Originally published in Florida Bankers Association’s newsletter.
The regulatory expectations surrounding the banking of money service businesses (MSBs) are a frequent source of confusion for financial institutions. Many financial institutions are surprised to receive deficiencies and matters requiring attention in examinations even though they believe they have followed the regulatory guidance. This article will discuss common areas that become problems for banks involved with MSBs.
Let us first begin by defining what is an MSB and discussing who regulates them. MSBs are defined generally as: currency dealers, check cashiers, issuers and redeemers of traveler’s checks, money orders, stored value, money transmitters, and the US Postal Service. MSBs are regulated by the Internal Revenue Service, and with just a few exceptions, all MSBs must register with the Department of the Treasury. In addition to the IRS, most states have Money Transmitter requirements regulated by their DFI’s (or equivalent) that certain types of MSBs are subject to follow.
The FFIEC guidance regarding MSBs clearly states that the Bank Secrecy Act (BSA) does not require, and neither FinCEN nor the federal banking agencies expect, banks to serve as the de facto regulator of their MSB customers. The guidance further states “While banks are expected to manage risk associated with all accounts, including MSB accounts, banks will not be held responsible for the MSB’s BSA/AML program.” It is the expectation that the risk assessment of a particular MSB will determine the level of due diligence required. In a low risk environment, “a bank is not routinely expected to perform further due diligence beyond the minimum due diligence expectations.” Additionally, “unless indicated by the risk assessment of the MSB, banks are not expected to routinely review an MSB’s BSA/AML program.” The initial due diligence expectations are clearly stated by the FFIEC and corresponding Financial Institution Letters are straightforward.
Many institutions take the written guidance at face value. They perform a risk assessment, obtain and review the due diligence information commensurate with the risk of the MSB, board the merchant, and enjoy the deposits and revenue associated with the banking of MSB accounts believing that they are not responsible for the MSB’s BSA/AML program. This sounds too good to be true, and unfortunately does not hold up well in reality. In the real world, banks are often cited for problems in their MSB programs. In more extreme circumstances involving multiple violations of consent orders, significant Civil Money Penalties have been levied. Just this past month, a California financial institution was fined $7 million for failure to adequately monitor the activity of their MSB customers.
So the question becomes: how do you reconcile the written regulatory guidance with the real life experience of banking MSBs? The key to this answer rests in the fact that financial institutions are responsible for managing the risks associated with all accounts. In order to accurately determine the risks of a particular account, you must on an ongoing basis be performing continual risk assessment. A financial institution must have transparency and insight into the activities of its customers to determine if the risk profile of their MSB customer has changed. There are a number of factors that impact the analysis of an MSB customer after boarding: have their transaction volumes, products offered, locations or markets changed; have there been changes in management or beneficial ownership; has the MSB made changes in their BSA/AML policies and procedures; have there been significant changes in the types or volume of CTR’s and SAR’s being filed; have their transactional risk indicators changed? Only by continuously asking these questions can banks ensure that they have the appropriate checks in place to account for the risk profile of their MSB customers.
In discussion with a number of third-party bank auditors as well as banks servicing MSB clients, the problem areas seem to be across the board: from poor and missing documentation, insufficient baseline and transactional analysis, inability to monitor reputational risk, deficiencies in determining unusual activity and AML, to inconsistency in obtaining information necessary to perform proper risk analysis. One common theme is that virtually all institutions with these deficiency characteristics rely upon manual processes to monitor their MSB customers. The traditional concept of adding FTE’s as the solution to the problem yields poor results. Examiners today increasingly expect automation, as technology is recognized as the key to banking MSBs in a responsible, sustainable, and profitable manner.
Our MSB clients receive numerous data points from a number of third-parties. These sources go well beyond a core API or extract, and can include wire files, ACH files, ATM records, cardholder and merchant transactional files, and image cash letters just to name a few. These files also arrive in differing formats. Utilizing new tools and solutions developed specifically for cash intensive and money service businesses are critical in the successful banking of these industries. It is these advanced technologies that enable you to parse and analyze volumes of data that otherwise go either unnoticed or spot checked at best. They also assist with documentation and the other common areas of deficiency. Technology is the great equalizer that permits institutions of all sizes to participate in industries that were previously limited to only the largest of banks. Leverage these solutions to help your institution in the successful banking of MSBs.
Andre Herrera is EVP of Banking & Compliance, Hypur; John Vardaman is EVP & general counsel, Hypur (formerly with the Department of Justice). If you have any questions, please email email@example.com or firstname.lastname@example.org.