Analysis: Enforcement of the Bank Secrecy Act Is on the Rise - Is Your Financial Institution Prepared?
By Robertson Park and Alexandra Marinzel | December 18, 2021 11:59 am

Robertson Park is a former Assistant Chief in the Fraud Section of the Justice Department’s Criminal Division, where he supervised the London Inter Bank Offered Rate (LIBOR) investigation of Barclays, among other complex financial cases. He is the founding member of the white collar defense, investigations and compliance counseling group at Murphy & McGonigle P.C. Alexandra Marinzel is an attorney at Murphy & McGonigle.

Recent events have galvanized government agencies and regulators charged with enforcing the Currency and Foreign Transactions Reporting Act of 1970, commonly known as the Bank Secrecy Act (“BSA”).  The BSA requires financial institutions to assist the government in detecting and preventing money laundering and also gives the government a number of accompanying enforcement powers. [1] Historically, enforcement of the BSA has been lax, but recent developments suggest that will no longer be the case.

Robertson Park

A number of anti-money laundering investigations have made headlines this year, reflecting a dramatic increase in enforcement activity.  Despite this increase, the agencies and regulators tasked with enforcing the BSA have been the subject of ongoing Congressional and consumer criticism for their failure to monitor and punish money laundering at U.S. and international financial institutions.  The response to that criticism will likely be a continued increase in enforcement activity.  As U.S. agencies and regulators invigorate their enforcement efforts, financial institutions must be prepared.

This article is designed as a tool to help ensure your financial institution is ready.  It explains the obligations and powers of the BSA, describes the current enforcement atmosphere, and provides tips for ensuring your institution’s compliance programs are in order.  With enforcement of the BSA a top priority for the government, now is the time to review compliance programs and be sure they are sufficient to meet the inevitable scrutiny of regulatory and enforcement officials.

What Does the BSA Require of Financial Institutions?

Three of the BSA’s major requirements for financial institutions include implementing an anti-money laundering program, reporting suspicious transactions, and conducting due diligence for private banking and correspondent bank accounts involving foreign persons.[2]

First, the implementation of an institution’s anti-money laundering program must include the development of internal policies, procedures, and controls, the designation of a compliance officer, an ongoing employee training program, and an independent audit function to test programs.[3]

Second, suspicious transactions must be reported when they are “relevant to a possible violation of law or regulation.”[4] In practice, this means that financial institutions must file a Suspicious Activity Report (“SAR”) for insider abuse involving any amount of money, criminal violations aggregating $5,000 or more where a suspect can be identified, criminal violations aggregating $25,000 or more regardless of a potential suspect, and transactions aggregating $5,000 or more that involve potential money laundering or violations of the BSA.[5]

Third, to meet the due diligence requirements for private banking and correspondent bank accounts involving foreign persons, the financial institution must implement due diligence policies “reasonably designed to detect and report instances of money laundering through those accounts.”[6]

What Powers Does the BSA Give to the Government?

The BSA gives the Treasury Department a number of tools with which to enforce its requirements.  Treasury has the power to examine a financial institution’s books, papers, records, and other data relevant to the recordkeeping or reporting requirements of the BSA.[7] Treasury also has the ability to summon financial institutions to appear and produce documents and things, and to give testimony.[8] Treasury may enforce these powers at any point in time.

The BSA also allows the Secretary of the Treasury to delegate these powers to an appropriate supervising agency.[9] The Financial Crimes Enforcement Network (“FinCEN”) is currently the branch of the Treasury Department with primary responsibility for administering and enforcing the BSA.[10] As such, FinCEN has the power to levy civil fines against BSA violators.[11] However FinCEN is not the only government agency with the power to fine BSA violators.  Bank regulators like the Office of the Comptroller of the Currency (“OCC”) and the Federal Deposit Insurance Corporation (“FDIC”) can also fine violating financial institutions.[12] The Justice Department can not only fine, but can also bring criminal charges.[13]

BSA investigations and enforcement actions may be coordinated among one or more of these agencies and regulators.  Joint enforcement by federal and state level agencies and regulators is common in sanctions regimes actions, a parallel area of law requiring similar vigilance.  The sanctions regimes include the International Emergency Economic Powers Act[14] and the Trading with the Enemy Act[15], which generally prohibit U.S. banks from doing business with certain prohibited countries and groups.  While not part of the BSA, the sanctions regimes create analogous requirements for financial institutions and tend to be enforced by the government in a like manner.  As with BSA enforcement, sanctions regimes enforcement is on the rise, indicating that financial institutions’ compliance with such laws has become a high priority for agencies and regulators.

Recent Increase in Government Enforcement

While the BSA and sanctions regimes have been around for decades, they have only recently become an area of focus for federal agencies and regulators.  In the past four years, a number of large, multi-national banks have paid substantial fines and forfeitures to federal and state agencies and regulators in response to allegations of BSA and sanctions regimes violations.

