Money laundering and the steps financial institutions have to take to monitor it and prevent it are back in the news thanks to well-publicized missteps by banking giant HSBC.
Sen. Carl Levin, chairman of the Senate’s permanent subcommittee on investigations, in a statement said about HSBC and its United States affiliate HBUS: “Due to poor AML [anti-money laundering] controls, HBUS exposed the United States to Mexican drug money, suspicious travelers checks, bearer share corporations, and rogue jurisdictions. The bank’s federal bank regulator, the OCC, tolerated HSBC’s weak AML system for years. If an international bank won’t police its own affiliates to stop illicit money, the regulatory agencies should consider whether to revoke the charter of the U.S. bank being used to aid and abet that illicit money.”
What are credit unions doing differently, post HSBC? Are they doing enough?
Kristie Kenney, an auditor with Orth, Chakler, Murnane & Co., a Miami CPA firm that monitors many credit unions for Bank Secrecy Act compliance said, “Over the last three to five years, credit unions are improving. They are taking BSA more seriously. Overall they do a good job.”
The core BSA requirement, and the foundational building block of AML, revolves around reporting cash transactions over $10,000. But the federal act, as amended, has introduced a myriad of ongoing requirements, including verifying new members (are they who they claim to be?) and keeping tabs on wire transfers.
Kenney added that, in her opinion, credit unions do not need to take a different route post HSBC. “If they already had a comprehensive BSA compliance plan in place. NCUA examiners are looking in more detail at this area,” said Kenney, who regularly performs independent audits of credit unions to check how well they are meeting their BSA requirements.
“AML requires a lot of due diligence to stay in compliance,” said Timothy Wheeler, BSA compliance offer with the Municipal Credit Union of New York, a $1.7 billion institution. “I look at 600 member accounts per week,” said Wheeler. With some he will file a currency transaction report that notes transactions involving more than $10,000 in cash. With others he will file a SAR, that is, a suspicious activity report, noting, for instance, a member who has a series of transactions just below the $10,000 reporting limit. “Some people are very wise about the regulations,” said Wheeler.
In many other cases he does nothing beyond noting the account as one to monitor. “I will watch it for 30 days and may or may not file a SAR,” said Wheeler.
An SAR, noted Wheeler, details five W’s: who did the transaction; what was it about; when did it occur; where did it occur; why do you think it is structuring, the last being a term of BSA art that refers to clever gambits designed to sidestep CTRs.
“People think law enforcement don’t review these reports. That’s not true,” said Wheeler.
“With the right processes in place it would be very, very hard to launder money through your institution,” said Wheeler.
At Northwest Federal Credit Union in Herndon, Va., a $2,2 billion institution originally formed to serve the employees of the Central Intelligence Agency, Nancy Huntoon, assistant vice president for security and fraud, said the change that transformed compliance for Northwest was when it installed software that automated the process of monitoring transactions. “Before we had done it manually, and that was very labor intensive.”
About two years ago, Northwest bought software from SAS, a North Carolina software developer, but she noted that there are many suppliers in the field with similar tools.
“This is a huge advantage over the manual process, and it is what the regulators want to see,” said Huntoon.
Automated tools and dedicated staff are indeed what the regulators want to see, but, apparently, not every credit union has the finances needed to perform at this level. One problem, and it is huge for small credit unions, is that “it is challenging just keeping up with BSA requirements because the rules change,” said Doug Orth, a managing partner in a Miami CPA firm.“The expectation of regulators is that small credit unions have the same controls as the larger ones. Keeping up with the compliance is daunting. This is pushing some to contemplate merger,” he added
Either way, said Kenney, “AML compliance has to involve a comprehensive effort. Every employee needs to be trained in what to look for.” said Kenney.