OCC Notes Importance of BSA/AML Elements in Novel Digital Asset Activities

The Office of the Comptroller of the Currency (OCC) recently issued a consent order relating to the adoption and implementation of certain compliance program elements covering the Bank Secrecy Act (BSA), as well as anti-money laundering (AML), combating the financing of terrorism (CFT), and due diligence requirements. The order highlights the important role sufficient controls, procedures, monitoring, training and staffing play in supporting BSA, AML, and other suspicious activity related programs. 

The BSA and its various implementing regulations apply, not only to those entities chartered by the OCC, but to many financial technology and financial service providers pursuant to the Financial Crimes Enforcement Network (FinCEN), Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board (FRB), Consumer Financial Protection Bureau (CFPB), state money transmitter and money service business (MSB), state lending and credit, state trust and banking, state digital asset and custody, state consumer financial services and other applicable regulatory regimes. 

The order, issued April 21, 2022, reflects the OCC’s position regarding the significance of sufficient compliance programs in the U.S. financial system and highlights the office’s multi-tenet approach to ensuring effective screening, monitoring, and reporting. In particular, the order emphasizes the central importance of establishing and maintaining the following key BSA/AML program elements: 

• Sufficient internal controls and procedures for customer due diligence (CDD), including customer screening, risk identification, ongoing customer and information monitoring and customer- and account-based reviews and ongoing screening. A compliant BSA/AML program must be supported by a sufficient customer identification program (CIP), which is comprised of know your customer (KYC), know your business (KYB), CDD, and enhanced due diligence (EDD) procedures and controls for screening customers, individuals, beneficial owners, control persons, and ultimate beneficiaries.

• Sufficient internal controls for monitoring and evaluating suspicious activity and for the filing of Suspicious Activity Reports (SAR), including procedures and protocols for collecting information and identifying suspicious activity; procedures and standards for evaluating and reporting suspicious activity and suspected violations of federal law; and formal processes for documenting, escalating and reporting any suspicious activity. These systems consist of maintaining robust procedures and protocols for identifying activities which may indicate violations of the BSA, terrorist financing and illicit activities, and potential money laundering.

• Sufficient training for compliance and banking personnel and board members, including periodic training for compliance personnel, targeted training for staff members based on their activities and responsibilities, and sufficient policies and procedures for auditing and documenting the training system and staff completion and competency. These programs must have educational components designed to update staff regarding regulatory, guidance, and other supervisory changes which apply to an entity’s operations. 

• Staffing sufficient officers and personnel to support the BSA, AML, screening, due diligence, suspicious activity monitoring and compliance program, including a qualified BSA officer who has the authority and independence necessary to ensure compliance. 

While fintech products, services, licenses, and charters differ widely, requirements applicable to the screening, due diligence, monitoring, and support elements encapsulated in the BSA and its enabling regulations, are considered by many regulators and regulatory regimes as foundational components of U.S. financial market participation. Whether an institution or fintech provider is offering traditional finance services or novel digital asset services, these requirements must be reflected in the adoption and maintenance of a robust BSA/AML program. 

In the context of digital assets, as identified by the OCC, BSA/AML requirements apply to digital asset transactions and even those transactions which are effectuated between a financial institution and un-hosted wallet counterparties. The screening of certain digital asset services, in order to comply with these requirements, may necessarily include certain on-chain Know Your Transaction (KYT) screening processes. 

The OCC consent order highlights the importance of sufficient BSA/AML program elements for all fintech, digital asset, and financial service providers, and in particular, that the existence of a BSA/AML policy alone is not sufficient. Such a policy must instead be supported by a robust system of procedures, protocols, controls, personnel and training ensuring the functionality and compliance of the BSA/AML program as a whole. The adoption and implementation of these systems is foundational to securing charter and licensure and supporting ongoing operations in the U.S. 

To obtain more information, please contact the Barnes & Thornburg attorney with whom you work or Michael Cavallaro at 612-367-8767 or mcavallaro@btlaw.com or Katie Mills at 310-284-3820 or katie.mills@btlaw.com. 

© 2022 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is proprietary and the property of Barnes & Thornburg LLP. It may not be reproduced, in any form, without the express written consent of Barnes & Thornburg LLP.

This Barnes & Thornburg LLP publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.