Chicken soup for your BSA blues in six steps

May 31, 2017

Written by Luis Valente

Tips for executive management and board of directors on enhancing your bank’s opportunities to obtain a clean bill of BSA health.

If you are a banker and you reside in one of the areas considered hot for BSA, like South Florida, life can be pretty stressful.

A little background on the Bank Secrecy Act (BSA)

BSA was established in 1970 and it refers to the legislative framework associated with The Currency and Foreign Transactions Reporting Act of 1970. Subsequently, the Patriot Act, issued after the September 11, 2001 attacks, increased the legislative branch’s power and ever since, bankers have been struggling to comply with expected requirements.

In the past 10 years, the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS) have issued over 1,200 enforcement actions to U.S. financial institutions; depicted in the chart below.

Screen Shot 2015-08-04 at 12.36.41 PM

In those ten years, the civil money penalties amount to nearly $3 billion – from the lowest penalty of $500 to the largest penalty of $734 million to a single financial institution. Consistent with the economic troubles of 2008, a significant portion of these enforcement actions relate to credit issues, framed by large instances of BSA-related actions before the financial crisis and, more recently, after the recovery.

So it begs the question, why do banks keep getting hit with BSA weaknesses and sanctions?

Bankers argue that regulators have unrealistic or unreasonable expectations. Regulators point to weaknesses in banks’ internal control structures. At the end of the day, an argument can be made that the truth probably lies somewhere in the middle. However, at the end of the day, the issues remain unresolved. The problem continues to hurt hundreds of banks that end up looking to expensive consultants as their ticket out of their headache, hurting the bank’s profitability and strategy.

The regulations are here to stay and, short of lobbying them in an attempt to influence the rulemaking process, bankers have very limited opportunities to modify examiners’ behavior. Not that it would matter much because examiner teams sent to banks rotate constantly. While one examiner may ’like you’ and be a bit more ‘lenient’, the next one may not. Hence, you should always be prepared.

So, what is a bank to do given this environment?

I have seen people ask that question plenty of times and, unfortunately, there is no magic recipe. However, there are some key steps that you can take immediately to improve your bank’s BSA condition:

  1. Objectively confront the issues head-on

I constantly hear comments like: “These examiners have never run a bank…”; “The examiner does not understand our business…”; “The examiners are picking on us because we had one issue…”

I was beating the same drum for a long time when I was CFO at a community bank. The problem is that when I was repeating those complaints, I had not dug deep enough into the issues myself. I needed to truly understand the criticisms to evaluate whether the examiners were justified. If, perhaps, you are singing the same tune, chances are you might need to dig deeper, too. Review what the regulators have given you with an objective mind, aim to understand their report, while avoiding excuses.

Bankers must bear in mind that examiners review and have access to more financial institutions than our inner circle provides. Examiners have internal memoranda and questions from their national office for transactions we have never seen. They have the ability to identify potentially suspicious transactions for which the bank may have little or no prior experience. Thus, when a regulator inquires about something that appears irrelevant or benign, chances are that the one that needs to do more research is you. Instead of trying to prove the regulator wrong, seek to understand what you don’t know about the customer or situation.

To improve your BSA process, you must have an open and thorough interaction with your examiners. Learn from them and show them how you address the related BSA risks. The days of providing reports without any review or scrutiny in the form of ‘regulatory repellant’ are over. It does not matter if you are a big or a small institution; you are expected to understand the significance of the information shared to ensure your process is performing as expected. Not knowing what your data represents will get you in hot water.

  1. Establish a cohesive process

Yes, everyone talks about policies and procedures, so here is LogiqTree’s take. We emphasize avoiding the ‘regulatory repellant’ approach. I have seen many BSA manuals with impressively written policies and procedures, many of them completed by consultants who copied and pasted from other sources. Yet, they are provided to the regulators to obtain a “check” on the enforcement box. Then the bank circulates the manual and requires employees to sign an acknowledgement form.

But when training is conducted using third party solutions, there is rarely any emphasis on incorporating the BSA manual in the bank’s operations. It is amazing how many times I’ve heard this interaction:

CEO: So, have our people reviewed the policies and procedures?

Manager: Yes, we have signed letters from everyone.

If you carefully read the manager’s answer, you would catch that he is not answering the CEO’s question, but rather, how the manager intends to cover their back. Management needs to ensure that the individuals performing BSA-related tasks truly understand their mission and the implications of lack of compliance.

Make sure you provide training that includes your policies and procedure manual and ensure the training includes testing to assess your team’s understanding.

I recently read a story about a banker who withdrew a perfectly legal, large cash amount and asked the bank officer if they had all the information needed to comply with all the regulatory requirements. A couple of weeks later the banker was getting calls because the bank officer had not completed a currency transaction report (CTR) applicable to the cash transaction. Would you consider this bank officer properly trained?

  1. Don’t argue, the buck stops with you

Many times I have seen bank executives complain that regulators are picking on a particular account or a particular business line. My advice here is to stay humble. Can you say the following with complete confidence?

