OCC Orders Bank of America to Overhaul AML and Sanctions Compliance Programs

On December 23, 2024, the U.S. Office of the Comptroller of the Currency (OCC) issued a cease-and-desist order against Bank of America, N.A., citing significant deficiencies in the bank's Bank Secrecy Act (BSA) and sanctions compliance programs. 

The OCC's order points to systemic weaknesses in several areas of Bank of America's compliance framework:​

• Suspicious Activity Reporting: The bank failed to file SARs promptly, undermining efforts to detect and prevent financial crimes.​
  
  
• Customer Due Diligence (CDD): Previously identified deficiencies in CDD processes remained unaddressed, posing risks in understanding customer behaviors and potential illicit activities
  
  
• Internal Controls and Governance: Inadequate internal controls and governance structures hindered effective oversight of compliance obligations.​
  
  
• Independent Testing and Training: Deficiencies in independent testing and employee training programs compromised the bank's ability to maintain robust compliance standards.​
  ‍

{{snippets-guide}}

Mandated Corrective Actions

To address these issues, the OCC has mandated that Bank of America undertake comprehensive remedial measures:​

• Independent Consultant Engagement: The bank must hire an independent consultant to assess its BSA/AML and sanctions compliance programs and conduct lookback reviews to ensure all suspicious activities have been appropriately reported.​
  
  
• Compliance Committee Formation: Within 30 days, the bank's board is required to appoint a compliance committee, comprising at least three members, with a majority being independent directors not affiliated with the bank. This committee will oversee adherence to the order's provisions.​
  
  
• Action Plan Development: An acceptable written plan detailing remedial actions to achieve and sustain compliance with BSA and sanctions laws must be submitted within 90 days. This plan should include specific corrective actions, timelines, and responsible parties.

​​Bank’s Response and Outlook

Bank of America’s response to the OCC’s enforcement order appears calculated and proactive. The bank's spokesperson highlighted that remediation efforts have already been underway prior to the formal issuance of the cease-and-desist order, suggesting that leadership was aware of regulatory concerns and sought to address them pre-emptively. 

This aligns with the October 2024 disclosure, where the bank noted ongoing conversations with regulators and the possibility of enforcement. By acknowledging the deficiencies publicly and committing to corrective action, the bank is signalling transparency and accountability—a key expectation from both regulators and investors.

While Bank of America has asserted that the OCC's order is unlikely to cause a material financial impact, the reputational consequences could still be significant. Regulatory scrutiny of this magnitude draws attention not just to past lapses, but to the robustness of current internal controls and governance structures. Investors, shareholders, and the public may interpret the order as a warning sign of deeper cultural or operational issues, especially within the compliance function. How the bank handles implementation of the order—such as hiring an independent consultant, creating a sanctions-focused compliance committee, and updating its AML frameworks—will be closely watched as a bellwether of institutional discipline.

The timing of this order places Bank of America under added pressure. Regulatory bodies in the U.S. and abroad have intensified scrutiny of AML and sanctions compliance following several high-profile failures across the banking sector in recent years. With TD Bank recently fined $450 million for similar shortcomings, there’s little tolerance for inadequate or delayed remediation. Bank of America’s ability to respond decisively and demonstrate sustained compliance improvements will be critical, not only for satisfying OCC requirements but also for maintaining competitive credibility in a heavily regulated and reputation-sensitive industry.

Looking ahead, the bank’s success in managing this crisis may hinge on the depth of its compliance transformation. Adopting modern technology, strengthening enterprise-wide oversight, and embedding a culture of risk awareness across business units will be vital. If implemented effectively, these changes could move Bank of America beyond recovery into a position of industry leadership in regulatory compliance. However, any missteps, delays, or recurrence of compliance failures could result in further enforcement, reputational damage, or loss of stakeholder confidence.

{{snippets-case}}

Conclusion

The OCC's cease-and-desist order underscores the critical importance of robust compliance programs in the banking sector. Financial institutions are expected to maintain effective systems for detecting and reporting suspicious activities, ensuring adherence to BSA and sanctions regulations. Bank of America's forthcoming actions in response to the OCC's mandates will be closely watched as a measure of its commitment to regulatory compliance and the integrity of the financial system.

sanctions.io is a highly reliable and cost-effective solution for real-time screening. AI-powered and with an enterprise-grade API with 99.99% uptime are reasons why customers globally trust us with their compliance efforts and sanctions screening needs.

‍

To learn more about how our sanctions, PEP, and criminal watchlist screening service can support your organisation's compliance program: Book a free Discovery Call.

‍

We also encourage you to take advantage of our free 7-day trial to get started with your sanctions and AML screening (no credit card is required).

‍