FINCEN HITS CREDIT UNION WITH THIRD-EVER AML PENALTY IN REMINDER OF REQUIREMENTS

The U.S. Treasury Thursday penalized a now-defunct Bronx credit union $500,000 for extensive and longstanding financial crime compliance failures, including failing to monitor or report on higher-risk entities over a four-year period, a rare move against the sector.

The Financial Crimes Enforcement Network (FinCEN) stated that the penalty against Bethex Federal Credit Union, formerly a federally-chartered, low-income designated, community development credit union, was a claim against any assets that remain after the institution’s liquidation. It’s possible the action is more symbolic and done to remind other operations of their anti-money laundering (AML) duties.

Since 2000, the first time FinCEN levied a penalty against a credit union – that one was for a similarly smaller sum of $300,000, a pittance compared to AML and sanctions penalties against larger banks – the bureau has had a relatively light touch when dealing with such institutions.

FinCEN has only issued one other penalty against a credit union in 2014 for $185,000.

But the bureau clearly must have felt it should still go forward in the case of Bethex, even though in December 2015, the National Credit Union Administration liquidated Bethex, determining the credit union was insolvent with no prospects of returning to viable operations on its own, according to the penalty order.

Since 2002, Bethex’s AML program maintained internal controls specific for low to moderate-income clientele within its designated field of membership in New York City. But problems began when, in 2011, the institution jumped outside its comfort zone and “began providing banking services to many wholesale, commercial money services businesses (MSBs).”

At issue was that many of these MSBs were “located in high-risk jurisdictions outside New York and engaged in high-risk activity, including wiring millions of dollars per month to countries at risk for money laundering,” a move that was a red flag but also a business area too complex for the operation to mitigate with scant program controls, resources or AML expertise.

Some of the more egregious violations include:

  • From 2011 through 2012, Bethex failed to conduct a risk assessment that incorporated all of its products and services including wire transfers processed for its domestic and international MSB accounts.
  • Bethex processed transactions for MSB customers in over 30 countries, including jurisdictions with high money laundering risks such as Mexico, Ghana, Bangladesh, China, Pakistan, and South Korea, but never increased AML controls.
  • Bethex failed to ensure that its BSA officer had sufficient experience, authority, and resources to ensure day-to-day compliance with the BSA.
  • From 2011 to 2012, Bethex’s designated BSA compliance officer maintained multiple different roles at the Credit Union including its Chief Operating Officer and business manager of the MSB relationship and funds transfer operations.
  • Despite receiving repeated notification from independent auditors and the NCUA of deficiencies in its AML program, Bethex did not take steps to address its deficiencies until years after the fact.

More revenues didn’t translate to more AML resources

Those glaring gaps were only magnified when Bethex took on more risk than it could handle.

In 2011, Bethex opened its doors to wholesale, commercial MSBs and, by the end of 2012, had established relationships with over 70 money transmitters and check cashing companies, according to FinCEN.

Bethex’s MSB expansion resulted in “an increase in volume from $657 million in transactions processed in 2010, all of which were domestic, to over $4 billion in domestic and international transactions processed in 2012 – an annual increase of more than 300%.”

Although the MSB program had “grown to substantial volume and scope, Bethex failed to make commensurate changes in compliance controls to account for the money laundering and terrorist financing risks posed by those MSBs.”

When Bethex began to service these MSBs, it “did not take steps to update its AML programs,” according to FinCEN. “As a result, Bethex was unable to adequately monitor, detect, and report suspicious activity or mitigate the associated risks, leaving the credit union particularly vulnerable to money laundering.”

That led to the credit union failing to report more than two dozen suspicious activity reports (SAR) and, in fact, not filing a SAR at all between 2008 and 2011. Only a 2013, regualator-mandated transactional lookback found the missed reports, 28 in all.

“The majority of the suspicious activity involved high-volume, large amount transfers outside of Bethex’s expected customer base by MSBs capable of exploiting Bethex’s AML weaknesses,” according to FinCEN.

But even the SARs that were filed were of poor quality and little use to authorities, according to the order.

“Most of those SARs were inadequate and contained short, vague narratives encompassing a broad summary of multiple and unrelated instances of suspicious activity,” according to FinCEN. “For example, one SAR covered over $906 million in total aggregate of suspicious transactions, but provided little information useful to law enforcement investigators.”

Credit union action follows explicit rulemaking for sector

The penalty is likely a reminder for the broader credit union community to not shirk their now more explicit AML duties or take on more risk than they can mitigate.

In August, FinCEN made it clear that banking operations, even those without a federal functional regulator, like non-federally insured credit unions, private banks and certain trust companies, are specifically covered by financial crime compliance obligations and that there is no exemption for these institutions in a notice of proposed rulemaking.

In recent years, FinCEN has been more aggressively extending AML program duties to a larger universe of entities, including non-bank residential mortgage lenders and originators, registered investment advisors and certain prepaid card operations.

Extending beyond the financial sector, the agency has also used its geographic targeting powers to require real estate, trade and textile companies in several major metropolitan areas to collect more data on certain customers and transactions.

In a short, two paragraph release, FinCEN stated at the time that the notice of proposed rulemaking would apply to an estimated 740 operations nationwide and would include historical AML compliance program requirements and newer duties requiring institutions to capture beneficial ownership data and monitor customer transactions.

Currently, banking operations without a federal functional regulator are already required to file currency transaction reports and suspicious activity reports and maintain certain records, according to the proposal.

FinCEN stated it was issuing the proposal “to ensure consistent” AML coverage across the banking industry and doesn’t foresee these operations encountering significant operational, technical or logistical challenges.