An official website of the United States government
OCC Bulletin 2016-6 | February 29, 2016
Share This Page:
Chief Executive Officers, BSA Officers, and Compliance Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
This bulletin supplements the “Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements”1 by providing guidance on the process the Office of the Comptroller of the Currency (OCC) has implemented to provide national banks, federal savings associations, and federal branches and agencies (collectively, banks) with an opportunity to respond to potential noncompliance with Bank Secrecy Act (BSA) compliance program requirements or repeat or uncorrected BSA compliance problems.2 This bulletin rescinds OCC Bulletin 2005-45, “Process for Taking Administrative Enforcement Actions Against Banks Based on BSA Violations,” dated December 23, 2005.
This bulletin applies to all OCC-supervised institutions.
The OCC uses a variety of methods to communicate problems or weaknesses in a bank’s systems and controls, including BSA deficiencies, and to obtain corrective action. As explained in this bulletin, however, when these deficiencies rise to the level of noncompliance with BSA compliance program requirements or result in repeat or uncorrected BSA compliance problems, a statutory mandate requires the OCC to issue a cease-and-desist order.3
In view of the consequences of noncompliance with BSA compliance program requirements or repeat or uncorrected BSA compliance problems, and to ensure that the process for taking administrative enforcement actions based on such violations is measured, fair, fully informed, and timely, the OCC’s process generally includes notice and an opportunity for the bank to respond in advance of a decision to issue a mandatory cease-and-desist order.4
When the OCC identifies potential noncompliance with BSA compliance program requirements or repeat or uncorrected BSA compliance problems, the facts are reviewed internally by the examiner-in-charge and other representatives from the bank supervision and legal departments. Thereafter, the OCC provides bank management with written notice about the potential noncompliance or the repeat or uncorrected problems, and an opportunity to respond. The bank, in its response to the OCC, may provide information relating to the potential noncompliance or the repeat or uncorrected problems. If the bank fails to respond within 15 days of the date of the OCC’s written notice, any subsequent response may not be considered by the OCC.5
The OCC supervisory office and legal representatives review and consider any information submitted by the bank, along with the examination findings and any other relevant information. Based on this information, the supervisory office, along with the legal department, presents a recommendation to the appropriate OCC Supervision Review Committee (SRC). The SRC then determines whether to pursue an enforcement action or, if the determination is delegated to the Senior Deputy Comptroller (SDC), a recommendation to the SDC. The OCC then proceeds in a manner consistent with the SRC’s or SDC’s determination.
After approval of the action, the final supervisory letter or report of examination and the proposed cease-and-desist order are provided to the bank, and the bank determines whether it will consent to the issuance of the order. If the bank consents to issuance of the order, the OCC works with the bank to finalize the order. Otherwise, the OCC pursues the order through a notice of charges and the administrative hearing process.
In addition to a cease-and-desist order, the OCC may also pursue civil money penalties (CMP) when warranted.6 If the OCC is actively considering a CMP, the OCC issues a 15-day letter to the bank or appropriate institution-affiliated parties.
The OCC notifies the Financial Crimes Enforcement Network (FinCEN) of all formal and informal enforcement actions under the terms of the memorandum of understanding between the federal bank regulators and FinCEN. The OCC also notifies FinCEN of potential CMP actions at the time it issues 15-day letters. In cases involving potential criminal violations of the BSA or anti-money laundering laws, the OCC ensures that suspicious activity reports are filed and coordinates with the appropriate law enforcement agencies.
Please contact your OCC supervisory office or the Compliance Risk Department at (202) 649-5470.
Grovetta N. Gardineer Deputy Comptroller for Compliance Risk
Daniel P. Stipano Deputy Chief Counsel
1 Transmitted in OCC Bulletin 2007-36, “BSA Enforcement Policy” (August 30, 2007).
2 This bulletin provides only internal OCC guidance and is not intended to, does not, and may not be relied on to create rights, substantive or procedural, enforceable at law or in any administrative proceeding. While this guidance sets forth the general process to be followed in enforcement cases based on noncompliance with BSA compliance program requirements or repeat or uncorrected BSA compliance problems, the OCC may deviate from the process in certain cases, for example, when a developing situation in a bank requires immediate action, other unusual or exigent circumstances are present, or intervening developments require a different course of action.
3 In accordance with 12 USC 1818(s), the OCC issues a cease-and-desist order against a bank for noncompliance with BSA compliance program requirements in the following circumstances: (1) failure to establish and maintain a reasonably designed BSA compliance program or (2) failure to correct a previously reported problem with the BSA compliance program. See 12 USC 1818(s) and OCC Bulletin 2007-36.
4 The OCC may determine that there is a violation of one or more of the pillars set forth in 12 CFR 21.21 (e.g., internal controls, independent testing, responsible officer, or training) that does not rise to the level of a BSA compliance program violation. In these situations, the OCC is not required to issue a cease-and-desist order for corrective action pursuant to the statutory mandate, and may instead take either formal or informal enforcement action to secure corrective action. If the OCC proposes to cite a violation of one or more of the BSA compliance program pillars and not a BSA compliance program violation, the process for notice and opportunity to respond provided in this guidance does not apply.
5 The OCC must balance its desire to ensure that banks have an opportunity to respond in advance of a mandatory cease-and-desist order with the need to ensure timely delivery of examination findings and enforcement of the BSA.
6 See OCC Bulletin 2016-05 (February 29, 2016).