Community Bankers of Iowa Monthly Banker Update April 2014 | Page 21
Board and Senior Management Liability for BSA/AML Violations
Written By: Jeff Andersen, Attorney - Dickinson, Mackaman, Tyler & Hagen, P.C.
In a recent survey of
community banks, the
majority of surveyed banks
stated that the DoddFrank Act will be substantially more burdensome than Bank
Secrecy Act (“BSA”) compliance.1 Unfortunately, that result
is not indicative of lessening BSA compliance burdens – it’s
due to the unprecedented volume and complexity of DoddFrank regulations. BSA and Anti-Money Laundering (“AML”)
compliance burdens are not going away. In fact, recent
remarks by current Comptroller of the Currency Thomas Curry
indicate that scrutiny of BSA/AML compliance may be on the
rise.
In a March 17th, 2014 speech before the Association of
Certified Anti-Money Laundering Specialists, Comptroller of
the Currency Thomas Curry emphasized the role of a bank’s
Board and senior management in BSA/AML compliance: “The
fact is, when we look at the issues underlying BSA infractions,
they can almost always be traced back to decisions and
actions of the institution’s Board and senior management.”
Given the inseverable link between the Board and BSA/
AML compliance, Curry seeks to increase management
accountability, stating:
“[i]t’s one thing to impose significant civil money penalties
or to lower the bank’s management rating. But those are
actions that are absorbed by the shareholder and by the
institution broadly.... The question I would pose from a
risk management and corporate governance standpoint is
whether it’s time to require large complex banks to establish
clear lines of accountability that make it possible to hold
senior executives responsible for serious compliance
breakdowns that lead to BSA program violations.”
Curry limits his remarks about management accountability to
“large complex banks,” but most compliance pressures exerted
on large banks trickle down to community banks. Moreover,
the BSA/AML rules are not different for large banks, instead
it’s the application of the rules that will be different – the
foundation of BSA/AML compliance is a bank’s individual risk
assessment and the complexity of a large bank’s operations
will make their BSA/AML compliance program look much
different than that of a community bank. The variation of the
compliance program based on the risk assessment does not,
however, vary the potential liability for non-compliance.
When assessing the BSA/AML compliance program and
its attendant risks, bank directors and management should
keep in mind that the business judgment rule does not apply
to regulator actions. The business judgment rule generally
protects directors from shareholder liability when a breach
of the duty of care or loyalty is alleged. If the directors
were informed and acted honestly and in good faith, the
business judgment rule will provide directors with some level
of protection. Regulators, however, are not bound by the
business judgment rule. If directors have failed in their duty to
establish a strong BSA/AML compliance program, good faith
reliance on senior management will likely not be an effective
defense.
Although senior management and staff are integral to BSA/
AML compliance, the ultimate responsibility flows from the
Board. That is why the reports generated by a BSA audit or
independent test are generally made directly to the Board. This
does not mean that the Board has to be involved in the dayto-day functions of the BSA/AML compliance program. In his
speech, Curry identifies four pillars of management oversight:
1) the culture of compliance; 2) the resources committed to
BSA compliance; 3) the strength of the bank’s information
technology and monitoring process; and 4) the quality of
risk management. While the Board is expected to delegate
the functions of the BSA/AML compliance it is ultimately
responsible for the compliance culture and structure within
which the compliance program functions.
What can a Board do to avoid any potential BSA/AML liability?
It can instill a solid BSA/AML compliance management
structure that fits the bank’s risk assessment. This structure
should have clearly communicated reporting lines and
adequate checks and balances. This structure should be a
part of a larger compliance management system that ensures
open and honest
communication and
timely remediation
and follow-through on
any problems. This
structure cannot be
static – it needs to be
periodically reviewed
so it can evolve to
meet changes in the
risks faced by the bank. The Board needs to buy-in to that
structure so a culture of compliance can be cultivated. Without
Board buy-in and oversight, even a strong foundation can start
to show some cracks over time. For example, an integral part
of that buy-in and oversight is ensuring that appropriate BSA
training is given to all levels of the bank at least annually. The
Board, senior management, and staff should all receive BSA/
AML training tailored to their job function when they start and
at least annually thereafter.
The bad news is there is a risk of Board liability for BSA/AML
violations and scrutiny appears to be on the rise. The good
news is that the risk can and should be effectively mitigated
at most Iowa community banks without a substantial increase
in cost and time. A strong BSA/AML compliance program,
as part of a healthy compliance management system, can
substantially reduce the risk of liability.
Jeff Andersen is an attorney at Dickinson, Mackaman, Tyler &
Hagen, P.C. in Des Moines. He can be reached at 515-2464515 or [email protected].
“How are Small Banks Faring Under Dodd-Frank,” Mercatus Center, George
Mason University. February 2014.
1
CBI BANKER UPDATE | APRIL 2014
21