The Office of the Comptroller of the Currency (OCC) issued yesterday, April 21, 2022, two cease-and-desist orders against USAA Federal Saving Bank and Anchorage Digital Bank for violations of the Bank Secrecy Act (BSA) and deficiencies in their anti-money laundering (AML) programs. In the case of USAA Federal Saving Bank, the OCC also issued a $60 million penalty. While this civil money penalty order was announced today, the fine was imposed on March 17 when the Financial Crimes Enforcement Network (FinCEN) also announced an $80 million fine against the same institution for the same violations.
The order against Anchorage Digital Bank is based on the bank’s failure to adopt and implement a compliance program that adequately covers the required Bank Secrecy Act/anti-money laundering (BSA/AML) program elements. Interestingly, Anchorage Digital Bank, the first federally chartered cryptocurrency-focused bank, was granted conditional approval by the OCC in January 2021 to be converted from a traditional Anchorage Trust Company. As an enforceable condition of that approval, the company entered into an agreement which sets forth, among other things, BSA/AML requirements, which the company has failed to comply with, according to the regulator. Nonetheless, the order issued yesterday didn’t include any warning that this approval could be revoked; the order was limited to requiring the bank to implement a robust AML program.
“The OCC holds all nationally chartered banks to the same high standards, whether they engage in traditional or novel activities,” said Acting Comptroller of the Currency Michael J. Hsu. “When institutions fall short, we will take action and hold them accountable to ensure compliance with federal laws and regulations.”
Leaving the civil penalty aside, the cease-and-desist orders against the two banks are very similar in terms of timing and scope of the new requirements for an AML program.
In this regard, the regulator required Anchorage Digital to establish a new AML action plan in the next 30 days detailing the remedial actions necessary to achieve and sustain compliance with the BSA. This includes appointing a qualified BSA officer vested with sufficient independence and resources who will train the bank employees to ensure compliance with the BSA/AML requirements.
The regulator also compelled Anchorage to implement appropriate risk-based policies and procedures for collecting Customer Due Diligence (CDD) information when opening new accounts and renewing or modifying existing accounts. As in previous cases, the regulator leaves discretion to the bank to design these policies and procedures, but this time it provided sufficient guidance on what information should be collected and analyzed, particularly for high-risk profile customers.
Another interesting area where the regulator focuses its consent order is on Suspicious Activity Reports (SARs). The regulator is demanding Anchorage ensure that the company adheres to an acceptable, written suspicious activity monitoring and reporting program to ensure the appropriate review of suspicious activities. This is interesting for two reasons. First, the timing of this order: the OCC adopted new rules on SARs reporting that will enter into effect on May 1. The new rules aim to provide some reporting exemptions for firms that want to innovate in the way they report suspicious activities. Given the date of this order and the applicability of the new rules, Anchorage could have the opportunity to take advantage of these new rules, if it sees it fits.
Read More: OCC’s Rule on SARs May Boost Innovation on AML Reporting
Second, unlike the decision against USAA Federal Saving Bank, the OCC ordered Anchorage to “look-back” at suspicious activity. The purpose of this SAR Look-Back is to determine whether additional SARs should be filed for any previously unreported suspicious activity.
While the OCC decided not to issue a civil penalty, it nonetheless reserves its right to do so in the future if Anchorage doesn’t make sufficient progress to comply with this order.