Wednesday, June 19, 2019

Are You Gambling with Your BSA Program?

Posted by OnCourse Staff June 27, 2017 12:16pm

Photo Credit: Vitaliy Kytayko

By: Akash Govil, Senior Auditor, BSA

It’s that time of the year again for your BSA/AML compliance audit.  We know how much you enjoy it when your BSA internal auditors show up with smiles as big and long as their request memos and sample sizes – from policies to procedures, risk assessments to training logs, CTRs to SARs, CIPs to EDDs, and “SMHs” to “OMGs”…  Alright, let’s face it, compliance doesn’t exactly scream excitement.  There’s a ton of activity to stay on top of and many mundane compliance tasks which all financial institutions dedicate their blood, sweat, and tears to (okay, maybe not blood).  Nevertheless, it makes sense for institutions to have a level of pride and satisfaction in their BSA process, especially if they spend solid time executing it daily. So, when the auditors show up commenting on your process, it is understandable if it is taken personally. Every financial institution files Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”).  In addition, all have compliance policies and procedures in place.  However, are they up-to-date in our ever-changing world?  Are they still effective?

Financial threats in today’s modern world is what makes the Bank Secrecy Act (“BSA”) essential for detecting and preventing money laundering threats hence, why the BSA came into effect in 1970 with hopes to provide insight and guidance for financial institutions operating within the United States. The BSA has set the bar or standard for financial institutions, both foreign and domestic, to aid the government and our country in policing the flow of finances by requiring adequate transaction monitoring programs and internal controls, regulatory compliance reporting, and record retention policies.  So, what exactly is a financial institution?  The term “financial institution” is an umbrella category which encompasses banks, credit unions, money service businesses, currency exchange institutions, and even casinos, like the Trump Taj Mahal, which closed in 2016.  All are subjected to the requirements of the BSA with absolutely zero exceptions.  Non-compliance with the Act is answered with regulatory consent orders, which may result in civil penalties and/or some hefty fines. 

From 2010 to 2012, the Taj Mahal admitted to violations cited by the Internal Revenue Service (“IRS”) and the Small Business/Self-Employed Division (“SB/SE”) with respect to its BSA program, compliance reporting, and recordkeeping requirements. “The Trump Taj Mahal failed to implement and maintain an effective anti-money laundering program; failed to report suspicious activity related to several financial transactions at the casino; failed to properly file CTRs; and failed to keep appropriate records as required by the BSA and its implementing regulations,” as stated in FinCEN’s Assessment of Civil Money Penalty against the casino in 2015.

These violations breach the foundations and essence of an effective monitoring process formulated to identify and avert the most basic forms of money laundering.  Surprisingly, most of these violations had been previously cited by the IRS SB/SE since 2003 I guess we can say they were warned. That being said, I think we all know what happened next.  The Taj Mahal was hit with a $10 million civil penalty for non-compliance with the BSA.  It seems that even regulatory agencies can cash out and win big in casinos.

So why did Trump Taj Mahal get hit with a whopping $10 million penalty? The casino did not designate individuals responsible for routine compliance monitoring, a Customer Identification Program (“CIP”) for identifying and verifying a customer’s true identity, procedures for determining suspicious activity or occurrences, procedures for effectively operating an automated data-processing system, policies and internal controls to comply with recordkeeping requirements, etc. Well, on the bright side, something had to be right, considering that they managed to identify some instances of suspicious activity and file some SARs along the way.  Great! However, it was reported that the casino actually failed to file about 50% of SARs in 2010 and 2012 due to its weak internal controls and programs which they considered to be on par.  Side note the BSA requires casinos to report ALL suspicious transactions over $5,000. One does have to wonder who was monitoring Taj Mahal’s risks and who was conducting its internal audits?

As we can all imagine, the more cash-intensive an institution is, and the more moving funds it has, the more prone or susceptible it is to potential money laundering schemes. These findings are major systematic weaknesses for a casino (a super “cash-intensive” institution) that had 2,600 slot machines, 204 table and poker tables, 18 restaurants, multiple bars and lounges, and 2,248 hotel rooms. Therefore, in 2015, FinCEN’s Director, Jennifer Shasky Calvery, stated, "Trump Taj Mahal received many warnings about its deficiencies… poor compliance practices, over many years, left the casino and our financial system unacceptably exposed."  

That being said, it could be argued that if the casino had taken the initial warnings from regulators seriously and strengthened its AML program with more effective internal controls, then maybe it would have passed its regulatory examinations and all of this could have been avoided. This would have, perhaps, given the government a little more confidence with the casino. Therefore, once again, the question is: Who was monitoring the casino’s BSA/AML risks and where was the third line of defense, internal audit? And why did they fail to detect these weaknesses? Perhaps they were aware of these deficiencies and decided not to do anything about them.  If so, was management made aware of them, and did nothing to rectify this? Who knows. 

It cannot be stressed enough how important it is for financial institutions of all types to ensure their AML programs are up-to-date and sound.  This is why the risk management function and audit exist.  It does not matter how big or small an institution is or who it’s affiliated with.  At the end of the day, all are subjected to the same requirements of the BSA and all stones will eventually be unturned by the government. So, the next time your internal auditors show up, welcome us with open arms, give us a high-five, and show us that big smile of yours, even if we show up with warming recommendations. We are all in this together.

 

 

Comments

Jon McIsaac
Good Read Reply #1 on : Tue July 25, 2017, 10:05:35
Thanks Akash.
Reply to this comment Quote this comment

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
The Credit -- Er, IT Crisis?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
Wag the Dog
Consumerization of Technology and its influence on Information Security
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
Allowance for Loan Loss Tips and Tricks
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why P&G Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA