OCC updates AML enforcement guidance, also revises monetary penalty matrix

The regulator of the US’s largest and most complex banks has updated guidance in two critical areas of financial crime regulation and enforcement, including when it must issue a formal action for anti-money laundering failings and how it weights deficiencies that could lead to broader monetary penalties.

The US Treasury’s Office of the Comptroller of the Currency (OCC) in the last week issued a bulletin detailing its duties to issue cease-and-desist orders for repeated violations of anti-money laundering (AML) rules, noting that it is bound by statute to issue formal enforcement actions for longstanding and uncorrected deficiencies. To read the AML bulletin please click here.

The regulator also retooled the parameters it employs to calibrate financial penalties for missteps in an updated civil money penalty (CMP) matrix, noting that it heavily weighs factors such as when banks intentionally flout regulations, attempt to hide those actions or fail to correct the same issues over multiple exam cycles. To read the announcement and view the penalty matrix, please click here.

The AML bulletin notes that the OCC is obligated to issue cease-and-desist orders for significant program problems that have persisted for several years without improvement, but that the bank and its top executives and compliance staff should not be surprised because examiners provide the institution with notice and an opportunity to respond before the orders are issued.

The bulletin, which updates a prior 2005 bulletin on AML orders, also gives the OCC’s perspective that its exam and penalty process is fair and takes into account both examiner findings and bank responses before final orders are made public.

In order to “ensure that the process for taking administrative enforcement actions based on such violations is measured, fair, fully informed, and timely, the OCC’s process generally includes notice and an opportunity for the bank to respond in advance of a decision to issue a mandatory cease-and-desist order,” according to the bulletin, noting that period can be as short as 15 days.

In addition, the OCC stated that formal AML orders are not given out flippantly or depend on only one examiner at the local level.

Getting to a formal order is a multi-step processes, starting with facts being viewed by the examiner-in-charge and other individuals from the bank supervision and legal departments. The OCC then provides written notice about the potential noncompliance issues or repeat or uncorrected problems, giving the bank a chance to respond.

Next, the “OCC supervisory office and legal representatives review and consider any information submitted by the bank, along with the examination findings and any other relevant information.” The group then sends a recommendation to a certain OCC supervision review committee or the Senior Deputy Comptroller, which will also make a recommendation or determination.

Enter the (penalty) matrix

The OCC states it has three penalty tiers, based on things such as a breach of a law or regulation, breach of fiduciary duty or breach of a written agreement that results in a substantial loss to the institution or substantial gain to the parties involved in the violations.

In addition, the regulator is required to consider four “statutory factors,” such as the size of the institution, gravity of the violation, history of prior infractions or other “matters as justice may require.”

The OCC also has 13 “relevant factors” that the agencies should consider in assessing CMPs, consistent with the four statutory factors, such as if the institution intended to violate the law, if it continued to do so after being warned several times, whether the institution tried to hide the violations or lie to regulators and if the institution has a stout compliance program.

Intent, for example, is weighted the highest, at seven, while concealment is weighted at a six, and continuation after notification is given a factor weight of five. As a point of reference, the value of having good compliance controls is stated at a weighting of four.

The resultant graphs and matrix calculations mean that smaller banks with smaller asset sizes will face smaller penalties for the same egregious behavior than their larger counterparts, but still could be facing substantial penalties for non-compliance.

For instance, any size bank with a matrix score of less than 40 would not face a monetary penalty. But getting a matrix score considered the worst, 161 or more, would mean a penalty of more than $100,000, but less than one percent of the assets of a bank with up to $50 million in assets or potentially more than $150 million in fines for a bank with more than $100 billion in assets.

A civil money penalty “may serve as a deterrent to future violations of law, regulation, orders, conditions imposed in writing, and written agreements, as well as certain unsafe or unsound practices and breaches of fiduciary duty,” according to the OCC.