On January 14, Patriot Bank, N.A. entered into an agreement with the Office of the Comptroller of the Currency (OCC) to address and rectify several unsafe or unsound practices and violations of law. This agreement follows the bank’s reported loss of nearly $27 million for the quarter ending September 30, 2024.

The OCC identified several areas of concern at Patriot Bank, including strategic planning, capital planning, Bank Secrecy Act/Anti-Money Laundering (BSA/AML) risk management, payment activities oversight, credit administration, and concentrations risk management. To address these issues, the bank and the OCC agreed on a comprehensive plan that includes specific corrective actions and oversight mechanisms.

Key Provisions of the Agreement

  • Compliance Committee:
    • The bank was required to appoint a Compliance Committee by January 31, 2025, consisting of at least three members, with a majority being directors who are not employees or officers of the bank or its affiliates.
    • Within 30 days of the agreement, and then within 30 days after the end of each quarter, the Compliance Committee shall submit to the Board a written progress report setting forth: (a) a description of the corrective actions needed to achieve compliance with each article of the agreement; (b) the specific corrective actions undertaken to comply with each article of the agreement; and (c) the results and status of the corrective actions.
  • Strategic Plan:
    • The Board must submit an acceptable written strategic plan within 45 days of the agreement, covering at least a three-year period.
    • The plan must establish objectives for the bank’s overall risk profile, earnings performance, growth, balance sheet mix, off-balance sheet activities, liability structure, capital and liquidity adequacy, product line development, and market segments that the bank intends to promote or develop.
    • The Board must review and update the strategic plan annually and as needed.
  • Capital Plan and Higher Minimums:
    • The bank must achieve and maintain specific minimum capital ratios by February 28, including a common equity tier 1 capital ratio at least equal to 10.0%.
    • The Board must adopt an effective internal capital planning process and submit a revised written capital plan within 45 days of the agreement.
  • Risk Governance:
    • The bank must submit a written risk management framework for new, expanded, or modified products and services within 60 days.
    • The framework must include policies and procedures for due diligence, risk assessment, and consultation with relevant functional areas.
  • BSA/AML Action Plan:
    • The bank must submit a written plan detailing remedial actions necessary to achieve and sustain compliance with the BSA within 30 days.
    • The plan must include corrective actions, timelines, and responsible parties.
  • Program Manager Due Diligence and Monitoring:
    • The bank must ensure that BSA/AML risks associated with providing prepaid card products through third-party program managers are identified, managed, and controlled.
    • The Program Manager Due Diligence and Monitoring Plan includes procedures to ensure that program managers are registered with FinCEN, if applicable, and comply with state and local licensing requirements.
      • It mandates risk assessments for all proposed and existing program managers to determine the need for further due diligence.
      • Ongoing monitoring and testing of program managers must be documented and comprehensive, covering new and existing cardholder accounts, BSA and fraud alerts, sanctions, and other relevant areas.
      • The BSA Department must have adequate staffing to complete monitoring reviews in a timely manner according to bank policy.
      • Bank management must obtain and report granular metrics related to prepaid card activities to the Board, including alert closures, cases, new cardholder accounts, and sanctions activities.
      • The bank must perform appropriate risk-based due diligence for program managers, including periodic on-site visits, annual reviews of the program manager’s BSA/AML program, and assessment of their independent BSA/AML audit reports.
      • An annual review and assessment of the program manager’s operating accounts must be conducted to ensure segregation and transparency.
      • The bank must have policies and procedures to review and determine whether to close any program manager account exhibiting significant risks for money laundering or terrorist financing, such as excessive SARs, lack of transparency, or failure to provide requested information.
  • Payment Activities Oversight:
    • The bank must submit a written Payment Activities Oversight Program within 60 days to manage risks involved in processing ACH and wire transfers, including risks presented by originators, beneficiaries, and counterparties.
    • The program must include parameters for monitoring ACH and wire transfers, processes to identify and document high-risk activities, or activity that is suspicious, unreasonable, or abnormal.
    • Reports must be made to the Board that includes trends in ACH and wire volume over a defined period of time, transactions by client type, number of originators, return rates for the bank as a whole, level of risk of originators, any high-risk originators, and any Nacha rules violations.
    • An appropriate enterprise risk management framework must include elevated monitoring of risks stemming from payments activities and the establishment of key performance indicators and risk indicators for monitoring operational risks from ACH and wire transactions.
    • Effective processes must be established to ensure internal audit coverage of the prepaid card business is comprehensive and includes sufficient review and testing of risks and related controls, including BSA/AML, compliance, and operations risk.
    • The program must include sufficient management information and metrics to measure, manage, adjust, and optimize the Payment Activities Oversight Program’s monitoring system.

Our Take

Many of the items required by the OCC are similar to previous agreements with other banks. However, this agreement’s specificity on program managers and payment activities stands out. It is clear that Patriot Bank had onboarded prepaid card managers that had BSA/AML deficiencies and the bank must ensure that it is monitoring these program managers for compliance. We will continue to monitor bank enforcement actions for new developments.