FinCen Consent Order

Under the authority of the Bank Secrecy Act (“BSA”) and regulations issued pursuant to that Act,¹ the Financial Crimes Enforcement Network has determined that grounds exist to assess a civil money penalty against Pamrapo Savings Bank, S.L.A. (“Pamrapo” or the “Bank”). Pamrapo enters into the CONSENT TO THE ASSESSMENT OF CIVIL MONEY PENALTY (“CONSENT”) without admitting or denying the determinations by the Financial Crimes Enforcement Network, as described in Sections III and IV below, except as to jurisdiction in Section II below, which is admitted.

The CONSENT is incorporated into the ASSESSMENT OF CIVIL MONEY PENALTY (“ASSESSMENT”) by this reference.

Pamrapo operates as a wholly owned subsidiary of Pamrapo Bancorp, Inc., a savings association with an executive office and 10 branches located in Bayonne, New Jersey. The Bank operates in an area designated as both a High Intensity Drug Trafficking Area (“HIDTA”) and a High Risk Money Laundering and Related Financial Crimes Area (“HIFCA”). As of December 31, 2009, the Bank had over $558 million in total assets, and managed two wholly-owned subsidiaries, Pamrapo Service Corporation, Inc., and Pamrapo Investment Company. The Office of Thrift Supervision (“OTS”) is Pamrapo’s Federal functional regulator and examines the Bank for compliance with the BSA, its implementing regulations and similar rules under Title 12 of the United States Code. The New Jersey Department of Banking and Insurance examines Pamrapo for compliance with requirements under banking laws of the State of New Jersey comparable to those of the BSA and its implementing regulations.

At all relevant times, Pamrapo was a “financial institution” and a “bank” within the meaning of the BSA and the regulations issued pursuant to that Act.²

The Financial Crimes Enforcement Network may impose civil money penalties or take additional enforcement action against a financial institution for violations of the BSA and the regulations issued pursuant to that Act.³

Pamrapo violated the requirement to establish and implement an effective anti-money laundering (“AML”) program. Bank management’s flagrant and repeated disregard in addressing even the most basic BSA requirements resulted in an ineffective AML program and significant reporting failures. The lack of internal controls combined with unqualified BSA compliance personnel, relatively non-existent training and deficient independent testing resulted in a wholly ineffective BSA compliance program which, in turn, resulted in the failure to file a substantial number of suspicious activity reports in a timely manner. In addition, numerous deficiencies in the Bank’s procedures and monitoring for currency transaction reporting led to Pamrapo’s failure to file numerous currency transaction reports in accordance with the BSA. The Bank’s failure to respond appropriately to increasingly adverse BSA examination findings cited by the OTS resulted in the Bank consenting to a Cease and Desist Order (“C&D”) on September 26, 2008. The OTS continues to assess the Bank’s progress toward meeting the requirements of the C&D. This civil money penalty assessment is the result of AML program failures and BSA reporting violations that occurred, in large part, at the Bank between January 1, 2005 and April 21, 2009.

The Financial Crimes Enforcement Network has determined that Pamrapo violated the requirement to establish and implement a reasonably designed AML program. Since April 24, 2002, the BSA and its implementing regulations have required financial institutions to establish and implement AML programs.⁴ A savings association is deemed to have satisfied the requirements of 31 U.S.C. § 5318(h)(1) if it implements and maintains an AML program that complies with the regulations of its Federal functional regulator governing such programs.⁵ OTS requires each institution under its supervision to establish and maintain an AML program that, at a minimum, provides for: (1) a system of internal controls to assure ongoing compliance; (2) independent testing for compliance to be conducted by a savings association’s in-house personnel or by an outside party; (3) the designation of an individual, or individuals, to coordinate and monitor day-to-day compliance; and (4) training for appropriate personnel.⁶

The Bank failed to implement all four core elements of an adequate AML program to ensure compliance with the BSA and manage the risk of money laundering or other suspicious activity.

Pamrapo failed to establish adequate policies, procedures and internal controls reasonably designed to ensure compliance with the BSA. The Bank conducted business without implementing adequate procedures and internal controls, as appropriate and practical, to detect and timely report suspicious activity and large currency transactions.

