BLOG

Question:

Have regulators issued any recent or updated guidance on Anti Money Laundering (“AML”) enforcement actions?

Answer:

Yes. On August 13^th, Federal banking regulators clarified that they generally do not issue cease-and-desist orders for minor deficiencies in a bank's anti-money-laundering program or isolated violations of Bank Secrecy Act rules. In a joint statement, the Federal Reserve, Federal Deposit Insurance Corp., Office of the Comptroller of the Currency and National Credit Union Administration (individually, “Agency,” and collectively, the “Agencies”) updated their guidance on how they evaluate violations of AML rules. "Violations or deficiencies in an institution’s BSA/AML compliance program communicated to the institution in a report of examination or through other written means that are determined to be isolated or technical are generally not considered problems that would result in a mandatory cease and desist order," the Agencies said.

The Agencies also listed four pillars for an institution’s AML compliance program. They include: 

• Internal controls for ongoing AML compliance,
• Independent testing,
• Designating individuals to coordinate AML compliance and
• Proper training for personnel involved AML compliance.
  

Financial institutions’ AML compliance programs must also include customer identification programs that ensure firms “form a reasonable belief” that they know the identity of their customers.

The guidance highlighted scenarios in which Federal regulators will issue cease-and-desist orders for AML violations. Financial institutions that lack a "reasonably designed" AML program or do not address previously reported AML problems could face the threat of such an order. For example, an institution will be issued a cease-and-desist order if it has deficiencies in the required independent testing component of the AML compliance program that are combined with signs of highly suspicious activity. Additionally, an institution that fails to take any action in response to criticism from an exam regarding a failure to appoint a qualified and effective AML Compliance Officer would also likely receive a cease-and-desist order. However, the Federal regulators said they will not issue cease-and-desist orders unless deficiencies in an AML compliance program are “so severe or significant as to render the BSA/AML compliance program ineffective when viewed as a whole.” In cases where an institution fails to address a previously reported problem, the Agencies said they will not issue a cease-and-desist order “unless the problems subsequently found by the Agency are substantially the same as those previously reported to the institution.”

Other formal or informal enforcement actions could still be taken in lieu of cease-and-desist orders and will “depend on the severity of the concerns or deficiencies, the capability and cooperation of the institution’s management, and the Agency’s confidence that the institution’s management will take appropriate and timely corrective action.”