Beneficial Ownership, Individual Liability, and BSA Compliance

Money Laundering

There has been a significant rise in Bank Secrecy Act enforcement actions against large international banks and smaller institutions of all kinds in recent years. In the second article of a two-part series, Bloomberg BNA’s Robert Kim examines how compliance officers face an especially challenging environment in 2017 and beyond.

Robert Kim

By Robert Kim

Robert Kim is a Legal Editor with Bloomberg BNA. He previously worked for the Securities and Exchange Commission and the Department of the Treasury’s Financial Crimes Enforcement Network.

Bank Secrecy Act (BSA) enforcement actions against large international banks with the highest monetary penalties have dominated news coverage. Actions with lower penalties against smaller banks, securities firms, money services businesses (MSBs), casinos, and institutions of other types have affected broader segments of the financial industry, however. These smaller actions have shown that the Financial Crimes Enforcement Network (FinCEN) and the federal financial regulators are determined to enforce customer due diligence requirements and other basic obligations under the BSA at smaller institutions.

Recent developments in regulation and enforcement amplify the significance of these numerous smaller enforcement actions. The long-awaited rule on beneficial ownership and customer due diligence, issued on May 5, 2016, explicitly establishes new due diligence requirements with respect to beneficial ownership with which all financial institutions under the BSA must comply. Simultaneously, FinCEN has shown since 2014 that it is willing to pursue penalties against individuals responsible for violations of the BSA by financial institutions. As a result, compliance officers face an especially challenging environment complying with the BSA in 2017 and beyond.

Rising Issues in Enforcement Actions

The period from 2014 through 2016 saw a significant rise in BSA regulatory enforcement actions by FinCEN. The rise occurred as a result of policy decisions by the director of FinCEN in 2012-2016, Jennifer Shasky Calvery, which expanded FinCEN’s office of enforcement and increased the bureau’s use of monetary penalty actions. With FinCEN currently working under an interim director while waiting for the nomination of its next director, a process that may be prolonged because of the backlog of executive branch appointments under the current administration, future enforcement policies of FinCEN are difficult to predict. Nevertheless, the issues that occurred frequently in enforcement actions in 2014-16 provide indications of issues that will continue to receive attention in the future.

These enforcement actions indicate that compliance with some of the most basic BSA requirements remains problematic at many institutions. Violations of the following requirements, all of them in effect since the early 2000s, appeared frequently in 2014-16.

Customer Identification Program

Customer identification program (CIP)/know your customer requirements, established by USA PATRIOT Act Section 326 and its implementing regulations, became an element of numerous monetary penalty actions in 2014-16 after not appearing in them since 2010 and infrequently before then. CIP requirement violations have appeared particularly often in enforcement actions against securities firms by the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA). Since 2014, they have also appeared in actions against banks, credit unions, MSBs, and casinos by the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC).

The recent rise of CIP requirement violations in enforcement actions underscores the importance of procedures and systems adequate to verify customer identities, taking into account the institution’s size, type of business, and customer base, and the ongoing difficulty that many financial institutions have satisfying this basic and long-established requirement.

Enhanced Due Diligence

The requirement to establish appropriate and, where necessary, enhanced due diligence policies, procedures and controls for foreign correspondent accounts, established by USA PATRIOT Act Section 312 and its implementing regulations, has been an issue in a number of enforcement actions against smaller securities firms and regional and community banks. Violations of the enhanced due diligence requirements are often associated with enforcement actions against large international banks, such as the actions against HSBC in 2012, Commerzbank in 2015, and Mega International Commercial Bank of Taiwan and Agricultural Bank of China in 2016. They were also factors in enforcement actions against smaller banks and securities firms in 2009-16, including several actions with penalties of $20 million or less.

These cases, like the rising number of findings of CIP violations in monetary penalty actions in 2014-16, highlight the importance of procedures and systems for identification and due diligence of customers. These smaller institutions may lack the international branch networks and large volume of cross-border transactions of the large international banks. But since their business and customer base trigger the requirements of USA PATRIOT Act Section 312, they must have the capability to conduct enhanced due diligence of foreign correspondent account customers. In addition to appropriate policies, procedures and controls, they will require systems capable of supporting enhanced due diligence of foreign customers.

Currency Transaction Report Filing

Failures to file suspicious activity reports (SARs) have been a feature in a majority of the BSA enforcement actions with monetary penalties, while failures to file currency transaction reports (CTRs) have been relatively rare. The discrepancy reflects the greater complexity of the SAR requirements, which involve monitoring and analyzing transactions and the writing and timely filing of SARs, whereas filing CTRs is a relatively straightforward process involving reporting only the dollar amounts of transactions aggregating to over $10,000. Nevertheless, failures to file CTRs increased significantly in monetary penalty actions in 2014-16, in cases involving primarily MSBs and casinos.

