RPA in BSA/AML for Credit Unions - How do we keep FinCEN happy and not get fined trying?

Chances are, if you’re reading this you know what BSA/AML means, but for those who don’t, here’s the TLDR;

BSA stands for Bank Secrecy Act, which is a piece of legislation approved in 1970 that lays down the framework to prevent fraudulent activity and money laundering for Financial Institutions based in the US. AML stands for Anti Money Laundering; which is pretty self explanatory.

In the US the agency in charge of prosecuting possible violations to this legislation is FinCEN (Financial Crimes Enforcement Network), and specifically for Credit Unions, this agency is aided by the NCUA (National Credit Union Administration).

These last two have a series of procedures and regulations one must follow in order to stay compliant (and you’ll want to stay compliant, as penalties for not doing so go up to $500,000 USD, see Bethex’s example). I won’t go into detail, but a really good resource is this open letter the NCUA published in 2005 with FAQs regarding BSA compliance.

So, now that we established what BSA/AML is, what is RPA? RPA stands for Robotic Process Automation, and it’s a technology that enables automation through the emulation of human activity in the computer. Think of Excel Macros, but instead of just working in Excel it works in any application that runs on the computer. If you’re still unclear, I’d recommend checking this article where we explain a little more in depth.

Great! So where can we use RPA in BSA/AML processes?

Glad you asked, we’ve actually compiled a list of use cases that come from our experience working closely with financial institutions, here’s 5 examples:

Comparing the 314a list vs your member database

The FinCEN publishes a list, usually biweekly, in its secure website; this list must be cross-referenced with your member list to make sure you freeze/block any transactions coming from a possible match.

This is a great use case for RPA, you can have a bot do all this, plus create a report, send it over to FinCEN, cc’ your compliance officer and create a log in your dedicated AML system, all in one blow, and this would be considered low hanging fruit by any respectable RPA implementor.

Creating CTR and SAR reports

CTRs (Currency transaction Records) and SARs (Suspicious Activity Reports) are at the top of the reporting lists when it comes to compliance with BSA. Both are forms that require information gathering from various sources in order to create a complete case. RPA is perfectly suited to take a member ID, collect all available info (and even public information) about a subject, put it together and file it automatically.

CIP (Customer Identification Program) verification and screening

Documented or undocumented verification of customer data are very common use cases . Bots can automate CIP verification match conditions against reference databases such as LexisNexis, Rfinitiv, Google, social media, etc.

Customer service for AML initiated blocks

Discussing account suspension/termination due to AML or fraud is a difficult subject to tackle with members, Bots can drive timely customer responses and remediation actions by automating standard reasons for resolution; e.g., account reinstatement if an RFI response is positive; account termination with refunds if no reasonable response, etc.

List screening for sanctions, PEP, negative news

Sanctions, Politically Exposed Persons or negative news screenings can be automated in instances where the bank procedure is specific about using determined/probable fields to decide alert disposition. This can also be extended to internal “do not do business with” databases, crypto (virtual asset service provider) screenings, etc.

That all sounds great, but what’s the ROI?

The clients we’ve worked with have seen 120% - 150% Return on Investment after a year of their automations running in production. This is based on the human time saved and its relative cost. There are other benefits though, avoiding fines, increased efficiency, better reporting and traceability, etc.

Your mileage may vary depending on the governance structure and maturity of your RPA program, and here at Beecker we’ve helped a lot of companies in Fintech get their RPA programs up and running, get to the next level or even completely offloading that responsibility to us.