Employees at one of the largest and fastest-growing credit unions in the U.S. told executives and regulators that it had a flawed program to prevent money laundering, according to people familiar with the matter and internal credit-union documents.
The concerns raised about Pentagon Federal Credit Union in 2016 and 2017 included understaffing, gaps in reporting of potentially suspicious transactions to the government, insufficient monitoring of wire transfers, a lack of anti-money-laundering training for senior leaders and inadequate scrutiny of potentially high-risk customers, according to internal PenFed emails and reports.
The documents, which haven’t previously been reported, don’t contain evidence of alleged money laundering by PenFed customers. They include emails and reports created by PenFed staffers who analyzed the adequacy of its anti-money-laundering operation and were arguing for a higher budget, given the credit union’s rapid growth.
In response to questions from The Wall Street Journal about the employees’ concerns, PenFed’s chief audit executive, Russell Rau, said in a statement: “These false allegations against PenFed were properly reviewed by the appropriate third party authorities that have unfettered access to ALL relevant information, and were determined to be unfounded.”
The National Credit Union Administration, PenFed’s regulator, and the Treasury Department’s Financial Crimes Enforcement Network, known as FinCEN, which enforces anti-money-laundering rules, declined to comment.
PenFed General Counsel Scott Lind said that the credit union’s anti-money-laundering program “fully complies with all government regulations.”
In the time since its employees raised concerns, PenFed has made changes to the program, according to Mr. Lind and other documents reviewed by the Journal. These changes include reorganizing management, hiring more staff, adopting new policies and investing in suspicious-activity detection technology.
Ross Delston, a lawyer and anti-money-laundering consultant, said such employee allegations, if they had been found to be true, would likely have represented the types of compliance gaps that have led bank regulators to bring fines or serious enforcement actions. He didn’t comment on PenFed.
The PenFed employees’ concerns were reported in 2017 to the NCUA, people familiar with the matter said. PenFed and its regulator later agreed to a “document of resolution” in which PenFed privately agreed to bolster its anti-money-laundering program, one person said.
Mr. Lind said that improvements were made as “our membership has grown and because laws and regulations have expanded certain requirements” and not because of any deficiency.
Mr. Lind also provided to the Journal a copy of a May 2017 letter from FinCEN congratulating PenFed for reporting information that “made a significant contribution” on one significant criminal case, involving “transnational organized crime.”
The credit union’s internal documents offer a rare look inside a large financial institution’s procedures to detect money laundering, an ever-present worry for authorities trying to combat terrorism and other crimes. Under U.S. law, financial institutions must monitor customers and report suspicious transactions. The issue has gained added focus following the disclosure by Denmark’s Danske Bank of a large money-laundering scandal.
As governments around the world have cracked down on money-laundering controls at large banks, some government authorities have worried criminals will move elsewhere, such as cryptocurrency exchanges or member-owned credit unions.
With more than 1.6 million members and about $24 billion in assets, PenFed is the third-largest U.S. credit union. It was formed in 1935 and has expanded beyond its original membership of military officers.
FinCEN, in a confidential 2014 credit-unions assessment previously reported by the Journal, said “potentially compromised credit unions that lack adequate customer due diligence and fail to report suspicious activities can facilitate” hidden networks. The assessment classified 53 credit unions as high-risk and named several of them. It didn’t mention PenFed.
In 2015, NCUA gave PenFed the highest possible rating, according to a confidential examination report reviewed by the Journal. The anti-money-laundering program needed adequate resources and a centralized way of identifying customers, but “overall, your program to include your policies, procedures, and reporting is appropriate,” the report said.
The following year, PenFed’s employees began documenting what they saw as compliance gaps. PenFed didn’t have a process to identify members that might pose a higher risk, according to an internal report that year by PenFed’s compliance employees. It is unclear how widely circulated the report was.
The report also said PenFed had a backlog of transactions flagged for further investigation. Several times that year, PenFed didn’t report suspicious activity within 30 days of it being deemed suspicious, as regulations require, according to a separate document and internal PenFed emails.
An employee who brought forward the concerns was nicknamed “Chicken Little” by one executive, people familiar with the matter said.
Mr. Lind said PenFed has had a strong compliance culture “for many years.”
Other emails show some employees worried PenFed wasn’t fully complying with a requirement to report currency transactions that exceed $10,000 in a day. For about a year, some ATM transactions weren’t properly monitored, due to a technology issue, according to emails from PenFed employees in 2016.
PenFed also exempted a member with a business from reporting large transactions from 2009 to 2016, according to emails in which PenFed executives discussed the issue. PenFed revoked the exemption in 2016 and reported it as an “isolated misclassification,” according to a letter sent to NCUA.
As of August 2016, PenFed had nine full-time employees dedicated to anti-money-laundering, while similarly sized banks had three to five times as many, according to emails between PenFed employees responsible for anti-money-laundering efforts.
“Executive support for these initiatives has been unwavering,” Mr. Lind said. PenFed has since hired more anti-money-laundering staff, a person familiar with the matter said.
Mr. Lind said PenFed doesn’t release the number of employees working on anti-money-laundering but is “properly staffed” for a firm that doesn’t do offshore banking or other high-risk activities.