Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

The FDIC's Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

This is the accessible text file for FDIC OIG report number AUD-14-009 entitled 'The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions'

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments

We have maintained the structural and data integrity of the original printed product in this text file to the extent possbile. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file is an exact electronic replica of the printed version.

FDIC Office of Inspector General

Office of Audits and Evaluations

Report No. AUD-14-009 The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

Executive Summary

The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions

Report No. AUD-14-009

August 2014

Why We Did The Audit

FDIC-supervised financial institutions are responsible for developing and administering a program to assure and monitor compliance with the Bank Secrecy Act (BSA) and related regulations (referred to herein as a BSA Compliance Program). The FDIC is responsible for regularly reviewing BSA Compliance Programs, communicating identified deficiencies and apparent violations to the institution’s management and Board of Directors (and other regulatory authorities, as appropriate), and taking supervisory action to address the associated risks.

The objective of this performance audit was to determine how the FDIC has responded to BSA and antimoney laundering (AML) concerns identified in reports of examination. To address the objective, we determined the extent and types of supervisory actions that the FDIC has taken to address BSA/AML concerns. We also assessed the extent to which supervisory actions, including referrals of apparent violations to other federal agencies, comply with applicable statutes; interagency policy and guidance; and FDIC policies, procedures, and guidelines. Further, we evaluated the consistency of the Division of Risk Management Supervision’s (RMS) Regional Offices in applying BSA/AML-related policies, procedures, and guidelines.

Background

Within the FDIC, RMS has primary responsibility for examining financial institutions for compliance with the BSA and related regulations. Because RMS considers BSA compliance to be a matter of safety and soundness, each on-site risk management examination includes an assessment of the institution’s BSA Compliance Program. Any deficiencies in BSA Compliance Programs or apparent violations of BSA-related regulations identified by examiners are documented in reports of examination and visitation reports that are provided to the institution’s management and Board of Directors. The FDIC’s primary system of record for recording information about BSA examinations and related supervisory activities is the Virtual Supervisory Information on the Net (ViSION).

Audit Results

The FDIC responds to BSA/AML concerns identified in reports of examination through the implementation of supervisory actions. Such actions can range from examiner recommendations that address isolated BSA/AML deficiencies to formal enforcement actions that address systemic weaknesses in BSA Compliance Programs. Serious BSA concerns can also result in referrals to the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) for the issuance of Civil Money Penalties (CMP).

During the 4-year period October 1, 2009, through September 30, 2013, the FDIC and/or applicable state regulator cited FDIC-supervised institutions for 3,294 apparent violations of BSA-related regulations, agreed to or issued 175 BSA-related informal and formal enforcement actions, and made 22 referrals to FinCEN for CMPs. In addition, the reports of examination and visitation reports that we reviewed identified the specific BSA regulations that were violated, the nature and causes of the violations, the recommended corrective actions, and the institutions’ management responses. Further, follow-up examinations and visitations were generally conducted in a timely manner.

Our review of the FDIC’s supervisory actions to address BSA/AML concerns at 51 non-statistically sampled financial institutions found that the actions were generally consistent with applicable statutory requirements, interagency policy and guidance, and FDIC policies, procedures, and guidelines. However, in 4 of 15 cases involving BSA Compliance Program failures and/or repeat apparent violations of BSA program requirements, stronger or earlier supervisory action in the form of a formal enforcement action may have been warranted. Based on the results of subsequent examinations, two of the four institutions took action to improve their BSA Compliance Programs. Although FDIC management provided a rationale for the supervisory approach applied in these cases, promptly issuing formal enforcement actions would have established a supervisory tenor of expectations consistent with interagency policy. Our review of supervisory actions to address BSA/AML concerns also identified a potential control improvement with respect to recording in ViSION the status and disposition of CMP referrals to FinCEN.

The FDIC has established a number of controls to promote consistency among RMS Regional Offices in applying BSA/AML-related policies, procedures, and guidelines. Such controls include, for example, bimonthly meetings between the Regional Offices and RMS headquarters’ Anti-Money Laundering and Risk Analysis Branch to discuss BSA/AML problem institutions, the examination report review process, and periodic internal reviews by RMS’ Internal Control and Review Section. In addition, RMS’ Regional Offices generally appeared to apply BSA/AML-related policies, procedures, and guidelines in a consistent manner for the institutions that we reviewed. However, Regional Office procedures for monitoring institutions with significant BSA/AML problems were not always current. In addition, we noted differences among these Regional Office procedures that warrant review by RMS management.

Reviewing and addressing the above issues, as appropriate, will provide the FDIC with greater assurance that its supervisory responses to BSA/AML concerns are consistent and compliant with applicable statutory requirements; interagency policy and guidance; and FDIC policies, procedures, and guidelines.

We identified certain other matters that we did not consider significant in the context of the audit results, and we communicated those separately to appropriate FDIC management officials.

Recommendations and Corporation Comments

Our report contains three recommendations addressed to the Director, RMS, that are intended to improve RMS’ internal controls for addressing BSA/AML concerns identified during examinations of FDICsupervised institutions. The Director, RMS, provided a written response, dated July 31, 2014, to a draft of this report. In the response, the Director concurred with all three of the report’s recommendations and described planned corrective actions that address the recommendations.

[End of section]

Background

Requirements for FDIC-Supervised Institutions The FDIC’s BSA/AML Program Key Policies, Procedures, and Guidelines

Audit Results

Supervisory Actions to Address BSA/AML Concerns

Compliance with Applicable Statutes; Interagency Policy and Guidance; and FDIC Policies, Procedures, and Guidelines

Use of Cease and Desist Orders to Address Significant BSA/AML Concerns

Recording Information in ViSION About Referrals to FinCEN

Regional Office Consistency in Applying BSA/AML-related Policies, Procedures, and Guidelines

Regional Office Procedures for Monitoring Institutions with Significant BSA/AML Problems

Corporation Comments and OIG Evaluation

Appendices 1. Objective, Scope, and Methodology 2. Glossary of Terms 3. Acronyms and Abbreviations 4. Corporation Comments 5. Summary of the Corporation’s Corrective Actions

Tables 1. Selected Statistics Pertaining to BSA Examinations and Visitations 2. Selected Statistics Pertaining to BSA/AML Supervisory Actions 3. Institutions with Informal and Formal Supervisory Actions and Referrals 4. Institutions Without Informal and Formal Supervisory Actions and Referrals

[End of section]

[FDIC Letterhead] Federal Deposit Insurance Corporation Office of Inspector General Office of Audits and Evaluations 3501 Fairfax Drive, Arlington, Virginia 22226 [End of letterhead]

DATE: August 21, 2014

MEMORANDUM TO: Doreen R. Eberley, Director Division of Risk Management Supervision

FROM: Stephen M. Beard /Signed/ Deputy Inspector General for Audits and Evaluations

SUBJECT: The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions (Report No. AUD-14-009)

This report presents the results of our audit of the FDIC’s response to Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) concerns identified during examinations of FDIC-supervised financial institutions.1 FDIC-supervised financial institutions are responsible for developing and administering a program to assure and monitor compliance with the BSA and related regulations (referred to herein as a BSA Compliance Program). The FDIC is responsible for regularly reviewing BSA Compliance Programs, communicating identified deficiencies and apparent violations to the institution’s management and Board of Directors (and other regulatory authorities, as appropriate), and taking supervisory action to address the associated risks.

