Abrigo Compliance & Engagement Director Terri Luttrell, CAMS-Audit, says that fines against individual BSA professionals are rare.
“It’s everybody’s worst nightmare, and the personal liability is one of the reasons it’s hard to find strong BSA professionals,” she notes. The U.S. Bank case illustrates several important ways to minimize personal liability within a BSA program.
Get adequate resources. “The regulators don’t care what your budget is,” Luttrell says. “You must find a way to get the resources, and I think that message is coming around loud and clear these days.”
Certainly meeting the staffing requirements of a strong BSA program can be costly. But inadequate staffing appears in regulatory consent orders more often than many people would expect, and regulators are not sympathetic when it comes to violations as a result of underemployment in compliance. Consider outsourcing AML/CFT work as one option in order to remain compliant and meet short-term needs for alert or case-monitoring to address seasonal issues, such as tax season, or employee issues, such as a leave of absence. Or, if the financial institution is facing extended challenges with BSA/AML staffing, consider outsourcing basic AML/CFT tasks of SARs filings and managing alerts so that staff can focus on case escalation and implementing AML policies and procedures.
Focus BSA/AML resources on risk. Especially considering the limited resources that all banks and credit unions have, another way to ensure personal liability is minimized is to focus resources on the financial institution’s risks, especially when using BSA/AML software, Luttrell says. “That means that if the financial institution uses an automated transaction monitoring system, staff should regularly ensure it is ‘tuned’ correctly --- not to limit your alerts, but to make sure the parameters are set right for the risk for your institution,” says Luttrell. If staff don’t know how to adjust the parameters themselves, take advantage of suspicious activity system optimization offered by the solutions provider, she adds.
“FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly,” the regulator said in a news release announcing the fine against LaFontaine.
Ensure good documentation. Make sure that the financial institution’s BSA/AML software documents every step of the SAR process so that a strong trail of documentation exists – not only for regulators but also to minimize the personal liability of staff. A good SAR tracking system will also monitor how long a SAR has been in the system and will generate reminders to keep BSA staff from filing untimely SARs.
Documentation is always an important part of the job for BSA staff, and most personnel minimize personal liability simply by doing their job. In the U.S. Bank case, lower-level employees documented their concerns with the bank’s policies and procedures, and Luttrell says that was an especially smart move from a liability protection standpoint. “If you don’t have compliance from the top down, document it, and look for another job,” she says.
FinCEN in coordination with the Office of the Comptroller of the Currency (OCC) in February 2018 issued a $185 million civil penalty against U.S. Bank for, among other things, willfully violating the BSA’s requirements to implement and maintain an effective AML program and to file SARs in a timely manner. U.S. Bank’s parent, U.S. Bancorp, agreed to forfeit $528 million as part of a deferred prosecution agreement with the U.S. Attorney’s Office for the Southern District of New York.
When the OCC terminated a consent order related to the AML program in December 2018, U.S. Bancorp said it had made “significant investments since 2014 to improve and strengthen its AML and BSA controls, including a new AML and BSA leadership team as well as improved and enhanced processes and systems.”