Five days later, on August 18, 2020, FinCEN, as administrator of the Bank Secrecy Act (BSA), issued a statement setting forth its approach to enforcing the rules and regulations within the BSA.  These documents address how Regulators and FinCEN will evaluate enforcement actions when a Financial Institution  fails to meet BSA/AML requirements.  They set forth how an Agency has the authority to use its discretion when issuing enforcement actions or  other supervisory actions to address BSA/AML   deficiencies. 

BSA is a compliance priority for Regulators and the US Department of Justice.

FinCEN has stated that the information required by the BSA is a “national security issue”.

The Joint Statement of Enforcement specifies that each Agency, when appropriate, shall issue a cease and desist order based on a violation of  BSA/AML requirements to establish and maintain a reasonably designed BSA/AML compliance program where a financial institution:

• fails to have a written BSA/AML compliance program, including a customer identification program, that adequately covers required program components or pillars (internal controls, independent testing, designated BSA/AML personnel, and training).
• fails to implement a BSA/AML compliance program that adequately covers the required program components or pillars (institution-issued policy statements alone are not sufficient; the program as implemented must be consistent with the institution’s written policies, procedures, and processes).
• has defects in its BSA/AML compliance program in one or more program components or pillars that indicate that either the written BSA/AML compliance program or its implementation is not effective, for example, where the deficiencies are coupled with other aggravating factors, such as (i) highly suspicious activity creating a potential for significant money laundering, terrorist financing, or other illicit financial transactions, (ii) patterns of structuring to evade reporting requirements, (iii) significant insider  complicity, or (iv) systemic failures to file currency transaction reports (“CTRs”), suspicious activity reports (“SARs”), or other required BSA reports.

A Cease and Desist Order also applies if the institution expands its business relationships through its foreign affiliates and businesses:

• without identifying its money laundering and other illicit financial transaction risks
• without an appropriate system of internal controls to verify customers’ identities, conduct customer due diligence, or monitor for suspicious activity related to its products and services
• without providing sufficient authority, resources, or staffing to its designated BSA officer to properly oversee its BSA/AML compliance program
• with deficiencies in independent testing that caused it to fail to identify problems
• with inadequate training exemplified by relevant personnel not understanding their BSA/AML responsibilities

An Agency may use its discretion to issue formal or informal enforcement actions or use other supervisory actions to address BSA/AML related violations or unsafe or unsound banking practices or other deficiencies

The Interagency Statement explains that an Agency may:

• pursue enforcement actions based on individual component or pillar violations or BSA-related unsafe or unsound practices that may impact individual components or pillars.
• take formal or informal enforcement actions to address violations of BSA/AML requirements other than the BSA compliance program or the individual component or pillar requirements such as customer due diligence, beneficial ownership, foreign correspondent banking, and suspicious activity reporting and currency transaction reporting requirements.

FinCEN’s Enforcement Approach

FinCEN discusses how it has authority to take the following actions when it identifies an actual or possible violation of the BSA or any BSA regulation or order:

1. No Action. FinCEN may close a matter with no additional action.
2. Warning Letter. FinCEN may issue a warning through a supervisory letter or similar communication.
3. Equitable Remedies. FinCEN may seek an injunction or equitable relief to enforce compliance when FinCEN believes an entity or individual has violated, is violating, or will violate the BSA or any BSA regulation or order.
4. Settlements. As part of a settlement, FinCEN may require both remedial undertakings and civil money penalties.
5. Civil Money Penalties. FinCEN may assess a civil money penalty.
6. Criminal Referral. FinCEN may refer a matter to appropriate law enforcement agencies for criminal investigation and/or criminal prosecution.

Establishing and maintaining a reasonably designed BSA/AML compliance program is key

Financial Institutions must have the right Corporate Governance structure in place and the right Expert in place to assist them in the on-going journey of full compliance. 

They may face civil money penalties as well as the possibility of a criminal referral to a law enforcement agency.  Regulators are focused on BSA/AML related enforcement actions that could result in large fines, deferred prosecution agreements, criminal consequences, and reputational damage.  As a result, FinCEN encourages Financial Institutions to report violations voluntarily and promptly, and to completely cooperate with any investigation.