Subpoenas: an overlooked, often missed, compliance requirement

*special contributor report*

By Sarah Beth Whetzel
BSA/AML subject matter expert at Palmera Banking Solutions
www.palmeraconsulting.com
Sarah@PalmeraConsulting.com
June 23, 2016

Subpoenas are seen as a requirement (better, an obligation) and financial institutions most times give this mundane, time-heavy task to their research or operations departments.

With the introduction of FinCEN’s Exam Manual in 2005, subpoenas now had an impact outside of the research/operational departments. The FinCEN Manual section on Suspicious Activity Reporting stated that law enforcement requests, such as subpoenas, should be considered as a red flag for the institution to review the subject’s activity for a possible SAR filing.

Most institutions have this process figured out with the BSA area having access to these requests or a BSA contact is on a distribution list of subpoena requests. And this is where it often ends.

No one seems to communicate to the outside federal and state attorneys about the core and teller platform issues that most institutions have which directly affect the accuracy of the information provided in response to a subpoena.

And from the institutions’ side, the areas that are knowledgeable of these system limitations are not the areas responsible for responding to the subpoena requests.

So we are left with both parties – federal/state attorneys (USAO) and the BSA areas – not knowing what they don’t know.

With this white paper we hope to bring to light what these parties may not know, and then bring both parties into the ‘what you know’ final stage. This final stage will be of benefit to both parties.

Knowing is half the battle

Sarah Sub 1

Most government attorneys are unaware of the inner workings of institutions that could directly affect the quality of the information they request and therefore receive from institutions.

For example, standard subpoena wording may request a customer’s account activity via statements, loan documents or transaction activity for a certain period of time. However, most institutions are responding to these subpoena requests in good faith, but they are not providing all of the transactions related to the customer.

The main culprit for this is the usage of ‘statements’ as a customer’s record of activities.

Post 9/11 and various regulations and regulatory pressure to track cash, wires, and monetary instrument purchases for AML purposes, leave most institutions with work-arounds at the front-end (branch level) to capture a wealth of information that is not always linked to a customer’s account activity in the core system.

These work-arounds take the form of excel spreadsheets that branches fill out and send to the BSA area, system prompts built into the teller platform which capture transactor and transaction information, and transaction monitoring systems which oftentimes incorporate various transactions from other internal areas of the institution.

Most community banks and credit unions still struggle with capturing various transactions at the front-end, which directly affects the AML system accuracy as well as the compliance efforts for subpoena requests.

Needless to say, this should be an area that is covered during your audits and validations. (If this has not been tested during your audits/validations, then you need a new firm who knows the operational fallout of lax AML compliance.)

Going beyond the basics

So to give an example of the issues using bank statements as the de facto standard for a customer’s activity, let’s look at the example below.

The first image is a basic monthly statement provided by most community banks and credit unions. The second statement contains all the ‘hidden’ information and transactions that are often not provided in a subpoena request but should be.

Sarah Sub 2

Most institutions are unaware that they are not providing the full transaction profile of the customer when responding to subpoena requests.

A decade ago, when I was a BSA Officer in a multi-billion dollar institution, I had built the internal transaction monitoring system for AML compliance and decided that we would also provide an ad-hoc report that was provided along with the other subpoena requests.

In addition to being compliant (which is always good), we received positive feedback from the attorneys and federal law enforcement community regarding the prosecutable strength of the cases.

Any longtime bankers may see this issue and think there is no way that they can make changes to the statements produced from the core system. These are legacy programs that often times do not get touched throughout the years.

But this doesn’t mean that institutions should just shrug this issue off without a good faith effort to correct the missing information problem.

Below is a quick 3 step starting point for financial institutions:

  1. Build a better relationship between the area that receives and responds to the subpoenas and the BSA/AML area. If subpoenas are handled in your BSA or compliance area already, it is worth checking that the employees responding are aware of possible additional transactions outside the core system.
  1. Review a few of the most recent responses to subpoenas, the documents provided, then compare to the transaction related reports that BSA/AML is privy too. The most efficient way to do this is to take a single month of transactions that was provided by the non-BSA/AML areas and compare it to reports, of the same time period, from the AML transaction monitoring system, reports from the front-end for currency orders/exchanges, foreign or FX wires, cash advances, cashed checks not run through the customer’s account, etc. Depending on the teller platform and transaction codes used by your institution, you could be missing a lot of transactions. A good indicator of the pervasiveness of this issue is if recent validations have not produced any work-arounds at the front-end to better capture transactions for the good of the AML system.
  1. Design an ad-hoc report(s) for the research area to use when responding to subpoenas. Please keep in mind, some subpoenas from USAOs may contain a certain transaction type such as cash or checks. So it is important that if the ad-hoc reports are decentralized out of BSA/AML, that the report filters allow the research/subpoena area to properly limit to the specific subpoena requests.

Why would an institution want to take on these changes? After all, the BSA Officer is already strapped with resource issues. Here is your answer:

  • It IS a compliance issue. While your regulators will probably never know about this issue, you do now. Take an hour and follow up on the issues noted to see how pervasive the problem is in your institution.
  • It does not take a lot of to figure out how to remedy this issue. At the most a new report or new reporting function will be needed. It is eventually a ‘set-it and forget-it’ report for the subpoena responders.
  • As a BSA Officer wouldn’t you want to lessen the chance of your SARs going into a ‘big black hole’ and not being pursued? This is your contribution to this cause. The more accurate the information you can provide to the federal attorneys/enforcement, the better the chances of all your AML efforts contributing to the overall cause of protecting the financial system.
  • Think of it this way – your BSA Program reports on suspicious activities as required. The federal level sees a SAR, reaches out to your institution via a subpoena and the transaction information provided does not line up with what was reported in the SAR. Since a SAR is not admissible in a court of law, it makes it a dead-end of sorts for any pursuit of the suspected criminal activity.

About Sarah Beth Whetzel                                       Sarah Palmera pic

Sarah Beth Whetzel is founder of Palmera Banking Solutions. Most recently, she directed the BSA Practice for a national compliance consulting firm. With 15 years of experience in compliance and risk management for financial institutions and technology companies, her expertise includes the management and performance of AML, BSA, and OFAC regulations in the form of AML system validations, AML remediation and BSA/AML compliance audits. In both auditing and operational roles, software has been at the core of her experience.