The Office of the Comptroller of the Currency (OCC) ordered the New York branch of a Mumbai-based bank to implement sweeping changes to its anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance programs but will not fine the bank if the improvements are completed.
ICICI Bank has a history of BSA/AML program failings but has begun corrective action to remedy its deficiencies, the OCC said in an Oct. 3 consent order published Oct. 20. The order requires ICICI Bank to cease and desist from further violations of the OCC’s BSA/AML rules, as well as failing to correct previously identified compliance issues with those rules.
Among the problems previously identified by the OCC were a weak system of internal controls, a weak BSA officer function, and an insufficient training program. As a result, ICICI Bank violated OCC rules regarding the filing of suspicious activity reports, bank AML controls, beneficial ownership requirements for legal entity customers, and recordkeeping requirements.
Within 60 days of the order, ICICI Bank’s general manager must file an action plan with the OCC containing the “remedial actions necessary to achieve and sustain compliance with the BSA.” Among the areas the bank must address are its BSA/AML internal controls, suspicious activity monitoring and reporting, customer due diligence, and risk reviews of high-risk accounts.
The bank must ensure it has a qualified BSA officer “vested with sufficient independence, authority, and resources to fulfill the duties and responsibilities of the position.” Once that officer is in place, he or she must evaluate the bank’s staffing needs for its BSA/AML compliance program and make recommendations for hiring staff to the bank’s general manager.
The bank must implement a written training program “for all appropriate employees, officers, and senior managers to ensure their awareness of their responsibility for compliance with the requirements of the BSA and the branch’s BSA/AML program.”
The bank must also implement a suspicious activity review “look back” from Jan. 1, 2021, and report all instances when a customer subject to an alert did not reply to a request for more information.
ICICI Bank must adopt and implement an effective sanctions compliance program that is commiserate with its risk profile. The program must contain internal controls, policies and procedures, and appropriate and effective sanctions screening for its sanctions compliance program that is periodically tested for effectiveness.
The order set out a series of deadlines for follow-up action reports that lay out the specific corrective actions undertaken to comply with each article of the order, the status of those corrective actions, and a description of outstanding actions.
“The branch will not be deemed to be in compliance with this order until it has adopted, implemented, and adhered to all of the corrective actions set forth in each article of this order, the corrective actions are effective in addressing the branch’s deficiencies, and the OCC has verified and validated the corrective actions,” the order said.
ICICI Bank did not respond to a request for comment.