Federal Financial Institutions Examination Council Manual targets cash-vault services for AML scrutiny

The BSA AML Manual issued by Federal Financial Institutions Examination Council (2014) is concerned about the money laundering threat posed by so-called cash-vault services and a push is underway to audit the Bank Secrecy Act compliance programs of all large banks to insure any vulnerabilities are corrected, a source familiar with the matter said. Third party vendors are also under scrutiny.

"Examiners have seen weaknesses in large-bank cash-vault program management, with a specific focus on border activity on both the Canadian and Mexican borders where cash vaults allow armored cars to cross over borders to make deposits," the source told Thomson Reuters Regulatory Intelligence. The source spoke on grounds of anonymity because the person was not authorized to speak for the record. 

Office of the Comptroller of the Currency (OCC) examiners have been dispatched to audit operations of various banks as well as facilities run by third-party vendors Brink's, Loomis, Garda and Dunbar, said the source. The source added that this is Bank Secrecy Act examination priority for 2016 and 2017.

A spokesman for the OCC did not respond to a request for comment. 

Cash vault services involve the acceptance of cash and checks from large retailers and small businesses that are counted and credited to bank accounts. Traditionally, banks such as Bank of America, Wells Fargo Bank, JPMorgan and U.S. Bank were the major players in the cash vault arena.

A transition to third-party management

Ten years ago banks, wary of the costs associated with maintaining in-house cash vaults, began selling vault operations to the vendors, two industry sources say. Today, the majority of cash vault operations are farmed out to vendors, and regulators, only now coming to grips with the nature and extent of these contracted relationships, are eager to insure that money-laundering activity is not slipping through the cracks, they say.

One significant problem is that these third-party vendors are now the "first line of defense" against money laundering, but some are thought to lack the training and expertise necessary to spot money laundering, said the source familiar with regulators' concerns. 

Compounding the problem is that in order to be profitable, the vendors serve multiple banks and have a varied customer base, and their tellers count cash for various banks' customers on any given day. The tellers therefore typically do not count for the same bank customers every day and do not know the banks' customers well, industry sources say. To use the AML lexicon, the vendors do not know their customers' customers.

AML training

About five or six years ago the banks realized that their cash-vault vendors needed anti-money laundering training since they were acting as an extension of the bank. However, the training that is provided is not likely to help catch launderers, said an industry expert who has played a key role in helping banks transition to vendor-supplied cash vault services.

"If you were to look through that (training) deck, it doesn't give you the level of knowledge a teller would need to really pick up money laundering (activity). A lot of money laundering can only be spotted with data and a person physically looking at cash and checks cannot tell there is a problem," the source said, speaking on condition of anonymity due to the sensitivity of the matter.

Money laundering involving layering of transactions and changing denominations of bills are activities a vendor's teller is not likely to catch because they count money for so many customers, the source said.

"They may know their whole community, but in a cash vault center, it's like widgets. It's cash comes in, cash goes out, it's such a large volume that any aberrations to activity that first person who gets that transaction they don't really know anything, so the banks have to get really good about monitoring their cash-vault services," said the source familiar with the OCC's interest in the matter.

A risk management executive at Loomis said "we address the required training of our personnel." Representatives of Brink's, Garda and Dunbar and did not respond to requests for comment on regulatory concerns.

Banks must scrub data and know customers

At the close of each day, the vendors transmit detailed data to the banks they serve so that customer accounts can be credited. It is up to the banks to run that data through their automated anti-money laundering systems to look for suspicious activity such as changes in volume or activity inconsistent with the customer's history and profile, said bankers and cash vault industry sources.

There is regulatory concern that in some cases that may not be happening, said various sources interviewed for this article. There also is worry that some vendor-supplied AML monitoring systems may not even be capable of properly screening cash vault activity, the sources said.

There is a regulatory expectation that banks know how many cash vaults they have, who runs them, and possess an understanding of the armored car carriers that are in and out of any particular facility, the sources said.

There also is relevant information on regulatory expectations in the Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual, including on pages 186, 187 and 188.