The Federal Reserve Board, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, and National Credit Union Association (Federal Banking Agencies or the Agencies), issued a Joint Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements (Statement) updating their 2007 Statement. The Agencies note this Statement does not create any new expectations or standards; rather, it clarifies how the Federal Banking Agencies evaluate enforcement actions when financial institutions fail to meet Bank Secrecy Act/Anti-Money Laundering (BSA/AML) obligations. Specifically, the Statement notes isolated or technical violations or deficiencies generally will not result in enforcement actions, it explains the conditions that require the issuance of a mandatory cease and desist order or other type of enforcement action, and provide information on how the Treasury’s Customer Due Diligence and recordkeeping requirements are evaluated under the internal controls component of an institution’s BSA/AML Compliance Program. The Statement outlines the following key information:
Enforcement Actions for BSA/AML Compliance Program Failures
Under section 8(s) of the FDIA and section 206(q) of the FCUA, cease and desist orders are required to be issued by the Agencies if an institution fails to:
- Establish and maintain a reasonably designed BSA/AML Compliance Program (fails to have a written program, the program is inadequate, or the program is ineffective) or
- Correct a previously reported problem with its BSA/AML Compliance Program identified during the supervisory process. (A “problem” would be substantive deficiencies in the BSA/AML compliance program that is reported to the institution’s board of directors or senior management in an exam report or other supervisory communication as a violation of law or regulation, or a matter that must be corrected. Suggestions for improvement, identifying less serious issues, or identifying isolated or technical violations or deficiencies would generally not be considered problems.)
Other Enforcement Actions for BSA/AML Compliance Program Component or Pillar Deficiencies
In addition to the required issuance of a cease and desist order for a violation of the BSA/AML Compliance Program regulation or for failure to correct a previously reported BSA/AML compliance program problem, an Agency may also take formal or informal enforcement actions for other types of BSA/AML Compliance Program concerns or deficiencies (e.g. individual component or pillar violations or BSA-related unsafe or unsound practices that may impact individual components or pillars) that may not meet the level of severity for program failure and, therefore, do not fall under the scope of sections 8(s) and 206(q).
Enforcement Actions for Other BSA/AML Requirements
An Agency may take formal or informal enforcement actions to address violations of BSA/AML requirements other than the BSA Compliance Program or the individual component or pillar requirements (e.g. suspicious activity reporting, customer due diligence, beneficial ownership, foreign correspondent banking, and suspicious activity reporting and currency transaction reporting requirements). As with BSA/AML Compliance Program violations, if these violations are isolated or technical in nature, generally they will not be considered problems that will result in an enforcement action.
The updated Statement also provides examples of issues that would warrant enforcement as noted above.
Visit our BSA Forum to continue the discussion on the Agencies updated Statement.