Technology has revolutionized compliance reporting processes by eliminating paper, saving time and expense, and facilitating quick action when issues related to non-compliant activity are identified. However, these automated processes are only as effective as the professionals who monitor them – when trained staff isn’t in place, even the best systems may not ensure your institution remains compliant.
In March 2022, a major national federal savings bank was fined $200 million in civil money penalties by the Office of the Comptroller of the Currency (OCC) and FinCEN, a bureau of the U.S. Department of the Treasury, for willfully failing to meet minimum Bank Secrecy Act/anti-money laundering law (BSA/AML) compliance requirements coupled with inadequate suspicious account activity monitoring and reporting. The bank was repeatedly alerted about the ongoing violations yet took no action to evaluate and strengthen internal controls to correct identified deficiencies.
The consent orders specifically noted the bank’s inadequate compliance staffing and training, poor third-party risk management, and its failure to detect and monitor personal accounts being used for business purposes, despite alerts sent to the bank’s board of directors. That lapse in oversight resulted in the late filing of 3,873 suspicious activity reports (SARs) at an average of 226 days after the suspicious activity ended, a clear violation of the filing requirements under the BSA. As a result, millions of dollars in suspicious funds flowed through those customer accounts, putting not only this bank but the overall banking system at risk.
In this case, an extreme focus on pursuing aggressive growth may have contributed to the bank’s failure to comply with BSA/AML laws. In fact, the bank CEO acknowledged it didn’t “sufficiently strengthen the capabilities and expertise necessary to meet regulatory requirements and evolving business needs.”
Technological solutions coupled with management oversight can work together to strengthen compliance, mitigate risk, and help avoid such stiff sanctions. As mandated by the USA PATRIOT Act in 2002, the BSA E-Filing System provides for secure electronic transmission of BSA data to FinCEN and allows FinCEN to send alerts and other information to filers to notify them about issues that require immediate attention and enhanced scrutiny. Benefits of using BSA E-Filing include more secure filings compared to manual processing and mailed paper reports or diskettes, faster submissions, real-time tracking, and more accurate recordkeeping. For even more accountability, all BSA E-Filers must identify a single person (and a back-up) to serve as the organization’s primary BSA E-Filing administrator.
The lesson to be learned: unmonitored reliance on BSA E-Filing and other automated systems isn’t enough. Compliance departments must expand and evolve to accommodate business growth, including proper staffing levels to investigate and report suspicious activity within the timeframes the law requires.