On December 22, 2020, the Federal Reserve Bank of New York and the New York State Department of Financial Services entered into a settlement with Credit Suisse Group AG and three of its subsidiaries for anti-money laundering and Bank Secrecy Act compliance failures.
According to the settlement, the regulators identified deficiencies in Credit Suisse’s New York branch’s compliance risk management program, particularly in the BSA/AML compliance function administered by ServeCo, a New York subsidiary of Credit Suisse Services USA, LLC that provides BSA/AML operational support to the bank.
The settlement agreement requires Credit Suisse’ board of directors and the board and risk committees of the bank’s US entity to submit a written BSA/AML oversight program within 90 days of the settlement; the program must provide for a sustainable governance framework designed to enhance supervision and implementation of BSA/AML compliance policies, procedures and controls, and include eight items to improve the consolidated framework for BSA/AML compliance across the bank’s US operations – specifically, measures to ensure:
- appropriate and effective oversight and reporting structures, including with regard to ServeCo;
- that ServeCo and other BSA/AML service providers are adequately identified, documented and monitored, including the providers’ duties and responsibilities, the scope and frequency of assessments of BSA/AML controls conducted by the providers, and procedures for the escalation of compliance matters;
- the maintenance of accurate and comprehensive customer and transactional data;
- that reporting and oversight mechanisms provide a system of internal controls designed to ensure BSA/AML compliance by all legal entities and units across the bank’s US operations;
- the production of regular risk assessments pursuant to a comprehensive BSA/AML compliance risk assessment process;
- the qualifications of persons or groups charged with carrying out the BSA/AML compliance function;
- the establishment of procedures for periodic testing of compliance risk management policies, procedures and controls, and;
- the establishment of interim measures to monitor and control BSA/AML risk until the improved policies mandated by the settlement agreement can be fully implemented.
The settlement also requires Credit Suisse to submit a revised customer due diligence program, a written suspicious activity monitoring and reporting program, a new written plan for periodic independent testing of the bank’s BSA/AML compliance by qualified independent parties, and the submission of quarterly progress reports to the Federal Reserve.