The question every credit union has been asking for the past five years – namely, do we have anti-money laundering law obligations over the financial transactions of business clients that are money services businesses (“MSB“) – was just answered by FinCEN with a $300,000 fine.
Last week, FinCEN assessed the fine against the North Dade Community Development Federal Credit Union for violations of the Bank Secrecy Act and USA Patriot Act which exposed the US financial system to significant risks of money laundering and terrorist financing from high-risk countries in the Middle East and Central America.
The Credit Union onboarded as a client, a MSB that itself was a financial services provider to 56 other MSBs in high risk jurisdictions. The 56 MSBs were not members or shareholders of the Credit Union. In 2013, the Credit Union, which only had five employees, processed almost $2 billion in financial transactions for the MSBs and in the process failed to comply with its anti-money laundering and counter terrorist-financing obligations over the MSBs in respect of client verification, filing reports, reporting suspicious transactions, undertaking risk assessments in respect of the MSB business line, and to have controls in place to mitigate the risks associated with the MSB business line.
The Wall Street Journal noted that law enforcement has seen an increase in MSBs and other clients moving to smaller financial institutions as larger banks de-risk and terminate sectors of clients that they have determined are high risk. It also noted a FBI report that illicit funds are moving to credit unions and a warning from bigger banks for credit unions to take extra precautions when banking MSBs.
FinCEN seems to be signaling that credit unions must monitor their MSB clients pursuant to their own controls and need to be engaged with, and operate their own processes and procedures internally for MSB compliance, rather than contracting out compliance reviews.