Footnote 1: The BSA is sometimes referred to as an anti-money laundering law or jointly as BSA/AML. Terms that are underlined when first used in this report are defined in Appendix 2, Glossary of Terms.

The audit objective was to determine how the FDIC has responded to BSA/AML concerns identified in reports of examination. To address this objective, we determined the extent and types of supervisory actions that the FDIC has taken to address BSA/AML concerns. We also assessed the extent to which supervisory actions, including referrals of apparent violations to other federal agencies, comply with applicable statutes; interagency policy and guidance; and FDIC policies, procedures, and guidelines. Further, we evaluated the consistency of the Division of Risk Management Supervision’s (RMS) Regional Offices in applying BSA/AML-related policies, procedures, and guidelines. We based our conclusions, in part, on a detailed analysis of supervisory actions taken to address BSA/AML concerns for a non-statistical sample of 51 financial institutions.2

Footnote 2: A non-statistical sample is judgmental and cannot be projected to the population. See Appendix 1 for details regarding our sampling methodology.

We conducted this performance audit in accordance with generally accepted government auditing standards. Appendix 1 of this report includes additional information about our objective, scope, and methodology; Appendix 2 contains a glossary of key terms; Appendix 3 contains a list of acronyms and abbreviations; Appendix 4 contains the Corporation’s comments on this report; and Appendix 5 contains a summary of the Corporation’s corrective actions.

Background

In 1970, the Congress passed the Currency and Foreign Transactions Reporting Act— commonly referred to as the BSA—to facilitate the detection and prevention of money laundering. The statute established certain requirements for recordkeeping and reporting by private individuals, banks, and other financial institutions to help identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions. Specifically, the BSA requires individuals, banks, and other financial institutions to file currency reports with the Department of the Treasury (the Treasury), properly identify persons conducting transactions, and maintain appropriate records of financial transactions. Such records enable law enforcement and regulatory agencies to pursue investigations of criminal, tax, and regulatory violations, if warranted, and provide evidence useful in prosecuting money laundering and other financial crimes.

Increasingly sophisticated money laundering activities and growing concerns about terrorist financing prompted the Congress to enact a number of amendments to the BSA since its passage in 1970. One such amendment was the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (also known as the USA PATRIOT Act). This legislation, which was enacted after the September 11, 2001, terrorist attacks on the United States, was intended to facilitate the prevention, detection, and prosecution of international money laundering and the financing of terrorism.

The Treasury’s Financial Crimes Enforcement Network (FinCEN) has overall responsibility for the administration and enforcement of the BSA. In this role, FinCEN is responsible for (among other things) issuing regulations and interpretative guidance, engaging in industry outreach activities, providing investigative case support to law enforcement, and pursuing civil money penalties (CMPs) against entities and individuals, when warranted. In addition, the federal banking agencies, including the FDIC, have statutory authority to regulate and examine the financial institutions under their supervision for BSA/AML compliance.3 Specifically, section 8(s) of the Federal Deposit Insurance Act (FDI Act) (codified to 12 U.S.C. 1818(s)) requires the federal banking agencies to prescribe BSA-related regulations, review BSA Compliance Programs during examinations, describe any identified problems in reports of examination, and issue formal orders under certain circumstances.4 FinCEN relies on the federal banking agencies to examine financial institutions for BSA compliance and coordinates with the agencies when pursuing CMPs.

Footnote 3: The federal banking agencies consist of the FDIC, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the National Credit Union Administration. Other federal agencies (i.e., the Securities and Exchange Commission, the Commodity Futures Trading Commission, and the Internal Revenue Service) also have BSA compliance-related responsibilities for certain entities.

Footnote 4: Formal orders, also known as enforcement actions, refer to Cease-and-Desist Orders (C&D) or Consent Orders. Our report also references informal actions, which are typically Bank Board Resolutions (BBR) or Memoranda of Understanding (MOU).

Requirements for FDIC-Supervised Institutions

Section 326, Subpart B, Procedures for Monitoring Bank Secrecy Act Compliance, of the FDIC Rules and Regulations requires FDIC-supervised financial institutions to establish and maintain procedures reasonably designed to assure and monitor compliance with the requirements of the BSA and the implementing regulations promulgated thereunder by the Treasury at 31 Code of Federal Regulations (C.F.R.) Chapter X. These procedures, also known as BSA Compliance Programs, must be in writing and approved by the institution’s Board of Directors. At a minimum, each BSA Compliance Program must include:

- a system of internal controls to assure ongoing compliance with the BSA,

- independent testing for BSA/AML compliance,

- a designated individual or individuals responsible for coordinating and monitoring day-to-day BSA/AML compliance, and

- training for appropriate personnel.

In addition, section 326 requires BSA Compliance Programs to include a Customer Identification Program with risk-based procedures that enable the institution to form a reasonable belief that it knows the true identity of its customers. The Customer Identification Program and the four program requirements outlined above are referred to as the “pillars” of a successful BSA Compliance Program.

The FDIC’s BSA/AML Program

Within the FDIC, RMS has primary responsibility for examining financial institutions for compliance with the BSA and related regulations. RMS’ Anti-Money Laundering and Risk Analysis Branch in the Washington, D.C. Office provides overall direction for the BSA/AML program, including policy development, administration of the examination process, and coordination with outside agencies, such as FinCEN, the Department of Justice (DOJ), and other federal banking agencies. Because RMS considers BSA compliance to be a matter of safety and soundness, each on-site risk management examination includes an assessment of the institution’s BSA Compliance Program.5 In addition, RMS may conduct on-site BSA visitations between examinations to determine changes in an institution’s risk profile, monitor compliance with a corrective program, investigate adverse or unusual situations, or determine progress in correcting deficiencies. Table 1 contains selected statistics related to BSA examinations and visitations conducted by the FDIC and/or applicable state regulator during the fiscal years ended September 30, 2010-2013.

Footnote 5: In general, the FDIC is required to conduct on-site examinations of the institutions it supervises at least once every 12 months. The annual examination interval may be increased to 18 months for small institutions under certain circumstances.