  • My officer is very well versed on this customer and he understands the ins-and-outs of the business and transactions going through the accounts. I have no doubt that we know with a high degree of certainty what transactions are flowing through the accounts.
  • My BSA department fully understands all of our lines of business. They can easily identify anomalies within the accounts or transactions and are able to spot unusual behavior that would require further review.
  • When an account is opened, our team understands the potential risks to the bank and has obtained all the necessary data points.

If the answer to any of these is no, chances are your examiner will see something. Unfortunately, too many times I ask those questions and the answer I get is “Our auditors have not found any issues.” That is great, but it does not speak to your level of confidence in how well your processes, training and systems are working. There is a reason why regulators say, “You can outsource the work, but not the responsibility.” If your answer is that a third party “saw” your process and was OK with it, sooner or later, you will get blind-sided. You have to ask the tough questions. You have to be involved and responsible for the process. It’s not about you doing the work, but understanding it. BSA has to be managed and monitored with actual metrics and data, not just presentations of individual cases to senior management and the board.

Generally speaking, if regulators are too hung up on a particular relationship or line of business, it is a sign that your current systems, processes and people are not getting the job done and it is probably time to start looking at exit strategies for those problematic client relationships or lines of business.

  1. Engage the right people: Not every BSA Officer makes a great BSA Manager

When meeting with bank executives and discussing BSA, I often hear, “We have a great BSA officer.” Yet, by the next examination they are fed up with him or her. A good BSA Officer does not necessarily make a great BSA Manager and this is where many issues reside.

Normally, effective BSA officers fit the definition of a forensic accountant. They are very good at spotting potential issues, trends or behaviors that can be overlooked by most. However, this individual is not necessarily skilled at project management, although I have seen exceptions. A strong BSA department needs to have the right mix of forensic capabilities with project management strength. The project management aptitude is important to properly guide the team to ensure efficient resolution without getting held up by minor issues.

I’ve also seen banks staff their BSA teams with personnel from other departments. Although this may seem like a savings at first, the actual cost associated with training and retraining in addition to error management and corrections exceeds any savings. Not to mention, the opportunity costs associated with lost business from noncompliance with an MOU or consent order. We must keep in mind, “More bodies does not equal better quality” (although it may result in higher costs).

BSA can be tedious work. Make sure the people you hire have the personalities to succeed in that environment.

  1. Effectively manage the process

To manage the BSA remediation process, you need accountability and you need to ask the right questions. I have rarely seen a community bank that does a very good job at managing their BSA process. BSA departments have often been described as “black holes” where information goes in, but nobody knows where it goes or what happens to it afterwards. I have been in many meetings at different banks where spreadsheets the size of bed spreads are discussed and everyone is scrambling to try to understand the meaning of the presentation. Needless to say, a very serious matter becomes a joke and consequently it is not handled with the importance that it warrants.

Yet, in addition to the individual transactions that are raised as potential SARs there are real analytics that should be reviewed and acted on, such as:

  1. Key performance indicators:
    1. Analysis with duration in excess of management standards
    2. Levels of workload and analyst efficiency
  2. Key risk indicators
    1. Average length of case resolution
    2. Analysts / officers with recurring delayed tickets
    3. Officers that constantly provide incomplete information

Managing BSA requires a lot more than attending regularly scheduled meetings to review potential SARs and hear complaints from the front line officers claiming to be ill equipped to fulfill their responsibilities.

Don’t be afraid to ask the hard questions and obtain the support that corroborates those responses:

  • What is the turnaround time of each case? Is that reasonable?
  • How are you monitoring the learning gap between officers and executives?
  • How are you monitoring the capability – case difficulty mix within your BSA team?
  • What steps are you taking to reduce false positives and what are your trends telling you?
  • How are you monitoring the efficiency of the department?
  • What tools are you using to ensure effective monitoring of accounts?
  1. Leverage BSA work product for your bank’s advantage

BSA work product does not only address compliance, but also provides a wealth of sales data and opportunity. One of the biggest challenges with BSA is that bankers continue to see the regulations as a burden. However, looking at the data can be a very useful business development technique. The data obtained through the BSA process can help the Bank evaluate its customer behaviors and identify sales opportunities such as lines of credit, lock box accounts, sweep accounts and other service opportunities. It can also help the officer gather valuable information about what other banking relationships your customer has and how the services of your bank differ from the services of others – earning you a bigger piece of the customer’s business.

Finally, keep in mind that some of these steps are not easy to implement and require organization and follow through. Some even go against the industry grain that has dominated BSA for so long. Yet, adopting these straightforward steps will certainly help you resolve BSA weaknesses, regain confidence and produce positive results.

If you would like to learn more about how to implement these steps, better leverage the systems you have in place and obtain more sales insight from BSA, please call Luis Valente, CEO of LogiqTree, at (305) 799-4807.