On March 31, 2015, the National Credit Union Administration liquidated North Dade Community Development Federal Credit Union of Miami Gardens, Florida. In its press release, the NCUA reported that North Dade was liquidated because the “credit union had violated various provisions of its charter, bylaws and federal regulations.” Just three months earlier in November 2014, the Financial Crimes Enforcement Network (FinCEN) assessed a civil money penalty of $300,000 against North Dade after finding that the credit union had violated the Bank Secrecy Act (BSA) by not implementing an effective anti-money laundering (AML) program.

North Dade’s liquidation demonstrates the growing risk posed to small and regional financial institutions as money launderers move from larger financial institutions to smaller ones and law enforcement takes notice. Federal law enforcement and regulators have recently indicated that money launderers are increasingly moving to smaller regional banks and credit unions to avoid detection. Enforcement actions bear this out.

For example, in September 2013, FinCEN, the Office of the Comptroller of the Currency (OCC) and the New Jersey United States Attorney’s Office concluded a joint investigation of Saddle River Valley Bank in New Jersey. Based on their findings, FinCEN and the OCC issued a money penalty of $4.1 million and Saddle River forfeited another $4.1 million to the U.S. Attorney’s office for willful violations of the BSA. The penalty and forfeiture essentially wiped out Saddle River’s remaining assets. During the relevant time period, Saddle River had maintained correspondent bank accounts for Mexican and Dominican money services businesses (MSBs). Saddle River also offered wire services and remote deposit capture services, which permit clients to make deposits from anywhere in the world to the MSBs. According to FinCEN, Saddle River conducted $1.5 billion worth of transactions on behalf of the foreign MSBs. At the same time, Saddle River failed to adequately monitor the accounts, know its customers, conduct the required enhanced due diligence, or have a knowledgeable BSA officer in place. Saddle River ended up filing approximately 190 late suspicious activity reports during its own after-the-fact investigation.

Like Saddle River, North Dade, a small, local financial institution with a single branch, provided services to MSBs that conducted transactions in high-risk foreign jurisdictions. North Dade provided these customers with wire services, remote capture deposits, and cash orders. Some of the MSBs allowed their customers, other MSBs, to use their North Dade accounts as their own. FinCEN found that in 2013, North Dade conducted more than $1 billion in wire transfers and $950 million in remote deposits on behalf of the MSBs. FinCEN’s examination found that North Dade failed to conduct any meaningful risk assessment of its business and as a result, North Dade’s AML program was inadequate. Examples of North Dade’s inadequate AML program highlighted by FinCEN included the fact that North Dade did not have an automated system to identify suspicious activity and instead relied on its employees to manually investigate accounts, North Dade did not have a BSA officer and provided inadequate AML training that did not include training on risks associated MSBs, and FinCEN detailed how North Dade failed to conduct any meaningful due diligence on its high-risk accounts. Ultimately, North Dade was assessed a $300,000 penalty and just last week was liquidated for, among other things, violating federal regulations.

Similar recent actions have been taken against regional banks as well. For example, in February 2015, FinCEN and the OCC penalized First National Bank of Dunmore, Pennsylvania for its BSA/AML deficiencies related to its failure to detect and report proceeds of corruption. In that case, the combined penalty was $1.5 million. In June 2014, the OCC issued a consent order and a $500,000 civil money penalty against Associated Bank of Green Bay, Wisconsin for bank secrecy act violations. The OCC found that Associated Bank, a regional bank with 247 offices in the Midwest, failed to adequately conduct risk assessments, perform sufficient customer due diligence, identify high-risk customers, or properly educate and train its AML staff. In January 2014, the OCC issued a consent order and $500,000 civil money penalty against Old National Bank of Evansville, Indiana for similar BSA/AML inadequacies.

In March 2015, the Comptroller of the Currency, Thomas J. Curry, stated “all banks, large and small, confront operational risks that are inherently transnational, such as cyber security and Bank Secrecy Act/Anti-Money Laundering Compliance.” The Comptroller went on to explain that “it is extremely important that banks of all types and sizes understand the nature of the BSA/AML risk, understand their BSA/AML regulatory obligations, and understand the importance of collaboration among financial institutions and sovereign supervisors to meet the rising BSA/AML risks.”

Aside from FinCEN and the OCC, the United States Department of Justice (DOJ) is now a common and active participant in the enforcement of the BSA. Since 2006, the DOJ has been involved in more than 15 BSA investigations, the bulk of which have occurred in the last five years. The DOJ brings the power of the grand jury as well as the real and legitimate threat of criminal prosecution. Oftentimes DOJ investigations are resolved with a deferred prosecution agreement (DPA). A DPA generally includes the filing of a charging document, public acknowledgement of the facts that give rise to a BSA violation, a forfeiture of money to the government, and a fine, separate and apart from any FinCEN or OCC money penalties. Generally, if the financial institution complies with the requirements of the DPA, the case is dismissed after an agreed upon time. The amount of the forfeiture and fine is driven by the conduct, and can range from a few million dollars to the recent $642 million in the Commerzbank DPA. Other times, DOJ investigations result in criminal charges against a financial institution, as was the case with Pamrapo Savings Bank in New Jersey that pled guilty to a charge of conspiracy to violate the BSA. And like the regulators, the DOJ investigations involve both large multi-national institutions and small local institutions.

The message is plain. Regulators and the DOJ expect all financial institutions, regardless of size, to have a meaningful AML program. Whether the institution has a single branch in Miami-Dade County, or a presence throughout the globe, the demands of the BSA compliance remain the same. And as the recent enforcement actions demonstrate, the potential penalties for failing to comply are real.