Recent enforcement actions against banks indicate a new regulator emphasis on digital assets and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance. Last year, Anchorage Digital Bank (Anchorage)—formerly Anchorage Trust Company—became the first federally-chartered bank focused on cryptocurrency. Recently, the agency that approved its charter, the Office of the Comptroller of the Currency (OCC), issued a cease-and-desist order against Anchorage for BSA violations and shortcomings in its BSA/AML compliance program. Specifically, the OCC cited Anchorage for deficiencies in its customer due diligence (CDD) procedures for higher-risk customers and procedures for identifying and reporting suspicious activity. The cease-and-desist order also indicates insufficient and inexperienced staffing in the BSA officer function and inadequate training throughout the organization, including in operations.
In separate enforcement action, the OCC also issued a cease-and-desist order against USAA Federal Saving Bank – slapping it with a $60 million penalty. The OCC found deficiencies including “inadequate internal controls and risk management practices; suspicious activity identification, evaluation, and reporting; staffing; training; and third-party risk management.” The Financial Crimes Enforcement Network (FinCEN) also levied an $80 million fine for the same violations.
These enforcement actions and substantial penalties signal that BSA/AML regulations are under heightened scrutiny, especially as digital asset banks become more commonplace and new AML regulations loom on the horizon. Financial institutions should plan and prepare accordingly, particularly in the areas of customer due diligence, beneficial ownership, and suspicious activity identification and reporting.
Banks that wish to avoid becoming a potential target of an enforcement action need robust compliance programs that address these areas.