FinCEN Penalizes Puerto Rican Bank For BSA Violations In First Enforcement Action Involving The “Gap Rule” – White Collar Crime, Anti-Corruption & Fraud

On September 15, 2023, the U.S. Department of the Treasury’s
Financial Crimes Enforcement Network (“FinCEN”) announced
a $15 million civil money penalty against a Puerto Rican
International Banking Entity (“IBE”), Bancrédito
International Bank and Trust Corporation
(“Bancrédito” or “the Bank”). The public
consent order details the Bank’s multiple violations of the
Bank Secrecy Act (“BSA”), which occurred between October
2015 and May 2022.¹
The penalty assessed against Bancrédito marks FinCEN’s
first enforcement action against a Puerto Rican IBE, also known as
a “gap institution” due to such entities lacking a
federal functional regulator. This is also FinCEN’s first
enforcement action involving a violation of a 2020 rule requiring
gap institutions to have in place anti-money laundering programs by
March 2021.

Prior to March 15, 2021, certain financial institutions
(“gap institutions”) were exempt from the BSA’s
anti-money laundering (“AML”) program requirement.² While these gap
institutions did not have AML program obligations, they were
required to comply with certain other BSA obligations, such as
suspicious activity reporting requirements. The 2016 U.S. Mutual
Evaluation conducted by the Financial Action Task Force determined
gap institutions to be a weakness in the U.S. AML regulatory
regime, a finding which effectively catalyzed a final rulemaking by
FinCEN that required such institutions to have in place AML
programs (the “Gap Rule”). Bancrédito’s
violations included willful failures to: (1) report suspicious
transactions; (2) implement a due diligence program for
correspondent accounts established, maintained, administered, or
managed in the United States for foreign financial institutions;
and (3) implement and maintain an adequate and effective AML
program.

Suspicious Activity Reporting Violations

The BSA requires all banks to file suspicious activity reports
(“SARs”) for suspicious or potentially suspicious
transactions involving at least $5,000 USD. This requirement
inherently necessitates the development and implementation of an
effective transaction monitoring and detection process. According
to FinCEN, Bancrédito did not file any SARs prior to 2016,
despite being notified of SAR-related deficiencies by its primary
regulator, the Puerto Rico Office of the Commissioner of Financial
Institutions (“OCIF”) in 2015. Further, following a 2019
OCIF examination that identified failures by the Bank to report 300
suspicious transactions to FinCEN, the Bank only acquiesced to
back-filing SARs on 182 suspicious transactions and, moreover,
stated in the SAR narratives why it disagreed with OCIF
examiners’ determination that the transactions were suspicious
in nature. FinCEN determined that the language the Bank included in
these SARs undermined “the value and integrity of suspicious
activity reporting and creates potential confusion for law
enforcement.” A lookback review by an independent consultant
reinforced OCIF’s findings with respect to the 300 suspicious
transactions. These recurring SAR failures took place despite the
fact that Bancrédito frequently served high-risk customers,
including Venezuelan nationals. Furthermore, FinCEN independently
identified hundreds of millions of dollars in suspicious
transactions on which it determined Bancrédito failed to
file timely SARs.

Correspondent Account Due Diligence Violations

In addition to filing SARs, banks must establish a due diligence
program for foreign correspondent accounts. According to OCIF,
while Bancrédito established an adequate foreign
correspondent due diligence program in 2016, the program had
declined substantially by the 2019 examination. The 2019
examination identified several violations, including but not
limited to: failure to collect from correspondent banks information
critical to assessing the reasonable or suspicious nature of
transactions; failure by compliance personnel to examine invoices
related to high-risk correspondent transactions; and failure to
compare high-risk transactions with anticipated transaction volumes
and account balances in order to properly analyze and determine
whether such transactions were reasonable given the scope of
business purposes and activities for the correspondent bank or
counterparties. Consequently, these due diligence deficiencies
resulted in failures by Bancrédito to ascertain the true
nature of large international wire transfers and, thus, report
suspicious activity as required.

AML Program Violations

Finally, FinCEN’s 2020 “Gap Rule”³, which went into effect on March 15,
2021, requires all gap institutions, including IBEs, to implement
all five “pillars” of an AML program⁴. Although not a legal requirement at
the time, Bancrédito committed to developing and
implementing an AML program following the 2015 OCIF examination.
FinCEN’s consent order maintains that the Bank did not follow
through on its commitment, despite subsequent regulatory
examinations underscoring this failure and the promulgation of the
Gap Rule. Ultimately, FinCEN found that Bancrédito had ample
notice and opportunity to develop and implement an AML program by
the time the requirement came into effect but failed to do so.

Enforcement

After weighing the severity, frequency, and history of the
violations, FinCEN determined that a $15 million fine and license
surrender were appropriate penalties for the Bank. FinCEN further
required the Bank to preserve all business records for a period of
five years. Notably, according to a Puerto Rican publication, the
Bancrédito Holding Corporation threatened legal action over
FinCEN’s enforcement action, calling it a “shoot first,
aim later decision,” criticizing FinCEN’s investigatory
process as inadequate and describing the penalty amount as
“excessive and unprecedented.”⁵

Footnotes

1. U.S. Dep’t of
the Treasury, Fin. Crimes Enforcement Network, In the Matter of:
Bancrédito International Bank and Trust Corporation
(September 15, 2023),
https://www.fincen.gov/sites/default/files/shared/Bancredito_Consent_FINAL_091523_508C.pdf.

2. 31 U.S.C. §
5318(h).

3. Customer
Identification Programs, Anti-Money Laundering Programs, and
Beneficial Ownership Requirements for Banks Lacking a Federal
Functional Regulator, 85 Fed. Reg. 57129 (Sept. 15,
2020).

4. 31 C.F.R. §
1020.210(b) (2020).

5.
Bancrédito Holding Corporation threatens legal action
amid million-dollar fine imposed by FinCEN, The News Journal
(Sept. 16, 2023),
https://www.theweeklyjournal.com/top-stories/bancr-dito-holding-corporation-threatens-legal-action-amid-million-dollar-fine-imposed-by-fincen/article_2fe0a1d4-54ad-11ee-af8f-4b1fb24040b3.html.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.