Too Illegit to Quit: Dealing with Ongoing Suspicious Behavior
The NAFCU Compliance team sometimes hears from credit unions that are dealing with a particularly vexing situation – a member that will not stop engaging in suspicious activity. Here are some things for credit unions to consider when faced with this issue:
First, there may be Suspicious Activity Report (SAR) filing obligations. Section 1020.320 of the FinCEN regulations discusses SAR reporting requirements and requires a credit union to file a SAR within 30 calendar days of detecting suspicious activity. As we’ve blogged about previously, FinCEN has provided regulatory relief to credit unions and other financial institutions by allowing them to file “continuing activity SARs” instead of constantly requiring brand new SARs for the same suspect or activity. Question #16 of this FinCEN Frequently Asked Questions document discusses the timeline for continuing activity SARs, which encompass each 90 day period following the date of the original SAR. The continuing activity SAR is due within 30 days of the end of the 90-day period, thus the first continuing activity SAR would be due no later than 120 days after the date of the original SAR, though FinCEN has stated that credit unions may file continuing activity SARs sooner if they “believe the activity warrants earlier review by law enforcement.”
Filing continuing activity SARs is still burdensome for credit unions, and some credit unions may want to explore ways of addressing the underlying behavior to hopefully remove the need to file continuing activity SARs in perpetuity. A credit union may want to consider if a customer’s risk profile needs to be updated. Customer Due Diligence (CDD) requires the credit union to gather enough information that will enable it to understand the nature and purpose of the account. CDD will also enable the credit union to identify when certain transactions are unusual for the member and the account, which can help the credit union determine whether a Suspicious Activity Report (SAR) needs to be filed. CDD involves ongoing monitoring and the customer’s risk profile may need to be updated if circumstances change. For example, it is possible that something which initially seemed unusual might have a legitimate explanation and might also become the member’s “new normal” – for example, perhaps a member recently inherited a large sum of money and plans to engage in higher-value transactions or to make more frequent trips to casinos than they previously had. If a member has a legitimate explanation for a change in behavior, then the risk profile may need to be updated to reflect that and to avoid the need to consider further SARs for the same activity in the future.
For situations in which the member does not appear to have a legitimate explanation for the suspicious activity, some credit unions may have a desire to end their relationships with problematic members. However, the Federal Credit Union Act (FCU Act) does not allow a credit union to simply end a credit union-member relationship for any reason. Instead, the FCU Act provides a specific process which must be followed for expulsion of a member, such as obtaining a 2/3 vote of the members present at a special meeting or following a board-adopted nonparticipation policy.
Short of seeking the expulsion of the member, a credit union may have other options. A credit union may want to check its contractual agreements with the member to determine if the member’s conduct may have breached the agreement. For example, some credit unions have account agreements that expressly prohibit a member from engaging in certain behavior (such as using a personal checking account for commercial purposes) and will give the credit union the right to take certain action – such as closing the account – if the member violates the terms of the agreement. If the contract does not provide the credit union with options to address the ongoing suspicious activity, then a credit union may want to consider if a limitation of services policy could be utilized. As we’ve blogged about previously, a credit union can use a board-adopted limitation of services policy to limit the services it provides to members who are no longer “in good standing” – this could allow a credit union to, for example, close certain accounts or suspend the member’s ability to write checks.
It should be noted, however, that despite the options provided by the contractual agreement or a limitation of services policy, a credit union is required to provide a member with the basic rights to maintain a share account and to vote at annual and special meetings – infringing on those rights could amount to a constructive expulsion of the member that violates the FCU Act.
About the Author
Nick St. John, NCCO, NCBSO, Director of Regulatory Compliance, NAFCU
Nick St. John, was named Director of Regulatory Compliance in August 2022. In this role, Nick helps credit unions with a variety of compliance issues.