By Andre Herrera and John Vardaman
The regulatory expectations surrounding the banking of money
service businesses (MSBs) are a frequent source of confusion for financial
institutions. Many financial
institutions are surprised to receive deficiencies and matters requiring
attention in examinations even though they believe they have followed the
regulatory guidance. This article will
discuss common areas that become problems for banks involved with MSBs.
Let us first begin by defining what is an MSB and discussing
who regulates them. MSBs are defined
generally as: currency dealers, check cashiers, issuers and redeemers of
traveler’s checks, money orders, stored value, money transmitters, and the US
Postal Service. MSBs are regulated by
the Internal Revenue Service, and with just a few exceptions, all MSBs must
register with the Department of the Treasury. In addition to the IRS, most states have Money
Transmitter requirements regulated by their DFI’s (or equivalent) that certain
types of MSBs are subject to follow.
The FFIEC guidance regarding MSBs clearly states that the Bank
Secrecy Act (BSA) does not require, and neither FinCEN nor the federal banking
agencies expect, banks to serve as the de facto regulator of their MSB
customers. The guidance further states
“While banks are expected to manage risk associated with all accounts,
including MSB accounts, banks will not be held responsible for the MSB’s
BSA/AML program.” It is the expectation
that the risk assessment of a particular MSB will determine the level of due
diligence required. In a low risk
environment, “a bank is not routinely expected to perform further due diligence
beyond the minimum due diligence expectations.”
Additionally, “unless indicated by the risk assessment of the MSB, banks
are not expected to routinely review an MSB’s BSA/AML program.” The initial due diligence expectations are
clearly stated by the FFIEC and corresponding Financial Institution Letters are
straightforward.
Many institutions take the written guidance at face value. They perform a risk assessment, obtain and
review the due diligence information commensurate with the risk of the MSB, board
the merchant, and enjoy the deposits and revenue associated with the banking of
MSB accounts believing that they are not responsible for the MSB’s BSA/AML
program. This sounds too good to be
true, and unfortunately does not hold up well in reality. In the real world, banks are often cited for
problems in their MSB programs. In more
extreme circumstances involving multiple violations of consent orders, significant
Civil Money Penalties have been levied. Just this past month, a California financial
institution was fined $7 million for failure to adequately monitor the activity
of their MSB customers.
So the question becomes:
how do you reconcile the written regulatory guidance with the real life experience
of banking MSBs? The key to this answer
rests in the fact that financial institutions are responsible for managing the
risks associated with all accounts. In
order to accurately determine the risks of a particular account, you must on an
ongoing basis be performing continual risk assessment. A financial institution must have
transparency and insight into the activities of its customers to determine if
the risk profile of their MSB customer has changed. There are a number of factors that impact the
analysis of an MSB customer after boarding:
have their transaction volumes, products offered, locations or markets
changed; have there been changes in management or beneficial ownership; has the
MSB made changes in their BSA/AML policies and procedures; have there been
significant changes in the types or volume of CTR’s and SAR’s being filed; have
their transactional risk indicators changed?
Only by continuously asking these questions can banks ensure that they
have the appropriate checks in place to account for the risk profile of their
MSB customers.
In discussion with a number of third-party bank auditors as
well as banks servicing MSB clients, the problem areas seem to be across the
board: from poor and missing documentation, insufficient baseline and
transactional analysis, inability to monitor reputational risk, deficiencies in
determining unusual activity and AML, to inconsistency in obtaining information
necessary to perform proper risk analysis.
One common theme is that virtually all institutions with these
deficiency characteristics rely upon manual processes to monitor their MSB
customers. The traditional concept of
adding FTE’s as the solution to the problem yields poor results. Examiners today increasingly expect automation,
as technology is recognized as the key to banking MSBs in a responsible,
sustainable, and profitable manner.
Our MSB clients receive numerous data points from a number
of third-parties. These sources go well
beyond a core API or extract, and can include wire files, ACH files, ATM
records, cardholder and merchant transactional files, and image cash letters
just to name a few. These files also
arrive in differing formats. Utilizing
new tools and solutions developed specifically for cash intensive and money
service businesses are critical in the successful banking of these
industries. It is these advanced
technologies that enable you to parse and analyze volumes of data that
otherwise go either unnoticed or spot checked at best. They also assist with documentation and the
other common areas of deficiency. Technology
is the great equalizer that permits institutions of all sizes to participate in
industries that were previously limited to only the largest of banks. Leverage these solutions to help your
institution in the successful banking of MSBs.
Andre Herrera is EVP of Banking & Compliance, Hypur; John Vardaman is EVP & general counsel, Hypur (formerly
with the Department of Justice). If you have any questions, please email aherrera@hypur.com or jvardaman@hypur.com.