• Mon. Oct 3rd, 2022

ACFCS Exclusive Contributor Report: Lack of System Tuning, Human Training Leads to Cascading Low Ratings, Unsustainable System Alert Backlogs, Missed Deadlines in $140M USAA AML Penalty – CFCS

ByJanice K. Merrill

Mar 29, 2022

Failure to File Suspicious Activity Reports: Where There’s a Will, There’s a Way

One of the major failings in the USAA FSB case resulting from shortcomings in the AML program was the deliberate failure to file SARs in a timely and accurate manner – at least 3,873 of those SARs.

FinCEN Consent ordered provides examples of activity involving four clients, where deliberate failures to file SARs occurred:

‘Client A’ – The Colombian crypto connection:

  • A Texas doctor, annual income of $250,000 to $500,000 – approximate net worth between $500,000 and $1 million
  • With multiple accounts at USAA FSB
  • Accounts for personal and household expenses
  • Expected monthly transactions were to include cash withdrawals greater than $5,000 and five to ten in/outs “based on digital applications” transactions between $1,000 and $5,000 each

Between October 2020 and March 2021, an account received 76 transfers from a virtual currency exchange of nearly $1.5 million – the expected activity or purpose reported by the accounts.

For the same period, more than 2,800 cash withdrawals were made for a total of $1.6 million at ATMs located in Colombia.

The customer had even contacted the bank at the time on several occasions to increase the daily limits for cash withdrawals from ATMs.

In discussions with bank staff, the customer was “residing temporarily but indefinitely in Colombia” and that cash withdrawals were made to buy and sell virtual currency, with cash being listed as the preferred method to get the best price for virtual currency purchases, hence the withdrawals.

The client’s account transacted $3.3 million in the six months from October 2002 to March 2021, which was neither expected nor consistent with the known pattern of clients.

Many people reading this article may believe that the activity did not match the customer profile and expected activity and appears suspicious, but initial review of the activity resulted in no escalation or SAR filed by the bank.

The following month, in April 2021, the bank would have learned, although it is not specified how, for example via the evaluation of the files by FinCEN or the OCC or by being notified by a law enforcement investigation. order, and it was at this stage that a reassessment of the activity favored the final filing of a SAR and the breakdown of the customer relationship.

Even for junior AML agents or risk rating teams, this account should have been high risk at the start of the relationship.

Texas shares a border with Mexico, which is plagued by violent and growing drug cartel activity. A customer carrying out heavy transaction activity with a virtual currency exchange is also high risk, which means that this person is not just an occasional trader.

It could be a fraudster involved in a cryptocurrency scheme, a scammer involved in ransomware attacks, or a money launderer trying to cover the trail of money from the sale of drugs or other activities.

Quickly depositing and withdrawing money from an ATM is also a high-risk activity – and doing it in Colombia, well, is the icing on the cake of a very high-risk cake.

‘Client B’ – The (Performance) Art of Money Laundering:

  • 22-year-old individual living in Los AngelesCalifornia
  • Held checking account and credit cards with USAA FSB for four years
  • Told the bank she had a performance art company” that had a minimal virtual footprint
  • Said his annual income was between $50,000 and $100,000 and the account was for personal and household expenses

Following a transaction monitoring alert on the client’s account for potential suspicious activity, it was closed without a thorough review of the clients source of income and without examining the counterparties involved.

The activity in question had a number of red flags, one of which was to receivept of “…payments for what may have been illegal international prostitution/escort businesses.”

Activity analysis revealed high-value wire transfers from an individual overseas, to which the customer appeared to have no known connection.

Other activities included high-value and unexplained international travel, inbound and outbound transfers to accounts linked to online businesses, where public information online showed allegations of misconduct.

Three wire transfers received in one month came for an overseas individual totaling $44,500 with references such as “art purchases”, although the client had no known or legitimate connection to the art industry. art.

The foreign individual in question also turned out to be linked to an offshore company named in the Panama Papers.

While in this particular case the details of the artistic element are not elaborated, press reports at the time of the Panama Papers leak referred to “the art”.[1] on more than one occasion[2].

From May 2019 to June 2020, it was revealed that the client had been connected to approximately $125,000 worth of suspicious activity – yet the USAA FSB did not report the suspicious activity to FinCEN until July 2020 – approximately one months later.

This is another case that showed a breakdown in understanding the red flags of certain suspected illegal activities and carrying out basic and more elaborate investigations, including going beyond bank details to triangulate account activity with OSINT and social media information.

For example, even before the Panama Papers connection, AML Bank investigators, if they suspected illegal escort activity, could have conducted name and reverse image searches on known online escort sites. to see if they had found the client.

They could then have looked at the list to see if the escort said things like, “I’ll be in xxx country in xxx months, so come see me.”

Similarly, the bank could check transactions on social media like Instagram or cam sites like OnlyFans to see if the customer was making suggestive comments or, again, noting trips to certain parts of the world where rich men are. known to engage in more vice than virtue.

‘Client C’ and ‘Client D’ – Check fraud is as easy as taking candy from a baby

For a period of about fifteen months, from March 2019 to June 2020, two customers of the bank were able to carry out check fraud schemes without the bank reporting the activity to FinCEN.

The two clients held two checking accounts with the bank, into which they deposited 3,457 checks – neither of which was the payee.

These checks were deposited using RDC (or Remote Deposit Capture, as mentioned above) through the bank’s mobile app, with payees named as a number of baby formula or baby products companies. babies.

In fact, it was expressly stated on the checks “…they were intended to be self-refundable coupons for point-of-sale purchases, to be redeemed only by manufacturers of infant formula or baby products.”

The amounts were small values ​​of $3 to $17 per check, deposited cyclically and out of profile for Client C, who was registered as a self-employed construction worker.

Although checks were used to “miscellaneous purchases, including consumer spending, groceries and bill payments”, something that may not have been detected as suspicious activity at first glance, the bank did not detect that the checks were made payable to manufacturers of infant formula or baby products only, at the instead of being authorized to be paid to both customers.

This allowed the two individuals to open and abuse the RDC functionality on the mobile app for over a year.

The lesson here: DRC has long been the target of scams big and small.

Even if the values ​​of the checks are low, if they come in quick succession and involve something that is not historically profitable – self-paying cash-back coupons for baby formula – someone somewhere in the bank needs to ask the basic question : what is it and does it make sense?

If this is such a well-known money maker, how many other customers are cashing checks for self-redeeming baby food coupons? Is this a common thing?

A simple Internet search of these terms reveals that while many sites offer coupons for baby food, infant formula, and diapers and tips for getting gifts for expectant mothers, few, if any, offer coupons for baby food, infant formula, and diapers. step-by-step instructions for going in the opposite direction – and turning purchases into cash. which can somehow be deposited with checks into bank accounts.

As in the case of a baby with a dirty diaper, this one does not pass the little test.