Credit unions are embracing shared branching like never before, but one of the hidden risks is how shared branching can complicate compliance with the Bank Secrecy Act, according to one compliance expert.
Mary-Lou Heighes, president of Lakewood, Calif.-based credit union consultancy Compliance Plus, told attendees of the recent Financial Service Centers Cooperative (FSCC) annual meeting here risk assessment and monitoring of suspicious activities are important. However, she added, knowing and watching all members is not easy.
"The problem with shared branching is, a credit union CEO must monitor 2,200 branches," said Heighes, a CUNA-certified credit union compliance expert.
Heighes defined money laundering as taking money derived illegally, such as by smuggling, prostitution and illegal gambling, and placing it into the banking system. Or, it could be money derived legally, but the owner wants to hide the total amount from the IRS.
"'Layering' is when people take cash and convert it to other financial instruments to obscure the source," she explained. "Even loans are involved in layering; people make large cash payments of loans. We have to make sure every credit union has a program in place to monitor and report suspicious activity."
Knowing What's 'Normal'
Management at most CUs does not believe their members are participating in money laundering and questions why they must comply with a sometimes arduous process, noted Heighes. For example, credit unions are required to create a currency transaction report (CTR) for deposit or withdrawal of $10,000 in cash-even if the transaction is made in smaller increments at shared branching locations over a weekend.
In addition, CUs must track certain monetary instruments and must report unusual purchases or deposits, such as multiple cashier's checks purchased with cash or several made payable to the same person.
"Knowing what is 'normal' for a member is part of the process," Heighes said.
Each credit union is responsible for monitoring risk, and must assess the risk associated with each business line and transactional activity, she said. This means CUs must have adequate policies and procedures to detect suspicious activities, and a person designated to monitor.
In the case of shared branching, the branch where the transaction takes place is responsible for reporting, filing and documenting the sale of monetary instruments, not the member's CU. Records should include name and date of purchase, Social Security number, date of birth, type of instrument, dollar amount, serial number and verification of identity. The information must be held by the outlet that sold the instruments for five years, Heighes said.
For currency transaction reports, the outlet owner prepares the report and sends it to the IRS. A copy is sent to the member's CU.
A suspicious activity report (SAR) can be triggered by a number of events, including loan fraud, bribery, embezzlement or mysterious disappearance. Heighes said events more likely to occur in shared branching include: counterfeit checks, counterfeit credit or debit cards, counterfeit monetary instruments, wire transfer fraud, identity theft and terrorist financing.
A SAR must be filed within 30 calendar days of the suspicious activity. The outlet owner that detected the activity must complete and file the SAR, but no copy is sent to the member's CU unless both credit unions are participating in 314(b) information sharing under the Patriot Act.
"People think money laundering doesn't happen at credit unions. Yes, it does," she declared. "Even at church credit unions, government credit unions and school credit unions. Religious organizations often are used as fronts for terrorist financing."
