Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention
   
    Tell us
    what you think

    Our Sponsors
Our Sponsors


























































 
Print Friendly! Email This Article! Discuss NOW!

BSA Enforcement: Expensive!

In 2002, FinCEN imposed a $700,000 fine on Sovereign Bank of Wyomissing, PA, for failure to file timely approximately 2000 Currency Transaction Reports over a period of several years. The order and fine are based on what FinCEN found to be a failure of the bank's BSA compliance program and the bank's failure to identify and correct weaknesses in that program. What happened? What can we learn from this -- and what can be done?

FinCEN found that for a three-year period, from June 1998 through May 2001, Sovereign's lack of effective compliance program resulted in the non-filing of CTRs. The failure was sufficiently significant to be labeled "willful."

During this time period, Sovereign underwent several mergers and acquisitions, including one of the entities that failed to report CTRs. During this time, Sovereign also underwent systems conversions. While the government recognizes that these events can - and usually do - strain a compliance system, Sovereign's telling failure was to not recognize the problem and to not take adequate measures to identify the inevitable problems that occur in mergers and conversions. In short, this failure was a failure to manage. Eventually, Sovereign's audit and compliance personnel did identify the problems, but only after a great deal of water had poured over the dam. FinCEN found that the recurring nature of the problems should have alerted the bank to the problems and the need for better compliance management systems. In FinCEN's view, the bank did not react in time.

Most of the violations occurred in the bank's cash management group. That group relied on outside vendors (several armored car services) to prepare and file CTRs. Sovereign did not have a system for verifying whether the vendors were in fact preparing and filing CTRs. There was apparently no safety system to check and validate the vendor's work. Moreover, the bank did not monitor or test the vendors' performance.

Once Sovereign discovered that the CTR's had not been filed, responsibility for filing CTRs was placed on the cash management group where the violations had occurred. The group again relied on the vendors for information that the group would use to prepare and file the CTRs. The bank failed to take steps to evaluate the accuracy or completeness of the information provided to the bank by the vendors. FinCEN discovered that during a five-month period using this "compliance" system, the bank failed to file 241 CTRs. The bank failed to file an additional 578 CTRs because a procedure that it used relied on inaccurate information. The bank relied on a third party currency handling service to prepare reports of the currency orders that were collected or delivered through the armored car vendors. The bank prepared CTRs based on the reports from the vendors. The BSA compliance staff used the same source material - reports prepared by vendors - to verify the CTRs. Because the reports the bank relied upon contained errors - and those errors were not identified or investigated using an independent system - the verification process simply confirmed the original errors.

FinCEN found that the bank failed to implement adequate internal controls. In addition, the bank failed to test its systems to determine whether its CTR filings were complete and accurate.

The case comes down to a failure to manage the BSA compliance process. Essential components of a compliance program were missing. Clearly training was inadequate. The message of compliance was not delivered and training is an important way to deliver the message.

There was also a conflict in priorities, resulting in attention to compliance taking a back seat to concerns related to mergers, acquisitions, and growth. Even though the bank had good reason to know that there were weaknesses in its compliance system, the bank did not address these weaknesses. That choice cost the bank $700,000 - plus legal fees.

Finally, there was no quality control. BSA compliance must be checked and cross-checked. There is a reason why the regulations require an independent audit. The independence of the audit must be based on evaluating not only the compliance with preparing CTRs, but the accuracy and effectiveness of the information used to prepare the CTRs. To do this, the auditor must use different paths and different sources than the preparers used. It's also called cross-checking.

The bottom line? BSA compliance should be a priority for every financial institution - now. Take a hard look at your compliance programs, find any weaknesses, and fix them!

ACTION STEPS
  • Review your BSA compliance program and make sure it measures up to FinCEN expectations.
  • Study your systems for identifying, tracking, and reporting large cash transactions and consider whether they are adequate to identify everything.
  • Look at what changes you should implement following 9-11 and the provisions in the USA PATRIOT Act.
  • Advise management about the importance that is now placed on BSA compliance and what the BSA compliance program means to the institution's future ability to grow.
  • Review your independent testing of BSA compliance and consider whether it identifies and tests areas that could fall between the cracks.
  • If you have a trust department, cash management service, or private banking, schedule an intense independent audit of those areas as soon as possible.
Copyright © 2002 Compliance Action. Originally appeared in Compliance Action, Vol. 7, No. 6, 5/02



Print Friendly! Email This Article! Discuss NOW!