Agencies clarify BSA/AML enforcement
On August 13, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, the “agencies”) issued a joint statement, which clarifies how the agencies apply the enforcement provisions of the Bank Secrecy Act (BSA) and related anti-money laundering (AML) laws and regulations. Specifically, the statement discusses the conditions that require the issuance of a mandatory cease and desist order under sections 8(s) and 206(q). According to the agencies, there are no new exceptions or standards created by document. Among other things, the statement:
- Provides examples of when an agency shall issue a cease and desist order in accordance with sections 8(s)(3) and 206(q)(3) for “[f]ailure to establish and maintain a reasonably designed BSA/AML Compliance Program. The statement notes that an institution would be subject to a cease and desist order when the one component of their compliance program “fails with respect to either a high-risk area or multiple lines of business… even if the other components or pillars are satisfactory.”
- Describes circumstances in which an agency may use its discretion to issue formal or informal enforcement actions related to unsafe or unsound BSA-related practices. The statement notes that the “form and content” of the enforcement action will depend on a variety factors, including “the capability and cooperation of the institution’s management.”
- Describes how the agencies incorporate customer due diligence regulations and recordkeeping requirements as part of the internal controls pillar of an institutions BSA/AML compliance program.
- Discusses the treatment of isolated or technical compliance program requirements that are generally not issues resulting in an enforcement action.