Table 1: Selected Statistics Pertaining to BSA Examinations and Visitations

(Fiscal Year Ended September 30)

Row 1 2010 - Number of FDIC-Supervised Financial Institutions: 4,785 2011 - Number of FDIC-Supervised Financial Institutions: 4,651 2012 - Number of FDIC-Supervised Financial Institutions: 4,516 2013 - Number of FDIC-Supervised Financial Institutions: 4,354

Row 2 2010 - Number of BSA Examinations and Visitations Conducted: 3,918 2011 - Number of BSA Examinations and Visitations Conducted: 3,917 2012 - Number of BSA Examinations and Visitations Conducted: 3,722 2013 - Number of BSA Examinations and Visitations Conducted: 3,523

Row 3 2010 - FDIC Examinations*: 2,722 2011 - FDIC Examinations*: 2,815 2012 - FDIC Examinations*: 2,678 2013 - FDIC Examinations*: 2,413

Row 4 2010 - FDIC Visitations: 42 2011 - FDIC Visitations: 31 2012 - FDIC Visitations: 39 2013 - FDIC Visitations: 50

Row 5 2010 - State Banking Agency Examinations**: 1,154 2011 - State Banking Agency Examinations**: 1,071 2012 - State Banking Agency Examinations**: 1,005 2013 - State Banking Agency Examinations**: 1,060



Source: OIG analysis of annual and quarterly reports submitted by the FDIC to FinCEN. * Includes examinations conducted jointly with state banking agencies. ** Reflects examinations conducted by state banking agencies and reviewed by the FDIC under an established joint or alternate examination program where the examination is not conducted jointly with the FDIC.

[End of table]

The FDIC’s primary system of record for recording information about BSA examinations and related supervisory activities is the Virtual Supervisory Information on the Net (ViSION). A number of other FDIC supervisory information systems are also used to record BSA/AML information.

Key Policies, Procedures, and Guidelines

The federal banking agencies have issued various policies and guidance that are intended to promote a consistent supervisory approach for addressing BSA/AML risks and compliance at insured institutions. These include the:

- Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements (Interagency Policy Statement). Issued in July 2007, the Interagency Policy Statement sets forth the federal banking agencies’ policy on the circumstances in which an agency will issue a C&D to address noncompliance with certain BSA/AML requirements.

- Bank Secrecy Act/Anti-Money Laundering Examination Manual. Issued by the Federal Financial Institutions Examination Council (FFIEC) in June 2005 (and updated in April 2010), the manual provides an overview of BSA/AML requirements, risks and risk management expectations, sound industry practices, and examination procedures.

In addition, the FDIC has issued BSA/AML-related policies, procedures, and guidelines to its examination staff. For example, the Risk Management Manual of Examination Policies contains procedures for assessing BSA Compliance Programs and addressing related concerns; the Formal and Informal Action Procedures Manual provides guidelines regarding when and under what circumstances informal or formal supervisory actions should be considered; and other RMS policies, procedures, and guidelines address various BSA-related supervisory activities, such as issuing enforcement actions, referring apparent violations to FinCEN, and planning for examinations and testing transactions. In addition, RMS Regional Offices have issued supplemental procedures for monitoring financial institutions with significant BSA/AML problems. Finally, the FDIC has issued Financial Institution Letters and conducted industry outreach activities to address BSA/AML issues and risks.

[End of section]

Audit Results

The FDIC responds to BSA/AML concerns identified in reports of examination through the implementation of supervisory actions. Such actions can range from examiner recommendations that address isolated BSA/AML deficiencies to formal enforcement actions that address systemic weaknesses in BSA Compliance Programs. Serious BSA concerns can also result in referrals to FinCEN for CMPs. During the 4-year period October 1, 2009, through September 30, 2013, the FDIC and/or applicable state regulator cited FDIC-supervised institutions for 3,294 apparent violations of BSA-related regulations, agreed to or issued 175 BSA/AML-related informal and formal enforcement actions, and made 22 referrals to FinCEN for CMPs.

Our review of the FDIC’s supervisory actions to address BSA/AML concerns at selected financial institutions found that the actions were generally consistent with applicable statutory requirements; interagency policy and guidance; and FDIC policies, procedures, and guidelines. However, we did identify instances in which a formal enforcement action to address BSA Compliance Program failures and/or repeat apparent violations of BSA program requirements may have been warranted or taken earlier. We also identified a potential control improvement with respect to recording in ViSION the status and disposition of referrals to FinCEN for the issuance of CMPs.

RMS’ Regional Offices generally appeared to apply BSA/AML-related policies, procedures, and guidelines in a consistent manner for the institutions that we reviewed. However, Regional Office procedures for monitoring institutions with significant BSA/AML problems were not always current. In addition, we noted differences among these Regional Office procedures that warrant review by RMS management.

Reviewing and addressing the above issues, as appropriate, will provide the FDIC with greater assurance that its supervisory responses to BSA/AML concerns are consistent and compliant with applicable statutory requirements; interagency policy and guidance; and FDIC policies, procedures, and guidelines.

We identified certain other matters that we did not consider significant in the context of the audit results, and we communicated those separately to appropriate FDIC management officials.

[End of section]

Supervisory Actions to Address BSA/AML Concerns

Examiners are responsible for documenting deficiencies in BSA Compliance Programs and apparent violations of BSA-related regulations in reports of examination and visitation reports and providing these reports to the institution’s management and Board of Directors. Deficiencies and apparent violations can often be successfully addressed through examiner recommendations and/or discussions with the institution’s management and Board of Directors. However, serious concerns, such as BSA Compliance Program failures or repeat apparent violations of BSA program requirements, may require stronger supervisory action, such as an informal or formal enforcement action. Table 2 contains selected statistics related to BSA/AML supervisory actions taken by the FDIC for the fiscal years ended September 30, 2010-2013.

Table 2: Selected Statistics Pertaining to BSA/AML Supervisory Actions

(Fiscal Year Ended September 30)

Row 1 2010 - Number of Financial Institutions Cited for Apparent Violations: 490 2011 - Number of Financial Institutions Cited for Apparent Violations: 498 2012 - Number of Financial Institutions Cited for Apparent Violations: 463 2013 - Number of Financial Institutions Cited for Apparent Violations: 435

Row 2 2010 - Number of Apparent Violations Cited: 806 2011 - Number of Apparent Violations Cited: 920 2012 - Number of Apparent Violations Cited: 818 2013 - Number of Apparent Violations Cited: 750

Row 3 2010 - Number of Informal and Formal Actions Imposed on FDICsupervised Financial Institutions: 43 2011 - Number of Informal and Formal Actions Imposed on FDICsupervised Financial Institutions: 42 2012 - Number of Informal and Formal Actions Imposed on FDICsupervised Financial Institutions: 42 2013 - Number of Informal and Formal Actions Imposed on FDICsupervised Financial Institutions: 48

Row 4 2010 - Formal Actions: 11 2011 - Formal Actions: 18 2012 - Formal Actions: 16 2013 - Formal Actions: 19

Row 5 2010 - Informal Actions: 32 2011 - Informal Actions: 24 2012 - Informal Actions: 26 2013 - Informal Actions: 29

Source: OIG analysis of annual and quarterly reports submitted by the FDIC to FinCEN.

[End of table]

Serious BSA/AML concerns can also result in referrals to FinCEN for CMPs against an institution or its partners, directors, officers, or employees. During the 4-year period covered in the table above, the FDIC made 22 referrals to FinCEN for the issuance of CMPs. During the same period, a total of five BSA-related CMPs were issued against FDIC-supervised institutions totaling $27,775,000. In cases involving apparent willful violations of money laundering statutes, FinCEN may also engage DOJ for possible criminal prosecution.

