OCC issues Bank of America cease and desist for AML lapses

Bank of America

The Office of the Comptroller of the Currency issued a cease-and-desist order on Monday order against Bank of America for deficiencies in its sanctions programs and failure to comply with the Bank Secrecy Act.

Following the order, BofA will be required to review its anti-money laundering protocol, hire a third-party consultant to evaluate compliance with the BSA and sanctions, and review the company’s past actions to confirm that all suspicious activity was properly reported. The order contained no monetary fines for the bank.

“The OCC took this action based on violations and unsafe or unsound practices related to these programs, including failure to timely file suspicious activity reports and failure to correct a previously identified deficiency related to its Customer Due Diligence processes,” the agency said in a release . “The order also identifies deficiencies in the internal controls, governance, independent testing and training components of the bank’s BSA compliance program.”

The OCC’s order painted a picture of a bank with only partial oversight of its large customer base. The OCC identified significant compliance violations by Bank of America, including inadequate internal controls, poor governance and deficient independent testing, which the agency said led to systemic lapses in transaction monitoring and suspicious activity reporting.

The bank also neglected to address weaknesses in customer due diligence procedures and lacked proper oversight, training and screening for compliance with sanctions.

The bank knew this was coming. Bank of America revealed in October that it was in discussions with regulators about deficiencies in its anti-money laundering and sanctions compliance programs.

At the time, the bank recognized problems in transaction monitoring, governance, training and customer awareness research. BofA warned of potential enforcement action but suggested any significant financial impact would be limited and said it had already begun implementing program improvements. Analysts noted possible expense increases and the potential for growth restrictions, similar to sanctions Wells Fargo faces.

A spokesman for the bank said the action is more properly referred to as a “consent order” because of the bank’s alleged cooperation with the agency, noting that the bank is already complying.

“We have worked closely with the Office of the Controller of the Currency over the past year to make improvements to our anti-money laundering and sanctions programs,” the spokesman said. “The work we have done so far positions us well to implement the requirements of the consent decree.”

Recent enforcement against Bank of America mirrors previous regulatory actions against other OCC-regulated entities for anti-money laundering deficiencies, due to increased scrutiny across major banks this year, particularly regarding anti-money laundering compliance. Wells Fargo faced oversight restrictions in September for lapses in training and transaction monitoring. The OCC subsequently issued an enforcement order imposing a fine and requiring Wells Fargo to improve these systems and temporarily obtain OCC approval before entering high-risk markets or products.

TD Bank faced historical non-compliance with AML fines in October after the government accused it of facilitating drug-trafficking-related money laundering. Regulators imposed an asset cap on TD’s U.S. retail business, limiting its growth until compliance improves. The issuances contributed to the collapse of TD’s $13.4 billion merger with First Horizon Bank. The sanctions also prompted TD to reassess its US strategy and exit certain business segments to meet regulatory requirements.

Unlike TD, Bank of America’s agreement with the OCC contained no mention of asset caps or restrictions on growth.