Financial institution Burke & Herbert Bank & Trust is currently undergoing a serious overhaul to strengthen its compliance and internal control functions, under the terms of a recent consent order reached with the Federal Deposit Insurance Corporation.

According to the FDIC order, dated Aug. 21 and released publicly Sept. 26, the bank consented to changes relating to its compliance with the Bank Secrecy Act (BSA) “without admitting or denying any charges of unsafe or unsound banking practices or violations of law or regulation.” The order didn’t describe any wrongdoing, nor did it impose any financial penalties.

As required by the order, the bank established a new BSA officer position, which was filled by Amanda Pierson in July 2014. She joins the bank from WashingtonFirst, where she held a similar post since 2012.

Under the FDIC order, Burke & Herbert Bank & Trust have agreed to the following comprehensive initiatives:

Board supervision. The FDIC calls on the board to have greater compliance responsibilities by “assuming full responsibility for the approval of sound BSA policies and objectives, and for the supervision of all the bank’s BSA activities, consistent with the role and expertise commonly expected for directors of banks of comparable size.” Specifically, board supervision must include holding meetings at least once a month in order to review and approve programs and practices pertaining to the bank’s BSA compliance, the order stated.

BSA compliance program. The bank shall develop, adopt, and implement a written BSA compliance program that is designed to ensure and maintain full compliance with the BSA, anti-money laundering (AML) laws, and rules and regulations pertaining to the Office of Foreign Asset Control (OFAC).

BSA/AML risk assessment. At the direction of the board, management must conduct periodic risk assessments of the bank’s BSA operations no less than annually. “The Risk assessment shall address all pertinent risk factors that affect the overall BSA/AML risk profile of the bank,” the order stated.

Internal controls. The order further directs the bank to implement a revised system of internal controls, including policies, procedures, processes, and automated software monitoring systems for monitoring, detecting, and reporting suspicious activity being conducted in all areas of the bank. Potential areas of suspicious activity include, but are not limited to, cash transactions, international and domestic wire transfers, and ATM transactions.

Enhanced Customer Due Diligence. Additionally, the bank must enhance its customer due diligence (CDD) policies, procedures, and processes for new and existing customers. At a minimum, the CDD Program shall include:

A risk rating system to ensure that each customer’s risk level is accurately identified, taking into account the purpose of the account, the anticipated type and volume of account activity, types of products and services offered, and locations and markets served by the customer;

An appropriate level of ongoing monitoring based on the customer’s risk level to ensure that the bank can reasonably detect suspicious activity and accurately determine whether the customer requires enhanced due diligence;

A sufficient level of customer information at account opening and appropriate analysis of that information to assist and support the risk rating assigned;

Procedures for documenting and supporting the risk analysis conducted under the CDD process, including procedures for validating risk ratings assigned at account opening and resolving issues in the event insufficient or inaccurate information is obtained; and

Procedures to reasonably ensure the timely identification and accurate reporting of known or suspected criminal activity.

BSA training.  The bank must develop, adopt and implement effective training programs designed for directors, management, and staff, designed for their specific duties and responsibilities. Furthermore, training must be conducted no less than annually, and must be fully documented.

Independent testing for compliance with BSA/AML and OFAC. The scope of the testing to be performed shall be in writing and reviewed and approved by the board or its designee. Testing results and recommendations for improvement shall be in writing and shall be approved by the board within 60 days of completion.

BSA directors’ committee. The board shall establish a BSA directors’ committee, consisting of at least three members, to oversee the bank’s compliance with the BSA, the BSA compliance program, and the FDIC order. The majority of the committee’s members shall not be officers of the bank.

Under the order, the BSA officer must give the BSA directors’ committee monthly reports regarding the bank’s implementation of the BSA compliance program and compliance with the order. The committee must then present a report regarding the bank’s adherence to the BSA compliance program and order to the board at each regularly scheduled board meeting.