The Financial Crimes Enforcement Network and the Office of the Comptroller of the Currency released separate statements on December 16, 2021 announcing the assessment of $8 million and $1 million civil penalties, respectively, against the CommunityBank of Texas, N.A., for willful violations of the Bank Secrecy Act.
CommunityBank is a financial institution within the meaning of the BSA and its implementing regulations, and is subject to regular examinations by the OCC. The bank admitted to the statement of facts incorporated into the consent order, which recites that between 2015 and 2019, the bank had an anti-money laundering program in place. The program, however, used an automated AML monitoring system that generated suspicious activity alerts that were sent to an AML analyst for review. The analyst was required to elevate suspicious activity to a Suspicious Activity Report committee, which would file a SAR when this was warranted. The system generated so many case alerts for potentially suspicious activity, that the bank’s BSA officer exempted some customers’ accounts from the program on the grounds that their activity was “well-known” – yet these customers included several individuals later arrested or convicted of financial crimes. For some accounts, the bank’s analysts closed case alerts without analyzing the activity that triggered the alert, on the pre-set grounds that “a SAR was previously filed and is not due for review at this time.”
FinCEN found that inadequate resources were allocated to the AML program, and the compliance office was understaffed. Each analyst reviewed an average of 100 case alerts daily; for many of these, the analyst did not review supporting documents such as cash deposit slips, wire transcripts and check images. Customer due diligence for the bank was performed in part through the same automated AML monitoring system, and customers were assigned risk ratings based on information obtained from questionnaires. In fact, the required information was not always obtained; nor was it updated when circumstances indicated that it should be. For incomplete questionnaires, the AML staff would ask customer account officers to fill in the missing information, rather than consulting with the customers themselves.
Another function of the bank’s automated AML monitoring system was to generate monthly reports comparing customers’ actual transactions with the bank’s expectations for their accounts, and comparing account activity with peer customers’ activity as well. This method caused the bank to miss patterns of activity that, if understood by the bank, might have raised concerns – for example, when month over month activity was consistent, the system would not flag accounts despite unusually high transaction volumes. And although the monitoring system could have generated monthly High Risk Reports, CommunityBank staff did not generally make use of this function.
FinCEN found that as a result of these deficiencies in the implementation of its AML program, the bank willfully failed to file 17 SARs, despite having reason to believe that some of its customers were subjects of criminal investigation. Examples given in the consent order include one customer who, together with family members, controlled approximately 19 accounts at the bank, received large wire transfers or sequential check deposits into what was purportedly a used car business account – some of the payments originating with known gamblers – and frequently transferred funds between accounts in the bank or at other banks. Although this customer was rated by CommunityBank as “high-risk,” and the BSA officer flagged some of the customer’s activity as suspicious, alerts were not raised, and only one SAR was ever filed about the suspicious activity. In fact, in 2019 members of the customer’s family pleaded guilty to tax evasion and money laundering charges connected with an illegal gambling operation, the proceeds of which moved, in part, through the customer’s account at CommunityBank. The consent order describes two other customers for whose accounts, in similar circumstances, the bank failed to file SARs.
In light of these facts, FinCEN determined that CommunityBank had willfully failed to implement a BSA-compliant anti-money laundering program, and had willfully failed to report suspicious transactions to FinCEN in an accurate and timely manner, in violation of 31 USC §§ 5318(h)(1) and (g), and 31 CFR §§ 1020.210 and 320.
In imposing a civil monetary penalty, FinCEN took into consideration the gravity of the violations, the potentially serious harm to the public caused by the misconduct, the limited harm it caused to the financial system and to FinCEN’s mission, the fact that the violations were centered within the AML office, and were not pervasive throughout the bank. FinCEN also took into account the bank’s failure to disclose the violations in a timely or voluntary manner. Considerations in the bank’ favor include its clean record in terms of regulatory enforcement, and its cooperation and responsiveness during the course of the investigation. FinCEN also took into account the parallel investigation undertaken by the OCC, and the $1 million civil penalty imposed by the OCC for related violations. In light of these factors, FinCEN imposed a civil money penalty of $8 million, but gave the bank credit for its satisfaction of the OCC’s $1 million penalty, requiring the payment of only $7 million.