The OCC announced it has sent a cease and desist letter to Citibank regarding “identified deficiencies in the Bank’s overall program for Bank Secrecy Act/anti-money laundering (“BSA/AML”) compliance”
As we all know, banks make mistakes. It just seems that typically it is the consumers that wind up paying for them.
The OCC found that the bank’s BSA compliance program had deficiencies with respect to internal controls, customer due diligence, the independent BSA and anti-money laundering audit function, monitoring of its remote deposit capture and international cash letter instrument processing in connection with foreign correspondent banking, and suspicious activity reporting related to that monitoring. These findings resulted in violations by the bank of statutory and regulatory requirements to maintain an adequate BSA compliance program, file suspicious activity reports, and conduct appropriate due diligence on foreign correspondent accounts.
In this case the OCC examiners found:
The Bank has deficiencies in its BSA/AML compliance program. These deficiencies have resulted in a BSA/AML compliance program violation under 12 U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R. § 21.21 (BSA Compliance Program). In addition, the Bank has violated 12 C.F.R. § 21.11 (Suspicious Activity Report Filings); and 31 U.S.C. § 5318(i) and its implementing regulation, 31 C.F.R. § 1010.610 (Correspondent Banking).
The Bank has failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing. The Bank did not develop adequate due diligence on foreign correspondent bank customers and failed to file Suspicious Activity Reports (“SARs”) related to its remote deposit capture/international cash letter instrument activity in a timely manner.
The Bank has internal control weaknesses including the incomplete identification of high risk customers in multiple areas of the bank, inability to assess and monitor client relationships on a bank-wide basis, inadequate scope of periodic reviews of customers, weaknesses in the scope and documentation of the validation and optimization process applied to the automated transaction monitoring system, and inadequate customer due diligence.
The Bank failed to adequately conduct customer due diligence and enhanced due diligence on its foreign correspondent customers, its retail banking customers, and its international personal banking customers and did not properly obtain and analyze information to ascertain the risk and expected activity of particular customers. – Source