Noncompliance with the Bank Secrecy Act (BSA) can subject banks and other financial institutions to substantial penalties. As a result, it is critical that financial institution executives not only understand the BSA itself but also understand how the Office of the Comptroller of the Currency (OCC) enforces this federal statute. The OCC is one of several federal agencies that enforce BSA compliance, placing particular emphasis on enforcing compliance within the banking and financial services sector.
Dr. Nick Oberheiden is an anti-money laundering lawyer at Oberheiden P.C., a national federal compliance and defense law firm. In this article, he summarizes some of the key insights for financial executives regarding the OCC enforcement action relevant to the provisions of the BSA.
Multiple Federal Agencies Enforce the BSA
Before we discuss the OCC’s BSA enforcement efforts and priorities, we must first make abundantly clear that the OCC is not the only federal authority with BSA enforcement authority. As mentioned in the introduction, several other federal agencies also have a hand in enforcing the BSA—both in the U.S. and abroad.
When it comes to BSA enforcement (and enforcement of other federal anti-money laundering statutes), it is common for multiple federal law enforcement agencies to work together to investigate and prosecute potential violations, including civil and criminal violations. Along with the OCC, some of the other federal authorities that have a hand in BSA enforcement include:
Like the OCC, FinCEN, the IRS, and OFAC are all offices and agencies within the U.S. Department of the Treasury. The FBI is the nation’s chief domestic investigative agency, while the DOJ is the nation’s chief law enforcement agency.
At the FBI, OCC investigations are typically handled by the Money Laundering, Forfeiture, and Bank Fraud Unit (MLFBU). At the DOJ, these cases are most often handled by the Money Laundering and Asset Recovery Section (MLARS), which is itself composed of seven different units:
- Bank Integrity Unit
- International Unit
- Money Laundering and Forfeiture Unit
- Policy Unit
- Program Management and Training Unit
- Program Operations Unit
- Special Financial Investigations Unit
However, these law enforcement agencies generally only get involved when there is a money laundering case to pursue. From the perspective of a bank or a financial institution, it is far more likely to have to deal with the regulators who work to ensure that BSA violations do not result in taxpayer losses, national security risks, or the financing of terrorism in the U.S. or abroad. This is where the OCC investigation focuses most of its BSA-related enforcement efforts.
OCC Examinations and Enforcement Under the BSA
To enforce the BSA, the OCC adopts and enforces regulations focused specifically on the banking and financial services sector, and it conducts investigations and enforcement targeting institutions that have failed (or may have failed) to fully meet their compliance obligations under the BSA.
The OCC’s fiduciary duty is to ensure that financial institutions, including national banks, federal savings associations, federal branches or agencies of foreign banks, and institution-affiliated parties comply with the BSA so that they do not process or facilitate money laundering transactions. In the OCC’s own words:
“The OCC prescribes regulations, conducts supervisory activities and, when necessary, takes enforcement actions to ensure that national banks have the necessary controls in place and provide the requisite notices to law enforcement to deter and detect money laundering, terrorist financing and other criminal acts and the misuse of our nation's financial institutions.”
One of the main ways that the OCC enforces the Bank Secrecy Act is by conducting regular examinations of covered financial institutions to assess their compliance with the law’s requirements.
Since the goal is compliance, the OCC is very up-front about what it wants from banks, credit unions, and other financial institutions. It has published numerous guidelines, bulletins, and walkthroughs that are all intended to help financial institutions reach a state of compliance so they will pass their examinations. The OCC has also published a detailed description of its examination procedures, as well as a manual that lays out what is required and expected of financial institutions across the country.
But, while these resources are intended to be helpful, they also mean that there is very little room for failure. By providing financial institutions with the information they need to develop, implement, and enforce effective BSA compliance programs, the OCC is not only seeking to encourage compliance, but it is also establishing clear grounds for enforcement in cases of noncompliance. Particularly for large financial institutions that have plenty of resources to devote to a comprehensive BSA compliance program, any compliance shortcomings are likely to be viewed as evidence of an insufficient commitment to doing what is required.
