On August 13, 2020, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency issued a joint statement to enunciate the four agencies’ policies regarding enforcement of the Bank Secrecy Act and applicable anti-money laundering requirements. The Statement supersedes the Interagency Statement on Enforcement of BSA/AML Requirements issued in July 2007. It clarifies the circumstances under which the agencies will issue mandatory cease and desist orders pursuant to Section 8(s) of the Federal Deposit Insurance Act and section 206(q) of the Federal Credit Union Act, and other discretionary enforcement actions to address BSA/AML violations, but does not address the assessment of civil money penalties for violations of the BSA or the regulations promulgated thereunder.
BSA/AML compliance requires that institutions establish and maintain compliance programs that are reasonably designed to assure and monitor BSA/AML requirements, and include a system of internal controls, independent BSA/AML compliance testing, training for employees, a designated person or persons responsible for coordinating and monitoring BSA/AML compliance, and risk-based procedures for conducting due diligence on, ascertaining the true identity of, customers. The BSA also has reporting and recordkeeping requirements; in order for the provisions of section 8(s) and 206(q), to be triggered, deficiencies in the compliance program must be reported to management or the board of directors.
According to the Statement, cease and desist orders will be issued for failure to establish and maintain a reasonably designed compliance program if an institution:
- Fails to have a written BSA/AML compliance program containing the required program components (as noted:internal controls, independent testing, designated compliance personnel, training);
- Fails to implement a compliance program that, on its face, appears to be adequate; or
- Has a BSA/AML compliance program that is deficient in its theoretical or practical coverage BSA/AML requirements, combined with the presence of aggravating factors such as suspicious activity, evasive structures, insider complicity, or system failure to file currency transaction and suspicious activity reports.
The Statement provides an analysis of several scenarios in which these considerations would weigh in favor of a cease and desist order, while noting that the agencies will take a broad look at an institution’s compliance program and its implementation across business lines and activities, and deficiencies in some facets of the program may not necessarily result in enforcement. However, the agencies will issue a cease and desist order whenever an institution fails to correct a previously reported BSA/AML problem. Examples of such cases are also given.
Referring to suspicious activity reports as a cornerstone of the BSA, the Statement lists the types of activities for which SARs are required, including known or suspected criminal violations:
- Involving insider activity
- Aggregating $5,000 or more, when a suspect can be identified;
- Aggregating $25,000 or more; or
- Suspicious transactions of $5,000 or more that involve potential money laundering or BSA violations.
According to the Statement, the Agencies will take appropriate action if an institution’s failure to file a SAR reflects a systemic breakdown in the policies, procedures or processes aimed at identifying suspicious activity, or involves a pattern or practice of noncompliance with the filing requirements.