OCC Cracks Down on Bank of America for BSA Deficiencies, Demands Major Fixes

The Office of the Comptroller of the Currency (OCC) has issued a cease-and-desist order against Bank of America, marking a significant step in the ongoing battle to ensure financial institutions are doing their part to combat money laundering and uphold sanctions regulations. The move comes after the bank was found to be lacking in several areas of its compliance with the Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements.

The OCC’s order stems from a number of failures within Bank of America’s BSA and sanctions compliance programs. The most glaring issues were the bank’s failure to file suspicious activity reports (SARs) in a timely manner, and its inability to fix a previously flagged issue related to Customer Due Diligence (CDD) processes. These shortcomings are especially concerning when you consider the critical role SARs play in detecting financial crimes and the importance of due diligence in preventing illicit activities like money laundering and terrorist financing.

But that’s not all. The OCC also flagged deeper problems with the bank’s internal controls, governance, independent testing, and employee training. In short, the OCC found that Bank of America was not fully living up to its regulatory obligations, and the bank's approach to AML efforts was not up to snuff.

The Consequences and What Bank of America Must Do Now

The cease-and-desist order is more than just a slap on the wrist—it’s a call for Bank of America to make some major changes to get its house in order. The order directs the bank to hire an independent consultant to thoroughly review its BSA/AML and sanctions compliance programs and figure out exactly where improvements are needed. That consultant will also conduct “lookback reviews,” meaning they’ll go over past transactions to ensure that any suspicious activity that slipped through the cracks is caught and properly reported.

In addition to that, the bank will need to overhaul its internal controls, governance structures, independent testing processes, and employee training programs. It’s clear the OCC wants more than just a few quick fixes; it wants Bank of America to take a long, hard look at its operations and make sure it’s fully equipped to detect and prevent financial crimes moving forward.

What Does This Mean for Bank of America?

For Bank of America, this is a major setback. The financial institution is already under the spotlight, and the OCC’s action isn’t something the bank can just brush off. Not only will it need to devote significant time and resources to fixing its compliance failures, but this order also carries reputational risks. It’s a reminder that even the largest banks aren’t immune to regulatory scrutiny.

But the ripple effects go beyond just Bank of America. The message from the OCC is clear: if a financial institution like Bank of America can be taken to task for these failures, no one is safe. Regulators are closely watching, and institutions that don’t prioritize compliance may find themselves in hot water.

This enforcement action serves as a loud and clear wake-up call to other financial institutions. The message? Compliance isn’t optional—it’s a necessity. The OCC isn’t messing around when it comes to enforcing BSA and AML regulations, and financial institutions can’t afford to ignore their responsibilities.

The problem isn’t just about ticking boxes on a compliance checklist, it’s about maintaining the integrity of the financial system. And as the Bank of America case shows, when banks fail to live up to that responsibility, there are serious consequences.

For compliance professionals, the key takeaway here is the importance of staying vigilant. Ensure your programs are robust, your training is up-to-date, and your reporting mechanisms are functioning as they should. This isn’t just about avoiding fines; it’s about protecting the financial system from the risks posed by illicit activities.

The message from the OCC isn’t just directed at Bank of America—it’s directed at every financial institution that touches the financial system - be diligent, be accountable, and most importantly, be ready to make changes when the regulators come knocking. Because, as Bank of America has learned the hard way, failing to comply with BSA and AML rules can lead to far more than just a regulatory order—it can damage an institution’s reputation and its ability to operate in the global financial market.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.