The regulatory focus on cryptocurrency firms continued on April 21, when the Office of the Comptroller of the Currency (OCC) issued a Consent Order against Anchorage Digital Bank regarding the bank’s failure to adopt and implement a compliance program that adequately covers the required Bank Secrecy Act/anti-money laundering (BSA/AML) program elements. The OCC’s findings included the failure to demonstrate “internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to implement policies and procedures including provisions addressing the collection of information necessary to maintain an accurate customer profile, ensuring the AML staff are properly trained to conduct Customer Due Diligence (CDD), and processes exist to manage maintenance and continued monitoring of high-risk customers. CCO’s should be taking a closer look at their existing controls and verify that their program:
- Has a risk rating methodology in place to identify high risk customers
- Provides continuous monitoring of high-risk customers following onboarding
- Has a robust CDD process and properly trained staff to analyze and approve