When Compliance Kills the MDI

The BSA/AML obligation is uniform. The capacity to meet it is not. What that asymmetry costs communities — and what would close the gap.

By Bill Allen, Co-founder, Econofi | June 4, 2026

Every dollar of fraud now costs U.S. financial services firms $5.75 to remediate.^[1] For a large bank with a dedicated compliance department, a specialized fraud operations team, and enterprise AML software running on a nine-figure technology budget, that multiplier is a known cost of doing business at scale.

For a Minority Depository Institution serving a low-income neighborhood with a two-person compliance team and no in-house legal counsel, the same dollar of fraud can trigger a cost structure that threatens the institution's continued existence.

The BSA/AML compliance framework does not distinguish between them.

The Requirement That Does Not Scale

The Bank Secrecy Act applies equally to every federally insured depository institution in the United States, regardless of asset size, staffing, or the complexity of the population it serves. A $200 million MDI and a $200 billion multinational bank face the same core obligations: file Suspicious Activity Reports within 30 days of detecting suspicious activity^[2] , file Currency Transaction Reports for cash transactions exceeding $10,000^[3] , maintain Customer Due Diligence records under the FinCEN CDD Rule^[4] , and pass examination under the FFIEC BSA/AML examination manual^[5] .

The examination standards are calibrated to the activity, not to the institution's capacity to manage it. When a large bank fails a BSA/AML examination, it absorbs a consent order, pays a fine, and continues operating while it remediates. An MDI with $150 million in assets and one BSA Officer faces the same enforcement action with a fraction of the administrative capacity to respond.

The compliance burden compounds through false-positive rates. Legacy rule-based AML transaction monitoring systems — which most community institutions rely on — generate false positive rates of 50 to 60 percent.^[6]  For a two-person compliance team, that means more than half of every hour spent reviewing alerts is spent on activity that does not warrant a SAR filing. At a large institution this is an efficiency problem. At MDI scale, under a 30-day SAR filing clock, it is closer to a structural impossibility.

What Happens When the Exam Fails

Examination failure is not hypothetical.

In 2012, First Bank of Delaware entered a deferred prosecution agreement with the DOJ after its BSA/AML controls failed to detect third-party payment fraud; by April 2013, the bank had failed and its assets were acquired in an FDIC-assisted transaction.^[7]

First Bank of Delaware was not an MDI. But the compliance trajectory it illustrates — inadequate monitoring, inadequate documentation, insufficient staff, regulatory action, closure — is not unique to any single institution type. It is structurally more likely in institutions where the compliance function is concentrated in one or two people, where legacy monitoring systems are generating noise at 50-to-60 percent false positive rates, and where there is no compliance department to absorb a remediation order without disrupting every other function of the bank.

For a large institution, a failed BSA/AML examination is a line item. For a small MDI, the same enforcement trajectory can produce an outcome that is functionally indistinguishable from closure: constrained growth, reputational damage in a community where trust is the primary product, and executive bandwidth consumed entirely by remediation. The standard is uniform. The consequence is not.

De-risking and the Correspondent Banking Problem

The compliance pressure on MDIs is compounded by a structural phenomenon that the U.S. Treasury formally acknowledged in 2023: de-risking.

De-risking occurs when large banks terminate or restrict correspondent banking relationships with smaller institutions — including MDIs and CDFIs — because the perceived BSA/AML risk of maintaining those relationships outweighs the revenue they generate.^[8]  The calculus is not about actual compliance failures. It is about the cost of monitoring those relationships under a compliance framework that does not scale: it is cheaper to exit the relationship than to manage the regulatory exposure it creates.

The result is that institutions serving the communities most underserved by the financial system lose access to the payment infrastructure, liquidity facilities, and banking services they need to serve those communities. The Treasury's 2023 de-risking strategy identified this as a material structural problem in the U.S. financial system — one that undermines both financial inclusion and the effectiveness of the AML framework it is meant to protect.

The irony is precise: MDIs lose banking services while providing banking services to populations that large banks have already exited. The compliance framework accelerates the withdrawal of the financial system from the communities that need it most.

The Community Consequence

The weakening or closure of an MDI is not an institutional outcome. It is a community outcome.

The FDIC's MDI program tracks approximately 150 minority depository institutions operating in the United States — a number that has declined significantly from historical levels as MDIs have faced the combined pressure of community banking consolidation, technology investment gaps, and disproportionate compliance costs.^[9]  Each closure removes not just a financial institution but a trusted intermediary — often the only institution in a low-income neighborhood offering affordable small-dollar credit, bilingual financial services, and products designed for households with irregular income or no credit history.

The downstream cost falls on households. FDIC survey data documents that 4.5 percent of U.S. households remained fully unbanked as of 2023 — disproportionately concentrated in Black, Hispanic, and lower-income households.^[10]  The Financial Health Network's FinHealth Spend Report documents that financially vulnerable households collectively pay an estimated $110 billion per year in fees and interest, with $25 billion going directly to payday lenders, check cashers, and money order services.^[11]  Some portion of that extraction persists because the institutions that would otherwise serve those households are gone, weakened, or never present.

