WASHINGTON — Regulators have uncovered "surprising deficiencies" in anti-money laundering compliance at some of the nation's largest banks, Comptroller of the Currency Thomas Curry said Monday.

In a speech before the Institute of International Bankers, Curry specifically cited recent enforcement actions against HSBC, JPMorgan Chase and Citigroup.

"There is still a question as to why so many sophisticated banks — many of which spend hundreds of millions of dollars on [Bank Secrecy Act] compliance — have fallen short," he said. "In fairness, BSA compliance is inherently difficult. It involves the challenge of sifting through large volumes of transactions to identify those with suspicious features, a task made especially difficult by the ingenuity criminal elements."

Curry said he understood how evolving technology, including online payment methods and mobile banking apps, have made it more cumbersome for banks to comply with anti-money laundering laws.

But he said such changes are key reasons why regulators need to also continuously update their own regulations since the last inter-agency anti-laundering manual was released in 2005.

"We have revised the manual three times since then to make sure it reflects the latest technological and payment system innovations, as well as emerging threats and vulnerabilities," he said. "We will continue to work with our colleagues at the other agencies to ensure that the manual remains current in its procedures and focused on the right issues."

Curry's vow to stay current on anti-laundering issues comes just a few days before he is expected to testify before the Senate Banking Committee on Thursday. Lawmakers are likely to be heavily critical of the Office of the Comptroller of the Currency, particularly in the case of HSBC, which was fined $1.9 billion for an assorted list of significant anti-laundering violations. Critics have openly wondered, however, why HSBC was not criminally prosecuted for these oversights, fueling more concern that some institutions are "too big to jail."

Curry has rejected that theory, telling state attorneys general last week that no institution is above the law. (The OCC can pursue banks in civil court, but must refer cases to the Justice Department for a criminal prosecution.)

As important as they are, they should not be considered immune from prosecution when circumstances warrant," Curry said. "No institution should be viewed as too big to prosecute."

Speaking on Monday, Curry said the agency was committed to improving its oversight of banks' anti-laundering compliance.

"We will continue to improve our supervision, but we recognize there is much work to be done," he said. "In this regard, we will continue to work with the other agencies to ensure that our examination policies remain up to date and our risk management guidance remains current."

Curry's speech was framed around operational risk, a topic he's frequently warned banks about.

Particularly with anti-laundering compliance, Curry said they "we're seeing a number of trends and areas of concern that warrant close attention by both regulators and banks." This included "high-risk" international activities such as cross-border funds transfers, remote deposit capture and foreign correspondent banking as well as a bank's lack of resources for compliance.

"Austerity programs have led to a reduction of staff and other resources at some banks, and at others, programs have failed to keep pace with the institution's growth," he said.

He also highlighted third-party relationships and payment processors as creating significant problems that have attracted the attention of regulators.

"The OCC and the other banking agencies have been monitoring this area closely over the years," he said. "And we have issued risk management guidance to prevent problems and we've taken enforcement actions when we've found problems."

For the five years ending in 2010, the OCC has issued 41 cease and desist orders against banks for failing to have adequate BSA programs, Curry said.

When asked what the OCC considers a "robust compliance culture" for anti-money laundering, Curry simply responded that it starts at the top.

"It requires a commitment from the top in management and the board. There needs to be allocation of resources to that function," he said. "Compliance needs to be a development of new products so that particular focus on risks can be built into the structure from the ground floor."

Separately, in a speech following Curry's remarks, Federal Deposit Insurance Corp. Chairman Martin Gruenberg confirmed that his agency plans to release guidance revealing more of the FDIC's thinking around the resolution of cross-border financial giants.

The FDIC was granted broad powers in the Dodd-Frank Act to wind down systemically important firms similar to its resolution powers for traditional banks.

"We are planning to make available later this year a policy statement to lay out some detail in how the policy will work and we will seek public comment it," Gruenberg told the IIB audience.

Gruenberg also said the FDIC is in the process of helping to evaluate the resolution regimes of other countries. In 2011, the Financial Stability Board for the G-20 nations released a list of "key attributes" for "effective resolution regimes." As part of that process, the FSB is calling for peer reviews of the resolution systems for member countries, and the first peer review is being led by the FDIC, Gruenberg said.

"This review will compare national resolution regimes across both individual key attributes and across different financial sectors," he said. "It will provide recommendations for future work by the FSB and its members in support of an effective and credible resolution regime for SIFIs. We expect the final report of the peer review to be released this spring."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.