Bank Secrecy Act Compliance
To combat money laundering in the U.S., Congress enacted a series of laws, collectively referred to as the Bank Secrecy Act (BSA). The BSA required financial institutions, including money services businesses, to report suspicious activities to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). Under the BSA, the Postal Service is defined as a money services business and is required to report suspicious activity involving money order sales transactions or patterns of transactions. The Postal Service must also provide BSA Anti-Money Laundering training to all employees responsible for or overseeing the sale of financial instruments such as money orders.
When a Postal Service sales and services associate is suspicious of a money order transaction, they must document the potential suspicious activity on an internal form for potential inclusion in a Suspicious Activity Report (SAR) filing to FinCEN. This information enables law enforcement to support major investigations of money laundering, terrorist financing, and other criminal cases. When automated reporting is not available or supplemental information is needed, suspicious activities are filed using manual reports.
Between October 1, 2019, through March 31, 2020, sales and services associates submitted 57,174 suspicious activity forms for potentially suspicious activity to the Postal Service’s BSA Compliance Office (Compliance Office), of which 52,026 were automated and 5,148 were manual. The Compliance Office included information from 54,559 of these forms in SAR filings to FinCEN. The remaining 2,615 did not meet Compliance Office SAR requirements because they either did not have money order serial numbers or did not have a valid reason for the suspicious activity.
Our objectives were to determine whether the Postal Service properly reviews and reports suspicious activity information, and to evaluate contractor compliance and Postal Service oversight of its BSA training contract.
The Compliance Office properly reviewed suspicious activity information using a three-tier review process to determine money order eligibility for suspicious activity reporting. However, they did not always appropriately report suspicious activity information to FinCEN. In addition, the BSA training contractor did not obtain a required security clearance and the Postal Service did not ensure the accuracy of employees exempt from internal training goals.
We statistically selected and reviewed 200 of the 5,148 manually processed suspicious transaction forms and 207 of the 52,026 automated suspicious transaction forms. We found 69 (35 percent) of the manual forms and 53 (26 percent) of the automated forms were either incomplete or inaccurately reported as suspicious. Given these exception rates, we estimate 1,802 of the 5,148 (35 percent) manually processed forms and 13,527 of the 52,026 (26 percent) automated forms contained exceptions.
These issues occurred because the BSA database was not designed with mechanisms in place to appropriately address these situations. The Compliance Office stated they will address them as part of an ongoing project scheduled for completion by December 31, 2021.
We also noted the Postal Service has an opportunity to increase the effectiveness of suspicious activity reporting. Specifically, the Compliance Office did not always account for all money orders listed on suspicious transaction forms in its combined SAR.
Further, the Postal Service, did not always notify retail offices when Compliance Office personnel discovered errors in the BSA reporting process at retail units.
Regarding the BSA contract, we found one BSA contractor did not acquire and maintain a Postal Service sensitive security clearance as required by the contract, even though the contractor had access to Postal Service information regarding customer identification and suspicious transaction analysis.
Further, the Compliance Office informed us they are committed to a goal of 100 percent annual training completion although annual training is not required by the BSA. However, the Compliance Office did not confirm the accuracy of 71 employees categorized as exempt from completing the mandatory training After we advised them of the issue, the Compliance Office researched these employees and found 34 should have completed the training. As a result of this commitment to achieve Postal Service training goals, the Compliance Office developed a new oversight process to monitor and track employee training status. Because of the corrective action taken, we are not making a recommendation.
Care given to include complete and accurate information provides law enforcement with important details about the subject or the transaction and could increase the chances of identifying individuals trying to launder money or commit other fraudulent activity schemes.
We recommended management:
- Revise the BSA database to report all available information from suspicious transaction reports in SARs filed and exclude information deemed not suspicious.
- Enhance policies and procedures for suspicious activity reporting, to include any revisions to BSA database requirements or the suspicious transaction report.
- Modify and document the process for filing combined suspicious activity reports.
- Revise the procedures to resolve the conflict for sending notification of errors to retail offices.
- Obtain and maintain sensitive security clearances for all contract personnel.