The compliance burden does not create this outcome alone. But it is a structural accelerant of the MDI consolidation that makes it worse.

Closing the Gap

• Two changes would reduce the compliance gap without weakening enforcement.Risk-calibrated examination standards. The FFIEC examination framework is nominally risk-based, but community institutions frequently report examination intensity that does not reflect their actual risk profile. A formal tiering of examination depth — based on institution size, transaction complexity, and demonstrated compliance history — would allow examiners to concentrate resources on institutions that pose the greatest systemic risk. The BSA/AML framework is designed to find money laundering. Its current implementation, at the community institution level, is finding mostly false positives and stretched teams.Technology access at MDI scale. AI-assisted transaction monitoring can reduce false positive rates to below 15 percent — a reduction of more than 75 percent from legacy system performance.^[12]  The cost of enterprise AML systems has historically placed them beyond the reach of institutions under $500 million in assets. Federal programs that subsidize access to right-sized compliance technology — through NCUA grants, CDFI Fund technical assistance, or direct investment by the FDIC's MDI program — would materially change the compliance economics for the institutions most exposed. The technology exists. The distribution model does not.The BSA/AML obligation should be the floor of the banking system — the minimum standard of integrity that every institution is held to. What it cannot be, if the communities depending on these institutions are to be served, is a ceiling that the smallest and most mission-critical institutions cannot reach without breaking.While those systemic changes move through regulatory channels, the technology to reduce false-positive volume is available now — and does not require a federal subsidy program to access. Three things within a BSA Officer's reach today:
  • Baseline your false positive rate. If you are not tracking it, you cannot make the internal business case for a technology change — and you cannot demonstrate risk management progress to an examiner.
  • Explore CDFI Fund and NCUA technical assistance grants. Both programs fund compliance technology evaluation for qualifying institutions. The subsidy mechanism exists; it requires an application, not a regulation.
  • Reduce per-SAR drafting time now. Free SAR narrative templates are available at sar.econofi.app, regardless of what monitoring system you are running.

Sources

[1]: LexisNexis Risk Solutions, True Cost of Fraud Study: U.S. Financial Services, 2025. $5.75 cost-per-dollar-of-fraud multiplier for U.S. financial services firms, reflecting direct losses plus labor, investigation, and recovery costs.

[2]: 31 CFR §1020.320 — Suspicious Activity Report filing requirements. 30-day filing window from the date the institution becomes aware of the suspicious activity; 60-day extension available when no suspect is identified.

[3]: 31 CFR §1010.311 — Currency Transaction Report filing requirements for cash transactions exceeding $10,000; multi-transaction aggregation rules apply to structuring detection.

[4]: FinCEN Customer Due Diligence Rule, 31 CFR §1010.230. Effective May 11, 2018. Requires covered financial institutions to identify and verify beneficial owners of legal entity customers and establish customer risk profiles at account opening.

[5]: Federal Financial Institutions Examination Council, BSA/AML Examination Manual, current edition. Sets the examination framework applied uniformly across federally insured depository institutions regardless of asset size.

[6]: Industry false positive rate range (50–60%) reflects AML compliance practitioner surveys and vendor benchmarking studies for rule-based transaction monitoring systems at community institutions. Widely cited in BSA Officer practitioner forums and compliance consulting literature.

[7]: U.S. Department of Justice, United States v. Four Oaks Bank & Trust Co. (related precedent); FDIC documentation of First Bank of Delaware receivership, April 2013. The deferred prosecution agreement and consent order predated the bank's failure by approximately 12 months.

[8]: U.S. Department of the Treasury, De-risking Strategy, 2023. Formally acknowledges the withdrawal of correspondent banking services from MDIs, CDFIs, and other community institutions serving underserved markets as a systemic financial inclusion risk.

[9]: FDIC Minority Depository Institution Program, current year data. Tracks the approximately 150 federally insured MDIs operating in the United States and monitors institution-level trends including consolidation and new charters.

[10]: FDIC National Survey of Unbanked and Underbanked Households, 2023. 4.5 percent of U.S. households — approximately 5.6 million households — reported as fully unbanked. Unbanked rates are highest among Black (11.3%), Hispanic (9.5%), and lower-income households.

[11]: Financial Health Network, FinHealth Spend Report, 2023. $110 billion in annual fees and interest paid by financially vulnerable U.S. households; $25 billion to payday lenders, check cashers, and money order services.

[12]: TransactionMonitor production performance data, agile Innovation Labs, 2025–2026. False positive rate under 15 percent across deployed community institution configurations.

Bill Allen is the co-founder of Econofi, a compliance automation and financial wellness platform built for Minority Depository Institutions and the communities they serve. He spent forty years delivering software solutions for large banks and trading exchanges before co-founding Econofi to deliver infrastructure to these communities.

agile Innovation Labs LLC d/b/a Econofi

https://www.econofi.app