The Financial Crimes Enforcement Network conducted an investigation and determined that, since at least February 2008, NMCE and Ms. Lopez willfully violated the Bank Secrecy Act’s program, reporting, and recordkeeping requirements.
A. Failure to Register as a Money Services Business
The Bank Secrecy Act and its implementing regulations require certain MSBs to register with the Financial Crimes Enforcement Network by filing a Registration of Money Services Business (“RMSB”), and renewing the registration every two years. 31 U.S.C. § 5330 and 31 C.F.R. § 1022.380. NMCE was required to register with the Financial Crimes Enforcement Network based on its status as both an independent check casher and as a foreign currency exchange dealer. 31 C.F.R. § 1022.380(a).
Ms. Lopez knew that the Bank Secrecy Act required timely and accurate registration as a money services business with the Financial Crimes Enforcement Network. Ms. Lopez appropriately filed an RMSB re-registration on behalf of NMCE on October 2, 2006, following a change in control at the MSB. However, Ms. Lopez subsequently failed to submit the necessary renewals for NMCE following the change in control. Because NMCE, through Ms. Lopez, failed to meet these renewal deadlines, NMCE conducted business without continuous registration for a period of approximately three years and one month. In addition, Ms. Lopez submitted RMSBs on behalf of NMCE in February and July 2011 that contained inaccurate information regarding the services rendered by the MSB.
B. Violations of the Requirement to Establish and Implement an Effective Written Anti-Money Laundering Program
As of July 24, 2002, the Bank Secrecy Act and its implementing regulations require MSBs to develop, implement and maintain an effective written AML program that is reasonably designed to prevent the MSB from being used to facilitate money laundering and the financing of terrorist activities. 31 U.S.C. §§ 5318(a)(2) and 5318(h); 31 C.F.R. § 1022.210. NMCE was required to implement a written AML program that, at a minimum: (a) incorporates policies, procedures and internal controls reasonably designed to assure ongoing compliance; (b) designates an individual responsible for assuring day to day compliance with the program and Bank Secrecy Act requirements; (c) provides training for appropriate personnel including training in the detection of suspicious transactions; and (d) provides for independent review to
monitor and maintain an adequate program. 31 C.F.R. §§ 1022.210(c) and (d). NMCE failed to develop, maintain, and implement an effective written AML program that adequately addressed each of the four minimum requirements. Because Ms. Lopez was the designated compliance officer for NMCE, it was her responsibility to understand how to comply with the Bank Secrecy Act, to ensure that the program was adequate for the risks associated with the MSB’s business, to maintain the required records, and to file the required Bank Secrecy Act reports. Ms. Lopez’s failure to fulfill these responsibilities resulted in the following violations.
The MSB lacked adequate AML programs for its check cashing and money order activities as well as its currency exchange transactions. The policies, procedures and internal controls were inadequate to verify the identities of persons conducting transactions, to monitor for suspicious activities, to identify currency transactions exceeding $10,000, and to ensure that NMCE filed the required currency transaction reports (“CTRs”). The internal controls were also inadequate for creating and retaining adequate Bank Secrecy Act records related to currency exchange. As NMCE’s designated compliance officer, Ms. Lopez never conducted a Bank Secrecy Act/AML risk assessment of the MSB. NMCE’s ability to detect suspicious transactions was adversely affected because no risk assessment was conducted and “red flags” were not included in the MSB’s procedures for each type of business conducted until after May 18, 2011, when a revised AML program was implemented.
NMCE failed to designate a compliance officer suitably knowledgeable of Bank Secrecy Act regulations to assure that the MSB was in compliance with applicable requirements. During the 2011 examination by the IRS SB/SE, Ms. Lopez admitted to lacking specific knowledge of the CTR reporting requirements and the recordkeeping requirement for foreign currency transactions over $1,000. Ms. Lopez also failed to establish an effective AML program, in part, by not recognizing the potential conflicts of interest in establishing a relationship with a 5 consultant that: (1) created NMCE’s written AML program, (2) performed the only independent testing of the AML program, and (3) provided the only source of Bank Secrecy Act training for the MSB.
NMCE failed to provide adequate training and maintain records of such training for the designated compliance officer for several years. Since 2011, it has used a generic module that was provided by the consultant that also created its written AML program. The training was wholly inadequate. It was not comprehensive and was not tailored to the MSB’s specific business lines and associated risks. NMCE also failed to conduct an independent test of the MSB for more than six years. In 2012, the MSB engaged the same consultant to conduct its first independent test despite the potential conflicts of interest. In summary, NMCE and Ms. Lopez wholly failed to implement an effective AML program.
C. Violations of the Reporting and Recordkeeping Requirements
The Bank Secrecy Act imposes an obligation on MSBs to file a CTR of each deposit, withdrawal, exchange of currency, or other payment or transfer which involves a transaction in currency of more than $10,000. 31 C.F.R. § 1010.311. MSBs must report currency transactions exceeding $10,000, and must do so within 15 calendar days after the transaction occurs. 31 C.F.R. § 1010.306(a)(1). Multiple transactions must be treated as a single transaction if the financial institution has knowledge that (1) they are by or on behalf of the same person, and (2) they result in currency received (cash in) or currency disbursed (cash out) by the financial institution totaling more than $10,000 during any one business day. 31 C.F.R. § 1010.313(b).
Ms. Lopez knew or should have known that the Bank Secrecy Act required the MSB to file timely CTRs for currency received or disbursed over $10,000. Since 2010, NMCE has filed 651 CTRs totaling approximately one million dollars. All 51 CTRs were filed significantly late.
NMCE, through Ms. Lopez, also failed to file at least 149 CTRs for currency received, or currency disbursed, for exchanges of currency with other financial institutions totaling more than $10,000 from November 2007 through April 2012.2 This represents a failure to file rate of 75%. The dollar amount involved with these transactions totaled approximately $4.5 million. The Bank Secrecy Act also imposes an obligation on currency dealers or exchangers, such as NMCE, to make and retain certain records. A currency dealer or exchanger must retain a record of each exchange of currency involving transactions in excess of $1,000. 31 C.F.R. § 1022.410(b)(3). Ms. Lopez knew the recordkeeping requirements applicable to currency exchange transactions. NMCE was cited for recordkeeping violations applicable to currency
exchange transactions during a prior examination for which Ms. Lopez had previously acknowledged the requirement in writing. During a 10-month period from May 2010 to March 2011, however, NMCE failed to obtain and record required information for 50% of the transactions it conducted.
Link to the detailed FinCEN assessment: click here