Our review of selected reports of examination and visitation reports for a non-statistical sample of 51 financial institutions found that the reports identified the specific BSA regulations that were violated, the nature and causes of the apparent violations, the recommended corrective actions, and the institutions’ management responses. Further, follow-up examinations and visitations were generally conducted in a timely manner.

[End of section]

Compliance with Applicable Statutes; Interagency Policy and Guidance; and FDIC Policies, Procedures, and Guidelines

Our review of the FDIC’s supervisory actions to address BSA/AML concerns at selected financial institutions found that the actions were generally consistent with applicable statutory requirements, interagency policy and guidance, and FDIC policies, procedures, and guidelines. However, as described below, we did identify potential control improvements with respect to the use of formal enforcement actions to address significant BSA/AML concerns and recording the status and disposition of referrals to FinCEN for CMPs.

Use of Cease and Desist Orders to Address Significant BSA/AML Concerns

Section 8(s)(3) of the FDI Act states that the appropriate federal banking agency shall issue a C&D against an insured depository institution that fails to (a) establish and maintain a reasonably designed BSA Compliance Program or (b) correct any previously reported problem with a BSA Compliance Program. In light of these requirements, the federal banking agencies issued the Interagency Policy Statement that defines the circumstances in which the agencies will issue a C&D to address noncompliance with BSA/AML requirements. Specifically, the Interagency Policy Statement explains that the appropriate federal banking agency will issue a C&D, based on a careful review of relevant facts and circumstances, if an institution:

- Fails to have a written BSA Compliance Program, including a Customer Identification Program, that adequately covers the required program elements (i.e., internal controls, independent testing, designated compliance personnel, and training); or

- Fails to implement a BSA Compliance Program that adequately covers the required program elements; or

- Has defects in its BSA Compliance Program in one or more program elements that indicate either the written program or its implementation is not effective.

For example, an institution that has procedures to provide training to appropriate personnel, independent testing, and a designated BSA Compliance Officer, would still be subject to a C&D if its system of internal controls (such as customer due diligence, procedures for monitoring suspicious activity, or an appropriate risk assessment) fails with respect to a high-risk area or to multiple lines of business that significantly impact the institution’s overall BSA compliance. However, other types of deficiencies in a BSA Compliance Program or in the implementation of one or more of the required program elements may not result in the issuance of a C&D, unless the deficiencies are so severe as to render the BSA Compliance Program ineffective when viewed as a whole.

The Interagency Policy Statement also states that a C&D will be issued, based on a careful review of relevant facts and circumstances, if an institution fails to correct a previously reported problem with its BSA Compliance Program.6 For example, failure to take any action in response to an express criticism in a report of examination regarding a failure to appoint a qualified BSA Compliance Officer could be viewed as an uncorrected problem that would result in a C&D. However, a failure to correct a BSA Compliance Program problem would not ordinarily require a C&D unless the deficiencies subsequently found are substantially the same as those previously reported to the institution.

Footnote 6: In order to be considered a “problem” within the meaning of section 8(s)(3)(B), a deficiency would ordinarily involve a serious defect in one or more of the required components of the BSA Compliance Program (or implementation thereof) that a report of examination or other written supervisory communication identifies as requiring communication to the institution’s Board of Directors or senior management as a matter that must be corrected.

Analysis of Supervisory Actions at Selected Institutions

We reviewed the FDIC’s supervisory actions to address significant BSA/AML concerns for a non-statistical sample of 15 financial institutions. In all 15 cases, examiners had criticized the institution in a report of examination or visitation report for failing to have an adequate BSA Compliance Program and/or to correct a previously reported violation of a BSA program requirement. Consistent with applicable statutory requirements, the Interagency Policy Statement, and FDIC policies, procedures, and guidelines, we found that the FDIC had issued (or was in the process of issuing) a BSA-related C&D or Consent Order against 12 of the 15 institutions to address the identified concerns. However, for two of the remaining three institutions, examiners recommended in a report of examination that the identified BSA/AML concerns be corrected, but no BSA-related enforcement action was taken. For the other institution, the FDIC coordinated the adoption of a BBR. Based on our review of the circumstances for these three institutions, formal enforcement actions may have been warranted. A brief description of the circumstances pertaining to these three institutions follows, including RMS’ rationale for the supervisory approach applied in these cases.

- A May 2012 report of examination stated that an institution’s BSA Compliance Program was inadequate; made recommendations for the institution to develop an adequate BSA Compliance Program to include appointing a BSA Compliance Officer, providing a system of internal controls, scheduling and performing independent reviews of the institution’s BSA Compliance Program, and providing and documenting training to appropriate personnel; and cited apparent violations of all five program requirements in section 326.8 of the FDI Act. One of the violations was a repeat violation. At the time of the examination, the institution had been operating under a Consent Order for safety and soundness issues since December 2008. Examiners initially intended to modify the Consent Order after the May 2012 examination to address the apparent BSA violations. However, RMS officials informed us that a modification was not issued because CMPs against the institution were being considered for non-compliance with the Consent Order.

A December 2012 visitation report indicated that the institution was taking steps to improve its BSA Compliance Program, but that an independent review of the program had resulted in 29 recommendations for improvement. The June 2013 report of examination indicated that the institution’s BSA Compliance Program was adequate, although the report also made recommendations in the areas of BSA training and the institution’s Enhanced Due Diligence program

- A March 2012 report of examination cited a repeat apparent violation for an institution’s failure to train appropriate personnel and recommended training for the BSA Compliance Officer. At the time of the examination, the institution had been operating under a Consent Order for safety and soundness issues since July 2010. RMS officials informed us that the Consent Order was not modified to address the repeat apparent violation because the institution hired a BSA Compliance Officer during the examination and provided training 2 months after the examination was completed. The BSA Compliance Officer resigned before the start of the April 2013 examination and a new BSA Compliance Officer was appointed during the examination. As a result of this examination, examiners cited four apparent violations, including ineffective internal controls, a failure to designate a BSA Compliance Officer, a failure to provide adequate BSA training, and a failure to file a timely suspicious activity report. Additionally, the April 2013 report of examination included recommendations to strengthen BSA/AML internal controls to adequately monitor and control the BSA function. A modified Consent Order was drafted but not implemented before the institution was closed in October 2013.

- An October 2012 report of examination cited a repeat apparent violation for an institution’s failure to provide adequate BSA/AML internal controls. The report indicated that although some effort had been made to improve the BSA Compliance Program after the prior examination, numerous BSA control issues remained, including significant turnover in the BSA Compliance Officer position, system limitations, noncompliance with reporting requirements, and a lack of familiarity with BSA regulatory requirements by institution personnel. The report included recommendations addressing each of these areas. The institution was already operating under a BBR to address apparent BSA violations identified during the prior examination. The BBR was modified in May 2013 to address the BSA/AML concerns identified during the October 2012 examination. RMS officials informed us that they did not pursue a Consent Order because the bank had made significant strides in improving its BSA Compliance Program and RMS considered the underlying issues leading to the repeat apparent violation to be different from the prior examination. The November 2013 report of examination indicated that the institution’s BSA Compliance Program was satisfactory, although the report did recommend improvements to the institution’s risk assessment policies.

