Alert March 12, 2013

Comptroller of the Currency Curry Testifies on OCC’s Supervision and Enforcement of BSA/AML Compliance and Discusses Future BSA/AML Corporate Governance Compliance Guidance to be Provided by the OCC

Comptroller of the Currency Thomas J. Curry presented a written statement and testified on March 7, 2013 before the U.S. Senate Committee on Banking, Housing & Urban Affairs concerning supervision of national banks’ and thrifts’ (collectively, “Banks”) Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance, BSA/AML compliance failures at large Banks, and the OCC’s enforcement of BSA/AML violations by Banks and by directors, officers and employees of Banks.

Comptroller Curry covered a broad range of topics and provided substantial background information in his testimony, but one area of particular interest was his discussion of recent BSA/AML compliance corporate governance breakdowns at some of the largest Banks (e.g., HSBC, Citibank and J.P. Morgan) that have led to large monetary penalties.

Comptroller Curry testified that he believes that, in general, BSA/AML compliance problems stem from four “root causes”: (1) lack of a strong culture of compliance within a Bank; (2) failure to commit sufficient and expert resources to BSA/AML compliance; (3) weaknesses in information technology and monitoring processes; and (4) lack of sound risk management.  In the aftermath of the 2007-2009 financial crisis, the OCC, said Comptroller Curry, has seen “too many banks inappropriately cut staffing and spending for BSA and anti-money laundering compliance as austerity measures…”

Comptroller Curry said that the OCC is currently in the process of preparing “detailed guidance to banks” concerning sound corporate governance processes for BSA/AML compliance that will incorporate many of the corporate governance compliance requirements imposed on certain large Banks in recent OCC BSA/AML enforcement actions, “including business line accountability for BSA/AML compliance and the independence of the compliance function.”

In his testimony, Comptroller Curry provided (as examples of concepts and provisions that the OCC may use in its future guidance) a list of nine corporate governance compliance requirements included in certain recent OCC BSA/AML enforcement actions:

  1. “A designated BSA Officer with sufficient knowledge, funding, authority, independence, compensation, and supporting staff to perform his or her assigned responsibilities and maintain effective compliance with the BSA and its implementing regulations;
  2. An effective governance structure to allow the BSA Officer and the compliance function to administer the program independently by reporting directly to the board of directors, or a committee thereof, with clear lines of responsibility beginning with senior management and including each line of business that is required to comply with the BSA;
  3. Clearly defined channels for informing the board of directors, or a committee thereof, and senior management, of compliance initiatives, compliance risks, new product development, identified compliance deficiencies, and corrective actions undertaken;
  4. Compliance staff with the appropriate level of authority and independence to implement the BSA/AML compliance program and, as needed, question account relationships, new products and services and business plans;
  5. Policies and procedures that clearly outline the BSA/AML responsibilities of senior management and relevant business line employees, and that hold senior management and line of business management accountable for effectively implementing bank policies and procedures, and fulfilling BSA/AML obligations;
  6. A well-defined succession plan for ensuring the program’s continuity despite changes in management, staffing, or structure, and policies and procedures to ensure that problems with excessive turnover of compliance staff or the BSA Officer function are identified, investigated and appropriately addressed by the board;
  7. Policies and procedures to ensure that the bank’s risk profile is periodically updated to reflect higher risk banking operations (products, services, customers, entities, and geographic locations) and new products and services;
  8. An enterprise-wide management information system that provides reports and feedback that enables management to more effectively identify, monitor, and manage the organization’s BSA risk on a timely basis; and
  9. A strong BSA/AML audit function that ensures that identified deficiencies are promptly addressed and corrected.”           

With respect to potential strengthening of the OCC’s enforcement tools used against directors, officers and employees of Banks, Commissioner Curry said that the OCC is “exploring the possibility of regulatory changes that could enhance our ability to take removal and prohibition actions against bank officers, directors and employees that engage in violations of the BSA.” 

The Alert will provide a detailed discussion of the OCC’s BSA/AML corporate governance compliance guidance once it is issued and will continue to follow related developments.