The Examiner's "Top Ten" In Bank Secrecy Act Violations
With the issuance of the new Currency Transaction Form (CTR - Form 4789) it's time to take another look at what we're doing right-and, more importantly, what we're doing wrong in complying with the regulation and law.
The latest report reveals the "Top Ten" violations. We've included some explanations along with them.The four major requirements of the Bank Secrecy Act (BSA) are the appointment of a BSA officer; Training; Effective Internal Control; and an Independent Audit.
The BSA officer should not only be knowledgeable, but should also be effective in implementing the policies and procedures necessary to get into and remain in compliance. Those policies and procedures must be in writing.
The employee training should be appropriate for the duties of the employee. It is important to note that ALL employees of the financial institution should be trained in the Bank Secrecy Act requirements.The effective internal control, or audit, of the BSA should not only be thorough, but also capable of detecting violations. There are several publications, the most important one being the new "Bank Secrecy Act Examination Manual" from the Federal Reserve, ($20.00-Board of Governors of the Federal Reserve System, (202) 452-3244) that can make a major difference in the BSA audit. The internal audit should include a "Know Your Customer" review; check the use of Suspicious Activity Reports; review "payable through" service; test recordkeeping; test BSA compliance in all areas-including loans, trust, operations, etc.; and should review all reporting and exemptions.
The independent audit should, preferably, be done by someone outside the financial institution. If done in-house, it should be someone completely divorced from the security/audit/compliance function who is knowledgeable in Bank Secrecy Act requirements.
The first two major mistakes the financial industry is making concerns two of the above described requirements.
- Inadequate training: it's not enough to buy a tape, or hire a consultant. The examiners are looking for proof of training. An hour, once a year, is not sufficient. And it isn't enough to train just the front line (See the article on page one of this issue.)
- Review is not independent: You may have a review done either by some department or officer in-house, or you may out-source the evaluation. But it must be completely independent of the BSA compliance function.
- Failure to file: In many cases examiners are finding aggregate deposits where the capability to learn of over $10,000 deposits in one day exists, but the reports are not being reviewed, and the CTRs are not being filed. In cases where the failure to file is deliberate, the financial institution can be charged with willful blindness. The regulator now has the ability to close down a financial institution that is convicted of money laundering. This could be a costly violation.
- Inadequate identification: The new CTR is pretty clear in what is required for identification. The instructions have been revised, and read well. The biggest problem with identification will be with joint accounts, where the information must be entered on all parties to the account. But "self-employed", or "known to bank" will not fly.
Mandatory exemptions are not yet in the works, but will be "soon" according to the Department of Treasury's FinCEN. In the meantime, we are still dealing with exemptions that have been applied for after the study of the account. Unfortunately, in many cases, the financial institution assumes that once the exemption exists, their work is finished. Nothing could be further from the truth. Exempt accounts require constant policing.
The next three most common violations have to do with exemptions.
- Ignoring limits: If the limits are incorrect, then a new exemption should be applied for-or the exemption dropped altogether.
- Limits unreasonable: If a review of the account shows that the depositor has never even come close to reaching or going past the limit on the exemption, the limit may be too high. 7. Recordkeeping errors: The study for exemptions and the filing for exceeding them (and all other BSA records) must be kept for five years. 8. No Tax Identification Number (TIN) List: It's one of the first things your examiner will ask for!9. $3,000 recordkeeping: FinCEN dropped the requirement for the $3,000 to $10,000 log, and many financial institutions figured they were now "off the hook" for the information. Not so. You must be able to retrieve all the information formerly needed on the log. Many compliance officers simply left the log requirement in place. The training was done, and the recordkeeping is consistent with the regulation.10. CRF (SAR) submissions to the Board of Directors: If the financial institution files a Criminal Referral Form (CRF-soon to be known as an SAR...Suspicious Activity Report), one of the BSA requirements is that you must make the filing known to the Board of Directors. It is not necessary to go into detail, but the fact of the filing must be reported.
Copyright © 1995 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 6, No. 2, 11/95
First published on 11/01/1995