BSA/AML And OFAC Compliance – Higher Stakes And Greater Consequences For Banks

Since the start of the 2008 financial crisis, the Federal Banking Agencies ("FBAs") have keenly focused on balance sheet issues, on both an institutional and systemic basis. As a consequence, supervisory attention directed at compliance areas such as enforcement of the Bank Secrecy Act ("BSA"), anti-money laundering ("AML") laws, and regulations governing economic and trade sanctions issued by the Office of Foreign Assets Control ("OFAC") has not been as prominent. About a year ago, this trend came to an abrupt halt and, since then, we have seen a number of high profile supervisory and enforcement actions involving BSA/AML compliance issues, and several notable OFAC-related compliance actions. These enforcement actions have been accompanied by a series of steadily increasing, stern warnings by regulators, both publicly and during examinations, indicating that BSA/AML and OFAC compliance issues are now central issues that the FBAs are extensively reviewing at all insured depository institutions ("IDIs") and, most notably, at various card-based programs and money service businesses ("MSBs") supported by IDIs. Financial institutions, from multinational bank holding companies to regional and community banks to non-bank financial services companies, should be prepared for stepped up scrutiny of their existing BSA/AML and OFAC compliance programs.

Headlines and details of some of the recent actions provide a compelling view of federal regulators' current mind-set, as well as where we are heading with respect to the FBAs' supervision and enforcement of our increasingly complex globalized financial system.

Recent High-Profile Enforcement Activity

In the aftermath of the 2008 financial crisis, the FBAs focus shifted from issues such as BSA/AML and OFAC compliance to activities directly related to the causes of the financial crisis, such as capital, credit quality, residential mortgage lending practices, the adequacy of loan loss reserves, and broader systemic issues highlighted by various provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act. FBA enforcement actions related to BSA/AML violations dropped off significantly between 2007 and 2011, from over 40 per year in 2006 and 2007 to just seven in 2011.1 Similarly, other than in 2008, the trend for OFAC-related enforcement actions has been relatively flat, although the amount of fines has escalated dramatically in recent years.2 In the last year, however, the FBAs have indicated a renewed focus on BSA/AML and OFAC compliance. For example, in 2012, the FBAs brought approximately 30 significant enforcement actions involving BSA/AML violations, several of which included OFAC-related compliance issues as well.

This renewed focus on identifying and addressing deficiencies in BSA/AML and OFAC compliance programs has resulted in significant enforcement actions against several large multinational financial institutions, including the imposition of substantial Civil Money Penalties ("CMPs") in certain cases. Among the more notable enforcement actions highlighting the FBAs' interest in and attention to BSA/AML and OFAC issues are the following:

In April 2012, the Office of the Comptroller of the Currency ("OCC") entered into a consent cease and desist order with a national bank based on deficiencies in the institution's BSA/AML compliance program.3 While the OCC action did not result in fines or other CMPs, the agency noted that the bank exhibited general weaknesses in its internal controls, independent testing and auditing, and due diligence of foreign correspondent bank customers. In addition, the agency was critical of the bank's monitoring program, which resulted in the delinquent filing of Suspicious Activity Reports ("SARs") for its remote deposit capture/international cash letter instrument transactions. In order to address these concerns, the OCC directed the bank to take various corrective measures, including establishing an independent BSA/AML compliance team with clear responsibilities and authority- hiring an independent consultant to conduct an enterprise-wide assessment of the bank's BSA/AML compliance program; developing an automated customer due diligence process; implementing an effective policy on the use of cash letter and remote deposit capture services; retaining an independent consultant to coordinate with examiners in reviewing account and transaction activity; and ensuring the bank's compliance program is structured to vet and manage risks associated with new products, services, or lines of business. In a June 2012 settlement, characterized as the largest-ever settlement reached in an OFAC sanctions case, OFAC, the U.S. Department of Justice ("DOJ"), and the New York County District Attorney's Office entered into an agreement with a bank that paid a $619 million fine based on repeated violations dating back to the mid-1990s of the Cuban Assets Control Regulations and other OFAC programs.4 Complicating the picture for the bank were allegations that certain senior bank management was aware of and complicit in the activity and efforts to cover-up detection of the violations. In addition to the fine, the settlement agreement required the bank to conduct a review of its OFAC policies and procedures and implementation, and a risk-focused sampling of USD payments to ensure that the bank's OFAC compliance program is functioning effectively. In a similar settlement six months later with OFAC, DOJ, the New York State Department of Financial Services, and the New York County District Attorney's Office, another bank paid $132 million to settle civil liability claims...