Banks should expect regulators to ramp up enforcement of anti-money laundering rules as the U.S. emerges from the COVID-19 pandemic.

Regulators eased Bank Secrecy Act/anti-money laundering, or BSA/AML, expectations at the start of the pandemic as focus shifted to getting money out to small businesses through the Paycheck Protection Program and because the move to remote work made it difficult for banks to meet AML and Office of Foreign Assets Control deadlines. But they are returning to strict enforcement of BSA/AML, especially as the U.S. has implemented significant sanctions against Russian individuals and entities following the country's invasion of Ukraine, industry experts agreed.

"Although regulators have been relatively lenient with banks because of disruptions caused by COVID, they likely will become more skeptical of banks that use the pandemic to justify BSA/AML weaknesses as society returns to normal," John Geiringer, a partner in the Financial Institutions Group at Barack Ferrazzano Kirschbaum & Nagelberg LLP, said in an email.

The Office of the Comptroller of the Currency told financial institutions in April 2020 that it understood the effect the pandemic might be having on their ability to meet certain BSA obligations, such as timing for report filings. The Federal Reserve declined to comment for this story, but in March 2020, it extended by 90 days the time periods to remediate "non-critical existing supervisory findings" except if the Fed notified a company that being more timely would help.

A spokesperson for the Treasury Department's Financial Crimes Enforcement Network said the bureau "is consistent with how it applies its authorities and always takes into account the facts and circumstances in each case." The FDIC, when reached for comment, provided an annual report that said it conducted BSA examinations at 1,372 state nonmember institutions in 2020.

Regulators have taken significant enforcement actions against sizable banks in 2022. In March, the Office of the Comptroller of the Currency assessed a $60 million civil money penalty and issued a cease and desist order against USAA Federal Savings Bank, saying it failed to adopt and implement an adequate BSA/AML program. In February, the Fed announced a penalty of $20.4 million and cease and desist order against the National Bank of Pakistan for anti-money laundering violations in its U.S. operations, based in New York.

Limited leniency

During the pandemic, regulators gave banks more leniency in certain routine areas, such as updating or implementing new systems or technology, but not in other more serious areas such as outright violations, said Marc-Alain Galeazzi, partner at Morrison & Foerster LLP.

Leniency may have depended on the individual examiner, said Peter Hardy, partner at Ballard Spahr LLP and a former federal prosecutor, who also noted that financial institutions have faced turnover of compliance personnel, as many companies have recently with various types of staff.

"It is my hope that regulators remain sensitive to that, but I think personnel issues can really play into compliance, and we'll see if there's any kind of downstream consequences for financial institutions in the next few years," Hardy said in an interview.

Enforcement through the years

BSA/AML enforcement actions peaked in the wake of the 2008-09 financial crisis before banks devoted additional resources to comply with heightened standards. Violations likely also dwindled in recent years as an influx of mergers and acquisitions led to significant consolidation in the industry.

The OCC issued a final rule, effective May 1, that will allow the agency to issue exemptions of regulations related to suspicious activity reports upon financial institutions' requests.

Varying risk exposure

Lawyers agreed that BSA/AML compliance is a high priority for banks overall, though Benjamin Hutten, counsel at Buckley LLP, said all banks do not have the same exposure to risks related to AML and sanctions.

"A small bank focused on providing consumer credit within its community doesn't merit the same scrutiny that a large bank might," Hutten said. "But the general approach is fairly consistent: Review exposure, memorialize conclusions about risk, and adjust controls accordingly."

Smaller banks with less risky profiles tend to have less focus on these issues, but they are still important, said Elizabeth Davy, of counsel at Sullivan & Cromwell LLP's Financial Services and Financial Services Litigation and Investigations Groups.

"The enforcement trends over the years have shown that it's been very costly to make a mistake in the AML area and sanctions as well," she said in an interview. "Other areas of compliance don't necessarily have the same level of enforcement risk that AML does. So I think that's why you see it taking such prominence."

Hardy agreed these are more applicable to larger banks and depend on individual banks' challenges and risks.

"Perhaps 20 years ago it was 'important' but not in the practical way that it is now," Hardy said, referring to BSA/AML in general. "Banks have been put at the forefront of guarding the U.S. financial system."

Artificial intelligence

Banks are implementing artificial intelligence to better monitor transactions, lawyers said. Large and mid-size banks in particular are looking at this technology.

"Banks are increasingly relying on innovative approaches, like artificial intelligence, to enhance their ability to identify, evaluate, and report suspicious activities," Geiringer said.

However the technology could introduce new challenges.

Banks need to make sure artificial intelligence works as intended and that the technology's decisions do not end up being biased based on race or other factors as it learns and sends alerts about suspicious activity, said Galeazzi.

This year is the first when supervisory teams at regulatory agencies have proactively asked about artificial intelligence, said Craig Nazzaro, partner at Nelson Mullins Riley & Scarborough LLP.

"If you're deploying it, they're keenly interested in what your oversight of it was — what the internal subject matter expertise was for the bank that's being supervised," he added.