The US Financial Crimes Enforcement Network and the Office of the Comptroller of the Currency have fined Merchants Bank of California $7 million and $1 million respectively for failing to monitor its correspondent accounts and send off suspicious activity reports.

No doubt because of its lowly status as a 'mom and pop' community bank with only $64 million in total assets and one location with 46 employees, Merchants Bank has admitted that it broke the Bank Secrecy Act 1970 between March 2012 and September 2016. It failed to (a) establish and implement an adequate anti-money laundering (AML) programme; (b) conduct "required due diligence" when looking at its foreign correspondent accounts; and (c) detect and report suspicious activity, allowing billions of dollars' worth of transactions to flow through the US financial system without effective monitoring. Many themes that the regulators uncovered are pertinent to the world of private banking.

Many of these transactions were conducted on behalf of money service businesses (MSBs) that were owned or managed by bank insiders who encouraged staff to process these transactions without question or face potential dismissal or retaliation.

Programmes at risk

At a minimum, every OCC-regulated bank’s AML compliance programme must:

• set up a system of internal controls to help the bank comply with regulations;
• call on bank personnel or an outside party to test various things 'independently';
• make somebody responsible for co-ordinating and monitoring day-to-day compliance; and
• provide training for appropriate people.

Merchants failed in all respects. It was especially remiss in failing to make its BSA officer sufficiently independent and responsible for day-to-day compliance.

The bank provided services for as many as 165 cheque-cashing customers and 44 money transmitters, many of whom were located hundreds of miles away. It provided its highly risky customers with remote deposit capture services but did not monitor their use well.

Threats of dismissal

In several instances, bank insiders interfered directly with the BSA staff’s attempts to investigate suspicious activity related to the accounts that they owned. Some of these insiders owned or managed MSBs, which themselves had accounts at Merchants. Between 2007 and September 2016 some of these accounts demonstrated highly suspicious transaction patterns that might have been layering schemes, transactions not commensurate with the businesses' purposes, and the co-mingling of funds between two independent cheque cashing entities.

Merchants Bank’s leadership also impeded BSA analysts and other employees who were investigating transactions associated with accounts that were affiliated with bank executives, and the activity in these accounts went unreported for many years. The bank threatened employees who attempted to report suspicious activity in these accounts with dismissal.

Not enough autonomy for the BSA department

By not implementing reasonable procedures to review and verify the information provided by its customers, the bank failed to collect enough information and identify effective measures to monitor its accounts for suspicious transactions. It  failed to identify the sources of funds and failed to detect and report suspicious activity related to the commingled transactions. FinCEN has added the following damning comment to its assessment document: "The BSA department had relied on other departments within the bank to make determinations on acceptable risks, often without clear guidance from the BSA department. For those BSA responsibilities for which other departments did have specific guidelines, including the collection of customer information, there was no accountability when those departments failed to abide by
the AML programme."

Merchants’s training programme, moreover, consistently failed to provide BSA staff with adequate job-specific training, focusing only on general BSA/AML requirements and not covering risks specific to the bank.