• OCC Continues Focus on BSA/AML
  • March 30, 2015 | Author: Katharine F. Musso
  • Law Firm: Jones Walker LLP - Birmingham Office
  • The Office of the Comptroller of the Currency ("OCC") announced a civil money penalty of $1.5 million against a large community bank on February 27. The OCC found the bank had willfully failed to file suspicious activity reports ("SARs") and, as a result, hampered law enforcement's efforts to identify illegal activities. The underlying suspicious activity commenced as early as 2004, but no SARs were filed until 2009 and only then at the behest of an OCC examiner. That the passage of time was not a mitigating factor would not be surprising to the audience of the Institute of International Bankers. Comptroller Thomas J. Curry addressed the group on March 2, and in prepared remarks stated, "One of my highest priorities since becoming Comptroller in 2012 has been to strengthen the OCC's oversight of BSA/AML compliance in the banks we supervise. We have modified our examination procedures so that BSA deficiencies receive proper emphasis in our evaluation of each bank's overall safety and soundness. We have focused on the BSA/AML risks that can arise when third-party relationships are not properly managed. We have demanded that OCC-supervised institutions provide adequate resources to their BSA/AML compliance functions and assign accountability for compliance across all business lines that entail BSA/AML risk. And, where we found serious problems and violations, we have taken appropriate enforcement actions."

    For those institutions which already do a good job in the BSA/AML compliance area, the Comptroller provided a hint as to what may be required next. Comptroller Curry noted, "While often viewed as separate areas, the goals of BSA/AML and cybersecurity are increasingly converging. Terrorists, drug cartels, and cyber criminals all have a need to generate cash and move money, and it would seem that many of them would share some of the same goals. There are lessons to be learned from our decades-long experience in BSA enforcement that can be applied to the cybersecurity area, and vice versa."

    As a practical matter, this suggests that existing third party vendor relationships for either BSA/AML or IT should be monitored for opportunities to enhance cross-topic compliance coverage. New vendor relationships should specifically address both compliance topics.