OCC Cracks Down: October Enforcement Actions Highlight BSA/AML Failures & Insider Threats

The Office of the Comptroller of the Currency (OCC) has unveiled its latest round of enforcement actions for October 2024, cracking down on banks and individuals for a variety of compliance failures. This month’s actions cover a wide spectrum of issues, from severe violations in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) programs to internal fraud by individual employees.

The most significant penalty on the list goes to TD Bank, which received a hefty $450 million civil money penalty, coupled with a cease-and-desist order, for BSA/AML compliance deficiencies. This penalty continues to send shockwaves through the financial sector. It highlights that when major institutions fail to safeguard against money laundering and related threats, the consequences can be severe—and costly.

TD Bank’s fine is part of a broader trend of enforcement actions against financial institutions that fail to meet regulatory expectations in managing financial crime risk. BSA/AML compliance remains a cornerstone of financial resilience, and institutions that falter are not only risking significant penalties but also damaging their reputations. In TD Bank's case, the OCC’s ruling complements earlier penalties imposed by other regulatory bodies, including theFederal Reserve Board (FRB), Department of Justice (DOJ), Financial Crimes Enforcement Network (FinCEN), and serves as a stark reminder that multi-jurisdictional scrutiny is the norm for global institutions - totaling Over $3 Billion in Regulatory & Civil Penalties.

Several smaller banks were also placed under formal agreements for a range of unsafe or unsound practices, including strategic and liquidity risk management:

• Axiom Bank in Maitland, Florida, entered into a formal agreement for failures in its BSA/AML compliance program. The OCC flagged issues related to the bank’s internal controls and the oversight of its BSA officer.
• First National Bank of Dennison in Ohio, First National Bank of Lake Jackson in Texas, and The First National Bank of Waverly in Ohio all faced agreements relating to deficient strategic planning and liquidity risk management. These agreements reinforce that even regional players must remain vigilant in their compliance efforts.

The recurring themes of inadequate risk management, strategic planning, and BSA/AML deficiencies stand out as central vulnerabilities that banks continue to struggle with. For these institutions, the path forward lies in reinforcing governance structures, prioritizing risk assessments, and ensuring that compliance programs are more than just check-the-box exercises.

Rogue Employees in the Spotlight

In addition to institutional penalties, several former bank employees were issued Orders of Prohibition for their involvement in fraudulent activities that led to financial losses for their respective employers. These cases involve employees at major banks like Citibank, JPMorgan Chase, and U.S. Bank.

• Tanya Jazmin Cortez, a former concierge at Citibank, was prohibited from banking for selling confidential customer information, resulting in $348,000 in check fraud.
• Lexus Inez Lewis, a former Fraud Operations Specialist at Citibank, consented to an order for her role in causing $389,000 in fraudulent transactions on customer credit card accounts.
• Alexis LeaAnne Day, a former Client Relationship Consultant at U.S. Bank, was prohibited from banking after misappropriating approximately $10,000 from a bank ATM.
• Leronne D. Kornegay, a former Associate Banker at JPMorgan Chase, was prohibited from banking for participating in a scheme to steal bank funds and falsely reporting counterfeit bills, leading to a loss of at least $201,000 to the bank.

This slate of enforcement actions highlights a common theme—risk management failures that threaten the integrity of financial institutions. From BSA/AML compliance breakdowns to internal fraud, the lessons for the broader industry are clear: proactive risk management and strong internal controls are essential to maintaining resilience in an increasingly complex regulatory landscape.

For organizations of all sizes, these enforcement actions should serve as a call to reassess current risk management practices. Are BSA/AML programs robust enough to withstand scrutiny? Are internal controls sufficient to deter insider threats? As the regulatory environment continues to tighten, institutions that proactively address these questions will be better positioned to weather future challenges.

Financial institutions should take these enforcement actions as an opportunity to not only correct current deficiencies but to invest in forward-thinking strategies that enhance overall resilience.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.