Hey, Hey BSA, How Many Banks Will Get a Cease and Desist Today
By Glenn Hopkins, Director of Financial Services
The Banking Security Act (BSA) strikes again. Today, another bank’s reputation gets battered by a confidence-reducing headline like this one in the Chicago Tribune — Regulators reprimand American Metro Bank. Earlier this year Union Bank of California got tagged with $31 million in forfeitures and fines and American Express got slapped with $65 million fine — the largest in banking history.
If the Chicago Tribune story is accurate, the cease and desist order placed upon American Metro Bank by the FDIC and the Illinois Department of Financial and Professional Regulation stems from same issues that plagued the other two headline-grabbing banks. Both Union Bank and Amex were fined for failure to comply to the due diligence and the Know Your Customer (KYC) edicts of the BSA. And I’m convinced that both banks were doing their utmost to adhere to BSA guidelines.
Regarding Union Bank, if I may quote myself:
“So they received a warning, took a year to fix all the compliance issues and they were still penalized? The Monday morning quarterback in me would hazard to guess that Union Bank’s compliance officers went into high gear when they were warned. Union Bank is the nation’s 27th largest bank and they’re not stupid. I’m sure they did everything in the power to comply with the BSA, but the law as it stands is too ambiguous. I’m sure they bent over backwards to Know Your Customer (KYC) and Know Your Customer’s Customer (KYCC) but in the end they didn’t Know Exactly What Federal Banking Regulations Require You to Know. (KEWFBRRYK).”
Back in July, several federal regulators issued a joint statement to clarify BSA and KYC for compliance officers. If you download the PDF, pay attention to this “clarification”
“…A BSA Compliance Program must include a Customer Identification Program with risk-based procedures that enable an institution to form a reasonable belief that it knows the true identity of its customers.”
My question is what in the heck constitutes “a reasonable belief” that a bank knows the true identity of it customers?
American Metro, it appears, got dinged for “running the bank with a board of directors that has failed to provide adequate supervision, operating the bank with an ineffective system of internal controls and failing to institute proper customer identification procedures, among other practices,” reports the Tribune.
What are proper customer identification procedures? If I run a customer through every known database will that satisfy the feds? But if the customer is using a false identity, is my bank liable since we’re “reasonably” sure this customer is not a terrorist, drug dealer or Politically Exposed Person (PEP)?
These are the kinds of issues that will keep compliance officers drinking Maalox till the BSA is overhauled.
