The FDIC and FinCEN recently assessed a $15 million civil money penalty against an insured state chartered nonmember bank for alleged violations of the Bank Secrecy Act and its implementing regulations. Specifically, the FDIC and FinCEN found that the bank failed to establish and implement an anti-money laundering program that complied with the FDIC’s requirements. At a minimum, an AML program must: (1) provide a system of internal controls to assure ongoing compliance, (2) provide for independent testing for compliance conducted by bank personnel or by an outside party, (3) designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance, and (4) provide training for appropriate personnel. The FDIC and FinCEN further found that the bank failed to timely report suspicious activity, having filed 46 late suspicious activity reports, often a year or longer after the underlying activity occurred, covering $1.6 billion in suspicious activity.
The FDIC and FinCEN determined that the bank’s AML program was inadequate for its high risk customers, including third-party payment processors and money services businesses. The agencies found that the bank failed to adequately assess many of the AML risks outlined in FinCEN’s recent advisory, “Risk Associated with Third Party Payment Processors," (see November 13, 2012 Alert). For example, with respect to third-party payment processors, the bank ignored "red flags" such as high unauthorized return rates, and with respect to money services business customers, failed to undertake a risk review of its check cashing customers, despite rapid growth of the business line.
Martin Gruenberg, Acting Chairman of the FDIC, noted the civil money penalty “emphasizes the importance of having strong internal controls to assure compliance with anti-money laundering regulations and to detect and report potential money laundering or other illicit financial activities."