On May 24, the OCC entered into an agreement with a New York-based federal savings bank over the bank’s alleged unsafe or unsound banking practices “relating to strategic and capital planning, concentration risk management, and board and management oversight at the [b]ank, and violations of law relating to Bank Secrecy Act (BSA) internal controls and BSA officer requirements.” Pursuant to the agreement, the bank’s Board must, among other things, revise and adopt a written program of internal control policies and procedures that the bank must implement to ensure ongoing compliance with the BSA. The policies and procedures must include, at a minimum, (i) effective customer due diligence and enhanced due diligence processes at account opening and thereafter; (ii) adequate methodology to ensure proper risk rating of customer accounts at their opening and thereafter; (iii) effective evaluations and investigations of suspicious activity system alerts; (iv) effective suspicious activity investigation process; and (v) periodic validation of the bank’s automated BSA monitoring system settings.