the Bank Secrecy Act (BSA)/anti-money laundering (AML) program, 12 C.F.R. § 21.21, 52 FR 2859, Jan. 27, 1987.

Anti-money laundering program regulations (customer due diligence), 31 C.F.R. § 1020.210(a)(2)(v).

Due diligence programs for correspondent accounts for foreign financial institutions, 31 U.S.C. § 5318(i) and 31 C.F.R. § 1010.610.

As of 2021, Anchorage failed to adopt and implement an appropriate compliance program integrating the necessary BSA/AML elements, such as:

These failure resulted in Anchorage engaging in violations of the law, including BSA/AML violations.

As a result of these failures, Anchorage violated its January 22, 2021 operating agreement.

Detection of crypto-specific red flags, such as money laundering, illicit financing and terrorist financing.

Controls on unhosted crypto-asset wallets controlled by private individuals.

Identified issues.

Who is responsible for addressing the identified issues.

The actions that will be taken to address the issues.

The results, or ongoing status, of the remedial actions.

Remediate the identified failures in Anchorage's BSA/AML program.

Address the regulations promulgated under the order.

Achieve and sustain BSA compliance.

BSA officer and staffing. The board is required to ensure that Anchorage has a qualified, independent BSA Officer who is vested with the authority to maintain compliance with the BSA and its regulations. Additionally, the board must conduct a staffing assessment to ensure that there are an appropriate number of skilled staff to support the BSA Officer and Anchorage's BSA/AML program.

Customer due diligence, customer risk identification, and high risk account reviews. The board must ensure Anchorage adopts and implements risk based policies and procedures for collecting customer due diligence (CDD) information when opening new accounts, renewing or modifying existing accounts, and when events indicate account information needs to be updated. The board must also ensure that the required CDD information is collected and documented in the system of record for foreign correspondent accounts in compliance 31 C.F.R. 1010.610 requirements.

Suspicious activity identification, evaluation and reporting. Within 90 days of the Order, the board shall ensure Anchorage develops a written suspicious activity monitoring and reporting program to ensure the timely review and disposition of suspicious activity alerts and case investigations, and the filing of suspicious activity reports (SARs) consistent with 12 C.F.R. § 21.11 (see Practice Note: Suspicious Activity Reporting Requirements for Financial Institutions and Legal Update: Federal Banking Agencies Issue Answers to FAQs About Suspicious Activity Reports (SARs) and Other AML Considerations).

Suspicious activity review look-back. To determine whether additional SARs should be filed for any previously unreported suspicious activity, the board is required to submit to the Assistant Deputy Commissioner of the OCC the name and qualifications of a third-party consultant to review and provide a written report on Anchorage's suspicious activity monitoring prior to the Order.

BSA/AML independent testing. Commensurate with Anchorage's money laundering, terrorist financing and other illicit financial activity risk profile, the board must ensure that Anchorage has an BSA/AML independent testing program, which shall be independent and have an annual audit.

BSA/AML independent training. The board must ensure that all appropriate bank employees and board members are trained on the requirements of the BSA and Anchorage's BSA/AML program.

Data governance and recordkeeping requirements. To manage risk, Anchorage must develop, implement, and adhere to a written data governance program for its BSA/AML-related management information systems. The board must ensure compliance with recordkeeping and reporting requirements of the BSA, including the Travel Rule, 31 CFR 1010.410.