We also noted that a formal enforcement action to address BSA/AML concerns at one of the 12 institutions could have been implemented sooner. Specifically, a May 2012 visitation report stated that an institution’s BSA Compliance Program was unsatisfactory and cited an apparent violation related to internal controls. The July 2012 examination reiterated the results of the May 2012 visitation. In October 2012, the FDIC entered into an MOU with the institution to address (among other things) the BSA/AML concerns. A February 2013 visitation report stated that the institution’s BSA Compliance Program remained unsatisfactory and described continuing systemic BSA/AML weaknesses. The report cited a repeat apparent violation related to internal controls and a new violation for a failure to designate a BSA Compliance Officer. The August 2013 report of examination stated that systemic BSA weaknesses continued to exist and cited two repeat apparent violations. Based on the results of the August 2013 examination, the FDIC issued a Consent Order in February 2014.

We recognize that in two of the four instances discussed above, the institutions took action to improve their BSA Compliance Programs. Nevertheless, issuing a formal enforcement action would have established a supervisory tenor of expectations consistent with the Interagency Policy Statement.

We discussed the results of our analysis with RMS officials in the Anti-Money Laundering and Risk Analysis Branch. During those discussions, these officials indicated that additional steps could be taken to enhance their processes and approach for determining supervisory responses to address significant BSA/AML concerns. For example, the officials acknowledged that it would be prudent to document the rationale for not pursuing a formal enforcement action to address an inadequate BSA Compliance Program or correct a previously-reported apparent violation of a BSA program requirement, as in the instances described above. In our view, such decisions should also require the written concurrence of the Anti-Money Laundering and Risk Analysis Branch. These RMS officials also indicated that they were considering the adoption of new metrics and greater use of data analytics to facilitate the identification of BSA/AML problems at institutions and their communications with the Regional Offices.

Recommendation

We recommend that the Director, RMS:

1. Review and enhance, as appropriate, RMS’ processes and approach for determining supervisory responses to inadequate BSA Compliance Programs and/or repeat apparent violations of BSA program requirements.

Recording Information in ViSION About Referrals to FinCEN

RMS has established a series of Action Codes within ViSION that indicate whether an institution is subject to certain supervisory actions or activities. For example, Action Codes indicate whether an institution is subject to an informal action, a formal enforcement action, a referral to FinCEN for CMPs, or has one or more repeat apparent BSA program violations. RMS policy requires that certain Action Codes be accompanied by a comment in ViSION by the Washington Office.

We reviewed a non-statistical sample of 35 financial institutions with Action Codes requiring a comment in ViSION to determine whether the required comment had, in fact, been recorded in the system. Each of the 35 institutions had one or more Action Codes indicating that the institution was the subject of (a) an informal action, (b) a formal enforcement action, and/or (c) a referral to FinCEN for CMPs.7 Of the 34 institutions in our sample that had Action Codes indicating an informal or formal enforcement action, all contained comments related to the actions. However, ViSION did not contain comments for 8 of 10 institutions in our sample that had Action Codes indicating a referral to FinCEN for CMPs. Absent such comments, we were unable to determine whether the referrals had been returned by FinCEN without action or what supervisory action, if any, RMS planned to take.

Footnote 7: Nine of the institutions had two Action Codes (i.e., a formal enforcement action and a referral to FinCEN for CMPs).

We spoke with RMS officials in the Anti-Money Laundering and Risk Analysis Branch about the exceptions we identified and learned that it was not their practice to include comments in ViSION about referrals to FinCEN. Rather, information about referrals, including their status and communications with FinCEN, is maintained outside of ViSION in an Excel spreadsheet in the Washington, D.C. Office.8 The RMS officials explained that the status of referrals to FinCEN generally does not change significantly while FinCEN is reviewing a referral and that including comments in ViSION about referrals would be of little benefit. Nevertheless, RMS officials acknowledged that their practices in this area should be consistent with RMS policy and that they would coordinate with the Regional Offices to determine whether current practices, policy, or both, should be modified. As part of this effort, RMS should clarify the nature of information that should be maintained about referrals to ensure consistency.

Footnote 8: With respect to the eight exceptions we identified, RMS officials informed us that FinCEN had returned six referrals to the FDIC without taking action. FinCEN was still reviewing the remaining two referrals.

Recommendation

We recommend that the Director, RMS:

2. Review and modify, as appropriate, RMS policy and practices for recording the status and disposition of referrals to FinCEN for CMPs.

[End of section]

Regional Office Consistency in Applying BSA/AMLrelated Policies, Procedures, and Guidelines

The FDIC has established a number of controls to promote consistency among RMS Regional Offices in applying BSA-related policies, procedures, and guidelines. Such controls included, for example, bi-monthly meetings between the Regional Offices and the Anti-Money Laundering and Risk Analysis Branch to discuss BSA/AML problem institutions, the examination report review process, and periodic internal reviews by RMS’ Internal Control and Review Section. In addition, RMS’ Regional Offices generally appeared to apply BSA-related policies, procedures, and guidelines in a consistent manner for the institutions that we reviewed. However, Regional Office procedures for monitoring institutions with significant BSA/AML problems, including maintenance of BSA Supervisory Watchlists, were not always current. In addition, we noted differences among these Regional Office procedures that warrant review by RMS management. Reviewing and updating these procedures will promote consistency in addressing BSA/AML issues across the Regional Offices.

Regional Office Procedures for Monitoring Institutions with Significant BSA/AML Problems

Each of RMS’ six Regional Offices has established written procedures to help identify and track financial institutions with significant BSA/AML problems. These procedures generally include the establishment and maintenance of BSA Supervisory Watchlists to monitor institutions with significant BSA/AML problems and facilitate the bi-monthly meetings with the Anti-Money Laundering and Risk Analysis Branch. The Regional Office procedures complement other RMS controls designed to promote financial institution compliance with BSA/AML requirements.

We reviewed the Regional Office procedures and noted that they did not fully reflect current practices in three of the six regions. In addition, we identified a number of variations in the procedures among the Regional Offices, including those described below.

- BSA Supervisory Watchlist. Procedures in four Regional Offices specifically addressed the BSA Supervisory Watchlist; however, procedures in the two remaining Regional Offices did not.

- Identification of Problem Institutions. Procedures for determining which financial institutions should be on the BSA Supervisory Watchlist varied among the Regional Offices.

- Monitoring and Tracking. Procedures in two Regional Offices addressed adding and removing financial institutions from the BSA Supervisory Watchlists; however, procedures in the four remaining Regional Offices did not.

- Notification. Procedures in four Regional Offices referenced the bi-monthly meetings with the Anti-Money Laundering and Risk Analysis Branch to discuss BSA/AML problem institutions; however, procedures in the two remaining Regional Offices did not.

Our review of the Regional Office procedures and discussions with Regional Office personnel also identified potential best practices that may benefit all Regional Offices. We provided this information to the Anti-Money Laundering and Risk Analysis Branch during the audit for its consideration.

