Bank Settles OCC Charges for AML Violations; Agrees to Hire Independent Consultants
Commentary by Thomas Delaney
A bank settled OCC charges for "unsafe or unsound practices" related to Bank Secrecy Act compliance and for failing to correct previously identified anti-money laundering compliance deficiencies.
According to the Consent Order, the OCC found deficiencies as to the bank's internal controls; governance; transaction and suspicious activity monitoring and reporting (including, for example, as to "appropriate thresholds for determining when transaction alerts should trigger a case investigation"); risk assessments; staffing; internal audits; and training. The OCC also cited the bank for failing to address deficiencies identified in prior examinations, including those concerning suspicious activity reporting and risk governance frameworks.
As a result, the OCC found violations of OCC Rule 21.21 ("Procedures for Monitoring BSA Compliance"); OCC Rule 21.11 ("Suspicious Activity Reports"); as well as non-compliance with 31 U.S.C. 5318 ("Compliance, exemptions, and summons authority") and Rule 1020.320 ("Reports by banks of suspicious transactions").
As part of the settlement, the bank agreed to take corrective actions, including: (i) establishing a compliance committee of at least three independent directors to oversee implementation of remedial measures; (ii) submitting a corrective action plan within 90 days, detailing specific timelines, accountability measures and steps to address deficiencies; (iii) engaging third-party consultants to conduct assessments of BSA/AML compliance programs, transaction monitoring systems and prior suspicious activity reporting; (iv) implementing enhanced systems for customer due diligence, risk assessments and transaction monitoring tailored to the bank's size and complexity; (v) rolling out BSA and sanctions compliance training for staff; and (vi) refraining from introducing new high-risk products or entering high-risk markets without prior OCC approval.
Commentary
This Order may become known as the third-party consultant, full employment program.
The Order requires the Bank to hire several third-party consultants to evaluate and suggest improvements to various aspects of its AML and Sanctions compliance procedures. One third-party consultant is to perform an end-to-end assessment of the bank's AML and Sanctions compliance programs, the findings from which are to be used to shape the Bank's Action Plan for improving its compliance operations. The Bank's board is responsible for overseeing the implementation of the Action Plan.
In addition to the appointment of a third-party consultant to evaluate the sufficiency of the Bank's compliance program, the Bank is required to hire a third-party consultant to validate its transaction monitoring process, including evaluating whether the Bank should have filed suspicious activity reports for previously unreported suspicious activities. Another consultant, to be known as the "Negotiable Instruments Look-Back Consultant," is to conduct a review and provide a report on the Bank's reporting of suspicious activity related to its negotiable instruments. In addition to employing this myriad of consultants, the Order requires the Bank to develop a revised Customer Due Diligence program and update its AML and Sanctions Risk Assessments and to modify compliance procedures in line with the findings contained in those evaluations. Also, the Bank is required to ensure that it maintains an independent and competent BSA Compliance Officer, as well as adequate and well-trained staff. The Bank is prohibited from adding new products or services with high BSA or Sanctions Risk or to expand into new markets that present such risk without receiving prior approval from the Examiner-in-Charge.