The Bank’s BSA/AML risk assessment process was flawed and did not adequately evaluate and distinguish customers with heightened BSA/AML risks, including money services businesses (“MSBs”). The Bank did not assess its risk exposure within the context of products, services, customers, transaction types or geographical reach of the institution. The Bank’s risk assessment inaccurately stated that none of the Bank’s branches were in HIFCAs or HIDTAs. In addition, the Bank’s due diligence procedures lacked the scope and specificity necessary to adequately evaluate risk, thereby disabling its ability to identify potential suspicious activity. Moreover, even those inadequate due diligence procedures were never implemented by the Bank.

The Bank did not develop AML policies, procedures and controls related to maintaining accounts of MSBs because of a standing practice not to open accounts for check cashing businesses. However, the Bank failed to realize that the definition of an MSB extends beyond check cashers. Even after identification of two money transmitter accounts by regulators in 2007, the Bank did not assess risk in this area or review its customer base. Afterwards, an additional 37 MSB accounts were identified by regulators in 2008, for which the Bank had not obtained proper documentation, conducted proper risks assessments, or conducted proper account monitoring as detailed in the Interagency Interpretive Guidance on Providing Banking Services to Money Services Businesses Operating in the United States, issued on April 26, 2005.⁷

Through April 2009, the Bank routinely conducted cash transactions utilizing a particular transaction code which would not identify the transactor or affiliated account. This transaction code was originally intended to process employee transactions. However, over time this code was routinely used throughout the Bank’s branch network to process employee, customer and non-customer transactions without accompanying systems and controls to ensure compliance with the recordkeeping and reporting requirements of the BSA. With the use of this transaction code, the Bank could not capture customer identification information such as name or account number. Therefore, the Bank had no way to determine which customer or individual was conducting cash transactions (e.g., purchasing monetary instruments with cash or cashing checks) and no way to track cash transaction activity. Transactions processed using this code would not appear on the Bank’s Large Cash Transaction Report (“LCTR”) which was the only report used to file currency transaction reports. In addition, Bank employees were aware that transactions processed using this code would not appear on the LCTR, thus enabling customers and non-customers to structure cash transactions without any risk of detection. Despite this knowledge, Bank employees continued to use the code for at least four years and thereby prevented those transactions from being reported in

violation of the currency transaction reporting requirements.⁸ Furthermore, even when proper codes were used, the Bank’s systems did not always aggregate cash activity between accounts belonging to one customer. As a result of the coding procedure and processing system errors, Pamrapo failed to aggregate multiple transactions amounting to over $10,000 for individual customers in a single business day. Even after these deficiencies were brought to Bank management’s attention, as early as 2005, Bank management failed to take any steps to correct this problem for several years. As a result, the Bank knowingly failed to file numerous currency transaction reports and failed to file accurate and complete currency transaction reports.

The Bank’s SAR monitoring program was one-dimensional and only included weekly reviews of the LCTR without any regard toward other types of transactions for suspicious or unusual activity. Furthermore, the Bank’s manual cash transaction monitoring for unusual activity was ineffective and not commensurate with the size of the institution, volume of transactions, customer base, or geographic footprint. The Bank did not employ automated systems to detect and monitor for suspicious activity. The Bank’s suspicious activity monitoring process was primitive and relied solely on verbalizing and/or documenting observed singular events of unusual customer activity by front-line personnel without any enterprise-wide systems in place to determine patterns of potentially suspicious transaction activity within customer accounts. The BSA officer also manually reviewed the LCTR for potential structuring activity. However, as noted previously, this report not only failed to capture numerous transactions, but until 2006 did not include any transactions below $10,000, rendering it useless for monitoring for patterns of structuring.

In addition, the Bank failed to understand the significance of subpoenas received from law enforcement. The receipt of a grand jury subpoena should cause a financial institution to conduct a risk assessment and account review of the subject customer.⁹ The Bank had no procedures in place to evaluate information concerning transactions and accounts subject to a subpoena, so that a determination could be made as to whether additional account monitoring should be implemented or a suspicious activity report should be filed.

Pamrapo’s independent testing of its BSA program was not effective. Internal Audit staff did not receive formal BSA training or have experience conducting full scope BSA audits. The Federal Financial Institutions Examination Council’s BSA/AML Examination Manual guidelines were not considered when determining the procedures or scope of BSA audits. In fact, the coding deficiencies that allowed individuals to structure transactions at the Bank without risk of detection and otherwise undermine the accuracy of the LCTR were known to the BSA officer, Compliance officer and to Bank management for several years. However, these coding deficiencies went undetected by the audit department until mid-2008.

