Recently Updated Guidance Is Driving Their Anxiety
What keeps bank executives up at night? The question of how to generate higher loan growth and greater profitability is certainly a prime CEO sleep detractor. In a recent survey conducted by CSI, a significant portion of the 200-plus bank executive respondents from across the country named those goals as both their greatest challenge and their greatest opportunity for 2015.
But beyond and between that lies compliance anxiety that’s keeping them awake. With the implementation of the Final TRID Rule, as well as the final word on proposed changes to Regulation C looming this year, it’s no wonder that CSI’s 2015 Banking Priorities Study revealed that mortgage-related compliance topped the list of anticipated compliance challenges for 2015.
The second-ranked compliance challenge for 2015—Bank Secrecy Act/Anti-Money Laundering (BSA/AML)—may come as a surprise to some, but not to me. That ranking by your peers shows just how attuned they are to the current regulatory atmosphere, which has propelled BSA/AML to the forefront of regulatory attention. Is your institution as keenly aware of the changing stakes?
The Drivers of BSA/AML Compliance Anxiety
Last summer, we began noticing an uptick in regulatory chatter concerning BSA/AML compliance. Since then, even more evidence points to a renewed regulatory focus on this 45-year-old law.
Updated BSA/AML Guidance Hits Just in Time for the New Year
On Dec. 2, 2014, the FFIEC and its member agencies published the first update in almost five years to the Bank Secrecy Act/Anti-Money Laundering Examination Manual. Clarifying changes were made throughout the manual, but the FFIEC noted 14 sections and seven appendices in which the most significant changes were made.
This included sections relating to Suspicious Activity Reporting (SAR); Currency Transaction Reporting (CTR); Foreign Correspondent Account Recordkeeping; Foreign Correspondent Accounts; Automated Clearing House Transactions; Prepaid Access; Third-Party Payment Processors and more.
In reviewing the updated manual, the Association of Certified Financial Crime Specialists noted that, among the changes, “several top issues rise to the fore immediately, areas informed by record anti-money laundering (AML) and sanctions enforcement actions and resulting political pressure since the last iteration of the manual was released in 2010.”[i]
Those issues include AML violations, specifically differentiating between systemic and isolated violations, as well as updated expectations for transaction-monitoring and sanctions-filtering systems. And not surprisingly, the manual readdresses the timeliness and quality of SARs, an issue that comes up in the majority of BSA-related enforcement actions.
2014 Talk from Regulatory Agencies Portends Greater 2015 BSA/AML Focus
Beyond the updated examination manual, throughout 2014, several regulators discussed BSA/AML compliance via various media and venues.
- The FDIC: In August, this agency released a report summarizing an audit it had conducted on itself in terms of BSA/AML examinations at its regulated institutions. While it generally rated its performance as congruent with BSA policy, it did note a few areas for improvement. Specifically, in some cases where institutions’ BSA compliance programs were deemed deficient or the FDIC repeatedly found violations, the audit noted that “stronger or earlier supervisory action in the form of a formal enforcement action may have been warranted.” It went on to state that “promptly issuing formal enforcement actions would have established a supervisory tenor of expectations consistent with interagency policy.”[ii] The recommendations stemming from this report were to be implemented by Dec. 31, 2014, indicating that BSA/AML examinations performed by this agency in 2015 may yield more enforcement actions.
- The OCC: In this agency’s Semiannual Risk Perspective for Fall 2014 , published right before the end of the year, it ranked BSA/AML as one of the top five risk areas for banks in the following statement: “Bank Secrecy Act and Anti-Money Laundering risks remain prevalent as money-laundering methods evolve, and electronic bank fraud grows in sophistication and volume.”[iii] This statement, explicitly warning institutions of the dangers of money laundering, also appears to implicitly warn them of the danger of not adequately identifying and mitigating the threat through an effective BSA compliance program.
- The NCUA: Early in 2014, this agency stated that, “the importance of Bank Secrecy Act compliance cannot be overstated. An insufficient BSA compliance program may expose a credit union to reputation risk, such as manipulation by unscrupulous money launderers, undermine the integrity of the financial system or even threaten national security.”[iv] The NCUA conducted a BSA/AML awareness campaign in 2014 by hosting several webinars that provided credit union managers and compliance staff with best practices regarding BSA/AML compliance. As a result, it’s not a stretch to think that the agency will expect more from institutions this year in terms of their BSA/AML compliance.
