Following a recent string of civil and criminal enforcement actions on the shortcomings of organizations’ Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has released an advisory promoting a culture of compliance from the top down. The advisory, released on Monday, focuses on ways that a financial institution can strengthen its BSA/AML compliance culture, with a special emphasis on institutions’ leaders’ involvement in the process.
“A financial institution’s leadership is responsible for performance in all areas of the institution, including compliance with the BSA,” according to the advisory. These leaders may include its board of directors, senior and executive management, owners, and operators, and they are responsible for understanding the institution’s responsibilities for complying with the BSA and creating a culture of compliance. “The commitment of an organization’s leaders should be visible within the organization, as such commitment influences the attitudes of others within the organization.”
For a BSL/AML compliance program to be effective, it should have the support of the institution’s leadership, and leaders should receive periodic training tailored to their roles. Leaders should also have an “appropriate understanding” of BSA/AML obligations and compliance to allow them to make informed decisions about allocating resources towards the BSA/AML program.
The advisory also stressed that compliance should not be compromised by the institution’s revenue interests. Instead, an “effective governance structure should allow for the BSA/AML compliance function to work independently” and allow it to take actions to address and mitigate risks that may arise from the institution’s business line.
As an example, FinCEN highlighted Money Services Businesses (MSBs), which get a “significant percentage” of their revenue from the activities of their agents. However, FinCEN cautioned that when a principal MSB learns of possible inappropriate activity by an agent, it should be investigated and action should be taken “regardless of the impact on revenue.” Once the investigation has been completed, the findings should be considered to determine if the agent ought to be fired and if the sales unit should have the ability to veto the decision.
FinCEN also expressed that leaders need to ensure that information is being shared throughout their organization about BSA/AML compliance and enforcement actions. For instance, information obtained by the organization on combating and preventing fraud could also help the institution comply with its BSA/AML obligations.
“Similarly, legal departments should alert compliance departments to subpoenas received issued by government agencies to trigger reviews of related customers’ risk ratings and account activity for suspicious transactions,” the advisory recommended.
Additionally, leaders should work to provide adequate human and technological resources to create a culture of compliance. One required element for any BSA/AML compliance program is the designation of an individual who is responsible for coordinating and monitoring day-to-day compliance. This individual “should be knowledgeable of the BSA and have sufficient authority to administer the program,” the advisory explained.
To help support this individual, institutions need to supply support staff to their BSA/AML compliance programs based on their risk profiles. FinCEN cautioned that failing to do this can harm the institution in other ways as well, such as failing to review alerts generated by transaction monitoring systems that could alert the institution to suspicious activity.
If an institution can’t devote the manpower, FinCEN recommends that it use technological resources to help with compliance efforts. “Institutions with higher risk profiles, including those with substantially higher volumes of activity, may need to utilize automated systems for identifying and monitoring suspicious activity,” according to the advisory
However, for compliance programs to be effective, leadership and staff at all levels in the institution should understand that “they are not simply generating reports for the sake of compliance,” the advisory said. Instead, they should understand that the BSA reports serve a purpose based on how the information they provide is used.
“The reporting and the transparency that financial institutions provide under FinCEN’s regulations result in some of the most important information available to law enforcement and others safeguarding the nation,” the advisory explained. This information is used to confront serious threats, including terrorist organizations, rogue nations, weapons of mass destruction, and foreign corruption.
Reports generated by financial institutions also assist law enforcement in fighting transnational criminal organizations, such as those involved in drug trafficking and fraud schemes that target the United States.
That same information can also help an institution protect itself from insider threats, frauds, and cyber-related threats, when reports are filed and understood by leadership and staff. “The very existence of BSA regulations has a deterrent effect on those who would abuse the financial system,” the advisory said, explaining that in some cases even the mere possibility of a report filing could force “illicit actors” to expose themselves to scrutiny and possibly capture.
For more information on FinCEN and the value of FinCEN data, visit its Web site.