On April 21, 2022, the Office of the Comptroller of the Currency (OCC) issued a consent order against Anchorage Digital Bank, a digital asset bank based in South Dakota. Notably, Anchorage had previously become the first digital asset bank to be regulated by the OCC in January 2021. In its consent order, the OCC determined that Anchorage had failed to adopt an effective compliance system as required by the Bank Secrecy Act and anti-money-laundering (“AML”) laws, specifically highlighting failures related to “internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” While Anchorage neither admitted nor denied the OCC’s findings, it agreed to implement various controls including:
- drafting a BSA/AML Action Plan,
- hiring a BSA officer with appropriate support staff,
- improved customer due diligence procedures,
- improved suspicious activity identification procedures,
- hiring a third party to conduct a suspicious activity look-back at the bank’s transactions,
- instituting an independent auditing process to evaluate its BSA/AML programs,
- instituting BSA/AML training for the bank’s employees, and
- implementing improved data governance and record keeping requirements.
The OCC’s action and the breadth of the remedial measures prescribed in detail in the OCC’s 25-page order confirm that the OCC expects the digital asset banks within its jurisdiction to maintain BSA/AML compliance and oversight processes and controls that other financial institutions have long adhered to. Other digital asset banks and newly formed institutions should look to the remedial measures outlined in Anchorage’s consent order and be prepared to implement similar systems and processes.