The FDIC has hit CBW Bank, a $90 million-assets institution in Weir, Kansas, with a $20,448,000 civil money penalty and an order of charges for inadequately monitoring transactions for signs of money laundering.
The bank is contesting the charges. It filed a complaint in a federal court in the district of Kansas last month to dismiss the FDIC action, according to Allen Denson, partner at Morgan Lewis, who is of counsel to CBW. It has also requested a hearing before the agency.
CBW was one of the first banks to offer banking as a service to fintechs. Today, according to the FDIC, it provides basic banking services to local residents of Weir, but it also operates a multibillion-dollar international money transfer business and generates the bulk of its earnings from fee-based correspondent banking services for foreign financial institutions.
During the FDIC review period (December 2018 through August 2020), CBW provided international banking services for more than 30 foreign financial institutions, six money services businesses and financial services businesses in Central and South America, Europe, Africa and the Middle East.
But the bank failed to provide Bank Secrecy Act controls, it didn't independently test its anti-money-laundering system, it didn't have an adequately trained and empowered BSA offer and it did not expend the resources necessary to comply with anti-money-laundering and combating the financing of terrorism rules, the regulator said in the notice it published Friday.
For instance, according to the FDIC, CBW offered dollar repatriation services to foreign banks, including millions of dollars in bulk cash shipments from Mexico for five Mexico chartered banks and a money services business.
"Bulk cash shipments from Mexico are a major concern for U.S. law enforcement because they are often associated with money laundering in connection with drug trafficking activities," the FDIC wrote in its notice.
To monitor these transactions, CBW used homegrown software called Context Engine. But the reports generated by the software were inadequate and failed to provide much-needed red flags, according to the FDIC.
TD Bank Group's money-laundering-related crimes have sparked questions of how banks should be penalized for moving dirty money. CFPB Director Rohit Chopra said the FDIC should do more.
Context Engine's bulk cash shipment reports "did not contain any analysis of where the funds deposited were wired to or from, or the identity of wire counterparties to identify potentially suspicious patterns or activities," the regulator said in its notice. The bank did not file any suspicious activity reports on any of these bulk cash shipments, the FDIC said.
CBW also provided correspondent wire services to foreign banks in high-risk jurisdictions such as Lebanon, Brazil and Cyprus, according to the FDIC notice, yet its AML software, a program called Context Engine, did not detect any suspicious transactions in this activity.
One customer used account numbers for five originators and one beneficiary to process more than 5,000 wire transactions for hundreds of different entities totaling $400 million over an eight-month period and used concentration accounts to transmit those wires on behalf of international money transmitters and foreign exchange companies to countries in South America, according to the FDIC, but none of this activity was flagged.
"The FDIC continuously pointed out that their Context Engine had missed the forest for the trees," said Sarah Beth Felix, CEO at Palmera Consulting and co-founder and chief AML officer at Acceleron Bank, a de novo in Vermont. "Basic monitoring of remote deposit capture activity, wire activity and foreign correspondent banking activity were all not programmed into this Context Engine. Typologies that we have all known about for years were not incorporated into the system."
Even when the software did flag that something seemed off, the four analysts tasked with reviewing the thousands of suspect daily wires "did not know what they were looking for," Felix said.
CBW's AML officers did not have the experience necessary for the job, according to the FDIC. One told examiners he had no prior banking or AML experience, and that he relied on the vice president of correspondent banking, who was responsible for managing customer relationships, to understand CBW's business lines. He told the FDIC he was "as concerned with losing a customer as he was with identifying and reporting suspicious activity."
Because they did not have the right people in the AML department, "they did not know what they were missing" from the Context Engine reports, Felix said. "And they weren't curious enough to find out if they were missing anything – curiosity is a needed trait in anti-money laundering."
The AML staff reported to the bank's cashier, rather than the BSA officer, according to the FDIC. And the BSA officer did not have the authority to file SARs, he had to go through a committee that often relied on the vice president of correspondent banking's explanations for why a transaction did not require a SAR.
