Skip to content
Compliance & Risk

Understanding Bank Secrecy Act enforcement: New guidelines leave some uncertainty

· 5 minute read

· 5 minute read

With the publication of new guidance from the federal banking agencies and regulators, financial institutions may have gotten a little clarity into the Bank Secrecy Act

This article was written by Michael Garcia, a partner in the Miami office of White & Case LLP, and Jeremy Kuester, of counsel in White & Case’s Washington, D.C. office.

With the publication of new guidance from the federal banking agencies and the Financial Crimes Enforcement Network (FinCEN), the veil on the approaches that enforcement agencies use continues to be lifted for financial institutions subject to the Bank Secrecy Act (BSA). The highlights of the statement includes further guidance on the issuance of cease and desist orders and more.

On August 13, federal banking agencies — namely the Federal Reserve, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency — issued a Joint Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements. The joint statement sets forth the agencies’ policy on the circumstances in which an agency will issue a mandatory cease and desist order to address non-compliance with the BSA or anti-money laundering (AML) requirements.

Five days later on August 18, FinCEN, a bureau of the U.S. Department of the Treasury responsible for administering the BSA, also released a statement on enforcement of the Bank Secrecy Act. The FinCEN statement relies on different enforcement authorities than that of the banking agencies and applies to all persons subject to the BSA, not just banks.

Cease & desist orders

The joint statement only addresses when federal banking agencies must issue a mandatory cease and desist order under their respective AML program authorities, in the event a bank fails to establish and maintain a proper AML program or fails to correct any previously identified AML program deficiencies. However, further guidance of BSA/AML enforcement for safety and soundness reasons would be useful since this authority is much more flexible than the agencies’ AML program authorities, and banks often struggle with knowing which set of authorities will apply.

The federal banking agencies’ joint statement notes that effectiveness is a key factor driving a mandatory cease and desist order. The joint statement does not expound explicitly on the meaning of effectiveness, but in referencing certain aggravating factors, the agencies imply that a bank is expected to prevent money laundering or terrorism financing from occurring by, at, or through their institution.

The reference to money-laundering prevention is interesting because neither the agencies’ nor FinCEN’s AML program rules for banks require that the programs reasonably prevent money laundering. Rather, AML programs at banks must be reasonably designed to assure and monitor the institution’s compliance with the requirements of the BSA and its implementing regulations, which predominantly apply to recordkeeping and reporting obligations.

What constitutes an effective BSA/AML compliance program is subject to debate and has caused controversy within the AML community, which may not be as clear a guidepost as intended by the federal banking agencies.

Enforcement actions for other BSA/AML requirements

The joint statement also identifies other BSA/AML requirements, like the BSA’s recordkeeping and reporting obligations, that initially appear to be separate from the agencies’ AML program requirements. However, and somewhat confusingly, the joint statement explicitly states that the BSA’s recordkeeping and reporting obligations will be evaluated as part of the internal control component or pillar of the institution’s AML program.

With this change, banks should assume that non-technical deficiencies in a bank’s BSA recordkeeping or reporting programs may be subject to a mandatory cease and desist order, rather than informal enforcement measures authorized under separate authorities.

FinCEN’s statement

The FinCEN statement is that agency’s first formal attempt to outline in one place its enforcement authorities, dispositions, and the factors it evaluates in determining the appropriate response and enforcement of BSA violations.

FinCEN clearly patterned its statement on the Economic Sanctions Enforcement Guidelines of the Office of Foreign Assets Control (OFAC), FinCEN’s sister agency. OFAC’s enforcement guidelines are rigorously detailed, encompassing many pages of regulatory text that were subjected to the Administrative Procedures Act process, including public notice and comment.

In comparison, we are not aware of any informal public comment process in relation to the FinCEN statement, nor of the involvement of Bank Secrecy Act Advisory Group, as the proceedings of that group are confidential and exempted from the disclosure requirements of the Federal Advisory Committee Act.

FinCEN states that regulated parties will be afforded an opportunity to respond to and contest factual findings or legal conclusions underlying any FinCEN enforcement action. However, those findings may relate to factors that are potentially subjective or otherwise difficult to defend against or dispute, namely “the extent of possible harm to the public” and “the impact or harm of the violations on FinCEN’s mission to safeguard the financial system from illicit use, combat money laundering, and promote national security.”

FinCEN’s mission and the purpose of the BSA encompasses regulatory compliance from a financial integrity perspective and financial intelligence from law enforcement and national security perspectives. Measuring the harm to these missions is extremely difficult to quantify and would be even more difficult for a regulated party to dispute or answer.

Engaging in public dialogue

Compliance with the BSA has always involved an extended and iterative dialogue between supervisors and the financial institutions they oversee. The approaches to BSA enforcement should be an extension of that dialogue. While rulemakings, such as those implementing OFAC’s enforcement guidelines, may not necessarily be required, or even desirable, agencies charged with enforcing the BSA may benefit by opening the debate on enforcement to the public arena, such as through the formal notice and comment process.

BSA enforcement authorities often say that they are not trying to play “gotcha” with regulated entities, and their real goal in enforcement is improved compliance. Engaging in public dialogue on BSA/AML enforcement would be another step in that direction.

More insights