WASHINGTON—The Financial Crimes Enforcement Network (FinCEN), in coordination with the Office of the Comptroller of the Currency, and the U.S. Department of Justice, today announced the assessment of a $185 million civil money penalty against U.S. Bank for willful violations of several provisions of the Bank Secrecy Act (BSA). U.S. Bank’s obligation will be satisfied by payment of $70 million to the U.S. Department of the Treasury with the remaining amount satisfied by payments in accordance with the DOJ’s actions. Since 2011, U.S. Bank willfully violated the BSA’s program and reporting requirements by failing to establish and implement an adequate anti-money laundering program, failing to report suspicious activity, and failing to adequately report currency transactions.
Banks are required to conduct risk-based monitoring to sift through transactions and to alert staff to potentially suspicious activity. Instead of addressing apparent risks, U.S. Bank capped the number of alerts its automated transaction monitoring system would generate to identify only a predetermined number of transactions for further investigation, without regard for the legitimate alerts that would be lost due to the cap.
“U.S. Bank is being penalized for willfully violating the Bank Secrecy Act, and failing to address and report suspicious activity. U.S. Bank chose to manipulate their software to cap the number of suspicious activity alerts rather than to increase capacity to comply with anti-money laundering laws,” said FinCEN Director Kenneth A. Blanco. “U.S. Bank’s own anti-money laundering staff warned against the risk of this alerts-capping strategy, but these warnings were ignored by management. U.S. Bank failed in its duty to protect our financial system against money laundering and provide law enforcement with valuable information.”
U.S. Bank systemically and continually devoted an inadequate amount of resources to its AML program. Internal testing by U.S. Bank showed that alert capping caused it to fail to investigate and report thousands of suspicious transactions. Instead of removing the alert caps, the bank terminated the testing. U.S. Bank also allowed, and failed to monitor, non-customers conducting millions of dollars of risky currency transfers at its branches through a large money transmitter. In addition, U.S. Bank filed over 5,000 Currency Transaction Reports (CTRs) with incomplete or inaccurate information, impeding law enforcement’s ability to identify and track potentially unlawful behavior.
U.S. Bank also had an inadequate process to handle high-risk customers. As a result, customers whom the bank identified or should have identified as high-risk were free to conduct transactions through the bank, with little or no bank oversight. By not having an adequate process in place to address high-risk customers, U.S. Bank failed to appropriately analyze or report the illicit financial risks of its customer base. These failures precluded the bank from adequately addressing the risks that such customers posed, including filing timely suspicious activity reports that law enforcement investigators rely upon to recognize and to pursue financial criminals.