In a recent regulatory enforcement action, Wells Fargo Bank, N.A. faced significant scrutiny from the Office of the Comptroller of the Currency (OCC) due to deficiencies in Wells’ anti-money laundering (AML) internal controls and financial crimes risk management practices. This blog post highlights actions other banks must take to avoid similar enforcement actions and provides a detailed summary of each remediation requirement ordered by the OCC.
Why is this important to Banks and their Boards?
Regulatory Compliance: Failing to ensure full compliance with AML and financial crimes regulations has significant consequences, including enforcement actions, fines and legal repercussions.
Operational Risk: Implementing effective compliance is part of the foundation of sound operational risk management and helps mitigate the risks associated with financial crimes.
Reputation Management: Maintaining robust internal controls and risk management practices protects the bank's reputation and builds trust with customers and stakeholders.
Need help navigating this complex regulatory landscape? Our experts can help.
Why choose iKinetiq as your compliance partner?
Regulatory Expertise: Our experts have a proven track record of helping organizations meet regulatory standards.
Examination Preparedness: We have successfully prepared for and managed bank examinations, ensuring a smooth and efficient process.
Comprehensive Compliance: Our team develops and implements policies and procedures tailored to your organization's needs, ensuring compliance with all regulatory requirements.
Click here to ask our experts to help your organization avoid enforcement actions and fines.
iKinetiq’s TPOC* Risk Summary of the OCC's Remediation Requirements
Compliance Committee
- Maintain a Compliance Committee with at least three members, the majority being non-employees or officers.
- Report any membership changes to the Examiner-in-Charge within ten days.
- Approve the action plan required under the Agreement and oversee compliance with the Agreement.
- Meet at least quarterly and maintain meeting minutes.
- Submit quarterly progress reports detailing corrective actions, results, and outstanding actions.
BSA/AML and OFAC Sanctions Action Plan
- Submit an acceptable written BSA/AML/OFAC action plan within 120 days.
- Detail remedial actions necessary for compliance with BSA and OFAC Sanctions.
- Include corrective actions, timelines, and responsible persons.
- Review and amend the action plan as needed.
- Ensure adherence to the action plan and report progress quarterly.
Front-Line Financial Crimes Risk Management
- Enhance BSA/AML and OFAC Sanctions compliance risk management by front-line units.
- Delineate clear roles and responsibilities.
- Strengthen policies, procedures, and controls.
- Ensure sufficient front-line financial crimes operations staff.
- Provide ongoing BSA/AML and OFAC Sanctions training.
Independent Risk Management
- Enhance the independent second line Financial Crimes Risk Management (FCRM) function.
- Delineate clear roles and responsibilities within the FCRM function.
- Strengthen policies, procedures, and controls, including testing and reporting.
- Develop effective policies for risk rating, monitoring, and resolution.
- Ensure sufficient FCRM staff and provide ongoing training.
BSA/AML and OFAC Sanctions Independent Testing
- Develop enhancements to the audit program for BSA/AML and OFAC Sanctions.
- Ensure effective independent testing of compliance with BSA and OFAC Sanctions.
- Address whether the bank’s risk assessment captures its risk profile.
- Ensure policies and controls are designed for compliance.
- Include risk assessment processes and an appropriate audit plan.
- Ensure sufficient staff with the necessary knowledge and skills to support the BSA/AML/OFAC audit plan.
Customer Identification Program, Customer Due Diligence, and Customer Risk Identification
- Develop and adopt an enhanced written customer due diligence program (CDD Program).
- Include clear definitions for customer risk levels.
- Assign risk levels based on customer relationships and factors.
- Collect and verify customer identification information consistent with legal and regulatory standards.
- Ensure ongoing monitoring and periodic reviews of higher-risk customers.
Suspicious Activity Identification
- Incorporate remediation of gaps and deficiencies in suspicious activity identification.
- Develop an enhanced suspicious activity monitoring and reporting program.
- Include policies, procedures, and controls for identifying reportable activity.
- Ensure transaction monitoring systems apply appropriate rules and thresholds.
BSA/AML and OFAC Risk Assessment
- Conduct a comprehensive BSA/AML and OFAC risk assessment.
- Update the risk assessment periodically to reflect changes in the bank’s risk profile.
* Part of iKinetiq's proprietary Third-Party, Operational, and Compliance (TPOC) Risk Rating framework for Financial Services companies. Click here to learn more.