Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AML/CFT Advisory Services AML Training BSA Rules and Regulation Customer Due Diligence SAR

FinCEN announces $8 million BSA enforcement action: The resurrection of AML penalties

Terri Luttrell, CAMS-Audit, CFCS
December 20, 2021
Read Time: 0 min

AML penalties are back and stronger than ever 

FinCEN is enforcing actions for BSA violations and failure to maintain effective AML programs.

Would you like other articles like this in your inbox?

Takeaway 1

Reprieve is over, FinCEN is announcing penalties and enforcing action for BSA violations. 

Takeaway 2

A strong AML program is critical in guarding against money laundering and terrorist financing risks.

Takeaway 3

There is not a statute of limitations on BSA violations, AML deficiencies are never behind us.

The financial services industry has been contemplating the lack of recent enforcement actions from regulatory agencies, many wondering if the inactivity was due to the pandemic and lack of on-site examinations. Whether that is the case or not, the reprieve is now over.  

On December 16, 2021, FinCEN announced an $8 million civil money penalty against CommunityBank of Texas (CBOT) for willful Bank Secrecy Act (BSA) violations and failing to maintain an effective anti-money laundering (AML) program. FinCEN assessed a $7 million penalty along with a $1 million assessment from the Office of the Comptroller of the Currency (OCC) after the office conducted an independent investigation. As of June 2020, CBOT's asset size was approximately $4 billion with 35 branches. Now is the time for community financial institutions to pay attention. We know from experience how consent order findings are used in future examinations. 

The CBOT enforcement action states that the bank failed to report hundreds of suspicious transactions to FinCEN even after the bank became aware that specific customers were involved in criminal investigations. Millions of dollars in suspicious activity were not reported to FinCEN in a timely or accurate manner, including those connected to tax evasion, illegal gambling, money laundering, and other financial crimes, according to the consent order. 

Fundamentals of BSA

CommunityBank of Texas' citations

The CBOT penalty is a solid reminder to all community financial institutions that a robust AML program is critical in guarding against money laundering and terrorist financing risks regardless of size and risk. The order uncovers nothing new to the industry. In fact, the bank was cited for many of the fundamentals of BSA, including: 

  • Lack of a sound AML program: CBOT had an AML program, including AML monitoring software. However, program procedures were not adhered to in practice, and the AML program was deemed ineffective. 
  • Inadequate staffing: The lack of technological and human resources will result in deficiencies in an AML program. The importance of adequate staffing has been drilled into BSA Officers for some time, and according to the consent order, CBOT's AML team was understaffed. Including the BSA Officer, there were 6-8 staff members, three of which were assigned to working AML alerts. The CBOT investigation determined that this was not an adequate number of analysts and that they were not thoroughly reviewing the documentation of each unusual activity alert. Each had a certain number of alerts to work per day, which was not possible without cutting corners. 
  • Deficient customer due diligence (CDD): CDD is another "oldie but goodie" and possibly the most reported BSA violation. Although CBOT had a CDD program that included risk rating through their AML monitoring system and customer questionnaires by front-line staff, CDD procedures and processes were not followed. In addition, the CDD procedures were deemed deficient until revised in 2019, and CBOT did not conduct a lookback for possible higher-risk customers that may have been missed. 
  • Ineffective ongoing monitoring: CBOT relied solely on its automated AML system for ongoing monitoring of accounts, including higher risk accounts.  The system would not trigger alerts if unusual activity was consistent with historical customer activity, allowing suspicious activity to remain undetected. CBOT failed to use other reporting capabilities for higher risk account monitoring which would have enhanced their ability to provide important information.  
  • Insufficient automated alert monitoring: As stated, CBOT was considered understaffed on their AML team and could not keep up with the number of alerts generated by the AML monitoring system. The BSA Officer purposely reduced the number of cases by exempting customers from monitoring whose activity was "well-known," some of whom were later arrested or convicted of financial crimes. CBOT had no analysis, documentation, or justification for exempting these customers.  
  • Automated templates for case closures: A preset list of reasons for closure was used by CBOT with no analysis or documentation as to why the reason for closing the case was used. An example cited in the consent order found that a customer with a previous SAR alerted on new activity. The preset reason of "A Suspicious Activity Report (SAR) was previously filed and is not due for review at this time" was used. While templates are not inappropriate and can improve efficiencies, they should not be used without verification and supporting documentation. 
  • Unfiled SARs: Due to CBOT's poor implementation of their AML program, the BSA analysts neglected to investigate unusual activity alerts thoroughly. With the BSA Officer reducing the number of alerts by using exemptions, at least 17 SARs failed to be filed by CBOT. Emphasis on "at least" based on the deficiencies cited. 

