• OCC issued an enforcement action against Community Federal Savings Bank over AML and BSA deficiencies
• Regulators said controls failed to keep pace with rapid growth in payment processing activities
• Automated suspicious activity monitoring systems were criticized as ineffective
• The bank allegedly failed to adequately understand some customer relationships and transaction purposes
• OCC described independent testing and internal audit oversight as weak
• Community Federal must implement extensive remediation measures and appoint an independent reviewer
• The bank said it began enhancing its compliance framework before the consent order was issued
• Regulators continue increasing scrutiny of fintech-related banking relationships and financial crime controls

Community Federal Savings Bank has been hit with a major enforcement action after U.S. regulators identified serious deficiencies in the New York-based institution’s anti-money laundering and Bank Secrecy Act compliance programs.

The Office of the Comptroller of the Currency said the bank failed to keep pace with the rapid expansion of its payment processing business, leaving critical controls, monitoring systems, and governance frameworks unable to adequately manage growing financial crime risks.

The action places renewed attention on banks that provide services to fintech firms and payment providers. Community Federal serves as a sponsor bank for several prominent financial technology platforms, including Wise’s U.S. dollar accounts and Crypto.com’s prepaid card program.

According to the OCC, the bank failed to develop and maintain risk management processes that matched the growth of its payment processing activities since 2020. Regulators said shortcomings extended across multiple areas of the institution’s compliance framework.

Among the most significant concerns were weaknesses in the bank’s suspicious activity monitoring program.

The OCC said Community Federal failed to adequately identify, investigate, and report potentially suspicious transactions. Regulators found that filtering criteria and thresholds within the bank’s automated alert system were not properly calibrated to reflect its risk profile.

The regulator also criticized the bank’s automated alert triage process, stating that a “very high percentage” of alerts that should have received additional review were automatically closed without sufficient investigation.

Customer due diligence controls were another area of concern.

According to the OCC, the bank did not adequately understand the nature of certain customer relationships or the purpose of transactions flowing through its payment processing business. Regulators specifically highlighted risks linked to foreign financial institutions.

“The Bank does not understand the nature of certain of its customers’ businesses and the purpose of the transactions in the payment processing line, including risks related to foreign financial institutions,” the OCC said.

The regulator further alleged that Community Federal failed to determine whether certain relationships constituted correspondent accounts for foreign financial institutions, a key requirement under the USA PATRIOT Act.

The OCC also delivered a sharp assessment of the bank’s independent testing program, describing it as weak.

According to the order, internal audit functions failed to identify significant weaknesses and did not adequately test higher-risk components of the institution’s anti-money laundering framework.

The latest action is not the first regulatory intervention faced by Community Federal. In 2020, the OCC placed the bank in “troubled condition” after identifying what it described as unsafe or unsound practices relating to strategic planning and earnings performance.

At that time, the regulator ordered the institution to establish a compliance committee and develop a three-year strategic plan.

The new order, signed on April 24, again requires the bank to establish a compliance committee and submit a detailed remediation plan within 90 days.

The OCC has instructed Community Federal to create a comprehensive framework for identifying and controlling money laundering and terrorist financing risks, while also strengthening reporting and recordkeeping procedures.

In addition, the bank must conduct a detailed assessment of how specific products, business activities, and third-party relationships affect its financial crime risk profile.

The regulator also directed the institution to implement a risk-based suspicious activity review program and appoint an independent third-party consultant to evaluate its monitoring, investigative, and decision-making processes.

Community Federal said it had already begun strengthening its compliance framework before the enforcement action was issued.

A spokesperson for the bank said “significant investments” have been made in systems and compliance programs since mid-2024 and that the institution has been actively addressing the issues identified by regulators.

The spokesperson added that Community Federal expects to resolve the matters outlined in the consent order over the coming months.