- 35 years of government and private sector experience in law enforcement, regulatory and management expertise in the areas of regulatory compliance, financial crimes and customs violations
- Expertise includes independent reviews and investigations, threat/risk assessments, domestic and international training, expert testimony and anti-money laundering program development
- Former Deputy Director, Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury
- Former Executive Director of Operations, Director of Financial Investigations, Group Supervisor, and Special Agent for the U.S. Customs Services
- All 10 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
- Banks fail to address or document findings and recommendations detailed in regulatory exams and independent reviews.
Most regulatory actions such as cease-and-desist orders or consent decrees result from repeat violations of previously identified issues in the institution that were never addressed. Failure to address prior deficiencies is a common finding on all regulatory penalty actions.
- Banks do not regularly update their risk assessments, resulting in outdated and ineffective policies and procedures.
An effective risk assessment should be an ongoing process, not a one-time exercise. Management should update its risk assessment to identify changes in the bank’s risk profile, as necessary (e.g., when new products and services are introduced, existing products and services change, higher-risk customers open and close accounts, or the bank expands through mergers and acquisitions). Even in the absence of such changes, it is a sound practice for banks to periodically reassess their BSA/AML risks at least every 12 to 18 months.
- Enhanced due diligence is not adequately performed for high risk accounts. High risk accounts are not properly monitored.
Enhanced due diligence (EDD) for higher-risk customers is especially critical in understanding their anticipated transactions and implementing a suspicious activity monitoring system that reduces the bank’s reputation, compliance, and transaction risks. Higher-risk customers and their transactions should be reviewed more closely at account opening and more frequently throughout the term of their relationship with the bank.
- Business decisions are made without input from the compliance officer, resulting in insufficient AML controls on new products.
The compliance officer has to know the bank's products, services, customers, entities and geographic locations in order to monitor potential money laundering and terrorist financing risks. The board of directors is responsible for ensuring that the BSA compliance officer has sufficient authority and resources to administer an effective program.
- The compliance function is understaffed, resulting in failure to respond to system generated alerts, insufficient training and failure to file timely reports
In the HSBC Bank case, the Department of Justice determined that HSBC "severely understaffed its AML compliance function and failed to implement an anti-money laundering program capable of adequately monitoring suspicious transactions and activities from HSBC Group Affilliates, particularly HSBC Mexico, one of HSBC Bank USA’s largest Mexican customers This included a failure to monitor billions of dollars in purchases of physical U.S. dollars, or 'banknotes,' from these affiliates."