Last year was the year of Bank Secrecy, sanctions and anti-Money Laundering enforcement.  The HSBC settlement sparked significant controversy over the claim by the Justice Department that HSBC and other banks are “too big to jail.”  Below the high-profile cases, there is another phenomena occurring – a resurgence in regulatory enforcement against banks and other financial institutions.

With this constellation of enforcement – high-profile mega-cases and aggressive regulatory enforcement, big, medium and small financial institutions are incurring significant cost increases to improve and expand their AML compliance programs.  That is a good thing and can only benefit the industry and the economy.

The Bank Secrecy Act is the government’s primary focus.  In brief, the law requires banks to assist regulators in detecting and preventing money laundering.  The Federal Reserve, the Office of Comptroller of the Currency and the FDIC, have taken a number of regulatory actions against banks to enforce the BSA requirements.

These enforcement actions have been accompanied by stern warnings by regulators that banks, card-based programs and money service businesses need to comply with  BSA/AML and OFAC laws.  Financial institutions — from multinational bank holding companies to regional and community banks to non-bank financial services companies — are facing tough oversight of their existing BSA/AML and OFAC compliance programs

In 2012, the Federal Banking Agencies brought over 30 significant enforcement actions involving BSA/AML violations, several of which included OFAC-related compliance issues as well.  In the largest OFAC sanctions case, ING Bank NV paid a $619 million fine based on repeated violations dating back to the mid-1990s of the Cuban Assets Control Regulations and other OFAC programs. In a similar settlement six months later, Standard Chartered paid $132 million to settle civil liability claims based on payment practices that violated OFAC sanctions and related laws.

In January 2013, the OCC entered into a consent cease and desist order with JP Morgan Chase and its affiliates to address deficiencies in the bank’s BSA/AML compliance program.  Recently, Citigroup entered into a consent order with the Federal Reserve to improve its AML procedures.

Regulators even turned their attention to individual officers and directors – in January 2013, the OCC cited three former directors and two former officers of Security Bank in Florida for failing to ensure the bank’s compliance with various BSA/AML requirements, including timely SARs filings and monitoring high-risk accounts.

Several weeks later, the OCC entered into a consent cease and desist order and assessed a $10 million penalty against TCF Bank in South Dakota for BSA/AML violations.  TCF failed to file SARs for over $60 million in transactions for suspected money laundering.

As financial institutions spread their operations into new emerging economies the AML risks grow exponentially.  In response, banks are building bigger and more elaborate compliance infrastructures.  HSBC’s compliance costs are skyrocketing as a result of its settlement with the government last year.  Citi and JPM also have indicated they are increasing compliance costs significantly during 2013.

The aggressive enforcement activities have caused significant cost increases in compliance for mid-sized and small community banks.  Regulatory agencies continue to scrutinize midsized banks with sizable overseas customer bases (e.g. Miami-based banks serving Latin American customers) which is increasing compliance costs for these banks.

With the renewed focus on AML compliance, banks and other financial institutions needs to respond with careful and cost-effective compliance improvements – focusing on improvement of: (1) empowering independent chief compliance officers with authority to elevate compliance issues to the highest levels of company management and the board; (2) allocating increased resources for compliance systems; (3) renewing a risk assessment to identify high-risk customers, transactions and procedures, along with data system for monitoring such transactions; (4) expediting review and improvement of data systems for monitoring overall AML compliance; and (5) reiterating leadership’s commitment to compliance, especially given the highly aggressive enforcement environment.