The Office of the Comptroller of the Currency announced has assessed a $100 million civil money penalty against Capital One and Capital One Bank for deficiencies in its Bank Secrecy Act/Anti-Money Laundering program.

The deficiencies cited in the OCC’s 2015 order against the bank include weaknesses in its compliance program and related controls; deficiencies in its risk assessment, remote deposit capture, and correspondent banking processes; and failing to file Suspicious Activity Reports (SARs).

“The bank has failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing, and the Bank failed to file all necessary Suspicious Activity Reports (SARs) related to suspicious customer activity,” the consent order states.

Some of the critical deficiencies in the elements of the Bank’s BSA/AML compliance program include the following:

The bank lacks an enterprise-wide BSA/AML risk assessment.

The bank has systemic deficiencies in its transaction monitoring systems, risk management, and quality assurance programs for its remote deposit-capture services.

The bank has systemic deficiencies in its customer due-diligence processes and failed to have customer due diligence and enhanced due-diligence policies and processes specific to correspondent banking.

The bank lacks a process by which BSA/AML control decisions are escalated to risk management.

Moreover, the bank “failed to identify significant volumes of suspicious activity and file the required SARs concerning suspicious customer activities,” the consent order states.

In assessing this civil money penalty, the agency found that the bank failed to achieve timely compliance with the OCC’s 2015 order, as required. The bank paid the assessed penalty to the U.S. Treasury.