USAA FSB pays $140M for BSA violations
FinCEN and the OCC have issued consent orders imposing civil money penalties on USAA Federal Savings Bank for violations of the Bank Secrecy Act and implementing regulations.
The OCC order indicates USA FSB has failed to implement and maintain a BSA/AML Compliance Program (“BSA/AML Program”) that adequately covers the required BSA/AML program components. Deficiencies include inadequate internal controls and risk management practices; suspicious activity identification, evaluation, and reporting; staffing; training; and third-party risk management, among others. These deficiencies resulted in a BSA/AML compliance program violation under 12 U.S.C. § 1818(s)(3)(A) and its implementing regulation, 12 C.F.R. § 21.21. Specifically —
- The bank has also failed to correct problems with its BSA/AML Program that the OCC previously reported to the Bank relating to BSA/AML internal controls, resulting in a violation of 12 U.S.C.§ 1818(s)(3)(B).
- The Bank has failed to file timely SARs as required by 12 C.F.R. § 163.180(d).
The order directs the bank to pay a civil money penalty of $60 million.
The FinCEN order states that between approximately January 1, 2016, and April 30, 2021, the OCC informed USAA FSB that there were significant problems with its AML program, including that it failed to develop a compliance program that met all of the requirements of the OCC’s regulations. In response to the OCC’s notification, in 2018, USAA FSB made commitments to overhaul its AML program (2018 Commitments) by March 31, 2020. Specifically, the bank committed to:
- Fully address the scope of the internal controls and independent testing deficiencies.
- Establish a compliance committee to monitor the implementation of the 2018 Commitments.
- Conduct a comprehensive, enterprise-wide risk assessment.
- Develop and implement adequate customer due diligence (CDD), enhanced due diligence (EDD), and customer risk identification processes.
- Develop and implement written policies for timely review and disposition of suspicious activity alerts and improve suspicious activity identification processes.
- Provide for thorough and effective independent testing of the AML program.
- Conduct a lookback review of Remote Deposit Capture (RDC) transaction activity and file suspicious activity reports (SARs) as needed.
However, USAA FSB failed to make adequate progress to meet the March 31, 2020 deadline and instead amended its completion date to June 30, 2021. To date, the Bank has not met all of the terms of the 2018 Commitments. Now, concurrent with FinCEN’s action, the OCC is undertaking a public enforcement action against USAA FSB for non-compliance with the OCC’s regulations. The OCC is assessing a $60 million civil money penalty against the Bank.
The FinCEN CMP order gives credit for the $60 million penalty assessed by the OCC; therefore, the total of the penalty payments will be $140 million.