This Reed Smith Bulletin summarizes the Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements (the “Statement”), which was issued July 19, 2007. The Statement, which details activities that trigger ceaseand- desist orders under the Bank Secrecy Act (“BSA”), is intended to make antimoney- laundering enforcement more consistent among agencies and transparent to bankers. This invaluable guidance from regulators not only assists bankers in understanding how regulators will apply enforcement standards, but also helps bankers recognize the issues and elements the regulators are focused on. The Statement can be found at www.federalreserve.gov/boarddocs/press/bcreg/2007/20070719/default.htm. The Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration (the “Agencies”) jointly issued the Statement establishing consistency among the agencies in BSA enforcement decisions and offering institutions insight into the considerations that form the basis of those decisions. The Statement is intended as a complement to the Bank Secrecy Act/Anti- Money Laundering Examination Manual, also designed to foster interagency consistency and transparency regarding the BSA examination process.
BSA Compliance Program
As required by section 8(s) of the Federal Deposit Insurance Act (“FDIA”) and section 206(q) of the Federal Credit Union Act (“FCUA”), each Agency has issued regulations requiring institutions it supervises or insures to establish and maintain a BSA Compliance Program (a “Program”). Under these rules, if a regulated institution fails to establish and maintain a Program or fails to correct a previously identified problem with its BSA compliance program, the appropriate Agency may issue a formal cease-and-desist order. The Statement clarifies the circumstances under which the Agencies will issue such an order.
Agencies will issue a cease-and-desist order based on a failure to establish and maintain a reasonably designed Program where the institution: (1) fails to have a written Program that adequately covers the required elements of a Program; (2) fails to implement a Program that adequately covers the required elements of a Program, by failing to comply with Agency-issued policy statements or by not adhering to the institution’s written policies, procedures, and processes; (3) has defects in its Program rendering the Program or its implementation ineffective; for example, where deficiencies are coupled with other aggravating factors, such as highly suspicious activity creating a significant potential for unreported money laundering or terrorist financing; patterns of structuring to evade reporting requirements; significant insider complicity; or systemic failure to file Currency Transaction Reports (“CRTs”), Suspicious Activity Reports (“SARs”), or other required BSA reports. Generally, deficiencies will result in a cease-and-desist order if they are so severe as to render the Program ineffective when viewed as a whole. In making a determination that an institution has failed to implement a compliant Program, the Agencies will also consider the application of the institution’s Program across its business lines and activities, and if deficiencies are found to affect only some lines of business or activities, the Agencies will evaluate whether the deficiencies are so severe or significant in scope as to result in a conclusion that the institution has not implemented an effective overall Program.
Prior History of Non-Compliance
A history of deficiencies in a Program may also result in a cease-or-desist order. An Agency will issue a ceaseand- desist order where it uncovers uncorrected problems or a deficiency substantially the same as one identified in a previous examination. In order to be a “problem” that will result in such an order, deficiencies must be identified in a report of examination or other written document as requiring communication to an institution’s board of directors or senior management as matters that must be corrected. In situations where a problem with a Program may not be correctable before the next examination—for example, where adoption or conversion of a computer system is required—a cease-and-desist order is not required, provided the Agency determines the institution has made substantial progress toward a correction since the original examination report identifying the deficiency.
Additional Agency Remedies
In addition to issuing a cease-and-desist order, the Statement recognizes that Agencies may enter into a formal written agreement, or take informal enforcement action against an institution for other types of BSA/AML Program concerns. The form of enforcement action in a particular case depends on the severity of the noncompliance, weakness, or deficiencies; the capability and cooperation of the institution’s management; and the Agency’s confidence that the institution will take appropriate and timely corrective action. Under regulations of the Agencies and the Treasury Department, institutions subject to the Agencies’ supervision are required to file an SAR when they detect certain known or suspected criminal violations or suspicious transactions. The Agencies will cite a violation of the SAR regulations, and will take appropriate supervisory action, if the organization’s failure to file an SAR evidences a systemic breakdown in its policies, procedures, or processes to identify and research suspicious activity; involves a pattern or practice of noncompliance with the filing requirement; or represents a significant or egregious situation.
The Statement emphasizes the fact that banking organizations and credit unions are subject to other BSA reporting and recordkeeping requirements set forth in regulations issued by the Treasury Department. These requirements are reviewed in the BSA/AML Examination Manual, and include, inter alia, requirements applicable to cash and monetary instrument transactions and fund transfers, CTR filing and exemption rules, due diligence, certification, and other requirements for foreign correspondent and private banking accounts. Finally, the Statement recognizes that in appropriate circumstances, an Agency may take formal or informal enforcement actions to address violations of BSA/AML requirements other than Program requirements, including, for example, SAR and CTR regulatory obligations.