Does your BSA department need staffing relief?

Take the assessment

Learn more

Takeaways for financial institutions 

FinCEN's Acting Director Himamauli Das clearly stated that "Today's action should serve as a reminder to banks of all sizes that FinCEN and our regulatory partners will work closely together to ensure that banks comply with the Bank Secrecy Act and its implementing regulations to combat money laundering and promote national security."  

  • Note the Acting Director's comment "of all sizes." Community financial institutions must take note and evaluate their AML program and correct any deficiencies.    
  • A strong AML program does not mean it looks good on paper. You must follow a reasonable risk-based AML program in practice with established policies and procedures which are followed and tested.  
  • Inadequate staffing will not be tolerated, and regulators will not care about your budgetary constraints. You must have adequate human and technical resources to implement a sound AML program properly. 
  • CDD is widely considered the fifth pillar of BSA. The AML Act of 2020 will more than likely overhaul the 2018 CDD rule with stricter beneficial ownership requirements. If your CDD program is not intact, now is the time to tighten things up and watch for new regulations. The world is watching the U.S., and CDD will be top of regulators' minds for some time. 
  • Ongoing monitoring for higher-risk customers means EDD. This is not a new requirement, and all institutions should be doing extra reviews of some kind, on a risk-focused basis, on all higher-risk customers. Your EDD process should be in your BSA policy and procedures and should be meticulously followed in practice. If your institution doesn't believe they have higher-risk customers, look at the CBOT examples of missed suspicious activity. Customers include a used car dealership, a finance company, and a Certified Public Accountant (CPA). Even if customers in higher-risk categories are well known to the institution, enhanced scrutiny and documentation should be performed.  
  • Your AML monitoring software should be optimized to produce a reasonable number of alerts based on your institution's risk profile. All triggering alerts should be thoroughly investigated and documented, period. 
  • Conduct a staffing assessment to ensure you have appropriate resources, both in number and expertise, to work all alerts and other BSA duties in a timely manner.  Use the assessment (and the CBOT monetary penalty) to build a use case to request additional staff if needed. Solving for insufficient resources by manipulating your monitoring system will result in a consent order every time.  
  • Using templates for case dispositioning is acceptable, but not without complete analysis and documentation of why you're using a specific reason for closing a case. Templates will create efficiencies and consistencies, but never at the cost of professional investigation. 
  • It is embarrassing to state the obvious, but SARs must be filed on suspicious activity thoroughly, timely, and accurately. If you know you have questionable activity in your transaction monitoring, slow down and report. Remember the purpose of BSA, to assist law enforcement in stopping money laundering, terrorist financing, fraud, and other illicit activity. 

Be prepared

Take look at your AML program

Another noteworthy fact about this content order is the time-period of the violations. The dates cited are between 2015 and 2019. AML deficiencies are never behind us as there is no statute of limitations on willful violations of BSA. Now is the time for all BSA Officers to take a hard look at their AML programs, and if you find any gaps, particularly those mentioned in the CBOT order, correct them now. If necessary, do a lookback and shore up all documentation on why alerts were cleared. Ensure that processes and procedures are followed and make those not complying accountable, including front-line staff. A strong culture of compliance was clearly lacking at CBOT, as evidenced by this consent order. It is obvious that FinCEN is sending a message with this consent order.  You should take note. 

Building or re-building a robust AML program can seem daunting, but it doesn't have to be. If your institution needs assistance in enhancing its program, remediation assistance is available by contacting the Abrigo Advisory Services team. 

In addition, several resources can be downloaded, including:

Don’t be remiss in addressing areas you feel need support. As you may have noticed, inaction can be costly. 

Blog

Suspicious activity monitoring: Keys to strengthening your AML/CFT program

Read More
Blog

AML program productivity: Boost the impact of AML investigations

Read More
Blog

Mitigating AI-enhanced cybersecurity risks for financial institutions

Read More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.