On December 30, 2015, the Financial Crimes Enforcement Network (FinCEN) announced its first action against a dealer in precious metals, precious stones, and jewels. The target was a Los Angeles-based wholesale precious metals business. The enforcement action included an assessment of a $200,000 civil money penalty against the business, the owner, and the compliance officer for willfully1 violating federal anti-money laundering (AML) laws. In addition to the fine, the company has agreed to several undertakings to extend through 2020, including retaining an external auditor, providing a comprehensive annual report to FinCEN outlining the implementation of its improved AML program, and annually providing a copy of, and certifying attendance and testing results of, the company's AML training program.
This enforcement action followed two BSA compliance exams conducted in 2011 and 2013. The company had no AML program in place until 2011, five years after the business was established and only after the IRS examiners instructed it to implement one. The 2013 exam showed that the AML program was lacking in several material respects, and the company, its owner, and its compliance officer often ignored the AML program. The company had never filed a Suspicious Activity Report (SAR).
Among the violations, the company failed to (1) adequately assess its risk; (2) conduct due diligence; and (3) implement effective procedures to identify red flags or to conduct inquiries when such red flags were present.
The company is required to develop and implement a risk assessment incorporating all relevant factors associated with its lines of business. The relevant factors include, at a minimum: "(a) [t]he type(s) of products the dealer buys and sells, as well as the nature of its customers, suppliers, distribution channels, and geographic locations; (b) [t]he extent to which the dealer engages in transactions other than with established customers or sources of supply, or other dealers subject to this rule; and (c) [w]hether the dealer engages in transactions for which payment or account reconciliation is routed to or from accounts located in certain high-risk jurisdictions[.]" 31 CFR § 1027.210(b)(1)(i).
The company erroneously assessed itself as low-risk in its BSA manual because it did not deal in cash, but only checks and wires. It also claimed that its typical transactions were $5,000 or less, but this was found not to be true, inasmuch as the company conducted single transactions in amounts of up to $700,000. In 2011, the company began dealing in large sums of gold with new customers in transactions ranging between $14 and $23 million. This doubled its yearly volume, which reached $120 million by the end of 2012.
There were no controls, such as policies or employee training, in place to react to any red flags caused by large, high-dollar transactions. Despite the change in volume and customer base, the company did not require any documentation or identification prior to conducting business with many of its new, high-volume customers. In addition, many purchase orders contained only the business name and included no identifying information on the underlying individuals.
The company did assess itself as high-risk for its location in Los Angeles – a high-risk AML geographic area – but its internal controls did not address this risk. Finally, the company filed no suspicious activity reports, despite numerous customers and transactional relationships indicating red flags for money laundering or other illegal activity.
With this first action, FinCEN has shown that it will require dealers in precious metals, precious stones, and jewels to maintain adequate AML programs and policies just like any other financial institution. FinCEN focused on the willful failure of the company, through its owner and compliance officer, to assess the company's risks adequately, and develop and implement an effective AML program.
If nothing else, this enforcement action is a warning shot across the bows of the jewelry and precious metals industries. Going forward, dealers should, at a minimum, assess their risks, know their customers, implement a risk-based AML program, respond to red flags, and make appropriate suspicious activity reports.