Managing Compliance Risk: Bank Secrecy Act and the USA PATRIOT Act

by Ken Proctor, Director of Risk Management, Brintech, Inc.

In October 2001, Congress passed the USA PATRIOT Act, which included more than 300 pages of new rules for improving the country's security. Following the events of September 11, the USA PATRIOT Act was first hailed as a quick, decisive move designed to stop terrorist and other illegal financial transactions. With some distance from the initial passage of the Act, however, what remains are the stricter compliance provisions and penalties for error that all banks must understand.

The strict requirements under Section 3, Title III of the USA PATRIOT Act has prompted examiners to adopt a "zero-tolerance" position as they evaluate banks and their compliance with the new rules. Specifically, examiners look for evidence that every bank

1. Has developed and approved comprehensive policies and procedures
2. Promotes executive awareness and understanding of the bank's anti-money laundering responsibilities and activities
3. Conducts mandatory, ongoing training of all employees in anti-money laundering laws, regulations and requirements, including the Bank Secrecy Act and the USA PATRIOT Act
4. Employs a management-level compliance officer responsible for the Bank's anti-money-laundering activities and with independent Board-level reporting authority
5. Actively monitors individual accounts to detect suspicious activity
6. Exercises increased attention to filing Suspicious Activity Reports and Currency Transaction Reports

Under these increasingly rigorous exams, even CAMEL 1 rated banks failed. Even what can seem like a miniscule percentage of errors can lead to exam failure. For example, in one Federal Reserve Bank district, none of the 15 banks most recently examined for BSA compliance passed. At one bank, examiners found three mistakes in a sample of 600 transactions; according to the examiners, these errors represented a systemic error that the bank needed to fix in order to comply. In a separate incident, examiners found five errors in a wider sample of 1500 transactions. Once again, the bank was told that their system had failed. In more than ten recent compliance exams under these new, stricter guidelines, each bank failed its exam on BSA/USA PATRIOT Act compliance.

Breathing Room Running Out
To this point, examiners have, for the most part, granted banks the necessary time to bring their systems into compliance with the new regulations; the potential C&D orders and potentially devastating civil money penalties are still only a threat. However, banks should realize that this era of leniency will be limited. In the future, a bank that fails a BSA or USA PATRIOT Act exam should expect to face severe penalties.

In addition to potential penalties for the bank, these new regulations carry the possibility for personal liability for senior management and directors. Following their stated "zero tolerance" policy regarding the BSA and USA PATRIOT Act, examiners can and will issue enforcement actions, up to and including Cease and Desist Orders for what in the past would have been considered an apparently small error. The intimidating monetary penalties that regulators can impose on a bank may equal up to twice the amount of the infraction, an amount that in some cases could exceed the bank's capital.

Fortunately, banks can take the following actions to ease compliance with the BSA and USA PATRIOT Act:

1. Assign a senior manager with experience at identifying and investigating unusual transactions and suspicious customer activity as the bank's Anti-Money Laundering Officer
2. Appoint an internal committee to review the bank's BSA/USA PATRIOT Act and anti-money laundering policies to ensure they comply with the new regulations
3. Immediately address areas of the bank's BSA/USA PATRIOT Act compliance programs that you can improve and create action plans for making those improvements
4. Develop or improve your bank's suspicious activity monitoring and reporting processes. Consider implementing software systems designed to determine "normal" customer behavior and highlight unusual activity
5. Design and implement an ongoing training program to address the detail that all employees and directors need for their positions

Banks face potentially devastating consequences for noncompliance with the BSA and USA PATRIOT Act, and the possibility of lenience on the part of the regulators is quickly waning. Fortunately banks can take steps to manage the compliance risk they face in these two critical areas.

Brintech provides financial services organizations with increased profitability and efficiency, ROI maximization of technology investments and improved regulatory review performance. These results are achieved through management consulting and advisory services in the areas of Financial and Operational Performance Enhancement; Risk Management; Strategic Planning; and Technology Selection, Management and Planning. Contact John Matheny at Brintech 800-929-2746 or at jmatheny@brintech.com or visit http://www.brintech.com .

First published on BankersOnline.com 9/2/03