Filed under: bank secrecy act, OFAC, Uncategorized | Tags: bsa, compliance, fines, jail, OFAC, PATRIOT, Patriot Act
Yesterday, I was catching up on the NAFCU Compliance Blog and I caught this gem: ING is going to pay the U.S. Treasury Department $619 million in settlement of alleged OFAC violations. While FinCEN says OFAC is not truly part of BSA, it’s hard to argue how financial institutions must deal with OFAC in much the same way as they deal with the PATRIOT Act and SAR and CTR requirements. Up until now, the largest BSA settlement that I knew of was Wachovia’s $110 million settlement with FinCEN.
When I teach BSA, I often describe the penalties associated with BSA - how they are cumulative and also increase every day for continuing non-compliance. This rapidly creates a crime with jail time far greater than that for murder. Thus, the entity accusing the financial institution of the particular violation, be it FinCEN, The Department of Justice or the U.S. Treasury Department, can simply ask the question: “Who wants to go to jail?” Naturally, no one wants this so the financial institutions, typically large banks, negotiate an agreement which results in the admission of no wrong-doing and the payment of a very large fine. Thus, no one goes to jail.
You can read the U.S. Treasury Department’s announcement and decide for yourself whether the allegations were worth a $619 million settlement. That’s really not my point. The intimidation methodology that the government has in place whereby it extracts large fines from financial institutions is unlikely to change.
The question, dear reader, is what would happen to a credit union in this context? Well we know what happened to Suffolk Federal Credit Union, and there have been others as well. I’m only aware of one credit union that actually had to pay a fine. The rest of them had to make painful and expensive changes but faced nothing like what ING or Wachovia had to deal with. Why is that? Money, of course. Most credit unions would vanish if they had to pay a million dollar fine. Credit unions have no access to capital from secondary markets. The members’ money is all they have. So if the government fines the credit union, it is simply punishing the members. Whether that means anything or not is a separate question, but if you want to be cynical, there’s simply not enough money there to punish without destroying. If the government destroys the credit union, no one wins and the government gets scrutiny as well.
We can debate the whole government conscripting financial institutions to do its financial monitoring work and then the harsh punishments given when these unwilling soldiers fail, but there is no point. There is zero desire in Washington for this modus operandi to change. Thus, the only thing that can be done is to comply with BSA, comply with the PATRIOT Act and comply with OFAC. I joke that compliance officers are special because they are the first people to go to jail. Actually it’s no joke at all. This stuff is serious as a heart attack and needs to be the number one compliance priority for credit unions. In comparison, while Reg Z may be harder and more burdensome, no one has ever gone to jail for a Truth-in-Lending violation.
Filed under: bank secrecy act | Tags: Customer Identification Program, FACTA, Patriot Act
By August J. Ober, Attorney
With the passage of the Patriot Act in 2001, which amended FACTA and the Bank Secrecy Act by extension, financial institutions were required to develop a written Customer Identification Program (CIP). The Patriot Act requires that the CIP be integrated into the institutions Bank Secrecy Act and Anti-Money Laundering safeguards. Our credit union clients, of course, fall within the definition of “financial institutions” and thus are bound by the Patriot Act.
The CIP must set forth procedures and guidelines that would allow the credit union to form a “reasonable belief” as to the identity of the members they serve. The legislative intent was aimed at stifling identity theft and in turn terrorism.
So the million dollar question remains, “What allows the credit union to form “reasonable belief?”
The spirit of the requirement indicates that the totality of the circumstances can establish a “reasonable belief.” This begins with the opening of the account, where a credit union must obtain the following minimum information: member’s name, date of birth, address, and social security number. This initial information may be obtained solely based on the application the customer completes. However, best practices dictates that the credit union verify this information. Note that verification is not strictly required if a pre-established risk analysis so determines.
When verification is sought, it is usually achieved by traditional means such as the production of a Driver’s License, Government issued ID, Passport, Social Security Card, and/or Birth Certificate.
It is acknowledged however, that traditional forms of identification may not always be available. In these instances, a credit union may choose to verify through other means. For example, a credit union may compare information with other creditors, credit reporting agencies, or with public records such as property deeds or voters registrations. It has even been said that some financial institutions opened accounts using information verified by criminal mug shots, automobile titles, and even a rental agreement for a boat slip.
In the end, credit unions are only required to verify enough information to form a “reasonable belief” as to their members’ identity. If this sounds subjective, it is. As mentioned, traditional identification is not mandatory but clearly is the most reliable means of verification. A credit union should think twice before it creates a situation where it must defend its practices after inaccurately identifying a member through shoddy verification.
The credit union is best protected by establishing strict, clear, concise protocols to verify information when traditional identification is both available and unavailable; and alternatively define when a “reasonable belief” can not be formed. If a credit union stringently follows their own established procedures, then their subjective “reasonable belief” should stand up to scrutiny.