In 2009, Credit Suisse AG and Lloyds TSB Bank Plc paid $536 million and $350 million, respectively, to settle claims that the banks violated the sanctions regimes by transferring money for Iran and other prohibited countries.[16] In 2010, Barclays paid $298 million to settle similar accusations.[17] Also in 2010, Wachovia entered into a deferred prosecution agreement with the Justice Department, which included a $160 million fine, for willfully failing to maintain an anti-money laundering program.[18]

In April of this year, Citibank was issued a cease and desist order from the OCC due to its weak anti-money laundering controls.[19] The OCC found that Citibank failed to identify high risk customers and also failed to promptly report suspicious behavior to the OCC.[20] While Citibank managed to avoid a fine, Dutch Bank ING was not so lucky.  In June, ING agreed to a record setting forfeiture of $619 million with the Justice Department and the Manhattan District Attorney’s Office.[21] The joint investigation leading to the voluntary forfeiture found that ING allowed billions of dollars to be moved through the bank to sanctioned parties in Iran and Cuba.[22] Most recently, UK bank Standard Chartered agreed to pay a $340 million fine to New York State banking regulators in August and an additional $327 million fine to federal and local prosecutors in December in response to charges that the bank laundered money for sanctioned Iranian clients.[23] While no findings have been released yet, the OCC is rumored to be conducting anti-money laundering investigations into JPMorgan and Bank of America as well.[24]

In addition to this enforcement activity, the Senate Permanent Subcommittee on Investigations issued a scathing report in July, titled “U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History.”[25] The goal of the investigation and corresponding report was to “take[] a fresh look at the U.S. vulnerabilities to money laundering and terrorist financing associated with correspondent banking, focusing in particular on the operations of global banks with U.S. affiliates that enable foreign financial institutions to gain access to the U.S. financial system.”[26] The report found that HSBC had a longstanding history of substantial anti-money laundering deficiencies, allowing money laundering problems to “fester” within the bank.[27] The report shows particular concern over HSBC’s interaction with high risk foreign affiliates and its disregard for potential links to terrorists.[28] As of the time of this publication, HSBC is reported to be near a settlement with state and federal prosecutors, which will include of forfeiture of more than $1.2 billion and other fees for a total of $1.92 billion, as well as a deferred prosecution agreement with the Justice Department.[29]

New Agency and Regulator Leadership Set to Continue the Focus on Anti-Money Laundering Compliance

Recent developments suggest that the focus on anti-money laundering and related laws and regulations will continue to be a top priority for federal agencies and regulators.  There is new leadership at the OCC and FinCEN, and both leaders have promised heightened enforcement and oversight in these areas.  The new leaders’ interest in increased enforcement is likely, at least in part, in response to recent criticism of the perceived inadequacies in their agencies’ anti-money laundering program enforcement in the past.

The new director of the OCC, Thomas Curry, came from the FDIC, a historically more aggressive regulator than the OCC.[30] Commentators note that Curry has signaled a shift from the OCC’s previously bank-friendly attitude towards that of a regulator working in the interests of the public.[31] This change in attitude at the OCC comes on the heels of the Senate report on HSBC, which was highly critical of the OCC.  The report found that the OCC failed to stop HSBC from laundering money for drug cartels.[32] In a Senate Subcommittee hearing on the same subject, Curry stated that he “deeply regret[s] [that] we did not act sooner,” though Curry was not at the OCC during the time period in question.[33]

The new director of FinCEN, Jennifer Shasky Calvery, is the former head of the Justice Department’s Asset Forfeiture and Money Laundering Section.[34] Before Shasky Calvery left the Justice Department, she stated that the Department’s focus was to “aggressively enforc[e] the Bank Secrecy Act”.[35] She further explained her statement by saying, “I think you are going to see more complex BSA cases against banks, I think you are going to see enforcement across the broader spectrum of financial institutions.”[36] Shasky Calvery’s comments demonstrate that enforcement of the Bank Secrecy Act will be a focus at the Justice Department, and presumably also at FinCEN.  Like the OCC, FinCEN has also been criticized, by the Senate and others, for its insufficient focus on anti-money laundering programs and enforcement.[37]

Even the Justice Department has been subject to recent criticism, for its failure to bring any criminal charges against the banks and bank officials implicated in the recent anti-money laundering program and sanctions regimes violations.[38]

With the OCC, FinCEN, and the Justice Department all facing external pressure to ramp up enforcement, there is every reason to believe that recent increases in enforcement activity will only continue.  Keeping that in mind, now is the time to make sure that your organization’s anti-money laundering programs are adequate.  Below are some compliance considerations to help your organization be prepared.

Compliance Considerations and Inquiries

What are your specific and current policies and procedures in these areas?