Bank management chose not to heed regulatory recommendations to retain a third party to evaluate the Bank’s BSA program. Bank management intentionally misled regulators by stating that the Board of Directors gave strong consideration to the matter and decided against it, when in

fact, Bank management did not inform the Board of Directors of this recommendation. The Bank only began to address this deficiency after the 2008 C&D required the Bank to engage an external consultant to conduct independent testing for compliance with the BSA.

The Bank’s BSA officer and Compliance officer were unqualified for their positions. The BSA and Compliance officers held other full-time positions within the Bank, did not have experience with or training in BSA requirements, and spent minimal time dealing with BSA matters. The BSA officer did not attend meetings with regulators to discuss examination findings, nor was the BSA officer provided copies of examination reports detailing BSA deficiencies.

Both the BSA officer and Compliance officer were aware for years that certain cash transactions were not appearing on the LCTR, the sole report used for identifying transactions for accurate and complete currency transaction reporting, yet did not take steps to rectify this failure. In fact, the BSA officer, who was also a full-time branch manager, was aware that tellers processed transactions utilizing the code that would negate the transactions from appearing on the LCTR. This resulted in the Bank’s failure to file numerous currency transaction reports and failure to file accurate and complete currency transaction reports. Further exacerbating this situation, the LCTR was used by the BSA officer to manually monitor for structuring activity by customers. However, in addition to not capturing numerous transactions due to the coding deficiencies, the LCTR did not capture any cash transactions below $10,000 until 2006, rendering it useless for monitoring for structuring patterns.

Another example of the BSA officer’s lack of qualification was reflected in the incorrect classification of over three dozen accounts which were determined by regulators to be MSBs. These accounts were not assessed for risk or appropriately monitored for an extended period of time.

Despite knowing that these individuals were unqualified and that the Bank had systemic BSA problems, Bank management and the Board of Directors did not begin to take corrective action in this area until late 2008.

The Bank’s BSA training program was essentially non-existent. The Bank did not have formalized ongoing BSA training for all employees. In fact, the training was limited to showing a videotape and circulating memos to certain employees. The training was not job specific or documented. In 2005 and 2006, new tellers across the branch network did not receive any formal BSA training. Additionally, Internal Audit staff members did not receive formal BSA/AML training. Despite being told repeatedly that the Bank’s BSA training was deficient, Bank management failed to implement an adequate BSA training program over a period of years.

The Financial Crimes Enforcement Network has determined that Pamrapo violated the currency transaction reporting requirements of the BSA and regulations issued pursuant to that Act.¹⁰ Banks are required to file currency transaction reports for transactions in currency greater than $10,000 in a single business day. These reports must be completed and filed in the form prescribed by the Financial Crimes Enforcement Network.¹¹

The Bank’s process for filing currency transaction reports only captured transactions conducted by Bank customers processed through existing accounts. Transactions processed using the aforementioned transaction code would bypass this system and prevent such transactions from appearing on the Bank’s LCTR, which was the sole report used by the Bank to file currency transaction reports. These transactions included cash purchases of monetary instruments such as cashier’s checks and money orders and checks cashed out by both customers and non-customers. Furthermore, Bank employees including the BSA and Compliance officers were aware that transactions processed using this code would not appear on the LCTR. Additionally, the Bank’s systems did not always aggregate cash activity between accounts belonging to one customer. As a result of these coding deficiencies and processing system errors, Pamrapo failed to aggregate multiple transactions amounting to over $10,000 for a customer in a single business day. Even after these deficiencies were brought to Bank management’s attention as early as 2005, Bank management failed to take the necessary steps to correct these deficiencies until April 2009. As a result of this complete breakdown in the reliability of the LCTR, the Bank systematically failed to file a substantial number of currency transaction reports and filed incorrect and incomplete currency transaction reports over an extended period of time, including the failure to file 135 currency transaction reports related to one customer. Due to the magnitude and long-standing nature of the coding problems, the Bank was not able to determine the volume, dollar amount, and overall number of reporting failures for backfiling purposes.

