A credit union with $4 million in assets and five employees was processing $2 billion a year in transactions for 56 money services businesses across Central America, the Middle East, and Mexico. That revenue made up 90% of its annual income. And its AML program had not been updated to reflect any of it.
On November 25, 2014, FinCEN assessed a $300,000 civil money penalty against North Dade Community Development Federal Credit Union in Miami Gardens, Florida for significant Bank Secrecy Act violations. The credit union consented to the assessment and admitted it had willfully failed to meet BSA program, reporting, and recordkeeping requirements.
The case is a decade old. The pattern it describes is not.
What Actually Happened
North Dade was a small, federally chartered community development credit union. Its designated field of membership was local. Its actual business had become something else entirely.
Through a contract with a third-party vendor and money services business, North Dade began providing banking services and sub-accounts to 56 MSBs operating in high-risk jurisdictions well outside its membership area. These included locations in Central America, the Middle East, and Mexico. In 2013 alone, the transaction volume flowing through those accounts totalled $1.01 billion in outgoing wires and $984 million in remotely captured deposits.
The revenue from those 56 accounts represented 90% of North Dade's annual income. The credit union's AML program had not been updated to reflect the dramatically different risk profile this activity created.
FinCEN found that North Dade had willfully violated three categories of BSA requirements: program obligations, reporting requirements, and recordkeeping requirements. Among the specific failures, the credit union had not complied with Section 314(a) of the USA PATRIOT Act, which requires financial institutions to search their records to identify accounts and transactions linked to persons suspected of involvement in terrorism or money laundering.
"When a small institution opens its doors to the world, takes on greater risks than it can manage, and puts profits before AML controls, bad actors are bound to take advantage."
Jennifer Shasky Calvery, FinCEN Director, November 2014
The failures were not incidental. They were structural. The controls in place were built for a low-risk, community-focused institution. The business being run was something fundamentally different.
Four BSA Failures FinCEN Identified
The North Dade enforcement action touched on failures that remain among the most common cited in BSA examinations today. Each one represents a gap between the risk a institution is actually carrying and the controls it actually has in place.
An AML program that did not match the institution's actual risk profile.
North Dade's AML program had been designed for a small community credit union serving low-to-moderate income members. When the business model shifted to servicing high-volume, high-risk international MSBs, the program was not updated. Risk assessments, internal controls, and monitoring procedures must reflect what an institution is actually doing, not what it was doing when the program was last written.
No adequate monitoring of high-risk MSB activity.
With $2 billion flowing annually through accounts linked to jurisdictions at elevated risk for money laundering and terrorist financing, North Dade had no controls capable of detecting, analyzing, or reporting suspicious activity at that volume or in those geographies. Accepting high-risk customers requires a corresponding uplift in monitoring capability. One cannot exist without the other.
Non-compliance with Section 314(a) of the USA PATRIOT Act.
Section 314(a) requires financial institutions to search their records when law enforcement requests information about accounts or transactions connected to suspected terrorists or money launderers. North Dade's failure to comply with this requirement meant that even when regulators and law enforcement were looking, the credit union could not provide the necessary cooperation. For institutions serving high-risk customer segments, 314(a) compliance is not optional.
Recordkeeping and reporting obligations were not met.
BSA reporting and recordkeeping requirements exist to create an audit trail that law enforcement can follow. When those records are incomplete or missing, the institution's exposure to enforcement action increases significantly and its ability to demonstrate good faith shrinks. Willful violations, as FinCEN found here, carry heavier consequences than negligent ones.
The Bigger Pattern
North Dade is not an outlier. FinCEN has assessed penalties against multiple small credit unions for near-identical failures. In 2016, Bethex Federal Credit Union in the Bronx received a $500,000 penalty after taking on high-risk MSB accounts without updating its AML program. In that case, the credit union filed no SARs at all between 2008 and 2011, and later had to retroactively file 28 late SARs following a mandated review.
The pattern is consistent: a community institution contracts with a third-party vendor to service MSBs in high-risk jurisdictions, revenue from those accounts quickly becomes the dominant portion of the institution's income, and the AML program never catches up with what the business has actually become.
The third-party relationship is particularly important. In both the North Dade and Bethex cases, a vendor intermediary introduced the high-risk accounts. The presence of a third party does not transfer BSA obligations. The regulated institution remains responsible for the compliance program, the monitoring, and the reporting, regardless of how the customer relationship was structured.
What a Compliant MSB Banking Program Looks Like
For institutions that choose to serve MSBs, including those operating in high-risk or international jurisdictions, the FinCEN enforcement record is effectively a compliance checklist. Four areas consistently appear in enforcement actions:
Risk assessment updated to reflect the actual customer base. An AML program built for low-risk community members cannot adequately govern high-volume, cross-border MSB activity. If your customer mix has changed, your risk assessment and program controls must change with it. The exam question is not what your program says. It is whether your program matches your risk.
Transaction monitoring calibrated for MSB volume and geography. Monitoring rules designed for retail members will not detect suspicious patterns in wholesale MSB flows. Thresholds, typologies, and alert logic need to be configured for the actual transaction behavior of the customer segment being served. High-risk jurisdictions require higher scrutiny, not the same scrutiny applied elsewhere.
Third-party vendor oversight that does not outsource compliance obligations. Contracting with a vendor to introduce or manage MSB relationships does not transfer BSA responsibility. The institution must conduct its own due diligence on each MSB, maintain its own records, file its own SARs, and respond to its own 314(a) requests. Third-party arrangements require a layer of oversight, not a substitution of it.
SAR filing discipline and 314(a) process readiness. The failure to file SARs and the failure to comply with 314(a) requests are two of the most cited BSA violations in enforcement actions. Both require documented processes, assigned ownership, and regular testing. If your institution cannot demonstrate a functioning SAR decision workflow and a reliable 314(a) response process, those are the first gaps examiners will find.
The Sentinel Perspective
The North Dade case is a reminder that BSA compliance failures in high-risk customer segments rarely happen all at once. They accumulate. A customer base shifts. Revenue concentrates. The program does not keep pace. By the time an examiner arrives, the gap between the controls on paper and the risk in practice has grown to the point where willful noncompliance becomes the finding.
Sentinel's AML and KYC screening platform is built to grow with an institution's risk profile. Whether your exposure is to domestic MSBs, international correspondent relationships, or cross-border payment flows, Sentinel provides continuous customer monitoring and automated screening that keeps pace with your actual customer base, not a snapshot of what it looked like at onboarding.
For institutions serving MSBs or high-risk international customers, the question is not whether your program exists. It is whether your program reflects what you are actually doing today.
See How Sentinel Supports BSA Compliance for High-Risk Customer Segments
Request a demonstration tailored to your institution's AML program and customer risk profile.
Official References
Truth Technologies provides AML, KYC, OFAC, and sanctions screening compliance solutions through the Sentinel platform. This post is published for informational purposes only and does not constitute legal advice. All facts are sourced from the official FinCEN penalty notice linked above.
