Bank regulators crack down on BSA/AML compliance in latest enforcement actions

US banking regulators are zeroing in on Bank Secrecy Act compliance in the latest string of severe enforcement actions.

Year to date as of May 10, US banking regulators have handed down 16 severe enforcement actions, according to S&P Global Market Intelligence data. Among those, 10 were related to institutions' compliance with the Bank Secrecy Act and anti-money laundering (BSA/AML).

Industry experts attributed the uptick to rising fraud in the industry and the increasing prevalence of bank-fintech partnerships.

"The regulators are trying to send a message to banks of all sizes and business models that compliance with BSA/AML rules is not optional. Banks must ensure that their BSA/AML programs keep pace with the bank's growth and any changes to its business activities or risk profile," said Alessio Evangelista, a partner at law firm Skadden Arps Slate Meagher & Flom LLP. "Regulators know that enforcement actions can drive banks to reexamine and enhance their BSA/AML programs, so I expect more enforcement actions in the months ahead."

S&P Global Market Intelligence defines severe enforcement actions as cease and desist orders, prompt corrective action directives, and formal agreements/consent orders handed to a bank or thrift by a federal regulator. This analysis does not include severe enforcement actions issued to holding companies or credit unions.

Regulatory websites may refer to certain cease and desist orders issued by federal regulators as consent agreements. However, cease and desist and consent orders are derived from the same section of law 12 U.S.C. 1818(b) and have the same structure, articulating both the areas of concern and the corrective actions. To maintain consistency with previous years, this analysis refers to these actions as cease and desist orders.

Innovation invites risk

Of the 10 BSA/AML related severe enforcement actions handed down so far this year, four involved fintech partner banks: Blue Ridge Bank NA, Lineage Bank, Piermont Bank and Sutton Bank. Those banks provide deposit accounts or issue cards to end customers that are typically acquired through fintech companies, which oftentimes makes AML and know-your-customer compliance more complex compared to direct banking relationships.

"In bank-fintech partnerships, the partner often takes on significant responsibility for activities that are subject to BSA and AML obligations," Jonah Crane, a partner at advisory firm Klaros Group, wrote in an email. "Clarifying roles and responsibilities and ensuring the partners adhere to bank standards is not a trivial task. Identifying an effective operating model for shared BSA/AML obligations is one of the critical tasks for all of us working in the partner bank space."

The four issued so far this year continues a trend from 2023 in which a large percentage of this small group of banks found themselves subject to enforcement actions, an analysis by Market Intelligence found.

"For smaller banks, partnering with fintechs can be attractive for business reasons, but the regulatory and enforcement risks are significant," said Mark Chorazak, co-head of Skadden's Financial Institutions Regulatory Group.

– Access an Excel file containing every bank or thrift operating under a severe enforcement action issued since 2010. – Access severe enforcement action issuance data under the "Industries" tab at the top of the S&P Capital IQ Pro website.

But not all banks that are the subject of BSA/AML enforcement actions are digital-forward.

BSA/AML was a focus in the latest severe enforcement action issued to First Citizens Bank of Butte, which has just $77.4 million in assets, making it the smallest US bank to receive one so far this year. The written agreement requires the Butte, Mont.-based bank to submit a plan to improve its BSA/AML compliance program.

With $92.43 billion in assets, Los Angeles-based City National Bank is the largest US bank to receive an enforcement action that touches on BSA/AML compliance this year.

The other four banks that have come under regulatory scrutiny for BSA/AML compliance so far this year are Lorain, Ohio-based First Federal Savings and Loan Association of Lorain; Skiatook, Okla.-based Exchange Bank; Prattville, Ala.-based River Bank & Trust; and Pikeville, Tenn.-based First Farmers and Commercial Bank.