  • Prudence dictates in the current and likely future enforcement environment that you review your institution’s relevant rules and procedures.  Outdated compliance procedures will neither address BSA compliance obligations nor place your company in the best posture to meet oversight or regulatory review expectations.

Have relevant policies and procedures been revised since their original drafting, and are they designed to address the current composition of your company?

  • If there have been recent acquisitions or mergers, particularly those which require operation in new countries and with new clients, extant compliance programs may be insufficient to address the institution’s current compliance needs.  Due diligence obligations are a regular tripwire for companies when they expand into new countries and markets, and therefore due diligence must be multi-faceted.  Due diligence cannot be simply about whether a merger or acquisition will grow the business.  Due diligence must think about what new potential challenges or problems does the new business and its markets bring to your company.

Have you thought proactively about your client base?  What potential client groups or markets pose the greatest risk?

  • The FCPA is not the only area where companies must think about their markets and clients.  If clients or account holders are in suspect markets or interact regularly with those who are in these troubled markets, your company needs to be thinking about what they can do to limit problems under the BSA.

Is your relevant compliance office adequately and intelligently staffed?

  • Numbers are not sufficient, though adequate staffing is a good start.  Personnel with responsibility for internal management of BSA compliance need to be experienced in the relevant areas.  They need to be trained.  Training Programs must be in place for relevant personnel, and the training must be focused, routine and monitored.  Though it was likely not the only reason, the recent decision of the Department of Justice to not prosecute Morgan Stanley in connection with FCPA misconduct by a senior official had much to do with the documented scope, penetration and value of anti-bribery training at the company.

Are the chain of command and lines of report in this area established and transparent?

  • There are few more damaging admissions by an institution under regulatory or enforcement review than a failure of relevant staff to know and understand what they are to do with concerns about misconduct.  There must be clear and published procedures for identification of and reporting misconduct.  Relevant management, business, compliance, and audit functions must each know there responsibilities and be integrated into the compliance model. 

[1] The Currency and Foreign Transactions Reporting Act of 1970, 31 U.S.C. § 5311-5314(e), 5316-5331, 5332(e), 12 U.S.C. § 1829(b), 1951-1959(e) (1970).

[2] Id. at § 5318.

[3] Id. at  § 5318(h).

[4] Id. at § 5318(g).

[5] Suspicious Activity Report, available at

[6] Id. at  § 5318(i).

[7] Id. at  § 5318(a).

[8] Id.

[9] Id.

[10] Treasury Order 180-01 (2003).

[11] 31 U.S.C. § 5321(a) (2004).

[12] Id. at § 5321(e).

[13] 31 U.S.C. § 5322 (2001).

[14] International Emergency Economic Powers, 50 U.S.C. § 1701-1705 (1977).

[15] Regulation of the Banking Business; Powers and Duties of National Banks, 12 U.S.C. 95a (1917).

[16] Isabella Steger, Tallying Up U.S. Regulators’ Money-Laundering Fines, Wall St. J. (Aug. 15, 2012).

[17] Id.

[18] Press Release, S.D. Fla., Wachovia Enters into Deferred Prosecution Agreement (Mar. 17, 2010).

[19] Evan Weinberger, Citibank Forced to Boost Money Laundering Protections, LAW360 (Apr. 5, 2012).

[20] Id.

[21] Brett Wolf, Record-Setting Bank Forfeiture at ING Ignites Debate Over Lack of Banker Prosecutions, Reuters Blog (June 20, 2012, 6:40 PM),

[22] Id.

[23] Jimmy Gurule, Are Some Banks Too Big to Prosecute?, CNN (Aug. 16, 2012, 8:02 AM),; Sindhu Sundar, HSBC Reportedly Near $1.9B Deal In Money Laundering Case, LAW360 (Dec. 10, 2012).

[24] Jessica Silver-Greenberg & Ben Protess, Money-Laundering Inquiry is Said to Aim at U.S. Banks, N.Y. Times (Sept. 14, 2012).

[25] Permanent Subcommittee on Investigations, U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History (July 17, 2022).

[26] Id.

[27] Id.

[28] Id.

[29] Sundar, supra note 23.

[30] Jesse Hamilton, Bank-Friendly U.S. Regulator Shifts to Revamp Reputation, Bloomberg Businessweek (Oct. 4, 2012),

[31] Id.

[32] Permanent Subcommittee on Investigations, supra note 23.

[33] Hamilton, supra note 28.

[34] Aruna Viswanatha and Brett Wolf, U.S. Justice Department Eyes Compliance Lapses in Next Era of Money-Laundering Cases, Reuters Blog (Sept. 4, 2012, 3:04 PM),

[35] Id.

[36] Id.

[37] Brett Wolf, Iran Leads Challenges for New U.S. Anti-Money Laundering Chief, Reuters (September 21, 2022),

[38] Gurule, supra note 27.


Comments are closed.