Up-to-date policies and procedures are an important internal control for ensuring that processes are repeatable and for reducing operational risk associated with staff changes. While we recognize that differences in Regional Office procedures may evolve over time to accommodate the unique characteristics of each region’s institutions, the variations we noted warrant review by RMS management to ensure that a consistent approach is being taken to identify, track, and monitor financial institutions with significant BSA/AML problems.

Recommendation

We recommend that the Director, RMS:

3. Review and update, as appropriate, Regional Office procedures for monitoring financial institutions with significant BSA/AML problems to ensure consistency.

[End of section]

Corporation Comments and OIG Evaluation

The Director, RMS, provided a written response, dated July 31, 2014, to a draft of this report. The response is presented in its entirety in Appendix 4. In the response, the Director concurred with all three of the report’s recommendations. In a separate communication, an RMS official indicated that all corrective actions described in the response would be completed by the end of 2014. A summary of the Corporation’s corrective actions is presented in Appendix 5. The planned corrective actions are responsive to the recommendations, and the recommendations are resolved.

Appendix 1

Objective, Scope, and Methodology

Objective

The objective of this performance audit was to determine how the FDIC has responded to BSA/AML concerns identified in reports of examination. To address the audit objective, we:

- determined the extent and types of supervisory actions that the FDIC took to address BSA/AML concerns;

- assessed the extent to which supervisory actions, including referrals of apparent violations to other federal agencies, complied with applicable statutes; interagency policy and guidance; and FDIC policies, procedures, and guidelines; and

- evaluated the consistency of RMS’ Regional Offices in applying BSA/AMLrelated policies, procedures, and guidelines.

We conducted the audit from April 2013 to May 2014 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.

Scope and Methodology

To gain an understanding of the FDIC’s process and approach to responding to BSA/AML concerns identified in reports of examination, we:

- Identified and became familiar with BSA/AML statutes; interagency policy and guidance; and FDIC policies, procedures, and guidelines. Such criteria included, but was not limited to:

- Section 8(s), Compliance with Monetary Transaction Recordkeeping and Report Requirements, of the FDI Act; - Section 326.8, Bank Secrecy Act Compliance; section 353, Suspicious Activity Reports; and section 337.12, Frequency of Examination, of the FDIC Rules and Regulations; - Treasury’s 31 CFR Chapter X; - The Interagency Statement on Enforcement of Bank Secrecy Act/AntiMoney Laundering Requirements; - The Memorandum of Understanding between the federal banking agencies and FinCEN regarding information sharing; - The Bank Secrecy Act/Anti-Money Laundering Examination Manual published by the FFIEC; and - Relevant provisions of the FDIC’s Risk Management Manual of Examination Policies, the Case Manager Procedures Manual, and the Formal and Informal Action Procedures Manual, and various other RMS policies, procedures, and guidelines.

- Conducted a site visit to RMS’ Dallas Field Office in February 2013 to review selected BSA examination workpapers (which were not included in our audit sample described below) and interviewed RMS staff about the BSA examination process, including how deficiencies and apparent violations are addressed.

- Interviewed officials in RMS’ Anti-Money Laundering and Risk Analysis Branch in Washington, D.C. to obtain a program-level perspective on BSA/AML risks and issues.

- Interviewed FDIC Legal Division staff in the Atlanta, Dallas, New York, and San Francisco Regional Offices and in the Boston Area Office to discuss the FDIC’s approach and processes for issuing informal actions, formal enforcement actions, and referrals to FinCEN for CMPs.

- Spoke with FinCEN officials regarding their coordination with the FDIC in addressing BSA/AML issues at FDIC-supervised institutions.

- Contacted officials in the Treasury OIG to discuss their audit work related to BSA/AML matters.

As discussed further below, we relied on data in ViSION for purposes of determining the extent and types of supervisory actions taken by the FDIC to address BSA/AML concerns and to select a sample of institutions for detailed analysis. We determined that the data in this system was sufficiently reliable for these purposes by comparing selected data to various reports and documents generated by other information systems and to reports of examination and through discussions with management.

With respect to determining the extent and types of supervisory actions taken by the FDIC to address BSA/AML concerns, we reviewed quarterly and annual reports that the FDIC submitted to FinCEN covering the period October 1, 2009, to September 30, 2013, and reports generated by ViSION that identify (a) institutions with one or more apparent violations of BSA/AML requirements and (b) certain types of supervisory actions applicable to those institutions. The ViSION reports we reviewed were generated as of April 2, 2013, and covered all FDIC-supervised financial institutions with an examination start date between January 1, 2011, and December 31, 2012. A total of 938 institutions were included in the reports.

Appendix 1

Objective, Scope, and Methodology

To assess the extent to which the FDIC’s supervisory actions complied with applicable statutes; interagency policy and guidance; and FDIC policies, procedures, and guidelines, we analyzed the supervisory actions pertaining to a non-statistical sample of 51 FDICsupervised financial institutions. Of particular note, our audit procedures included analyses to determine whether the FDIC had complied with selected provisions of section 8(s) of the FDI Act and whether institutions were in compliance with section 326.8 of the FDIC Rules and Regulations. A description of our sampling methodology follows.

We initially selected 74 institutions from the universe of 938 institutions in the ViSION reports described above. The 74 institutions consisted of (a) 46 institutions with an informal or formal BSA/AML enforcement action and/or a referral to FinCEN for CMPs and (b) 28 institutions without a supervisory action or referral to FinCEN. We selected the group of 46 institutions by randomly choosing up to 10 institutions under the supervision of each RMS Regional Office.9 We chose these institutions in such a manner as to obtain a mix of supervisory action types. We selected the group of 28 institutions by randomly choosing up to 5 institutions under the supervision of each RMS Regional Office. We consulted with a statistician in the FDIC’s Division of Insurance and Research in developing our sampling methodology.

Footnote 9: We selected at least three institutions per Regional Office for each category of supervisory action during the period of our review, but in some regions there were fewer than three institutions in each category. In those cases, we selected all of the supervisory actions that existed in those categories.

After analyzing the supervisory actions for 51 of the 74 institutions that we initially selected, it became evident to us that we had sufficient evidence to address our audit objective. Tables 3 and 4 provide a breakdown of the number of institutions that we initially selected and the number of institutions that we actually reviewed.

Table 3: Institutions with Informal and Formal Supervisory Actions and Referrals

Row 1 Regional Office: Atlanta C&Ds or Consent Orders: 4 Informal Actions: 3 Referrals to FinCEN for CMPs: 3 Total Initially Selected: 10 Total Reviewed: 10

Row 2 Regional Office: Chicago C&Ds or Consent Orders: 4 Informal Actions: 3 Referrals to FinCEN for CMPs: 3 Total Initially Selected: 10 Total Reviewed: 10

Row 3 Regional Office: Dallas C&Ds or Consent Orders: 3 Informal Actions: 3 Referrals to FinCEN for CMPs: 0 Total Initially Selected: 6 Total Reviewed: 3

Row 4 Regional Office: Kansas City C&Ds or Consent Orders: 3 Informal Actions: 3 Referrals to FinCEN for CMPs: 0 Total Initially Selected: 6 Total Reviewed: 3

Row 5 Regional Office: New York C&Ds or Consent Orders: 1 Informal Actions: 3 Referrals to FinCEN for CMPs: 3 Total Initially Selected: 7 Total Reviewed: 4

Row 6 Regional Office: San Francisco C&Ds or Consent Orders: 3 Informal Actions: 3 Referrals to FinCEN for CMPs: 1 Total Initially Selected: 7 Total Reviewed: 5

Row 7 Regional Office: Totals C&Ds or Consent Orders: 18 Informal Actions: 18 Referrals to FinCEN for CMPs: 10 Total Initially Selected: 46 Total Reviewed: 35

Source: OIG analysis of ViSION reports.

