OCC Drops Hammer on Bank of America for BSA and Sanctions Failures
Introduction
The Office of the Comptroller of the Currency (OCC) has issued a formal enforcement action against Bank of America, highlighting significant failures in the bank’s compliance with the Bank Secrecy Act (BSA) and related sanctions regulations. The OCC identified unsafe and unsound practices, including deficiencies in internal controls, inadequate suspicious activity monitoring, and failure to correct previously reported compliance issues. These findings underline the necessity for stronger governance, better risk management frameworks, and heightened accountability within the institution.
Corrective Actions Required by OCC
To address these deficiencies, the OCC mandates the following corrective actions:
- Compliance Committee: Bank of America must establish a Compliance Committee composed primarily of independent directors to oversee adherence to BSA and sanctions compliance requirements.
- Comprehensive Action Plan: The bank is required to submit a comprehensive Action Plan outlining specific remedial steps, responsible parties, and timelines to rectify compliance shortcomings.
- Enhanced Governance and Oversight: The bank must improve its risk governance frameworks, ensuring that the Board and senior management actively engage in monitoring and managing compliance risks.
- Robust Internal Controls and Monitoring Systems: The bank is obligated to implement robust internal controls and enhance its transaction monitoring systems to identify and report suspicious activities more effectively.
- Independent Look-Back Reviews: The OCC requires Bank of America to conduct independent look-back reviews of past transactions to identify any previously unreported suspicious activities and correct deficiencies in past reporting.
- Improved Customer Due Diligence and Risk Assessments: The bank must revise its Customer Due Diligence (CDD) processes and conduct comprehensive risk assessments to better identify and mitigate financial crime risks.
Every Bank Must Take Notice - And Act Now
This enforcement action serves as a critical reminder for other financial institutions to:
-
Regulators Are Watching Closely: No institution is too big or small to escape enforcement actions. A proactive approach to compliance is essential to staying off the regulator’s radar.
-
Prioritize Compliance Infrastructure: Robust internal controls, independent audits, and effective governance structures are essential to maintaining regulatory compliance and avoiding enforcement actions and fines.
- Stay Proactive in Risk Management: Regularly updating risk assessments and compliance programs to reflect evolving threats and regulatory expectations is crucial for sustained compliance.
- Ensure Accountability at All Levels: Bank boards and senior management must take active roles in overseeing compliance programs and holding staff accountable for deficiencies, emphasizing a culture of compliance throughout the institution.
Does Your Compliance Program Measure Up?
The OCC’s action against Bank of America illustrates the growing regulatory scrutiny on financial institutions’ compliance practices and underscores the importance of proactive risk management and governance in sustaining compliance with regulatory requirements.
Our experts have extensive experience working with financial institutions and regulators. We have seen firsthand the costs and consequences of failing to maintain proper compliance programs. We help financial institutions conduct a gap analysis and create an appropriate remediation plan to correct deficiencies.
We offer our services in two models – a self-service model utilizing our compliance assets such as regulatory checklists, process guides, and exam readiness tools; and, a full-service model where our team of experts do the work for you.