On October 10, 2024, the financial services community was stunned by the $3.1 billion settlement between the federal government and TD Bank over Bank Secrecy Act (BSA) and anti-money laundering (AML) violations. TD Bank’s criminal guilty plea to conspiracy to launder hundreds of millions of dollars in drug cartel cash overshadowed a contemporaneous enforcement action involving Clear Fork Bank, a community bank based in Albany, Texas. The October 8, 2024, Consent Order (AA-ENF-2024-82) between the Office of the Comptroller of the Currency (OCC) and Clear Fork Bank reminds the industry that community banks are equally subject to BSA/AML regulations and must maintain adequate financial crime compliance programs. 

Clear Fork Bank is one of the oldest, privately owned banks in Texas with only six retail locations and approximately $800 million in assets. According to the OCC, throughout 2022 and 2023 the bank failed to implement a BSA /AML compliance program “reasonably designed to assure and monitor compliance with the [BSA]” and since at least October 2022 “failed to adequately monitor suspicious activity and file suspicious activity reports (‘SARs’) as required…” The regulator found that Clear Fork Bank “engaged in unsafe or unsound practices, including those related to BSA/AML and oversight of third-party payment processor accounts.”

While not nearly as onerous as the OCC’s settlement with TD Bank, among other remediation steps, the order requires Clear Fork Bank to do the following:

1. The bank must appoint a compliance committee primarily comprised of non-bank officers to monitor and oversee compliance with the order.
2. Within 60 days of the order, the bank’s board of directors must review, revise, and adhere to its BSA compliance policy, which must include a process for evaluating and controlling risks posed by new lines of business, products, and services.
3. Within 60 days of the order, Clear Fork Bank must develop and adhere to a SAR program that includes procedures for timely identification and reporting of suspicious activity, ensuring that monitoring systems apply appropriate thresholds and filters commensurate with the bank’s risk profile, and an annual board review of the program.
4. Within 45 days of the order, Clear Fork Bank shall submit to the OCC a written plan to conduct a SAR “look-back” designed to determine whether SARs should be filed for any previously unreported suspicious activity between October 1, 2022, and January 5, 2024. Depending on the results of the look-back, the OCC in its sole discretion may expand its scope. 

The order reminds us that bank regulators are not only focused on the largest financial institutions with high-risk, cross-border business models, but on local community banks not adequately meeting their BSA/AML obligations. While not resulting in a multibillion-dollar fine, the legal, compliance, and personnel costs associated with remediating the order will undoubtedly strain Clear Fork Bank.

Community banks do not have the same resources to devote to BSA/AML compliance compared to multinational financial institutions, however, bank regulators do not expect smaller institutions to invest dollar-for-dollar with the likes of TD Bank. Community banks should keep the following in mind when considering their BSA/AML needs:

1. No two compliance programs should look alike. Effective BSA/AML compliance starts by assessing your institution’s unique risk profile and building policies, procedures, and controls accordingly.
2. Design your Know Your Customer (KYC) programs to reflect the risk within your customer base. You shouldn’t apply the same KYC procedures to each category of customer. Time-consuming enhanced due diligence should be reserved for your highest-risk customers, allowing you to simplify KYC for low-risk customers. 
3. It doesn’t necessarily cost a lot of money to create a culture of compliance. Regular training for front-line staff, routine executive engagement on compliance issues, and direct compliance oversight by the board is arguably relatively cheaper and more efficient at a community bank with six branches than a global bank with thousands of branches. You’d be surprised how much the tone at the top matters when you operate a small financial institution.
4. Consider whether you are effectively leveraging technology and automation. Data analytics and AML software solutions designed to align transaction monitoring and SAR reporting to your risk model can significantly reduce compliance costs.
5. Scale your compliance program as your business grows. How do you eat an elephant? As the saying goes, one bite at a time. Regulators do not expect community banks to revolutionize their BSA/AML compliance programs overnight. Focus on setting a solid, simple, risk-based foundation and scaling your compliance investment as your institution grows.