Following months of rumors that the Financial Crimes Enforcement Network (FinCEN) is preparing to impose personal liability on officers, directors and employees for shortcomings in their financial institutions’ Bank Secrecy Act and Anti-Money Laundering (BSA/AML) compliance, the agency issued a special advisory, FIN-2014-A007, on the need to create a “culture of compliance.”
Stating that an institution with a poor culture of compliance is “likely to have shortcomings in its BSA/AML program,” the new Advisory outlines six steps an institution can take to strengthen its compliance culture. These steps, which reflect general lessons “gleaned” from recent FinCEN enforcement actions, are intended to be instructive to leadership of all financial institutions required to comply with the BSA – including banks, securities firms, money transmitters, insurance companies, casinos and others.
The first area is “engaged leadership,” including the board of directors, senior and executive management as well as owners and operators. The leaders are not only responsible for understanding the institution’s responsibility for BSA/AML compliance and creating a culture of compliance within the institution, but they also are expected to be visible, demonstrating their commitment and support for the compliance program. They should receive periodic training tailored to their roles and “remain informed of the state” of compliance within the institution.
Second, compliance staff must have sufficient authority and autonomy, and efforts to effectively manage and mitigate BSA/AML deficiencies and risks should not be compromised by revenue considerations. Using as an example Money Services Businesses (MSBs), which derive a significant percentage of revenue from agents, FinCEN said that if a principal MSB learns of possibly inappropriate agent activity, the activity should be thoroughly investigated with appropriate action taken – including termination of the agent – regardless of the impact on revenue.
Third, FinCEN noted that several recent enforcement actions involved institutions that had relevant information but failed to make it available to BSA/AML compliance staffing, possibly due to a lack of mechanism to share, a lack of appreciation as to why the information is important or an intentional decision not to share. The Advisory encouraged organizations to share information companywide as “there is information in various departments within a financial institution that may be useful and should be shared with the compliance staff.” The Advisory noted, for example, that casinos which develop significant information on their gaming customers for purposes of marketing or extending credit should share this information with the compliance staff for customer due diligence and suspicious activity monitoring.
Leadership should provide adequate resources, both human and technological, devoted to BSA/AML compliance (including sufficient staffing to handle alerts and appropriate automated systems for suspicious activity detection and monitoring). Likewise, to ensure an effective compliance program, it should be tested by an independent, qualified, unbiased internal or external person without conflicting business interests.
Finally, FinCEN said that leadership and staff at all levels of the institution should understand how their BSA/AML reports are used by law enforcement and others, and that “they are not simply generating reports for the sake of compliance.” The Advisory noted that they provide tips used to initiate investigations, expand existing investigations, promote international informational exchanges, or identify significant relationships, trends and patterns.
To read FIN-2014-A007, click here.
Why it matters:After the Advisory was issued, FinCEN director Jennifer Shasky Calvery remarked, “I can say without a doubt that a strong culture of compliance could have made all the difference,” in enforcement actions she has worked on. Ten days later, FinCEN announced an enforcement action against a casino employee, barring him from the casino industry for life and fining him. The FinCEN director noted that this “action not only stresses the importance of the culture of compliance, but also ensures that [this individual] will not have the opportunity to engage in similar misconduct in the future.”