[End of table]

Table 4: Institutions Without Informal and Formal Supervisory Actions and Referrals

Row 1 Regional Office: Atlanta Total Initially Selected: 4 Total Reviewed: 4

Row 2 Regional Office: Chicago Total Initially Selected: 4 Total Reviewed: 4

Row 3 Regional Office: Dallas Total Initially Selected: 5 Total Reviewed: 2

Row 4 Regional Office: Kansas City Total Initially Selected: 5 Total Reviewed: 2

Row 5 Regional Office: New York Total Initially Selected: 5 Total Reviewed: 2

Row 6 Regional Office: San Francisco Total Initially Selected: 5 Total Reviewed: 2

Row 7 Regional Office: Total Total Initially Selected: 28 Total Reviewed: 16

Source: OIG analysis of ViSION reports.

[End of table]

Our analysis of the 51 institutions was generally limited to information in reports of examination, visitation reports, and the FDIC’s ViSION and other supervisory information systems. Our analysis did not include a review of examination workpapers to determine whether examiners had identified all relevant BSA/AML deficiencies and apparent violations or made all relevant referrals to FinCEN. However, we did speak with RMS officials in the Anti-Money Laundering and Risk Analysis Branch to discuss the results of our analyses and the exceptions we identified.

With respect to our assessment of the FDIC’s consistency in applying BSA-related policies, procedures, and guidelines, we used the same sample of 51 institutions described above. We also reviewed Regional Office procedures for identifying and tracking financial institutions with significant BSA/AML problems (including those on the BSA Supervisory Watchlist). Further, we spoke with RMS officials in all six Regional Offices about the procedures.

We performed our audit work at the FDIC’s offices in Dallas, Texas; Arlington, Virginia; and Washington, D.C.

[End of section]

Appendix 2

Glossary of Terms

Term: Apparent Violation Definition: In the context of a BSA examination, an apparent violation is a failure on the part of a financial institution to comply with a relevant provision of a BSA-related regulation, most notably Treasury’s 31 C.F.R. Chapter X, which establishes the minimum recordkeeping and reporting requirements for currency and foreign transactions by financial institutions, or section 326, Subpart B, Procedures for Monitoring Bank Secrecy Act Compliance, of the FDIC Rules and Regulations. Apparent violations that are considered to be significant should be reviewed by the FDIC for referral to FinCEN for issuance of CMPs. Apparent violations should be communicated to the institution via a written communication, most often through the report of examination, and reported to FinCEN.

Term: Bank Board Resolution (BBR) Definition: An informal commitment adopted by a financial institution’s Board of Directors (often at the request of the FDIC) directing the institution’s personnel to take corrective action regarding specific deficiencies. BBRs may be used to strengthen and monitor an institution’s progress with regard to a particular component rating or activity.

Term: Bank Secrecy Act and AntiMoney Laundering (BSA/AML) Definition: In 1970, Congress passed the Currency and Foreign Transactions Reporting Act, commonly referred to the BSA (Public Law 91-508). This legislation established reporting and other AML requirements for domestic financial institutions. Due to the increased sophistication of money laundering activities and concerns about terrorist financing, Congress expanded AML legislation to cover more types of institutions involved in a broader range of financial transactions. For example, in 2001, Congress enacted the USA PATRIOT Act to strengthen reporting and AML requirements for securities firms, futures firms, money services businesses, and other financial institutions. The BSA is sometimes referred to as an AML statute, or jointly as BSA/AML.

Term: BSA Compliance Officer Definition: An individual designated as being responsible for managing BSA compliance

Term: BSA Supervisory Watchlists Definition: Listings of FDIC-supervised financial institutions that have significant BSA/AML problems. Each RMS Regional Office maintains its own BSA Supervisory Watchlist. The watchlists serve as management tools to facilitate the oversight and monitoring of the institutions.

Term: Cease-and-Desist Order (C&D) or Consent Order Definition: A formal enforcement action issued to stop violations of law, rule, or regulation, or unsafe or unsound banking practices, as well as to require affirmative action to correct any conditions resulting from such violations or practices. C&Ds may be issued after notice and hearing, and Consent Orders after stipulation by the institution. By ordering an institution to cease and desist from violations or practices and/or to take affirmative actions, the FDIC may prevent the institution’s problems from reaching such serious proportions as to require more severe corrective measures. Sections 8(b) and 8(s)(3) of the FDI Act authorize the FDIC to issue formal orders.

Term: Civil Monetary Penalties (CMP) Definition: Section 8(i) of the FDI Act grants the FDIC authority to impose CMPs against insured depository institutions and institutionaffiliated parties. CMPs may be assessed for violations of final and temporary orders, written agreements with the FDIC, and laws and regulations; unsafe and unsound practices; and breaches of fiduciary duty. When significant apparent violations of the BSA, or cases of willful and deliberate violations of 31 C.F.R. Chapter X or section 326.8 of the FDIC Rules and Regulations are identified at a state nonmember financial institution, examiners should determine if a recommendation for CMPs is appropriate. The FDIC coordinates the imposition of CMPs for apparent violations of BSA regulations with FinCEN.

Term: Customer Identification Program Definition: Federal regulations require financial institutions to develop and implement a written, board-approved Customer Identification Program, appropriate for its size and type of business. Such programs must include, at a minimum, procedures for verifying a customer’s true identity to the extent reasonable and practicable and defining the methodologies to be used in the verification process; collecting specific identifying information from each customer when opening an account; responding to circumstances and defining actions to be taken when a customer’s true identity cannot be appropriately verified with “reasonable belief”; maintaining appropriate records during the collection and verification of a customer’s identity; verifying a customer’s name against specified terrorist lists; and providing customers with adequate notice that the bank is requesting identification to verify their identities.

Term: Deficiency Definition: In the context of a BSA examination, a deficiency is a weakness in a financial institution’s BSA Compliance Program. Deficiencies should be communicated to the institution via a written communication, such as a report of examination, visitation report, or other correspondence.

Term: Enhanced Due Diligence Definition: Enhanced due diligence is a review performed for higher-risk customers of a financial institution. Such reviews are especially critical in understanding higher-risk customer’s anticipated transactions and implementing a suspicious activity monitoring system that reduces the bank’s reputation, compliance, and transaction risks. Higher-risk customers and their transactions should be reviewed more closely at account opening and more frequently throughout the term of their relationship with the bank.

