Bank Secrecy Act (BSA) compliance is an integral part of credit union compliance. While large organizations are usually the ones under fire for BSA violations, CUs are just as liable for anti-money laundering laws, and in case of compliance mishaps, the penalties can be severe. According to the Federal Financial Institutions Examination Council (FFIEC), those facing money laundering charges can face up to 20 years in prison and a fine of up to $500,000. Any property related to the criminal activity, including property such as loan collateral, personal property, and even entire bank accounts may be subject to forfeiture. Banks and CUs also risk losing their charters, and their employees can be removed and barred from employment in the financial services industry. If the thought of these repercussions causes you and your credit union panic, fear not. Credit unions with a BSA compliance program in place are well-protected from BSA violations. Here’s how your credit union can better conform to BSA rules and regulations.

BSA Compliance Officer

A great way to start a path toward BSA compliance is by appointing a BSA compliance Officer. This BSA Compliance Officer does not need to be in top management, rather, any credit union employee who has the access, resources and skills to design and execute a compliance program will excel in this new role. Additionally, the individual in this role will need to maintain a close watch on the credit union’s compliance status, and update senior management on a regular basis.

Another component of the BSA Compliance Officer’s responsibilities will be training the rest of the staff. Every CU employee should be aware of BSA regulations, and understand the risk and consequences of any potential violations. The key to compliance is communicating rules, regulations and procedures clearly and frequently, especially for employees who are switching roles or taking on new responsibilities. Finally, periodic analysis and review of the compliance program will help keep your CU within BSA guidelines.

OFAC Sanctions

The Office of Foreign Assets Control (OFAC) recommends that financial institutions use a risk-based approach to sanctions compliance because there is not one single solution that fits across the board. OFAC is a great resource for compliance recommendations and best practices because they’ve seen banks and CUs who have excelled in employing robust compliance programs, and those that have missed the mark. The OFAC has outlined key components of a successful BSA compliance plan, which include:

• Identify sanction-specific risks for the financial institution as well as its products, services and members through frequent risk assessments.

• Develop policies and procedures that will allow your CU to identify, report and maintain records that are related to prohibited activities as listed in the OFAC regulations.

• Audit the sanctions of the compliance program in order to identify and fix any flaws.

• Train staff, particularly those in high-risk areas, on OFAC regulations through the credit union's compliance program.

While compliance programs will vary from credit union to credit union, the OFAC recommends a risk-based approach for all FIs as it will ensure awareness of OFAC regulations and allows CUs to dedicate the necessary resources and time to compliance.

SARs

Effective Suspicious Activity Reports (SARs) are another recommended practice for BSA and AML compliance. According to law enforcement agents from agencies such as the Immigration and Customs Enforcement at Homeland Security Investigations, the Federal Bureau of Investigation, the Drug Enforcement Administration and the United States Secret Service, a majority of criminal investigations regarding BSA or AML violations are triggered by SARs. So what makes a good SAR?

• The opening line should be no more than two sentences.

• Be as detailed as possible throughout the report.

• Do not speculate or provide false information. Rather, provide the exact information as it pertains to the situation at hand.

• Do not itemize all transactions. It can be more effective to summarize them as a narrative.

• Include all relevant pieces of information in the narrative, even if it’s something you would not normally include.

• Describe all behaviors in the transaction thoroughly.

• List all names of those involved, if not in the narrative, then in related documentation.

In the case of a criminal investigation, SARs are extremely helpful in making the process easier for both the financial institution as well as investigators. On average, these type of criminal investigations take 3 years, but there are instances in which it took closer to 10. SARs and the related documentation do matter, as they help report, communicate and describe suspicious activity in a way that is meaningful to law enforcement.

Ensuring compliance with BSA regulations can be a serious stressor for credit unions as any infractions can result in serious legal consequences. However, there are robust guidelines and best practices listed by organizations such as the FFIEC, OFAC, law enforcement agencies and more. Creating a compliance plan that utilizes the recommended procedures, and following through with precise execution will keep your credit union compliant. The key to BSA compliance is having a plan, and reviewing it over time to make improvements and updates as necessary.