Rachel Dettmer
Regulatory failings and misconduct weigh heavily on global bank profitability and equity positions, affecting bank stock returns and market valuations, too.
This leads to closer scrutiny by regulatory supervisors trying to understand what triggered enforcement investigations, a hot seat no financial institution wants to be in.
Chuck Taylor, Head of the Financial Crimes Advisory team at AML RightSource, assembled a top-notch panel of experts for our latest webinar focused on using recent enforcement actions to fine-tune compliance programs.
Based on this conversation, here are ten best practices for navigating and applying enforcement actions:
1. Act Immediately
If an examiner identifies a potential violation or deficiency, it's crucial to address and correct these issues immediately. Attempting to resolve issues prior to the exit meeting can help avoid a formal citation.
Likewise, maintain open communication with your examiners during their visit; don't wait until the exit meeting to discuss potential problems.
If you face an enforcement path, understand the process, whether formal or informal. If it's formal, you have certain rights that you should be aware of, and you’ll want to consult with experts to respond effectively to information requests from agencies.
2. You Can Appeal
All federal banking agencies have appeal processes, enabling you to contest examination findings if there are factual inaccuracies or unsupported violations.
3. Take Advantage of the Opportunity to Respond
In the event of severe Anti-Money Laundering violations, where there's a failure in your program or a recurring issue, the federal banking agencies are mandated by 12 United States Code 1818(s) to issue a cease-and-desist order.
Before issuing this order, the agencies must provide the bank with an opportunity to respond. It's crucial to utilize this chance to respond, as your response will be included in the final recommendation memorandum viewed and approved by the agency's senior managers.
4. Demonstrate Actionable and Defendable Progress
Correcting AML deficiencies can take more than one examination cycle.
If you are making substantial acceptable progress towards rectifying a previously cited deficiency, examiners are not obligated to impose an order against your institution.
Likewise, when a violation of the law is considered system or technology-related, due to the complexity and extended time frames involved in implementing a new system, regulators are not required to include it in the report.
Instead, they can address it in a separate formal or informal agreement for discussion, but this will largely depend on the trust-based relationship you’ve established with your regulator.
Download our 'Mastering Implementation' Guide here.
5. Take Note of Regulation by Enforcement: It's Not Always Going to be Black and White
Ideally, the laws governing AML programs would adapt swiftly and dynamically, but that is not the reality in the real world.
Cryptocurrency and Artificial Intelligence are two good examples, where risks to the financial system and its stability have outpaced the legislative process.
Part of an examiner's role involves interpretation, which is inherent in a risk-based environment. As such, not every enforcement action can be traced directly back to legislation. Instead, examiners will provide commentary on practices they believe inadequately mitigate risk, prompting the bank to act appropriately.
While it can feel like regulatory bodies are breaking new ground, regulation by enforcement is unavoidable to mitigate risk, so be mindful and prepared for it.
6. Go Beyond your Banking Model when Reviewing Enforcement Actions
Enforcement actions present a valuable opportunity to reassess your program’s efficacy. When reviewing these, expand your focus beyond just your immediate banking model and treat each enforcement action as if it applies directly to you.
Look for similarities and insights that are transferable to your business model, associated risks, controls; anything that can help to assess, refine, and strengthen your program.
Likewise, enforcement actions will help you to identify regulatory themes and emerging risks and can help to predict where your regulators might focus their supervisory expectations next.
7. Have a Process for Reviewing Enforcement Actions
Start by examining the statement of facts; this will provide context and pertinent information. Pay attention to the cited violations—are they recurrent problems or simply unsafe and unsound banking practices? Often, a single term can give you insight into some of the issues that examiners encountered.
Then, establish a matrix for reviewing consent orders related to your program. Have your team individually review the orders and document what stood out to them. Align these with your pillars and draw a conclusion, clearly distinguishing between the 'nice-to-haves' and 'must-haves.’
“Provide thematic information to senior line of business leaders, product development leads, as well as board and senior management” – Michael Hall, SVP, Director of AML and Sanctions and BSA Officer at Fifth Third Bank.
“What is the message that a BSA officer needs to ensure people understand correctly?” – Megan Hodge, Executive Compliance Director, BSA/AML Officer at Ally
8. Talk to your Regulators Directly and With Confidence
If a business model or product has been the subject of discussion and an enforcement action has emerged on that theme that's relevant to your institution, proactively bring it up with your regulator.
Whether it's to validate the measures you're implementing or disclose the measures you will be reviewing, it demonstrates how your program identifies and responds to risk.
This proactive approach ensures alignment between everyone involved and allows you to build credibility and trust with your examiner by showing them you're attentive and responsive.
9. Use Enforcement Actions to Demonstrate ROI
When updating leadership, enforcement actions, especially those relating to staffing, backlogs, or skills, can be used to underscore that the funds allocated to your AML program are indeed a strategic investment, allowing your team to remain in compliance with regulations and expectations while also supporting a proactive position that pre-empts future issues.
10. Make Sure You Have a Strong Culture of Compliance
Ensure a robust compliance culture within your organization. The 'M' rating, which represents management strength, is a significant bank rating component.
The presence of this culture within your organization and the strength of management can significantly influence the type of enforcement action your institution may be subjected to.
Want to hear directly from our expert panel? Access the webinar here.
Or, if you want to learn more about how our advisory and managed services solutions can help you navigate enforcement actions, simply fill out our contact form, and let's start the conversation.
Connect with our Speakers
