Federal agencies provide guidance on Bank Secrecy Act and anti-money laundering enforcement

On August 13, 2020, the federal banking agencies – the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation and the National Credit Union Administration – issued a Joint Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements (the Joint Agency Statement) describing the circumstances in which they will issue a mandatory cease and desist order to address noncompliance with the Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements.

The Joint Agency Statement describes circumstances in which an agency may issue formal or informal enforcement actions or use other supervisory actions to address BSA-related violations, unsafe or unsound banking practices, or other deficiencies. This Joint Agency Statement supersedes the Interagency Statement on Enforcement of BSA/AML Requirements issued by the agencies in July 2007.

On August 18, 2020, the Financial Crimes Enforcement Network (FinCEN), as the primary regulator and administrator of the BSA, issued a follow-up Statement on Enforcement of the Bank Secrecy Act (the FinCEN Statement). Both are discussed in more detail below.

The Joint Agency Statement

The Joint Agency Statement specifically addresses BSA/AML compliance provisions in section 8(s) of the Federal Deposit Insurance Act (FDIA) and section 206(q) of the Federal Credit Union Act (FCUA). Under these sections, the agencies are directed to prescribe regulations requiring each insured depository institution to establish and maintain procedures reasonably designed to assure and monitor the institution's compliance with the requirements of the BSA; collectively, these procedures form the basis of each institution's BSA/AML Compliance Program. Each agency must examine the institution's BSA/AML Compliance Program and issue reports of examination.

When an agency identifies deficiencies in an institution's BSA/AML Compliance Program, the agency may communicate those concerns by various formal and informal means, depending on the seriousness of the concerns and each agency's policies. Section 8(s) or 206(q) are triggered when a deficiency is identified in a report of examination or written document reported as a violation of law or a matter that must be corrected to the institution's board of directors or senior management. Isolated or technical violations of law and other issues or suggestions for improvement may be communicated through other means.

Under sections 8(s)(3) and 206(q)(3), the appropriate agency issues a cease and desist order for noncompliance when the institution fails to establish and maintain a reasonably designed BSA/AML Compliance Program, where the institution:

• Fails to have a written BSA/AML Compliance Program that adequately covers the required components or pillars (internal controls, independent testing, designated BSA/AML personnel and training)
• Fails to adequately implement the BSA/AML Compliance Program or
• Has defects in its BSA/AML Compliance Program in one or more program components or pillars coupled with aggravating factors, indicating either an inadequate written program or inadequate implementation of the program.

An agency will issue a cease and desist order whenever an institution fails to correct a previously reported problem with its BSA/AML Compliance Program. However, in order to be considered a “problem” for these purposes, the matter reported to the institution ordinarily would involve substantive deficiencies – as opposed to isolated or technical deficiencies – in one or more of the required components or pillars of the a BSA/AML Compliance Program or implementation thereof that is reported to the board of directors or senior management as a violation of law or regulation.

An agency will ordinarily not issue a cease and desist order for failure to correct a BSA/AML Compliance Program problem unless problems subsequently found are substantially the same as those previously reported to the institution. Additionally, statements in a report of examination or other written document reported to the board of directors or senior management suggesting areas for improvement, identifying less serious issues or identifying isolated or technical violations or deficiencies would generally not be considered problems for purposes of sections 8(s) and 206(q).

The Agencies also recognize that certain types of BSA/AML Compliance Program problems may not be fully correctable before the next examination or within the planned timeframes for corrective actions. Remedial actions involving multiple lines of business or the adoption or conversion of automated systems may take more time to implement than anticipated. In these situations, a cease and desist order is not required, provided the agency determines that the institution has made acceptable substantial progress toward correcting the problem.

Depending upon the particular facts involved, an agency may pursue enforcement actions based on individual component or pillar violations or BSA-related unsafe or unsound practices that may impact individual components or pillars. The form and content of the enforcement action in a particular case will depend on the severity of the concerns or deficiencies, the capability and cooperation of management, and the agency's confidence that management will take appropriate and timely corrective action. An agency may also elect to take other forms of formal or informal enforcement actions to address violations of other requirements that are not individual component or pillar requirements. Examples include deficiencies in customer due diligence, beneficial ownership information gathering and review, foreign correspondent banking and suspicious activity reporting and currency transaction reporting. Additionally, violations of these non-program requirements that are determined by the agency to be isolated or technical are generally not considered problems that would result in an enforcement action.

The FinCEN Statement

Through the FinCEN Statement, FinCEN aims to provide clarity and transparency to its approach when contemplating compliance or enforcement actions against covered financial institutions that violate the BSA. “FinCEN is committed to being transparent about its approach to BSA enforcement.  It is not a ‘gotcha’ game,” said FinCEN Director Kenneth A. Blanco.

When FinCEN takes an enforcement action, it will seek to establish a violation of law based on applicable statutes and regulations. FinCEN will not treat noncompliance with a standard of conduct announced solely in a guidance document a violation of law. In all matters, FinCEN will consider the need to impose compliance commitments to ensure that financial institutions are fully complying with BSA obligations.

Assuming enforcement action is deemed appropriate, dispositions of BSA violations by FinCEN may take the following forms:

• Warning letter
• Equitable remedies, such as an injunction or equitable relief
• Settlements, potentially requiring both remedial undertakings and civil money penalties
• Civil money penalties or
• Criminal referral.

“FinCEN considers a range of factors when evaluating an appropriate disposition upon identifying actual or possible violations of the BSA….FinCEN strives for proportionality, consistency, and effectiveness. The weight given to any factor in contemplation of the potential dispositions identified above may change based on the relevant facts and circumstances of a case. The factors FinCEN considers include, but are not limited to, the following:”

1. Nature and seriousness of the violations, including amounts involved and possible public harm
2. Impact or harm on FinCEN's mission to safeguard the financial system
3. Pervasiveness of wrongdoing within an institution, including management complicity in, condoning or enabling of, or knowledge of the conduct
4. History of similar violations or misconduct in general
5. Financial gain or other benefit resulting from the violations
6. Presence or absence of prompt, effective action (including self-initiated remedial measures) to terminate the violations upon discovery
7. Timely and voluntary disclosure of the violations to FinCEN[1]
8. Quality and extent of cooperation with FinCEN and other agencies
9. Systemic nature of violations, determined by factors such as the number and extent of violations, failure rates and duration of violations and
10. Whether another agency took enforcement action for related activity.

FinCEN encourages financial institutions to voluntarily and promptly report violations, and to candidly and completely cooperate with any investigation.