2024 Pub. 4 Issue 6

Over the past year, we have seen at least 27 Bank Secrecy Act (BSA) enforcement actions from an array of financial institution supervisory agencies. Banks of all sizes, including community banks, continue to be hit with cease and desist (C&D) orders, formal agreements, consent orders and even civil money penalties (CMP). Five of these actions involved monetary penalties of some sort totaling nearly $4 billion — all but about $109 million coming from one case with four federal agency actions against one bank, and one $100,000 CMP imposed against an individual for BSA noncompliance. These enforcement actions remind us that even community banks and thrifts must have thorough and well-managed BSA compliance programs. The enforcement actions do not spell out specifics of what the agencies found at each institution, but they do give us important insights into what the regulators will expect during your next BSA compliance exam. Community banks should evaluate their BSA compliance programs in light of the corrective actions that these institutions are required to take. Another important issue that financial institution management should remember is that the USA PATRIOT Act made BSA compliance as important as Community Reinvestment Act (CRA) compliance in getting an application approved. The act adds BSA as a factor for consideration in merger transactions. The agency must take into consideration “the effectiveness of any insured depository institution involved in the proposed merger transaction in combating money laundering activities.” This means that banks and thrifts must have more than a written BSA program. They must be able to demonstrate that the program works. BSA Compliance Programs All insured banks and thrifts are required to develop, administer and maintain a program that assures and monitors compliance with the BSA and its implementing regulations, including recordkeeping and reporting requirements. Such a program can help protect a bank against possible criminal and civil penalties and asset forfeitures. At a minimum, a bank’s internal compliance program must be written, approved by the board of directors and noted as such in the board meeting minutes. The program must include at least the following elements: • A system of internal controls to assure ongoing compliance. • Independent testing of compliance. • Daily coordination and monitoring of compliance by a designated person. • Training for appropriate personnel. • Risk-based customer due diligence/beneficial ownership procedures. The Show-Me Banker Magazine | 17

RkJQdWJsaXNoZXIy MTg3NDExNQ==