Brighton Bank has entered an agreement with the Federal Deposit Insurance Corp.to overhaul its anti-money-laundering technology and practices after a report from the regulator last year found the bank violated compliance laws.
The FDIC demanded the community bank, which is based 30 miles north of Memphis, Tennessee, take a broad set of actions to remedy its violations of the Bank Secrecy Act [BSA], according to a consent order that was made public on Friday. The order, which took effect Nov. 30, requires Brighton Bank to appoint a BSA officer, enhance audits of information technology, and train staff in BSA/AML requirements, among other action items.
The consent order emphasizes the need for stronger information technology controls for the bank's compliance and cybersecurity. Brighton Bank did not respond to requests for comment.
Michael Dawson, a partner at law firm WilmerHale, said he's seen an increase in demand for BSA/AML advice from clients.
"This order reflects ongoing close scrutiny across all the federal banking agencies of AML compliance programs," Dawson said. "The other thing is, this order reflects how important it is that the BSA/AML function is supported by strong IT functions. It really is not possible to have effective BSA/AML functions without an effective IT function."
Dawson, who advises financial and technology clients on regulation, added that federal regulators have said they would only use public enforcement actions on banks with issues that are systemic, not isolated incidents of violations.
Brighton Bank is required by the consent order to improve its practices related to BSA/AML, Dawson said, including having a designated BSA/AML team, independent testing, employee training and internal controls. The order also specifically addresses the bank's wire system, such as wire limits, verification processes and wire insurance. Dana Twomey, who leads risk and compliance consulting for financial institutions at West Monroe, said banks have to leverage a number of technology controls and process controls to ensure wires are reviewed appropriately before they're sent.
The Port Angeles, Washington-based bank said it has already invested "significant resources" into enhancing its compliance management for fintech partnerships, after self-reporting a problem last year.
The FDIC initially laid out its concerns about Brighton's BSA/AML violations in a report in August 2022. Earlier this year, Brighton Bank launched a new website and updated its mobile app. According to the new site, which includes educational blogs about cybersecurity, the redesign is more "user-friendly, efficient and has added security features for enhanced safety." The bank also appointed Shelby Knipple as its BSA officer, per her LinkedIn.
Dawson said banks typically use the time between their exams and when orders are made public effectively, but usually the work takes several years.
"When banks are remediating programs in response to a consent order, the basic challenge is that they have to improve internal controls and processes, while at the same time, continuing to run the bank," Dawson said. "Like the old saying, 'you're fixing the airplane while flying it.' So that presents a lot of resourcing challenges."
Dawson added that it's surprising how much board supervision the FDIC expects of Brighton Bank. He added, though, that regulators often count on boards to play a closer role in bank operations when institutions are undergoing a lot of change, like shifts in strategy and management.
In 2020, Brighton Bancorp, the parent company of the bank, agreed to sell a controlling interest in the company to a group of investors who had attempted to launch a community bank in North Carolina. According to an announcement at the time, the bank had $42 million in assets, deposits of $37 million and loans of $25 million.
Twomey said that based on what she's seen in the industry, banks aren't investing in compliance as heavily as in other areas. She added that banks that use dated or insufficient technology are at a disadvantage for compliance, and should be taking a harder look at their systems going forward.
"IT systems are such a crucial part of how BSA should operate within a financial institution," Twomey said. "It's unsurprising that they're being highly scrutinized by regulators right now."