The rise of citations for failures to file CTRs in the MSB and casino sectors may partly reflect the increased attention paid to these sectors by FinCEN, but it also reflects ongoing problems at MSBs and casinos in compliance with this relatively straightforward requirement.


Violations of the recordkeeping requirements for casinos, 31 CFR § 1021.410, and for MSBs, 31 CFR § 1022.410, also rose in monetary penalty actions in 2014-16. Although less pronounced than the rise for CTR filing violations, it also reflects ongoing problems at MSBs and casinos in compliance with these requirements.

The Beneficial Ownership Due Diligence Rule

These recent enforcement actions indicate that the long-awaited new rule requiring identifying and verifying the identity of beneficial owners will present significant risks to covered financial institutions.

This was the subject of an advance notice of proposed rulemaking in 2012, proposed in 2014, and adopted as a final rule on May 5, 2016, with compliance required by May 11, 2018. The beneficial ownership due diligence rule significantly elevates customer due diligence requirements. It requires greater scrutiny of customers than the CIP rule, requiring covered financial institutions to identify and verify beneficial ownership, and understand the nature and purpose of customer relationships to develop a customer risk profile. It also explicitly requires elements of a suspicious activity reporting program that have already been implicitly required, requiring ongoing monitoring for reporting suspicious transactions and maintaining and updating customer information.

The rule presents a further challenge to financial institutions already experiencing difficulty with the CIP rule and other existing requirements. Procedures and systems for customer due diligence may require further upgrading from those already established for compliance with the CIP rule and Section 312 enhanced due diligence requirements.

Individual Liability

The emergence of individual liability for violations of the BSA by financial institutions should make these compliance issues even more of concern for compliance officers. In 2014-16, FinCEN pursued monetary penalty actions against individuals more widely than before. Unless enforcement policies change under the director new appointed by the administration, individual liability for BSA violations is a possibility for compliance officers and others making executive decisions on BSA compliance.

Before 2014, assessments of penalties on individuals for institutional BSA violations occurred in a narrow range of situations. The SEC and FINRA regularly assessed penalties against individuals at small securities firms where violations of the BSA were readily attributable to company founders, individual brokers, and other persons acting individually. FinCEN levied penalties against individual proprietors of MSBs, who were similarly clearly personally responsible for BSA violations by the MSB.

Targeting compliance officers at larger financial institutions became an element of several enforcement actions by FinCEN and federal financial regulators in 2014-16, however, in actions involving a casino, a major national MSB, and banks.

In 2014, FinCEN assessed a $5,000 monetary penalty on George Que, a VIP services manager at a casino in the Northern Mariana Islands, and a $1,000,000 monetary penalty on Thomas E. Haider, chief compliance officer of Moneygram International Inc. In 2016, OCC and FDIC also assessed penalties on individual compliance officers, with the OCC assessing a $2,500 penalty on Charles Sanders, Chief Compliance Officer of Gibraltar Private Bank and Trust Company, and the FDIC assessing a $35,000 penalty on Howard M. Beaty, Jr., President, CEO and Bank Secrecy Act Officer of First State Bank.

The scale of monetary penalties assessed on individuals also changed during this period. As already mentioned, in its 2014 enforcement action against Thomas E. Haider, FinCEN assessed a civil monetary penalty of $1 million, a new high for individual liability for BSA violations that sent a message that FinCEN intended to hold compliance officers accountable for BSA violations by their institutions. Subsequent litigation between DOJ and Haider to enforce the assessment resulted in May 2017 in a settlement for $250,000, a smaller but still substantial amount.

Even this smaller amount exceeded the largest individual penalties for BSA violations assessed earlier by the SEC, in enforcement actions that were for violations of both the BSA and other securities laws and therefore did not have clear figures for the penalties for BSA violations. They included 2012 enforcement actions against Biremis Corporation, in which the SEC penalized the President/CEO and Vice President $250,000 each for failures to supervise traders engaging in manipulative trading and SAR filing failures, and against Hold Brothers On-Line Investment Services, LLC, which penalized Hold Brothers approximately $1.8 million and three of its officers $75,000 each.

Ongoing scrutiny of compliance with the CIP rule and other basic BSA requirements, the new beneficial ownership due diligence rule, and continuation of a policy of pursuing penalties against individuals will make 2017 and beyond a challenging period for financial institutions covered by the BSA. Vigilance in ensuring that procedures and systems meet the demands of the BSA and its regulations will be as important as during the period of rising enforcement actions in 2009-16.


The statistics and charts presented here are derived from the AML Enforcement Tracker available on Bloomberg Law since May 2017. The AML Enforcement Tracker has detailed information and analytics on AML/BSA regulatory enforcement actions by the U.S. Department of the Treasury and other federal and state agencies and self-regulatory organizations (SROs) since 2009.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.