Similar to other types of federal audits and inspections, an OCC examination under the BSA scrutinizes a financial institution’s compliance. This includes, but is by no means limited to, scrutinizing the institution’s anti-money laundering (AML) policies to determine if they fully comply with all applicable requirements under the Bank Secrecy Act. Financial institutions that fail OCC examinations can be penalized immediately or face sanction-backed demands that they come into compliance before a certain date.
While most institutions will be subjected to a “core examination” by OCC examiners, some will face a more arduous “expanded examination.” These are generally reserved for banks and other financial institutions that are not based in the U.S. or that handle certain financial transactions that are more complex or prone to money laundering. But, while expanded examinations may be more complex than core examinations, both present similar risks for financial institutions that are not BSA-compliant—and this means that both require a similar commitment to executing an effective defense strategy.
Prioritizing BSA Compliance Can Substantially Mitigate the Risk of Facing OCC Enforcement
For financial institutions that have duly prioritized BSA compliance, facing either type of OCC examination should not present significant risks. In this scenario, financial institutions should be able to use the documentation they have on hand to affirmatively demonstrate compliance, and they should be able to rely on their BSA compliance counsel to deal effectively with the OCC’s examiners on their behalf.
But, there are many aspects to BSA compliance.
For example, it is important to remember that the BSA requires financial institutions to conduct risk assessments focused on ascertaining which business practices are most likely to involve money laundering, and then take appropriate steps to avoid processing or facilitating money laundering transactions. But what steps are “appropriate”? And when is a business practice sufficiently “risky” to require special attention?
Reasonable minds could disagree on the answers to these types of questions; and, while the OCC provides general guidance, it does not explicitly tell financial institutions what to do (and what not to do) in specific circumstances. When financial institutions reach conclusions that are at odds with those reached by the OCC, this can present substantial risks even if the financial institution’s conclusions are driven by a good-faith commitment to compliance.
Dr. Nick Oberheiden is an OCC enforcement defense lawyer and the founder of Oberheiden P.C. He has helped numerous financial institutions navigate the complex field of BSA compliance and defend against BSA enforcement actions from the OCC. As Dr. Oberheiden explains:
“Financial institutions need experienced legal counsel at every stage of the BSA compliance process – from creating and implementing compliance protocols to responding to OCC examinations. This is an extremely high-risk area of federal compliance, and institutions that fail to devote the time and resources necessary can find themselves facing substantial penalties from the OCC (and potentially from other federal authorities as well).”
With this in mind, what can (and should) financial institutions be doing to mitigate their risk of facing BSA-related penalties from the OCC enforcement actions? In broad strokes, effectively managing BSA compliance involves:
1. Identifying and Addressing All Pertinent Areas of BSA Compliance
Financial institutions must work with their defense counsel to identify and address all pertinent areas of BSA compliance. This includes—but is not limited to—implementing effective AML policies and procedures.
2. Preparing for the Possibility of an OCC Examination
Along with prioritizing BSA compliance, financial institutions should also proactively prepare for the possibility of facing administrative enforcement actions. By establishing response protocols in advance, institutions can ensure they will be ready to respond immediately and effectively when necessary.
3. Generating and Storing Documentation of BSA Compliance On an Ongoing Basis
Thorough compliance documentation is the key to surviving any type of federal law enforcement inquiry in the banking and financial services sectors. By generating and storing documentation of BSA compliance on an ongoing basis, institutions will put themselves in a favorable position to efficiently resolve any inquiries from the OCC or other authorities.
Of course, these are just examples. Effectively managing BSA compliance can be extraordinarily complex for large financial institutions and require substantial investments in personnel and technology. But, as the OCC clarifies, the costs involved are not an excuse for financial crimes.
