The Bank Secrecy Act (BSA) was passed by Congress in 1970 to fight money laundering and has been enhanced multiple times to adapt to the changing compliance landscape, the most important being inclusion of the USA Patriot Act after 9/11.

Ruchi Kumar headshot web

About the author

Ruchi Kumar is a leader in financial crimes prevention and compliance technology with more than 15 years of experience in banking and the financial technology sectors.

 

As director of the financial crimes modernization platform at Ally Financial, she oversees a program enhancing defenses against fraud and money laundering.

 

Her recent implementation of a cloud-based platform with AI-powered insights and unified case management delivers a comprehensive view of customer transactions, showcasing her ability to leverage technology for cutting-edge solutions.

For about 54 years now, financial institutions or nonfinancial institutions have understood the BSA as the foundation for ensuring regulatory compliance. The BSA requires any business or financial institutions engaged in transactional services to keep and file records that can be used to detect and stop money laundering and terrorist activities.

However, enforcement actions imposed just in the first half of 2024 by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) highlight the importance of proactive measures rather than just being compliant. These enforcement actions include a $7.5 million fine in January against Las Vegas casino’s MGM Grand and Cosmopolitan, along with TD Bank reserving $2.6 billion over BSA liabilities in the bank’s most recent disclosure last month. This clearly reinstates the need for having an enterprise response team (ERT) as an essential part of modern anti-money laundering (AML) efforts.

As part of a 2022 consent order against USAA in which the bank agreed to pay a $140 million fine between two regulators, FinCEN called out the compliance program’s inability to keep pace with growth. These deficiencies resulted in millions of dollars of suspicious transactions flowing through the U.S. financial system without getting detected and reported.

Additionally, the bank’s new monitoring system wasn’t enough to flag suspicious transactions due to a lack of proper vetting–a perfect use case for having an efficient ERT for compliance outside of the dedicated AML investigators.

ERT can be composed of teams that conduct model risk management, look across historic transactions, and testing to determine the appropriate thresholds. This additional arm can work alongside the core AML teams to tune against identified thresholds and reduce false positives while enabling investigators to look at true alerts and timely file suspicious activity reports (SARs).

TD Bank investigation

In August 2023, TD Bank first disclosed expected punishment over BSA/AML probes by the Department of Justice, which came to light after the bank’s attempt to buy First Horizon bank were derailed.

In May, a Wall Street Journal report revealed that TD Bank was allegedly used as the entry point to place drug money into the financial system (referred to as placement in the three stages of money laundering).

Chinese chemical manufacturers shipped fentanyl precursor chemicals to Mexican cartels who produced the illicit drugs and introduced them to U.S. markets. La Nueva Familia Michoacana drug cartel was sanctioned in June by the Treasury’s Office of Foreign Assets Control with FinCEN issuing a concurrent advisory.

The proceeds are then placed into the U.S. financial system to make it legal by Chinese criminal rings. As part of the scheme, high velocity cash deposits are conducted and immediately withdrawn as cashier’s checks under the $10,000 limit of currency transaction reporting (CTR), a process called structuring.

This is an example of TD Bank’s AML program failing to conduct the most basic checks for red flags. Under the BSA Act, financial institutions are required to systematically monitor for red flags such as structuring, high velocity transfers, and conduct appropriate customer due diligence with annual risk assessments for high-risk customers or customers with a change in risk profile.

Though there were bribery claims at a TD branch where the money laundering allegedly took place for years, a layered AML program would have caught it and allowed the bank to monitor the branch and effectively file SARs.

An ERT in the U.S. as another layer of risk management would have been very beneficial for TD Bank. It would have helped lead to proper coverage analysis for AML red flags, AML testing on historical transactions with clearly documented gaps, and a plan to increase the coverage and tune the systems for proper detection.

It would have not only helped protect TD Bank but also protect the financial system and enable the bank to increase their monitoring and reporting on fentanyl crime related activities as directed by FinCEN.

Role of ERT in regulatory compliance

An ERT acts like a bridge between compliance, risk management, and technology expertise. They enhance and strengthen AML programs by completing the compliance teams.

Some of the key functions covered are:

  • Model risk management: Responsible for regular model validation for its effectiveness and accuracy on the money laundering activity detection.
  • Transaction monitoring system tuning: Fine tuning of AML systems, thereby reducing false positives and balancing investigator workload.
  • Coverage analysis of AML red flags: Constantly refining and reviewing the AML red flags against the changing regulatory landscape, to ensure no suspicious activity is left undetected.
  • Annual risk assessment: Conduct annual risk assessment to identify vulnerabilities in the AML program and recommend mitigation strategies.

There are many advantages of building an ERT, including:

  • Enhanced detection of money laundering related activities;
  • Reduction in false positives;
  • Proactive identification of compliance gaps and risk mitigation strategies; and
  • Better adaptation to institutional growth, ensuring AML programs can keep pace.

An ERT can be an entity on its own or financial institutions can decide to make it a part of the Center of Excellence.

Few recommendations for establishing an effective ERT team are:

  • Focus on team compositions. ERT should be a group of experts from compliance, data, technology coming together to tackle a complex problem.
  • ERT team should seemingly integrate with the exiting AML program, while providing strategic support and emboldening the capabilities.
  • Continuous improvement and adaptation should be the focus of this group enabling continuous process refinement and adaptation to emerging risks.

An AML program is more than just a team of investigators reviewing financial transactions but is a comprehensive strategy with multiple layers and various checks in place. This includes an effective transaction monitoring system to auto detect suspicious transaction, an enhanced customer due diligence program, SARs that are audited for accuracy and being timely filed, and the reinforcement of these by an ERT.

With the changing compliance landscape and increasingly smart criminals, an ERT is a must have. At an enterprise level, they can ensure appropriate AML red flags coverage and annual risk assessment, along with conduct testing of AML rules, audit closed cases, and report suspicious activities.

This increases investigator effectiveness and provides a reliable partner to ensure AML compliance program alignment with financial institutions’ growth. It also ensures that all the BSA Act and FinCEN monitoring are effective in safeguarding U.S. financial systems and consumers against money laundering and terrorist financing.

Topics