BSA Confusion Got You Coming and Going? Don't Let the Riggs Settlement's Price Tag Throw You. There Are Basics of BSA Compliance to Be Learned from Every Regulatory Case

Article excerpt

"USA Patriot Act." "Customer identification programs." "Know your customer." "Customer due diligence." "Trading with the enemy." These terms and phrases send shivers down the backs of many bankers, and with good reason. Compliance in this area is one of the highest expenses that banks face in the regulatory arena, and if things go bad, the horror stories out there are the stuff of nightmares.

When it comes to a successful anti-money laundering program, the devil is in the details. Bank Secrecy Act (BSA) and Office of Foreign Asset Control (OFAC) compliance often requires consideration of much detail, but with a bit of planning and foresight any bank can get it right. While there has been much attention lately to high-profile BSA cases like the $25 million penalty paid by Riggs Bank, there is also much to learn from other, less-publicized travails.

The problem at Riggs was atypical: it stemmed from a lack of oversight of embassy accounts. Regardless, the language used by the regulators to direct Riggs to fix its problem is strikingly similar to the requirements of other agreements.

The consistent theme: Regulatory actions result from a breakdown in design and implementation of an effective program, not from whether a specific Suspicious Activity Report should have been filed.

In spite of what may seem like overwhelming regulator expectations, it is important to remember that the cost of compliance is much higher when policies and procedures must be created in short order. In most of the actions noted in this article, there was no fine imposed, but the banks received tedious, detailed instructions on cleaning up the situation with tight timetables (usually 30-60 days).

Looking to the record

We analyzed several written agreements published by the Federal Reserve Board and the Comptroller's Office in an attempt to categorize the issues and offer you a road map to avoiding similar problems. Some notable agreements included those with Cowboy State Bank, Ranchester, Wyo.; First Midwest Bank, Itasca, Ill.; Planters Bank and Trust Com., Staunton, Va.; The Custar State Bank, Custar, Ohio; Merchants Bank of California, Carson; Surety Bank, Fort Worth, Texas; and last but certainly not least, ABN AMRO Bank, N.V. A walk through the details of some of these agreements can show just how costly non-compliance will be. "Pay now or pay later" might be the best way for a CEO to come to terms with the costs of compliance in this area.

In the recent agreement between the Board, other regulators, and ABN AMRO Bank, the following language was found (emphasis added):

Within 60 days of this Agreement the Bank ... shall jointly submit ... an acceptable written anti-money laundering program designed to improve the ... system of internal controls and designed to ensure compliance..... The program shall, at a minimum:

1. Improve the ... system of internal controls, ...;

2. Include controls designed to ensure compliance with all requirements relating to correspondent accounts for non-U.S, persons,....

3. provide for thorough assessment of legal and reputational risk associated with correspondent accounts and clearing operations and for regular review of risk tolerance by appropriate members of senior management;

4. provide for the retention of outside consultant assistance as necessary and appropriate to assess risks associated with particular lines of business and to design and implement controls to manage such risks....

Independent Testing and Audit

Within 60 days of this Agreement, the Bank shall submit ... an acceptable written plan including ...:

* Procedures to evaluate ... compliance with the BSA, ... and all other applicable anti-money laundering and suspicious activity reporting requirements;

* Procedures to evaluate ... adherence to industry sound practices relating to anti-money laundering compliance, customer and correspondent account due diligence, and the reporting of suspicious activities;

* Procedures for ongoing compliance monitoring . …