Reported by Jeremy M. McLaughlin and John ReVeal

(Summary version featured below)

In 2024, the Financial Crimes Enforcement Network (FinCEN) and federal banking regulators issued over three dozen enforcement actions against banks and individuals for violations related to the Bank Secrecy Act (BSA), anti-money laundering (AML), and countering the financing of terrorism (CFT). Notably, one of these actions resulted in record-breaking civil and criminal monetary penalties. These enforcement actions highlighted significant compliance failures within financial institutions, underscoring the critical importance of robust BSA/AML programs.

A recurring theme in these enforcement actions was deficiencies in the foundational elements, or “pillars,” of an effective BSA/AML program. These five pillars include:

1. A system of internal controls to ensure ongoing compliance.

2. Independent testing for compliance.

3. Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance.

4. Training for appropriate personnel.

5. Risk-based procedures for conducting ongoing customer due diligence (CDD), which involve understanding the nature and purpose of customer relationships to develop a customer risk profile, and conducting ongoing monitoring to identify and report suspicious transactions, including maintaining and updating customer information and beneficial ownership details.

Many institutions were cited for weaknesses across these pillars, particularly in internal controls, independent testing, and CDD processes.

Weak internal controls were a common issue, encompassing inadequate policies, procedures, and processes to mitigate and manage money laundering and terrorist financing risks. Specific problems included unclear compliance responsibilities, outdated risk assessments, failure to update policies in response to regulatory changes, and ineffective suspicious activity monitoring systems. Such deficiencies often led to failures in filing Suspicious Activity Reports (SARs), a primary requirement under the BSA.

Independent testing, another critical pillar, was frequently found lacking. Effective independent testing should assess the adequacy of an institution’s BSA/AML compliance program, including its internal controls, risk assessment, and SAR filing processes. Failures in this area often resulted in undetected compliance issues and increased vulnerability to financial crimes.

The enforcement actions of 2024 serve as a stark reminder for financial institutions to evaluate and strengthen their BSA/AML compliance programs. Institutions should ensure that all five pillars are robust and functioning effectively, with particular attention to internal controls, independent testing, and customer due diligence processes. By addressing these areas, banks can better manage their risk profiles and comply with regulatory expectations, thereby avoiding significant penalties and reputational damage.

Read full report: https://www.klgates.com/Lessons-From-2024-Bank-Secrecy-Act-Anti-Money-Laundering-Enforcement-Actions-2-12-2025