Florida-based Axiom Bank has been ordered to revamp its compliance program to more effectively comply with Bank Secrecy Act (BSA) and anti-money-laundering (AML) rule. The Office of the Comptroller of the Currency (OCC) cited the community bank for lacking controls and for its suspicious activity reporting practices.
The succinct order from the OCC with almost no details in it cited Axiom’s processes – or more precisely, lack of processes – designed to identify, evaluate, and report suspicious activities that could indicate money laundering.
This compliance shortfall can open potential channels for illicit financial flows undetected through a bank’s infrastructure, and it has underpinned several large-scale penalties from banking (and other) regulators in the AML arena this year.
This resoundingly played out last week in a multi-agency enforcement action against TD Bank that involved over $3 billion in fines and an asset cap on its US operations being assessed against the lender.
Remedies ordered
Within 30 days of the execution of its agreement with the OCC, Axiom’s board must appoint a compliance committee of at least three members, of which a majority shall be directors who are not employees or officers of the Bank or any of its subsidiaries or affiliates. This committee must formulate a BSA/AML action plan and thereafter, within 30 days of the end of each quarter, it must submit updates on its progress.
Within 60 days of the agreement, Axiom must share with the OCC updated policies and procedures meant to control risks “associated with money laundering and terrorist financing and other illicit financial activity, with particular attention to the bank’s pre-paid card and merchant processing partnership programs.”
The bank has also agreed to look back at its prior suspicious activity reports made between January 1, 2023 and June 30, 2024, and it must evaluate how it addresses third-party risks.
Axiom’s fintech relationships
In the traditional banking space, Axiom offers debit and pre-paid cards and merchant processing.
It has entered several fintech partnerships in the last couple of years, partnering in 2022 with open banking fintech Raisin to expand the reach of it savings products. And it became the banking partner for fintech company Majority that helps people acquire banking services in the US even without a social security number – largely to help the immigrant community.
Last year, Axiom forged a relationship with Cable, a tech company that offers an automated compliance testing platform that allows banks to test their BSA/AML controls across the bank’s entire account and transaction data.
Absolutely nothing in the OCC’s order mentions these fintech providers and any role they played in the charges brought against Axiom.
In general terms, the banking regulators have been proactively reminding firms of their third-party oversight obligations, particularly as it pertains to their fintech partners.
In September, the Federal Deposit Insurance Corp (FDIC) proposed a rule to require banks to bolster the recordkeeping requirements for the fintech companies they partner with following the Synapse collapse, which resulted in millions of dollars in frozen customer funds.
And last June, the OCC, FDIC and Federal Reserve issued interagency guidance on third-party risk management to identify the risk management principles applicable to each life cycle of a third-party relationship.