Banking Agencies Explain Policy on BSA/AML Cease and Desist Orders

Christian Larson Commentary by Christian Larson

The Federal Reserve Board, FDIC, National Credit Union Administration and OCC (each, an "Agency") explained the circumstances under which an Agency will issue a mandatory cease and desist order or initiate an enforcement action for violating Bank Secrecy Act ("BSA") and AML requirements.

As described in the Joint Statement, pursuant to Section 8(s) of the Federal Deposit Insurance Act and Section 206(q) of the Federal Credit Union Act, credit unions and insured depository institutions must maintain a compliance program that includes the following components;

  • internal controls to assure BSA compliance;
  • independent testing for BSA compliance;
  • designated individuals responsible for overseeing BSA compliance; and
  • related training for appropriate personnel.

The Agencies stated that a cease and desist order will be brought against a financial institution for (i) failing to have a written BSA/AML compliance program that adequately covers the abovementioned program components; (ii) failing to implement an adequate BSA/AML program; and (iii) having defects in one or more program components coupled with other aggravating factors.

The Agencies highlighted specific types of failures that may result in a cease and desist order or enforcement action, including:

  • rapid expansion of relationships with foreign affiliates or third parties without proper controls;
  • failing to identify risks relating to money laundering or other illicit financial transactions;
  • an inadequate system of internal controls to confirm customers' identities;
  • insufficient resources to effectively implement a BSA/AML compliance program;
  • failure to resolve independent testing deficiencies;
  • inadequate training for staff; and
  • failure to address a deficiency that an Agency has previously reported to the board of directors or senior management.


Christian Larson

This is the first comprehensive update on BSA/AML enforcement that the banking and credit union regulatory agencies have issued since 2007. Credit unions and banks, and their counsel, can use this guidance to prioritize changes and remedial measures to their BSA/AML programs in an effort to avoid cease and desist orders. Note, however, that FinCEN, which also has enforcement authority, is not bound by this guidance.

Email me about this

Premium Content

Available only to Premium subscribers.