On March 17, Thomas J. Curry, the Comptroller of the Currency, the primary regulator of national banks addressed the Association of Certified Anti-Money Laundering Specialists. He said that the vast majority of banks he regulates are doing a good job in complying with the Bank Secrecy Act (BSA) and anti-money laundering (AML) laws although that is not reported by the media.

He said that, where there are BSA/AML problems in the industry, he has spoken with senior executives, particularly at large banks, because issues underlying BSA infractions can almost always be traced back to decisions of the board of directors and senior management. He said that deficiencies fall into four areas: (1) culture of compliance, (2) resources committed to BSA compliance, (3) strength of information technology and monitoring, and (4) quality of risk management, all of which require, he said, the attention of a bank's Chief Executive Officer. He added that the OCC finds that deficiencies in these four areas often affect credit and operational risk. Thus, he explained it is reasonable to take BSA compliance into account in considering the "M" (Management), component in a bank's supervisory CAMELS rating.

The Comptroller reported progress in the priority that management of large banks is giving to BSA compliance. He also mentioned the need for compliance practices to align with compensation and to increase resources in this area, which he suggested is "clearly a better option than simply abandoning customers in higher risk categories," such as money transmitters. He urged that customers be evaluated individually, but did acknowledge that if the risk posed by a particular customer is too great to be managed successfully, a bank must turn the customer away.

It has been reported that Comptroller Curry called for large banks to employ some type of criminal compliance officers, but that is not precisely what he said. He reasoned that deficiencies in BSA/AML programs result in the imposition of civil money penalties on the bank and lowering of management ratings, but that those actions harm the shareholders of the bank and the bank itself, not the managers that should be accountable. He explained that he was not talking about community banks at which lines of responsibility are clear, but rather about large, complex, globally active banks in which lines of responsibility may be blurred. He called for senior managers to be held responsible for BSA risk management.

He explained that BSA weaknesses that the OCC has found in large banks are sometimes the result of collective decision-making of a great many people over a long period of time and may not be attributable to the acts of a single individual. Comptroller Curry argued that accreted compliance weaknesses need to be eliminated or else institutional structural flaws become an excuse for lack of accountability and, thus, BSA compliance breakdowns resulting from conscious decisions not to commit resources should lead to accountability.

Based on Comptroller Curry's remarks last week, future penalties imposed by the OCC on large national banks for BSA/AML violations may be accompanied by penalties imposed on senior managers of those banks.