4 minutes
Technology helps with—but doesn't perfect—CUs' BSA compliance processes.
This is bonus coverage from “When Good Cards Go Bad” in the August 2017 issue of Credit Union Management magazine.
A challenging area where credit union managers have to deal with false positives is in compliance with the federal Office of Foreign Assets Control and Bank Secrecy Act regulations. This means running a CU’s list of persons, transactions and accounts against periodically issued government lists of potential bad guys or suspicious transactions and then investigating hits that almost always turn out to be false alarms.
“You have to review every account, every member, every co-signer or joint owner against the government’s ‘bad boys list’ and prove that every hit is not a case of money laundering or dealings with a suspected terrorist or drug dealer,” explains CUES member Paul Meissner, CFO/SVP/finance at $765 million Credit Union of America, Wichita, Kan. “You get a lot of hits, and it’s a big waste of time because the commercial systems credit unions can buy to do the screening often use stupid logic.”
For example, Bin Laden was an appropriate name to screen for, but if someone connected to the CU lived on a street named Bin Laden Ave., that would trigger a hit. The system doesn’t discriminate between a person’s name and a street name, he points out.
“Heaven help you if you have a connection to … a drug dealer anywhere in the world … , you’ll have a lot of hits to resolve,” he says. “We had a member with a post office box address here in Kansas. Somewhere in the Middle East, a person [the government was] watching had that same P.O. box number. That was kicked out as a potential hit.”
Financial institutions can choose from an array of commercial products that run the CU’s data against the government’s lists and report hits. CU of America is on its fourth attempt to find a satisfactory solution. “We recently went with a system built for banks, Bankers Toolbox BAM. So far it looks like an improvement,” he says.
$3.3 billion Virginia Credit Union, Richmond, Va., has been using Bankers Toolbox software for 10 years to screen for OFAC and sanctions compliance. BSA/OFAC Officer Chris Gumm reports that it successfully automates the process. The result is a list of hits that are almost certainly false positives but have to be investigated and cleared by CU staff, which is manual and burdensome. “It ties up resources, and it means that we have to block some transactions that are legitimate if we can’t comfortably refute the match,” Gumm says.
Proving that your innocent person is not the government’s suspicious person can be fairly easy or quite difficult, Meissner reports. “We have the birthdate for our member, but the government list might not include a birthdate,” he says. It is possible to create a “white list” of people you’ve previously investigated and cleared so that you don’t have to clear them again, he says. That’s important because financial institutions have to run the lists monthly, as the government keeps changing their lists to add or remove names, he explains.
Sometimes a CU employee has needed to use Google to get vital details on the bad guy to confirm there’s no match. “We had a person with the same last name as a political leader in Cuba,” Meissner recalls. “We were searching Google for the age and middle name of the Cuban leader. It took us half an hour to confirm they were different people.”
Every one of thousands has been false so far, Meissner reports. “We’ve never encountered a valid hit,” he says. There was a time when the CU was unable to confirm a no-match, and Meissner had to call the Financial Crimes Enforcement Network for help. He got a recording telling him to leave a message and to not call back and repeat his message. By the end of the day, he still had not heard from FinCEN.
“We were holding up a wire because one party in the chain could not be cleared, so I did call again and got a person,” recalls Meissner. “He told me to put the wire through, but he was impatient, made me feel like I was interrupting him.”
The problem is not temporary or fixable, suggests Grant Garber, Virginia CU’s fraud risk and BSA manager. “It’s a necessary evil that may get simpler or more complex, depending on what happens in the political world,” he observes. “We continually try to make the process more efficient, but it’s not likely that we will see a dramatic breakthrough.”
Richard H. Gamble is a freelance writer based in Colorado.