Term: Financial Crimes Enforcement Network (FinCEN) Definition: A bureau within the Treasury established to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities. FinCEN carries out its mission by receiving and maintaining financial transactions data, analyzing and disseminating that data for law enforcement purposes, and building global cooperation with counterpart organizations in other countries and with international bodies. The Director of FinCEN has delegated authority to implement, administer, and enforce compliance with the BSA and associated regulations. FinCEN relies on the federal banking agencies to examine the financial institutions they supervise for compliance with the BSA and coordinates with these agencies on CMPs and criminal matters.

Term: Memorandum of Understanding (MOU) Definition: An informal agreement between an institution and the FDIC intended to address and correct identified weaknesses at a financial institution. State banking authorities may also be parties to MOUs. The FDIC often uses MOUs instead of BBRs, especially when there is reason to believe that the deficiencies need a more structured program or specific terms to effect corrective action.

Term: Referrals Definition: Financial institutions that are determined to be substantially noncompliant with the BSA are considered for referral to FinCEN for the issuance of CMPs. In general, referrals are considered when the types and nature of apparent violations of the BSA expose the institution to a heightened level of risk for potential money laundering activity, demonstrate a willful or flagrant disregard of the requirements of the BSA, or result from a nonexistent or seriously deficient BSA Compliance Program. Referrals to FinCEN do not preclude the FDIC from exercising its authority to take supervisory action against an institution when apparent violations of BSA regulations are identified.

Term: Virtual Supervisory Information on the Net (ViSION) Definition: An FDIC information system that provides access to a broad range of information related to insured financial institutions in support of the Corporation’s insurance and supervision programs. RMS personnel use the system to perform supervisory-related functions, such as tracking applications, accessing examination information, and monitoring enforcement actions. Analysts in the Division of Insurance and Research also rely on information in ViSION to perform insurance-related functions, such as analyzing trends in the banking industry and calculating deposit insurance assessment rates for financial institutions.

[End of section]

Appendix 3

Acronyms and Abbreviations

Acronym/Abbreviation: BBR Explanation: Bank Board Resolution

Acronym/Abbreviation: BSA/AML Explanation: Bank Secrecy Act and Anti-Money Laundering

Acronym/Abbreviation: C&D Explanation: Cease and Desist Order

Acronym/Abbreviation: CMP Explanation: Civil Money Penalty

Acronym/Abbreviation: CFR Explanation: Code of Federal Regulations

Acronym/Abbreviation: DOJ Explanation: Department of Justice

Acronym/Abbreviation: FDI Act Explanation: Federal Deposit Insurance Act

Acronym/Abbreviation: FDIC Explanation: Federal Deposit Insurance Corporation

Acronym/Abbreviation: FFIEC Explanation: Federal Financial Institutions Examination Council

Acronym/Abbreviation: FinCEN Explanation: Financial Crimes Enforcement Network

Acronym/Abbreviation: MOU Explanation: Memorandum of Understanding

Acronym/Abbreviation: RMS Explanation: Division of Risk Management Supervision

Acronym/Abbreviation: The Treasury Explanation: Department of the Treasury

Acronym/Abbreviation: ViSION Explanation: Virtual Supervisory Information on the Net

[End of section]

Appendix 4

Corporation Comments

[FDIC Letterhead FDIC Logo Federal Deposit Insurance Corporation Division of Risk Management Supervision 550 17th Street NW, Washington, D.C. 20429-9990 ]

DATE: July 31, 2014

TO: Stephen M. Beard Deputy Inspector General for Audits and Evaluations

FROM: Doreen R. Eberley /Signed/ Director

SUBJECT: Response to Draft Report Entitled, The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC-Supervised Institutions (Assignment No. 2013-016

Thank you for the opportunity to review and comment on the report by the Office of Inspector General for the Federal Deposit Insurance Corporation, which is entitled The FDIC’s Response to Bank Secrecy Act and Anti-Money Laundering Concerns Identified at FDIC Supervised Institutions (the “Report”). The objective of the Report was to determine how the FDIC has responded to Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) concerns identified in reports of examination.

The Report finds the FDIC responds to BSA/AML concerns identified in reports of examination through the implementation of supervisory actions, and that the FDIC’s supervisory actions for the majority of banks reviewed were generally consistent with applicable statutory requirements, interagency guidance, and FDIC policies, procedures, and guidance. The Report makes three recommendations intended to improve internal controls of the Division of Risk Management Supervision (“RMS”) for addressing BSA/AML concerns identified at FDIC-supervised financial institutions. RMS agrees with these recommendations. The actions RMS will take to address these recommendations are briefly described below.

OIGs Audit Recommendation 1: Review and enhance, as appropriate, RMS’ processes and approach for determining supervisory responses to inadequate BSA Compliance Programs and/or repeat apparent violations of BSA program requirements.

RMS will review and update, as appropriate, Regional Office practices for ensuring compliance with BSA/AML enforcement guidance.

OIGs Audit Recommendation 2: Review and modify, as appropriate, RMS policy and practices for recording the status and disposition of referrals to FinCEN for CMPs.

RMS will review and modify, as appropriate, policy and practices for recording the status and disposition of CMP referrals to the FinCEN. Additionally, RMS will request updates from FinCEN regarding the status of their enforcement cases in order to update FDIC records.

OIGs Audit Recommendation 3: Review and update, as appropriate, Regional Office procedures for monitoring financial institutions with significant BSA/AML problems to ensure consistency.

RMS will review and update, as appropriate, Regional Office procedures for monitoring financial institutions with significant BSA/AML problems to promote consistency.

[End of section]

Appendix 5

Summary of the Corporation’s Corrective Actions

This table presents corrective actions taken or planned by the Corporation in response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Rec. No.: 1 Corrective Action (Taken or Planned): RMS will review and update, as appropriate, Regional Office practices for ensuring compliance with BSA/AML enforcement guidance. Expected Completion Date: 12/31/2014 Monetary Benefits: N/A Resolved (Yes or No):a Yes Open or Closed:b Open

Rec. No.: 2 Corrective Action (Taken or Planned): RMS will review and modify, as appropriate, policy and practices for recording the status and disposition of CMP referrals to FinCEN. RMS will also request updates from FinCEN regarding the status of FinCEN’s enforcement cases in order to update FDIC records. Expected Completion Date: 12/31/2014 Monetary Benefits: N/A Resolved (Yes or No):a Yes Open or Closed:b Open

Rec. No.: 3 Corrective Action (Taken or Planned): RMS will review and update, as appropriate, Regional Office procedures for monitoring financial institutions with significant BSA/AML problems to promote consistency. Expected Completion Date: 12/31/2014 Monetary Benefits: N/A Resolved (Yes or No):a Yes Open or Closed:b Open a Resolved – (1) Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation. (2) Management does not concur with the recommendation, but alternative action meets the intent of the recommendation. (3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Recommendations will be closed when (a) Corporate Management Control notifies the OIG that corrective actions are complete or (b) in the case of recommendations that the OIG determines to be particularly significant, when the OIG confirms that corrective actions have been completed and are responsive.

[End of table] [End of section] [End of report]

Print Print
Close