OCC Notes Importance of BSA/AML Items in New Digital Asset Business – Fin Tech


To print this article, all you need to do is be registered or log in to Mondaq.com.

Strong points

A recent Consent Order from the Office of the Comptroller of the Currency highlights the need for various controls, procedures, oversight, training and staffing to support providers of fintech, digital assets and financial services

Bank secrecy law/anti-money laundering programs must be supported by sufficient customer due diligence

These programs must also include sufficient procedures and controls to monitor and report suspicious activity.

In addition, these programs must staff and train a sufficient number of personnel and qualified people to support

The Office of the Comptroller of the Currency (OCC) recently issued a consent order relating to the adoption and implementation of certain elements of the compliance program covering the Bank Secrecy Act (BSA), as well as anti-money laundering (AML), countering the financing of terrorism (CFT) and due diligence requirements. The order underscores the important role that sufficient controls, procedures, oversight, training and staffing play in supporting the BSA, anti-money laundering and other suspicious activity programs.

The BSA and its various implementing regulations apply not only to entities licensed by the OCC, but also to many financial technology and financial service providers under the Financial Crimes Enforcement Network (FinCEN), Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board (FRB), Consumer Financial Protection Bureau (CFPB), State Money Issuer and Money Services Business (MSB), State Loan and Credit, Trust and Bank State, State Digital Assets and Custody, State Consumer Financial Services and other applicable regulatory regimes.

The order, issued April 21, 2022, reflects the OCC’s position regarding the importance of sufficient compliance programs in the U.S. financial system and highlights the bureau’s multi-principled approach to providing screening, oversight and effective reporting. In particular, the order emphasizes the central importance of establishing and maintaining the following key elements of the BSA/AML program:

  • Sufficient internal controls and procedures for customer due diligence (CDD), including customer screening, risk identification, ongoing customer and information monitoring and reviews based on customers and accounts and ongoing verification. A compliant BSA/AML program must be supported by a sufficient Customer Identification Program (CIP), which includes Know Your Customer (KYC), Know Your Business (KYB), CDD and Enhanced Due Diligence (EDD) to screen customers, individuals, beneficial owners, control persons and ultimate beneficiaries.
  • Sufficient internal controls for monitoring and assessing suspicious activity and for filing Suspicious Activity Reports (SARs), including procedures and protocols for gathering information and identifying suspicious activity; procedures and standards for assessing and reporting suspicious activity and suspected violations of federal law; and formal processes for documenting, escalating and reporting suspicious activity. These systems consist of maintaining robust procedures and protocols to identify activities that may indicate violations of the BSA, the financing of terrorism and illicit activities, and potential money laundering.
  • Sufficient training for compliance and banking staff and board members, including periodic training for compliance staff, targeted training for staff members based on their activities and responsibilities, and policies and sufficient procedures to audit and document the training system and the completion and competence of personnel. These programs should have educational components designed to inform staff of regulatory, guidance and other supervisory changes that apply to an entity’s operations.
  • Staff sufficient officers and personnel to support the BSA, AML, Screening, Due Diligence, Suspicious Activity Monitoring and Compliance Program, including a qualified BSA officer who has the authority and independence necessary to ensure compliance.

Although fintech products, services, licenses and charters differ widely, the requirements for the screening, due diligence, monitoring and support elements encapsulated in the BSA and its enabling regulations are considered by many regulators and regulatory regimes as fundamentals of the US financial system. market participation. Whether an institution or fintech provider offers traditional financial services or new digital asset services, these requirements must be reflected in the adoption and maintenance of a robust BSA/AML program.

In the context of digital assets, as identified by the OCC, BSA/AML requirements apply to digital asset transactions and even transactions that are conducted between a financial institution and non-hosted wallet counterparties. The screening of certain digital asset services, in order to comply with these requirements, may necessarily include certain on-chain Know Your Transaction (KYT) screening processes.

The OCC Consent Order emphasizes the importance of sufficient BSA/AML program elements for all providers of fintech, digital assets and financial services, and in particular, that the existence of a BSA/AML policy alone is not enough. Rather, such a policy must be supported by a robust system of procedures, protocols, controls, personnel, and training to ensure the functionality and compliance of the BSA/AML program as a whole. The adoption and implementation of these systems is fundamental to securing charter and licensing and supporting ongoing operations in the United States.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Cyber ​​insurance policies may not cover phishing attack funds embezzlement

Bilzin Sumberg Baena Price & Axelrod LLP

The Eleventh Circuit Court of Appeals is hearing an appeal from the United States District Court for the Intermediate District of Florida, in which the district court ruled that a cyber insurance policy did not cover misappropriation of funds for a building closure.


About Author

Comments are closed.