The Board of Governors of the Federal Reserve System announced a $41 million penalty against the U.S. operation of a foreign bank over Bank Secrecy Act and anti-money laundering deficiencies.

What happened

In the most recent examination of the BSA/AML program at the U.S. bank holding company of a foreign bank, the Federal Reserve Bank of New York identified “significant deficiencies” in the bank’s risk management and compliance with BSA/AML requirements, the Federal Reserve explained in a recent order.

Examiners also found deficiencies in the bank’s transaction monitoring capabilities, which prevented it from properly assessing BSA/AML risk for “billions of dollars in potentially suspicious transactions” processed between 2011 and 2015 for certain bank affiliates in Europe that failed to provide sufficiently accurate and complete information, the Federal Reserve said.

To settle the matter without a formal proceeding, the Federal Reserve entered an order to cease and desist and an order of assessment of a civil money penalty against the bank.

The order began with requirements for corporate governance and management oversight of the bank’s U.S. operations, mandating that the bank submit a written plan within 60 days including actions to improve the framework for its BSA/AML compliance with supervision by U.S. senior management, ensuring that those carrying out compliance possess appropriate subject matter expertise, establishing procedures to escalate significant matters and providing adequate resources.

A written plan for a compliance risk management program must also be put in place at the bank, addressing the scope and frequency of BSA/AML compliance risk assessments; the identification of all business lines, activities and products to ensure they are all appropriately risk-rated and included in the assessments; and enhanced BSA/AML-related written policies and procedures. The Federal Reserve also required that interim measures be established to monitor and control BSA/AML-related risk until the improved program is fully implemented.

The bank needs to retain multiple independent third parties pursuant to the order, first to conduct a comprehensive review of its compliance and prepare a written report of findings, conclusions and recommendations, and second to conduct a review of the bank’s foreign correspondent banking activity conducted over a six-month period in 2016. Depending on the findings from that review, the Federal Reserve left open the possibility of additional time periods and business activities being considered.

As for the bank’s revised BSA/AML compliance program, the written plan submitted to the Federal Reserve should address the report from the independent third party, providing for a system of internal controls designed to ensure compliance with the applicable BSA/AML requirements, a comprehensive BSA/AML risk assessment (identifying and considering all products and services, customer types, and geographic risks) and identification of the management information systems used to achieve compliance with the requirements. Effective training for all appropriate personnel and improved independent testing procedures must also be included.

Other topics covered in the order were customer due diligence, suspicious activity monitoring and reporting, and a transaction monitoring system, with revised programs for all three required to be submitted to the Federal Reserve.

Finally, the regulator imposed a $41 million civil money penalty.

To read the Federal Reserve’s order, click here.

Why it matters

The order’s requirements—from retaining an independent third party to review the bank’s BSA/AML compliance to enhanced oversight by management to the $41 million penalty—settles the Federal Reserve’s allegations that the bank’s BSA/AML program had “significant deficiencies.”