In March 2014, Thomas J. Curry, Comptroller of the Currency, spoke before the Association of Certified Anti-Money Laundering Specialists about the Bank Secrecy Act (BSA) and Anti-Money Laundering law (AML) compliance. While he generally spoke positively about the efforts of banking institutions to meet the requirements of the BSA, he was also quick to point out that most of the headlines surrounding banks and the BSA are negative.
In other words, the media will seek out banks that are not in compliance. As a result, the industry as a whole must do more.
Curry noted that BSA infractions can, “almost always be traced back to decisions and actions of the institution’s board and senior management.” The underlying deficiencies that lead to these poor decisions fall into four areas:
1. Culture of compliance in an organization
Curry emphasized that senior management is responsible for establishing and maintaining an “effective compliance culture.” The board and upper management has to set the tone for the organization by what they say, but also have to show by their actions that they want compliance. For example, a bank’s system of compensation and incentives should be aligned with good compliance practices.
2. Resources committed to BSA compliance
Furthermore, banks have to support compliance with resources, including the authority of the BSA compliance officer to take action. Effective compliance incentives should be in place throughout the organization, across all business lines. An important benefit of a strong compliance program is that it helps to manage the risks of customers, enabling the bank to retain more customers in higher risk businesses.
3. Strength of the organization’s information technology and monitoring process
Technology is evolving rapidly in all areas of life, and it is changing banking systems with new payment technologies, how customers access and use accounts, and by helping to integrate third party businesses into the traditional banking system. This emerging technology creates both benefits and risks. The people who want to use banks for money laundering, for example, are very good at exploiting technology to assist them. The challenge for banks is to use the technology aggressively to combat the criminals and to communicate better information to law enforcement and regulators.
4. Quality of risk management
The Office of the Comptroller of the Currency (OCC) supports a risk-based approach to enforcement, so that banks would have to exercise greater due diligence for higher risk businesses—they have to vary the approach depending on the nature of the business in question. Curry acknowledged that banks are traditionally good at risk management. However, the larger and more complex institutions that dominate finance now do not always have clear lines of accountability and responsibility for BSA programs. The OCC will hold senior managers responsible for BSA risk management just as it would any other activity.
Curry’s basic message to banks was that the entire system is changing very rapidly. Both the banks and OCC have to bring all the resources possible to bear on BSA/AML compliance in order to keep up.