Riggs order articulates bank secrecy act compliance requirements

Riggs Bank N.A. of Washington, DC entered into a consent order with the Office of the Comptroller of the Currency in July 2003, received a cease and desist order from the Federal Reserve Board later that year, and was assessed a $25 million penalty by the Financial Crimes Enforcement Network (FinCEN) in May 2004, all for Bank Secrecy Act violations. In general, Riggs was deficient (i) in designing a program tailored to the risks of its business that would ensure appropriate reporting, (ii) in implementing the procedures it did have, and (iii) in responding to classic “red flags” of suspicious conduct. As a result, Riggs failed to file a number of timely and complete suspicious activity reports (SARs) and late and complete currency transaction reports (CTRs) for high‐risk accounts. In discussing the violations that occurred, FinCEN articulated internal control, customer due diligence, compliance monitoring, and independent testing standards that Riggs did not meet, and that other institutions should regard as rules of general applicability.