Last week, the U.S. Office of the Comptroller of the Currency (OCC) issued a first-of-its-kind Consent Order to Anchorage Digital Bank. The order offers compliance officers unique insights about compliance expectations vis-à-vis digital assets and remediation activities.
Anchorage was the first crypto firm to receive conditional approval for a national trust charter from the OCC in January 2021. That kicked off a year of notable milestones for the bank, including being the digital asset bank of choice when Visa sought to buy its first NFT, and enabling Visa to become the first major payments network to conduct a settlement transaction using a stablecoin.
Now, Anchorage has become the first federally chartered digital asset bank to face an OCC enforcement action for Bank Secrecy Act (BSA)/anti-money laundering (AML) violations. Upon receiving its charter, Anchorage entered into an operating agreement with the OCC requiring that it implement a BSA/AML compliance program. But in its Consent Order, the OCC said Anchorage has not yet complied fully with that requirement, though the OCC acknowledged the bank’s progress on corrective actions.
As this represents the first BSA/AML enforcement action involving a digital asset bank, compliance officers have an opportunity to glean insights from the Consent Order about the OCC’s view on compliance programs in the crypto context. While the digital asset-specific references in the Consent Order’s requirements are limited, there are at least two items to note.
First, the OCC expects that Anchorage’s suspicious activity monitoring program will ensure the bank collects “sufficient information” on digital asset transactions to enable effective identification of suspicious activity. Second, the OCC expects that the bank’s independent testing function should be staffed by persons having speciality expertise in both BSA/AML compliance and digital assets.
Although the OCC did not elaborate on these expectations, they indicate compliance officers in the crypto space should ensure their controls and processes for BSA/AML compliance have sufficient input from those with digital asset expertise.
The Consent Order also provides compliance officers with a sense of regulators’ expectations regarding BSA/AML remediation activities, the typically short timelines and the resources that should be engaged.
Among other things, the Consent Order requires the bank to do the following:
As you can see from these timelines, remediation efforts can easily become all-consuming, require significant attention and resources, and need to be prioritized for senior stakeholders.
A key element to remediation efforts is establishing governance structures that provide oversight and accountability, like compliance committees and regular reporting mechanisms to provide internal and external updates.
Additionally, it can be challenging to not only develop and implement remedial measures in a short time-frame, but also manage monitoring and reporting mechanisms that demonstrate the effectiveness of your remedial and go-forward measures. Sometimes you may feel that all your time is spent reporting instead of engaging in actual remediation activities! It’s important to plan in advance how to collect necessary information for reporting, including identifying responsible team members and appropriate sources to check.
Finally, as evidenced by the recent USAA enforcement action, if a regulator requires you to implement corrective actions, you have to always keep in mind the threat of further penalties if your progress toward compliance is too slow.
And if you want to know more about automated financial crime assurance, you can contact our CEO, Natasha, at [email protected].