FinCEN Imposes $1 Million Civil Money Penalty on a Chief Compliance Officer
Perhaps 2014’s most concerning BSA-related event for bank executives was FinCEN’s $1 million civil money penalty (CMP) levied against a bank’s chief compliance officer in December. While not the first individual fine imposed by a regulatory agency, its size was staggering. In the enforcement action, FinCEN held the chief compliance officer personally accountable, noting that he “1) willfully violated the requirement to implement and maintain an effective anti-money laundering program; and 2) willfully violated the requirement to report suspicious activity.”[v]
In a speech to the Association of Certified Anti-Money Laundering Specialists last spring, Thomas Curry, the Comptroller of the Currency, touched on this idea of individual accountability in asking, “whether it’s time to require large complex banks to establish clear lines of accountability that make it possible to hold senior executives responsible for serious breakdowns that lead to BSA program violations.” He went on to say that, “when we look at issues underlying BSA infractions, they can almost always be traced back to decisions and actions of the institution’s Board and senior management.”[vi]
The Road Map to Alleviating Your Worry and Elevating Your BSA Compliance
In that same speech, Curry also provided the corporate requisites for an effective BSA/AML compliance program. He indicated that the absence, or inadequacy, of any one of the following requisites accounts for the majority of deficiencies identified at BSA/AML exam time.
- Create a Culture of Compliance: In discussing FinCEN’s Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance in our September article, Compliance as Corporate Culture, we highlighted this statement from FinCEN: “regardless of size and business model, a financial institution with a poor culture of compliance is likely to have shortcomings in its BSA/AML program.”[vii] The Comptroller’s speech elaborated on that same message by stating, “without a commitment from the highest levels of bank management to maintain strong programs, ensure a culture of compliance, and support the BSA officers and others diligently working toward compliance, it’s more likely that BSA/AML compliance programs will not be effective and result in enforcement.”vi
- Commit Appropriate Resources to BSA Compliance: In finishing his thought about individual accountability for BSA/AML compliance, Comptroller Curry indicated that for bank executives, “part of ‘walking the talk’ is providing increased resources, increasing the authority and stature of the BSA Officer within the organization and ensuring proper incentives are incorporated throughout the organization, including the business lines.”iv Regulatory agencies have been very clear on this point. BSA compliance officers must be adequately experienced and knowledgeable about BSA/AML, and they must be afforded adequate human and system resources to effectively maintain the program.
- Strengthen Information Technology and BSA Monitoring Processes: The fact that the updated manual differentiates BSA/AML deficiencies between isolated and systemic violations is a clear indication that regulatory agencies expect financial institutions to implement the technological resources that enable them to avert a global failure to identify, monitor and mitigate suspicious activity. This includes advanced automated systems for their Customer Identification Programs (CIPs), Customer Due Diligence programs (CDD), red flag screening and watch list screening.
- Utilize High-Quality Risk Management Techniques: We discussed this requisite just last month in Conquer Your Fear of ERM. As we stated then, integrating an enterprise risk management (ERM) approach throughout your institution is the only way to ensure that all risks are identified and mitigated, including those related to BSA/AML. The OCC’s Semiannual Risk Perspective Fall 2014 specifically states that “banks are expected to incorporate appropriate controls to oversee new products and services, and higher-risk customers.”iii The only way to successfully meet that expectation is to have a mechanism in place that fosters ERM at every decision point, in every business line, in all support areas and all the way to the top of the institution.
Don't Let BSA/AML Compliance Trip Up Your Institution This Year
Ignore the warning signs at your institution’s own peril, because regulatory agencies have formally (via the updated examination manual) and more informally (through various speeches, reports, etc.) made it clear that curbing money laundering through the U.S. financial system is a major priority. And with all of this information in plain sight of institutions, claiming ignorance is simply not an option. The good news, however, as discovered through CSI’s 2015 Banking Priorities Study, is that most bank executives are very much aware of the need for increased vigilance in BSA/AML compliance, which hopefully will yield increased resources for their compliance programs. That should help both CEOs and BSA compliance officers everywhere sleep just a little better at night.