On June 15, 2015, the Financial Crimes Enforcement Network (FinCEN), in coordination with the US Attorney’s Office for the Southern District of West Virginia (USAO) and the Federal Deposit Insurance Corporation (FDIC), announced a $4.5 million civil monetary penalty against Bank of Mingo (Mingo) of Williamson, West Virginia, for willful violations of the Bank Secrecy Act (BSA). This $4.5 million penalty will run concurrently with a $3.5 million penalty imposed by the FDIC, of which $2.2 million is concurrent with the amount forfeited under a deferred prosecution agreement (DPA) with the USAO. According to FinCEN’s press release announcing the assessment, Mingo’s failure to establish and maintain an appropriate AML program resulted in the bank processing millions of dollars in structured and suspicious cash transactions.

As part of a global resolution, Mingo signed a DPA and Stipulation of Facts admitting to violating the  BSA’s program, recordkeeping and reporting requirements by failing to implement internal controls, failing to prevent withdrawals structured to avoid reporting requirements and failing to file suspicious activity reports (SARs). Prosecution for failing to implement an effective AML compliance program will be  deferred for a one-year period and the filed charges will be dismissed if the bank complies with all of the requirements in the DPA, including payment of the monetary penalty, implementation of appropriate remedial measures and cooperation with any further investigation into the underlying misconduct.

In the Stipulation of Facts, Mingo admitted to a series of AML deficiencies. Specifically, Mingo had implemented software to monitor customers’ account activity, but failed to use the software to detect and report instances of suspicious activity. Further, Mingo failed to adopt a sufficient customer identification program (CIP) or other “Know-Your-Customer” (KYC) procedures, and was opening a significant number of accounts that contained only a P.O. box address. Mingo also failed to properly assess the risk posed by certain customer accounts and activities at the outset, including check cashing, payroll and cash intensive customers. In addition to insufficient internal controls and KYC, Mingo’s designated BSA compliance officer lacked the resources to competently manage the bank’s compliance efforts and was performing a number of non-BSA functions.

The most egregious conduct at the core of the enforcement action involved a manager in the Williamson branch. With the branch manager’s assistance, Aracoma Contracting, LLC (Aracoma) obtained a $50,000 line of credit (LOC) that was used to pay employees with cashiers’ checks drawn off the LOC. Although Mingo was aware of Aracoma’s high volume of unusual cash transactions, it failed to file the requisite currency transaction reports (CTRs) or SARs. Indeed, between 2007 and 2013, Mingo failed to file 619 CTRs, 438 of which were Aracoma-related. Ultimately, Aracoma routed over $9 million in structured transactions designed to evade the BSA’s reporting requirements through Mingo’s Williamson branch.

In November 2013, Aracoma pled guilty to conspiracy to structure $2.2 million in transactions (the basis for the amount of the forfeiture assessed against Mingo). The branch manager, a former mayor of Williamson, pled guilty in May 2014 to making a false statement to federal law enforcement agents when interviewed about his involvement in the structuring activity. Under a separate agreement with the FDIC, he accepted a lifetime ban on employment by any FDIC-covered institution.

Mingo’s failure to adequately invest in the AML compliance function permeated the organization. FinCEN found that Mingo’s employees lacked the necessary knowledge and skills to identify high-risk customers, detect and report currency transactions or suspicious activity, and appropriately aggregate large cash transactions as required under the BSA. As of December 2014, Mingo was operating six branches with close to $94 million in assets, which makes the amount of the penalties even more significant.

When an institution fails to detect or prevent criminal conduct, investigation of the underlying crime is inevitably followed by an investigation of the institution itself for BSA violations. Consistent with recent warnings from regulators about individual liability, the DPA clearly states that it does not protect any current or former Mingo officers, directors, employees or shareholders who engaged in misconduct from criminal prosecution. The Mingo case highlights the risks associated with failing to implement an effective AML compliance program led by a trained and autonomous BSA officer. An institution that lacks robust AML compliance not only faces substantial penalties, but also exposes its directors, officers and employees to potential civil and criminal liability for BSA violations.