FinCEN, OCC hit California bank with $7 million AML penalty tied to MSB, correspondent oversight

By Brian Monroe
March 2, 2017

The U.S. Treasury Monday penalized a small California bank $7 million for “egregious and willful” violations of financial crime compliance regulations, chiefly tied to its monitoring, oversight and reporting of activity on its stable of remitter clients and correspondent portals.

The Financial Crimes Enforcement Network (FinCEN) issued the penalty against the diminutive and struggling Merchants Bank of California in an action that details what can happen in a compliance worst case scenario where profit-driven insiders secretly control risky businesses, push their agenda through threatening bank staffers and use their knowledge of anti-money laundering (AML) processes to evade controls.

The action tells a story of a bank desperate to boost income at the expense of compliance – the bank has been losing millions of dollars annually – by delving into an area with many layers of high-risk strata, including money services businesses (MSBs) near the Mexican border, offering remote deposit capture (RDC) check-cashing services and later, these operations exhibiting transactional tells indicative of structuring, layering and commingling.

The penalty for the Carson, Ca.-based bank is among the largest FinCEN has ever handed out related to Bank Secrecy Act (BSA) issues compared to the bank’s overall holdings – the $7 million is nearly 11 percent of the bank’s total assets, evincing the seriousness of failings that dated back to 2010 and spread across several prior enforcement actions.

The penalty by FinCEN reveals aggressive insiders overriding and overruling a feckless and inexperienced compliance function, eventually allowing “billions of dollars to flow through the U.S. financial system without effective monitoring to adequately detect and report suspicious activity,” through a combination of MSBs and foreign correspondents.

Moreover, “many of these transactions were conducted on behalf of money services businesses (MSBs) that were owned or managed by Bank insiders who encouraged staff to process these transactions without question or face potential dismissal or retaliation.”

“The banking of money services businesses is important to the global financial system, and we believe that banks can mitigate the risks associated with such businesses, just as they do with other customers,” said FinCEN Acting Director Jamal El-Hindi.

“But here we had an institution run by insiders essentially to provide banking services to MSBs that the insiders owned, combined with directions from Bank leadership to staff to ignore BSA requirements with respect to those MSB customers and others. It is certainly not an acceptable way to bank MSBs,” he said.

While not specifically mentioned in the enforcement action, part of the issues tied to managing and ranking MSB risks and transactions through correspondent portals for Merchants was potentially tied to its stable of remitters wiring funds to Somalia.

The bank in early 2015 stated that it was planning to halt wiring funds to Somalia, following moves by other large financial institutions that chose more than a decade prior to end remittance services involving the region, considered a major risk for illicit funds and terror groups.

At the time, the “one-office Carson bank had become a last resort for about a dozen money-transfer businesses that collect funds in U.S. offices and disperse them in Somalia, which has no connections to the international banking system or to such services as Moneygram and Western Union,” according to the LA Times.

Institutional evasion

While bullying rank-and-file bank staffers for their own financial gain, these unnamed insiders knew about and actively tried to evade AML directives, according to penalty documents.

The cabal “directly interfered with the BSA staff’s attempts to investigate suspicious activity related to these insider-owned accounts,” according to FinCEN. “Merchants’s executives weakened the Bank’s AML program by creating a culture that did not sufficiently detect or report on suspicious activity involving the accounts of insiders.”

Worse, merchants’ leadership “impeded BSA analysts and other employees from investigating activity on transactions associated with accounts that were affiliated with Bank executives, and the activity in these accounts went unreported for many years,” according to penalty documents.

“Merchants’ interest in revenue compromised efforts to effectively manage and mitigate its deficiencies and risks.”

The penalty, though it’s against a bank for its oversight of remitters and exchangers, will likely exacerbate the current trend of de-risking, where institutions drop accounts that are perceived to carry too much risk or bring excessive regulatory scrutiny, said David Landsman, executive director of the National Money Transmitters Association.

“Regulators and law enforcement need to start taking responsibility for the damage they cause when good licensed money transmitters and check cashers lose their accounts because of adverse actions taken against banks,” he said.

“If it is too difficult, even for banks with the best of intentions, to safely bank these vitally necessary businesses, government should step up and put into place the needed regulatory structures,” such as more guidance on banking MSBs, support from regulators and leeway for banks taking a chance to help the sector, Landsman said.

