The Office of the Comptroller of the Currency has issued a consent order against Anchorage Digital Bank of Sioux Falls, South Dakota, in lieu of initiating cease and desist proceedings and in light of the bank’s corrective action and commitment to remedying the deficiencies identified by OCC.
The bank entered into an operating agreement with the OCC in January 2021 in connection with its conversion from Anchorage Trust Company, a South Dakota chartered trust company, to Anchorage Digital Bank, National Association. The operating agreement included compliance with the anti-money laundering provisions of the Bank Secrecy Act. Upon examination, the OCC found that the bank had not met these requirements, thereby violating both the operating agreement and the BSA, including 12 CFR § 21.21, 31 USC §5318(i), 31 CFR §§ 1020.210(a)(2)(v) and 1010.610.
Specifically, the OCC found that the bank had failed to implement a compliance program with adequate internal controls for customer due diligence and procedures for monitoring suspicious activity.
The consent order has nine main elements. The bank must:
- Appoint a qualified, independent BSA officer and provide the officer with sufficient authority and resources to fulfill the role. The OCC must be given the opportunity to object to the officer;
- Appoint a compliance committee, of which a majority of members are directors of the bank but not employees or officers thereof. The committee is responsible for reporting compliance measures to the company’s board, and its reports are to be forwarded to the OCC;
- Provide an action plan to the OCC detailing the remedial actions necessary to achieve and sustain BSA compliance, including reasonable timelines for completion of the corrective actions, and the person or persons responsible for carrying them out;
- Adopt and implement appropriate risk-based policies and procedures for collecting customer due diligence on new and existing accounts, including procedures for identifying instances where due diligence information is lacking, and the maintenance of a list of customers with a high risk profile and ongoing due diligence for such customers;
- Adopt a written suspicious activity monitoring and reporting program sufficient to ensure timely and appropriate review and disposition of suspicious activity alerts, the bank’s staff must be informed in writing about the standards and procedures for suspicious activity monitoring and reporting, and a validation and review system must be implemented;
- Submit to the OCC, within 90 days of the consent order, the names and qualifications of a proposed independent third-party consultant to review and provide a written report on the bank’s suspicious activity monitoring for previously unreported activity, and the independent consultant must submit its findings to the OCC;
- Demonstrate its adherence to an acceptable, effective BSA/AML independent testing program commensurate with the its money laundering, terrorist financing and other illicit financial activity risk profile, including the implementation of an annual audit plan;
- Implement a written BSA/AML training program for bank employees and board members, and;
- Develop and implement a data governance program for BSA/AML-related information.