Recent OCC case shows widespread liability when a BSA program fails

The OCC on Thursday announced seven civil money penalty orders issued to individuals from City National Bank of New Jersey in Newark. City National was effectively shuttered by the OCC in November 2019 after the regulator found the bank “had experienced substantial dissipation of assets and earnings due to unsafe or unsound practices. The OCC also found that the bank was undercapitalized and failed to submit a capital restoration plan acceptable to the OCC.”

The BSA program at City National was described by the OCC to be “critically deficient” and “failed to appropriately monitor for and report suspicious activity, and did not include a due diligence program reasonably designed to enable the Bank to detect suspected money laundering by foreign financial institutions.” The blame for this was spread far and wide by the OCC, as the seven individuals receiving fines all explicitly linked to the BSA failings held a variety of roles:

• Preston Pinkett III, former chairman of the board of directors, CEO, and president of City National;
• Ridhima Ahluwalia, former senior vice president and senior risk officer;
• Karen Highsmith, former senior vice president for organization management;
• Roland Anglin, a former board of directors member;
• Michael Hopson, a former board of directors member;
• H. O’Neil Williams, a former board of directors member; and
• Lemar Whigham, a former board of directors member.

Pinkett faces the largest fine at $70,000, while the rest of the penalties are $14,000 or less. Pinkett, Ahluwalia, and Highsmith each received personal cease-and-desist orders as well.

Everyone has a part to play

Pinkett, as the CEO, no doubt bears the brunt of the responsibility for the bank’s alleged failings, hence the significantly larger fine. His actions, as described by the OCC, appear to be behind the cracks in the façade of the BSA program.

Between 2014 and November 2019, Pinkett allegedly onboarded high-risk businesses as clients without ensuring the bank’s BSA program could keep up with the increased risk profile. And he did so as a member of the bank’s suspicious activity report and account review committees from approximately October 2017 to June 2018, the OCC explained.

“These committees provided inadequate oversight of the Bank’s high-risk customers and did not appropriately report suspicious activity,” the OCC noted. Ahluwalia and Highsmith were also part of the committees.

Further, Pinkett did not disclose potential conflicts of interest he had with third parties, and he mismanaged staff and resource response to correcting deficiencies identified by the OCC, the regulator added.

With regard to Pinkett’s alleged actions, Ahluwalia, as first the bank’s enterprise risk officer before being named senior risk officer in 2017, held perhaps the most significant position to get the risk programs in line. However, she “did not develop an effective risk framework for the Bank, perform risk assessments on customers or lines of business, or ensure risk assessments performed by third parties or lines of business were sufficient,” according to the OCC. “This contributed to the Bank’s failure to identify, measure, monitor, and control its high risks and contributed to serious safety and soundness concerns at the Bank.”

Ahluwalia faces a fine of $7,000.

Highsmith, as the person at the bank in charge of BSA staffing and efforts to correct violations within the program, faces a $6,000 penalty. She only held those responsibilities from approximately July 2017 to June 2018 but notably did not ensure the BSA department “had adequate staff and resources or followed up on concerns identified by consultants.”

The rest of the four individuals—Anglin, Hopson, O’Neil Williams, and Whigham—were each board members that received fines because the board “failed to exercise appropriate oversight of the Bank,” according to the OCC. “For example, the Board did not ensure the Bank controlled expenses or hold management accountable for correcting identified concerns. The Directors ceded much of the oversight of the Bank to Bank management. Despite repeat and direct criticisms from the OCC, the Directors did not take timely, effective, or necessary steps to correct deficiencies.” Their proposed penalties faced range from $3,000-$14,000.

Lessons learned

“Under the Bank Secrecy Act and related anti-money laundering laws, banks must establish effective BSA compliance programs; establish effective customer due diligence systems and monitoring programs; screen against Office of Foreign Assets Control and other government lists; establish an effective suspicious activity monitoring and reporting process; and develop risk-based anti-money laundering programs,” the OCC lays out on the BSA page on its Website. As alleged, it is clear City National didn’t follow at least four of those five tenets.

The cases of individual liability are not only notable for how they spread between the board and executive level but for how they speak to each person’s role in ensuring BSA compliance is met.

Even if it is the CEO taking the lead in onboarding high-risk clients, the people beneath him or her that have responsibility for risk programs need to scale up to meet the new level of risk or raise concerns in an effort to slow or cease the activity. Otherwise, regulators like the OCC will take note, and money will be taken from their own pockets.