activities, according to Sharpe. Jolly cautioned, “The area where credit unions are most vulnerable is in the wire transfer area.” [email protected]