Risky regions given carte blanche

In addition, the bank did not recognize that certain regions with foreign correspondent relationships were clearly high-risk and deserved more compliance scrutiny.

The orders noted that in a three-month period, Merchants “processed a combined $192 million in high-risk wire transfers through some of these accounts,” tied to regions including Colombia, Honduras, Mexico and Romania.

But the compliance issues at the bank extended further than the insider issues and ramshackle risk-ranking.

Both enforcement actions state that Merchants had significant gaps in every pillar of the AML program, from lax customer due diligence and risk ranking, to the expertise, authority and independence of staff in and out of the formal compliance function.

Merchants failed to provide the “necessary level of authority, independence, and responsibility to its BSA officer to ensure compliance with the BSA as required, and compliance staff was not empowered with sufficient authority to implement the Bank’s AML program,” according to penalty documents.

Sharing, but not caring

The bank at times didn’t have a dedicated compliance officer, but had AML duties spread between three different people.

While not uncommon at smaller banks, the issue was that these individuals didn’t fully grasp the gravity and requirements of financial crime compliance and had never parsed out how the program should be run, who should do what and how to force business line managers to be accountable for following through on AML directives to close or better monitor and report on certain higher risk accounts.

At issue as well was that the sheer number of MSB accounts had mushroomed beyond what the small compliance staff could manage and monitor effectively.

“Merchants provided banking services for as many as 165 check-cashing customers and 44 money transmitters, many of which were located hundreds of miles away from Merchants,” according to FinCEN, adding that the bank also never re-reviewed this client segment to see if they were following expected activities or were serving different customers or regions.

“Considering that cash is the most commonly used instrument to launder money, Merchants should have assessed its MSB customers’ cash flows by reviewing them periodically, identifying their sources of funds, documenting expected account behavior, and maintaining awareness of each MSB’s customer base,” according to FinCEN.

“Because of this failure, Merchants failed to file or file timely on hundreds of millions of dollars of suspicious activity including millions of dollars of transactions of 57 of its customers later identified as part of an independent look-back review.”

Breaking backstop, audit is not it

But to miss so many SARs, at the outset and later during mandated internal reviews, that is a major failure of the audit portion of the AML program.

FinCEN stated that one consultant missed highlighting and remediating the issues at the bank for several years, failing to detail risky customers and transactions, problems not uncovered until a second auditor came to review what the first had missed.

In the second, more detailed audit, Merchants found it had missed some MSB customers that should have been the subject of a suspicious activity report (SAR).

For example, one of the MSB customers was a money transmitter located in the basement of the owner’s private residence in New York.

The order states that, “despite several red flags resulting from Merchants’s account review, including the fact that this MSB was the subject of multiple information requests from law enforcement, had significant increases in its account activity, and its wire transfers were, in two instances, rejected by another bank, Merchants determined that its activities were not suspicious and failed to timely file a SAR.”

In second instance, an MSB customer had conducted several million dollars worth of deposits, withdrawals and wire transfers, quickly cashing out the funds through large checks, and soon after was the subject of a criminal investigation, but even with all of that information, Merchants decided a SAR was not needed.

Just a few months later, the MSB and its manager pleaded guilty to eight counts of failing to file currency transaction reports and one count of failing to maintain an effective AML program.

Managing multiple actions

The order is also a roadmap of how not to manage multiple and overlapping enforcement orders as Merchants had no formal processes to remediate current and prior AML issues.

Because of that, although prior orders specifically required the bank to better probe potential customers on expected activities to define risk, and more accurately tune monitoring systems to watch higher-risk operations, the bank actually did the opposite – taking on more risky customers without the ability to mitigate, monitor or uncover and report aberrant activity.

With such broad failures in program controls, authority and decision-making tied to SARs, banks and MSBs more broadly could benefit from additional guidance by regulators and investigators on how such relationships can survive and even thrive, according to Landsman.

For instance, with the hefty fines against banks and MSBs hitting record highs in recent years into the billions and hundreds of millions of dollars respectively, a portion of those funds could be used to proffer more bright line boundaries that foster new and stronger relationships between both sides, with the end goal being richer, more timely intelligence to law enforcement, he said.

“Some small portion of these multi-million dollar fines should be used for more proactive regulation, rather than just carrying out the reactive prosecutions we are seeing. Banks cannot learn anything about compliance by just closing accounts,” Landsman said.