Bank Secrecy Act (BSA)

On February 15, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), in coordination with the Office of the Comptroller of the Currency (OCC), and the U.S. Department of Justice (DOJ), announced the assessment of a $185 million civil money penalty against U.S. Bank for willful violations of several provisions of the Bank Secrecy Act (BSA).

According to FinCEN’s press release, since 2011, U.S. Bank willfully violated the BSA’s program and reporting requirements by failing to establish and implement an adequate anti-money laundering program (AML), failing to report suspicious activity, and failing to adequately report currency transactions.

Banks are required to conduct risk-based monitoring to sift through transactions and to alert staff to potentially suspicious activity. Instead of this, U.S. Bank:

  • Capped the number of alerts its automated transaction monitoring system would generate to identify only a predetermined number of transactions for further investigation, without regard for the legitimate alerts that would be lost due to the cap.
  • Systemically and continually devoted an inadequate amount of resources to its AML program.
    • Internal testing by U.S. Bank showed that alert capping caused it to fail to investigate and report thousands of suspicious transactions.
    • It also allowed, and failed to monitor, non-customers conducting millions of dollars of risky currency transfers at its branches through a large money transmitter.
    • In addition, the bank filed over 5,000 Currency Transaction Reports (CTRs) with incomplete or inaccurate information, impeding law enforcement’s ability to identify and track potentially unlawful behavior.

U.S. Bank also had an inadequate process to handle high-risk customers. As a result:

  • Customers whom the bank identified or should have identified as high-risk were free to conduct transactions through the bank, with little or no bank oversight.
  • By not having an adequate process in place to address high-risk customers, U.S. Bank failed to appropriately analyze or report the illicit financial risks of its customer base.

FinCEN noted these failures precluded the bank from addressing the risks that such customers posed, which included not filing timely suspicious activity reports (SAR) used by law enforcement investigators to recognize and to pursue financial criminals.