The consequences of non-compliance with the local regulators’ expectations on Suspicious Activity Reports or SAR filings can be quite severe. If the failure to file SARs promptly or at all is based on ineffective company policies, procedures, and controls, the institution will face the consequences. The consequences when you fail to file required SARs are serious.
The institution faces reputational risk, regulatory risk when regulators impose special audits, fines, or other regulatory sanctions, and criminal risk when charges are pressed. Individuals face the consequences, including getting fired, fined, criminally charged, and even banned from their occupation. Individual consequences are becoming more common in and outside the US. Thus, policies should be followed to avoid personal consequences.
Consequences of Non-Compliance Case Studies
In 2015, Financial Crimes Enforcement Network or FinCEN penalized First National Community Financial institution for 1.5 million US-Dollar for failing to file suspicious activity reports, despite significant red flags. According to FinCEN, the accounts in question were controlled by Michael Conahan, a member of FNCB’s board of directors, who was also a Pennsylvania judge.
Conahan and others were convicted in a judicial corruption scheme known as the “jailing kids for cash” scandal, involving profiting from sending thousands of juveniles to detention facilities in which they had financial interests. Despite significant red flags, FNCB never filed a single SAR on these accounts until after Conahan had pled guilty.
Furthermore, in 2018, Capital One was fined $100 million for a variety of anti-money laundering violations, including failing to report suspicious activity. The prudent regulator first raised the deficiencies in a 2015 order against the financial institution, highlighting weaknesses in its risk assessment, remote deposit capture, correspondent banking processes, and failure to file SARs. In 2018, it was announced that the financial institution ‘failed to achieve timely compliance with the order,’ as required, and was therefore hit with a 100 million US-Dollar penalty.
Lastly, a case study that includes personal liability. From 2003 to 2008, Thomas Haider served as the Chief Compliance Officer for MoneyGram, a money services business specializing in money transfers. As part of his responsibilities, Mr. Haider was responsible for ensuring that MoneyGram had an effective Anti Money Laundering/Counter Terrorist Financing or AML/CTF program that included the timely reporting of suspicious actions and transactions. He was also in charge of MoneyGram’s Fraud Department. During that time, there were thousands of complaints placed by customers who reported that they were victims of “lottery” or pre-payment fraud and instructed to remit money to fraudsters via MoneyGram agents in the US and Canada.
Despite a lot of information from the victims, Mr. Haider failed to implement an appropriate AML program, conduct effective audits, or terminate known high-risk agents. The failure to investigate resulted in the failure to file SARs. The consequences for the Chief Commercial Officer or CCO were severe. FinCEN fined him one million US dollars in a civil penalty, and he lost his job at MoneyGram. FinCEN also sought to bar Mr. Haider from working in the financial services industry. FinCEN said it pursued the case against Haider and sought to hold him personally liable for sending a message to the industry.
Every year, organizations all over the world lose billions of dollars due to noncompliance with regulatory standards. This will only increase as data laws and regulations tighten. However, the losses do not stop with fines and penalties. Non-compliant businesses are also at risk of security breaches, lost productivity, reputational damage, and other consequences.
The cost of noncompliance is estimated to be more than three times that of compliance. In fact, businesses lose an average of $4 million due to a single noncompliance event. Given the consequences of non-compliance, it is advisable to take it seriously and implement the necessary measures.