• Comptroller of the Currency Issues Guidance, Best Practices, Relating to BSA/AML Compliance
  • October 19, 2016 | Author: George A. LeMaistre
  • Law Firm: Jones Walker LLP - Mobile Office
  • The Office of the Comptroller of the Currency (OCC) last week issued guidance relating to compliance with the Bank Secrecy Act, and with requirements for the adoption and implementation of effective anti-money laundering programs, for depository institutions supervised by the OCC that hold correspondent accounts for foreign financial institutions.

    Although the guidance-which also includes suggested "corporate governance best practices"-is most directly relevant for larger depository institutions and those situated in markets where there is significant international trade activity, or substantial populations of foreign nationals, it also may be useful to other institutions for what it indicates that regulators expect of any bank having depositors, foreign or domestic, that are engaged in cash-intensive businesses or in activities that otherwise may implicate Bank Secrecy Act/anti-money laundering (BSA/AML) considerations.

    The guidance refers at the outset to the OCC’s "supervisory expectation that banks conduct periodic risk reevaluations of their customer portfolios," for the purpose of ensuring that the risk profiles of affected customers are regularly reviewed and updated, and that mechanisms and procedures that provide for such regular and periodic reevaluationss are in place and are implemented. As the guidance states subsequently, "For BSA/AML, effective risk management should be an ongoing process, not a one-time exercise, and each bank’s risk assessment should be periodically updated to identify changes in the bank’s risk profile."

    The guidance explicitly says that the decision to retain or to close any account ordinarily rests solely with the bank: "As a general matter, the OCC does not direct banks to open, close, or maintain individual accounts, nor does the agency encourage banks to engage in the termination of entire categories of customer accounts without considering the risks presented by an individual customer or the bank’s ability to manage the risk. A decision to terminate a banking relationship or to exit a line of business generally resides with the bank."

    Among the best practices that the guidance says OCC personnel have observed and that banks may want to consider when conducting periodic risk reevaluations, and making determinations whether to retain or terminate particular accounts, are the following:
    • Establishing and using an "effective governance function"-which may "take the form of an oversight committee or another format, depending on the bank’s general governance structure"-to review the policies, procedures, and methods employed in risk reevaluations; to monitor the bank’s customer due diligence relating to BSA/AML compliance; and to monitor and evaluate recommendations regarding account retention or termination;
    • Providing for follow-up by bank personnel on activity that does not comport with a customer’s risk profile, customer due-diligence information, or expected accounted activity;
    • Ensuring that account termination decisions, and the factors considered in reaching such decisions, are communicated regularly to senior management, with "consideration given to the extent to which account closures may have an adverse impact on access to financial services";
    • Communicating to senior management whether there are actions, such as placing temporary or additional restrictions on an account, that could be taken "to manage or mitigate the identified risks with less impact" than account closure;
    • Communicating with affected bank customers concerning any relevant BSA/AML issues, and considering specific mitigating information that they may provide, and allowing them sufficient time to establish alternative banking relationships before account termination, "unless doing so would be contrary to law, or pose an additional risk to the bank or national security, or reveal law enforcement activity"; and
    • Ensuring that there is a clear audit trail of the reasons and methods used to determine that account closure was warranted.
    The guidance says that where BSA/AML considerations are present, banks’ due diligence of the customers involved "must include policies and procedures to assess risks posed by" each such customer and, among other things, must "consider all relevant factors," including the customer’s "business and markets; the type, purpose, and anticipated activity of the account; [and] the nature and duration of the relationship" with the customer.

    While further guidance may be forthcoming from the OCC and other financial regulators that specifically addresses BSA/AML issues other than those in connection with correspondent accounts of foreign financial institutions, for now this OCC guidance offers some useful insights for BSA officers and other compliance personnel into what regulators expect to find in compliant BSA/AML programs.