One of the most prominent names in global banking is off to a tumultuous start of the new year as it finds itself under the microscope of a significant regulatory investigation. Multinational financial services giant Bank of America recently found itself in the crosshairs of an anti-money laundering (AML) offensive led by the Office of the Comptroller of the Currency (OCC) to close out 2024, this after the regulator identified numerous deficiencies in the firm’s Bank Secrecy Act (BSA) and sanctions compliance programs. However, the early outcomes from this probe are sending mixed signals to American financial institutions who continue to battle against the imposition of new, costly compliance requirements, creating a greater debate throughout the sector as to the efficacy of current government-backed AML/CFT measures.
The forecast for Bank of America’s latest regulatory storm became cloudy back in October of 2024. Bank of America had responded to a Consumer Financial Protection Bureau (CFPB) inquiry related to the bank’s processing of electronic payments through Zelle, which was part of a routine quarterly filing disclosure with another regulatory body – the Securities and Exchange Commission (SEC). At the time the CFPB reached out to Bank of America to resolve this probe, the regulator disclosed that they were considering possible litigation should their findings not be resolved. Given the scope of BoA’s operations and the lack of details released following the CFPB’s investigation, many across the financial sector were left wondering how significant the findings were and what the subsequent outcome would be, this given that the only apparent certainty was the general focus of said inquiry being on the processing of electronic payments through the Zelle platform. Bank of America’s rebuttal to the findings centered on alleged plans they had to implement significant enhancements to their domestic AML/BSA and sanctions compliance programs. It was later revealed that the bank – along with counterparts JPMorgan Chase and Wells Fargo – had reportedly failed to protect their customers from ‘widespread fraud’ on the prominent payment network due to limited identify verification methods that allowed bad actors to exploit legitimate user accounts. As this story became international news when the CFPB ultimately moved to sue the operator of Zelle along with the three above-mentioned banks, a larger spotlight was ultimately placed on the compliance protocols of BoA that were then explored further by the OCC and other notable domestic regulators.
As further investigation into the bank’s processes unfolded over the last several months, we have been granted more specifics as to the banking giant’s true compliance improprieties. Reports have now confirmed that Bank of America did in fact have major deficiencies with respect to BSA/AML compliance, specifically related to failures to timely file suspicious activity reports (SARs) as well as through its customer due diligence (CDD) process.1 In addition, the firm was targeted over shortcomings in their follow-through on other aspects of compliance including implementing appropriate transaction monitoring processes. BoA was also found to have failed to properly execute several of the most fundamental compliance protocols such as governance, appropriate employee training, all while lacking comprehensive internal controls to reign in these activities. Late last month, the OCC moved to issue a cease-and-desist order against BoA over these deficiencies, as well as additional shortcomings related to the firm’s sanctions compliance programs. In response to this order, BoA is now tasked with taking corrective action on the governance, internal controls, training components and independent testing components of its Bank Secrecy Act (BSA) compliance program. In addition, the bank must hire an independent consultant to conduct what is essentially a comprehensive audit of their current programs to determine their effectiveness, as well as to analyze their suspicious activity reporting history to determine that appropriate actions are being taken against potential illicit financial activity.2
Perhaps the most notable aspect of the OCC’s action is that the cease-and-desist order did not come with any associated monetary penalty against the bank, leaving many in the financial community wondering how large corporate banks continue to get off so easy for their wrongdoing. This issue has become a significant point of discussion for smaller financial institutions lobbying against additional regulation being pushed upon them by the feral government, this as regulators continue to hold larger firms with far greater revenue and resources relatively unaccountable for their actions. This action has been further criticized given that the OCC recently issued a $450 million civil money penalty and additional growth restrictions against TD Bank over similar AML and BSA deficiencies to those found at BoA. In merely giving Bank of America a stern talking-to without tangible penalty, a rather confusing message has been sent to the greater banking community and is likely to be a point of contention for firms following future enforcement actions taken against them by the regulator.
Citations
- Dale, Jeff. “OCC Orders Bank of America to Shore up BSA/AML, Sanctions Compliance Programs.” Compliance Week, Compliance Week, 23 Dec. 2024.
- Saulsbery, Gabrielle. “Bank of America Hit with OCC Order over BSA.” Banking Dive, 2 Jan. 2025.