The Financial Crimes Enforcement Network has determined that Pamrapo violated the suspicious transaction reporting requirements of the BSA and regulations issued pursuant to that Act.¹² These reporting requirements impose an obligation on financial institutions to report transactions that involve or aggregate to at least $5,000, are conducted by, at, or through the financial institution, and that the institution “knows, suspects or has reason to suspect” are suspicious.¹³ A transaction is “suspicious” if the transaction: (1) involves funds derived from illegal activities, or is conducted to disguise funds derived from illegal activities; (2) is designed to evade reporting or record-keeping requirements under the BSA; or (3) has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.¹⁴

Banks must report suspicious transactions by filing suspicious activity reports and must generally do so no later than thirty (30) calendar days after detecting facts that may constitute a basis for filing such reports.¹⁵ If no suspect was identified on the date of detection, a bank may delay the filing for an additional thirty (30) calendar days in order to identify a suspect, but in no event may the bank file a suspicious activity report more than sixty (60) calendar days after the date of initial detection.¹⁶

The absence of effective internal controls, compliance personnel, training and independent testing at the Bank resulted in numerous violations of the requirement to timely and accurately report suspicious transactions over an extended period of time.

The account monitoring employed by the Bank for suspicious activity reporting was practically non-existent. Furthermore, the program deficiency related to the code that allowed transactions to bypass the LCTR enabled customers to structure transactions and engage in other suspicious activity without detection or reporting by the Bank.

The Bank lacked adequate policies, procedures and controls necessary to monitor for, detect and timely report suspicious activity, as required by the BSA. As a result, the Bank failed to timely file 67% (76 of 113) of the suspicious activity reports filed by the Bank between January 1, 2006, and January 31, 2009, totaling over $16 million. During this time period, 59 of these late suspicious activity reports, involving transactions totaling approximately $13 million, were filed as a result of the transaction review required under the C&D. In total, the mandated transaction review showed that the Bank failed to timely file 75 suspicious activity reports related to 891 transactions amounting to nearly $22 million. Many of these suspicious transactions were reported years after the activity took place. The resulting delays impaired the usefulness of the suspicious activity reports by not providing law enforcement with timely and accurate information. Moreover, the systemic and egregious nature of the Bank’s system coding breakdowns resulted in the Bank’s inability to recreate cash transaction data for purposes of accurate and complete suspicious activity reporting for an incalculable number of transactions over a period of years.

The Financial Crimes Enforcement Network may impose a civil money penalty against a financial institution for violations of the BSA and the regulations implementing that Act.¹⁷ The Financial Crimes Enforcement Network has determined that a civil money penalty is due for the violations of the BSA and its implementing regulations described in this ASSESSMENT.

After considering the seriousness of the violations and the financial resources available to Pamrapo, the Financial Crimes Enforcement Network has determined that the appropriate penalty in this matter is $1,000,000.

To resolve this matter, and only for that purpose, Pamrapo, without admitting or denying either the facts or determinations described in Sections III and IV above, except as to jurisdiction in Section II, which is admitted, consents to the assessment of a civil money penalty in the sum of $1,000,000, which shall be satisfied by one payment to the Department of the Treasury.

Pamrapo recognizes and states that it enters into the CONSENT freely and voluntarily and that no offers, promises, or inducements of any nature whatsoever have been made by the Financial Crimes Enforcement Network or any employee, agent, or representative of the Financial Crimes Enforcement Network to induce Pamrapo to enter into the CONSENT, except for those specified in the CONSENT.

Pamrapo understands and agrees that the CONSENT embodies the entire agreement between the Bank and the Financial Crimes Enforcement Network relating to this enforcement matter only, as described in Section III above. Pamrapo further understands and agrees that there are no express or implied promises, representations, or agreements between the Bank and the Financial Crimes Enforcement Network other than those expressly set forth or referred to in this document and that nothing in the CONSENT or in this ASSESSMENT is binding on any other agency of government, whether Federal, State, or local.

Pamrapo understands that execution of the CONSENT, and compliance with the terms of this ASSESSMENT and the CONSENT, constitute a complete settlement and release of the Bank’s civil liability for the violations of the BSA and regulations issued pursuant to that Act as described in the CONSENT and this ASSESSMENT.


By:		/s/ James H. Freis, Jr.
		James H. Freis, Jr., Director FINANCIAL CRIMES ENFORCEMENT NETWORK U.S. Department of the Treasury

Date:		June 1, 2010


IN THE MATTER OF:	)
	)
	)
PAMRAPO SAVINGS BANK, S.L.A.	)	Number 2010-3
BAYONNE, NEW JERSEY	)