“Significant deficiencies” in risk management and compliance relating to anti-money laundering laws, including the Bank Secrecy Act (AML/BSA), are cited by the Federal Reserve in a cease-and-desist order issued Tuesday against the Industrial and Commercial Bank of China Ltd. of Beijing and its New York branch.
The order issued by the central bank also asserts the bank was out of compliance with Treasury rules and the Fed’s Regulation K to report suspicious activity and maintain an adequate BSA/AML compliance program.
The Fed noted that it and the bank have mutually agreed to consent to the C&D order.
Under the terms of the agreement, the bank and branch have 60 days to submit a written plan to enhance corporate governance and management oversight of compliance with BSA/AML and Office of Foreign Assets Control (OFAC) rules that is acceptable to the New York Federal Reserve Bank (FRB). This plan, the Fed said, will provide for a “sustainable governance framework” that includes (at a minimum):
- actions the bank’s board of directors will take to maintain effective control over, and oversight of, the branch management’s compliance with the BSA/AML requirements and the OFAC regulations;
- measures to improve the management information systems reporting of the branch’s compliance with the BSA/AML requirements and OFAC regulations to senior management of the bank and the branch;
- measures to ensure BSA/AML compliance issues are appropriately tracked, escalated, and reviewed by both the branch and the bank’s senior management, and reported directly to the bank’s board of directors;
- measures to ensure that the person or groups at the bank and the branch charged with the responsibility of overseeing the branch’s compliance with the BSA/AML requirements and the OFAC regulations possess appropriate subject matter expertise and are actively involved in carrying out such responsibilities;
- allocation of adequate staffing levels and resources to ensure the branch’s compliance with the agreement, the BSA/AML requirements, and the OFAC regulations.
The order also specifies the bank and branch must jointly submit a written, revised BSA/AML compliance program for the branch; a revised customer due diligence program (including, among other things, a revised methodology for determining risk ratings to account holders that considers factors such as type of customer, type of products and services, transaction volume, and geographic location); and a written suspicious activity monitoring and reporting program.
Also required are a review of past transactions for compliance, a written plan specifically to enhance compliance with OFAC regulations, a revised internal audit program, designation of an officer to coordinate and submit the written programs, and engagement of an independent third party to provide progress reports quarterly.