Monitoring customer transactions for suspicious activity — and filing Suspicious Activity Reports (SARs) when appropriate — is a key component of a financial institution’s Bank Secrecy Act / Anti-Money Laundering (BSA/AML) program. Unfortunately, many banks make the mistake of focusing their efforts on deposit accounts and paying less attention to other products and services, particularly lending.
Think of it this way: When you have a medical checkup, the doctors and nurses don’t just take your temperature. They check a variety of vital signs — including blood pressure, heart rate and respiration — any one of which could signal a potential problem. Similarly, an effective BSA/AML program should look for suspicious activity by examining the entire customer relationship.
Assessing your risk
Federal regulators expect banks to take a risk-based approach to BSA/AML compliance. That means a bank’s customer identification program, due diligence procedures and internal controls should be tailored to an individual bank’s risk profile.
Returning to our medical analogy, doctors don’t routinely test patients for every possible disease. But specific symptoms or risk factors may warrant further investigation. Likewise, certain customers, products and services, and geographic locations present a higher risk of money laundering or terrorist financing, demanding heightened due diligence.
These categories, by themselves, don’t define the level of risk. But if particular customers or transactions fall into one of these high-risk categories, the bank should dig deeper to determine its actual risk.
Suppose, for example, that a bank’s initial risk assessment shows that, each day, it processes 100 international funds transfers (a high-risk service). Upon further investigation, the bank discovers that 90 of these transfers are well-documented, recurring transfers for legitimate activities by established customers, indicating a lower than anticipated risk level. If, on the other hand, 90 of the 100 transfers are nonrecurring or for noncustomers, a very different elevated risk picture emerges.
Once a bank conducts a risk assessment, it can design a BSA/AML compliance program that fits its risk profile. For example, a bank with many high-risk customers might establish more rigorous procedures for opening an account, thus requiring bank personnel to collect and verify additional information on customers or transactions perceived to be riskier.
Examining your lending activities
Most banks have strong controls for deposit accounts, but some are less diligent when it comes to the lending function. Part of the problem may be that the levels of due diligence required for credit risk purposes and for BSA/AML purposes don’t necessarily coincide.
From a credit perspective, for example, loans secured by cash collateral or marketable securities are usually perceived to be relatively low-risk. But using cash or cash equivalents as collateral (and, in some cases, defaulting on the loan) is a common money-laundering technique. (See below: “Lending red flags” for a list of potentially suspicious lending activities.)
To minimize lending-related BSA/AML risks, banks should implement risk-based due diligence procedures. Procedures might include monitoring the use of proceeds to be sure they’re consistent with a loan’s purpose, ensuring that any cash investment or collateral is reasonable relative to the borrower’s income, and verifying the source of funds when a loan is paid off early (particularly when the borrower is struggling financially).
In addition, banks should examine loan payments made by unrelated third parties or made in cash — particularly when the borrower isn’t in a cash-intensive business. For high-risk loans, it’s also a good idea to conduct due diligence on guarantors, principals and other related parties.
It’s especially important to scrutinize cash collateral loans, given the high risk of money laundering. Verify the source of funds and be sure that the loan’s purpose is reasonable in light of the borrower’s business and background.
Finally, effective training is critical to ensure that loan department personnel can spot red flags, understand the procedures for evaluating and monitoring lending activities for BSA/AML purposes, and know the criteria for filing SARs.
Know your customers
To ensure your institution meets its BSA/AML obligations, suspicious activity monitoring should encompass the entire customer relationship and involve personnel throughout the institution, including lenders. Only then can you develop a complete picture of a customer’s activities and identify trends or anomalies that suggest suspicious behavior.
Lending red flags
In its BSA/AML Examination Manual, the Federal Financial Institutions Examination Council (FFIEC) describes several red flags that may raise bank suspicions:
• A borrower secures a loan by pledging assets held by an unrelated third party.
• A loan is secured by deposits or marketable securities.
• A borrower defaults on a loan secured by cash or other cash equivalents.
• A loan is made for, or paid on behalf of, a third party.
• A borrower secures a loan with a certificate of deposit (particularly when the CD is purchased with currency or multiple monetary instruments).
• A loan has no legitimate business purpose, provides the bank with significant fees for assuming little or no risk or obscures the movement of funds (for example, a loan that’s made to a borrower and then immediately sold to an entity related to the borrower).
Any of these activities may serve legitimate business purposes, but it’s incumbent on the bank to scrutinize them further to ensure there’s a reasonable explanation.
Jim Conley is a Principal with Clark Schaefer Hackett and directs the firm’s Risk Management Services Group for Financial Institutions. He can be reached at [email protected] Susan Roemer is a Consultant with the Clark Schaefer Hackett Financial Institutions group and can be reached at [email protected]