Federal and state banking regulators ordered State Street Corp. to improve its compliance systems after they found deficiencies in its internal controls during a bank examination.
Under the agreement, State Street’s board of directors has 60 days to submit a written plan to strengthen its oversight of firmwide compliance risk management.
Among other things, the report must take into account “personnel, systems, and other resources as are needed to operate a compliance risk management program that is commensurate with the compliance risk profile of the organization and that fully addresses the organization’s compliance risks on a timely and effective basis.’’
The agreement with the Federal Reserve Bank and the Massachusetts Banking Division is meant to ensure that Boston-based State Street is complying with anti-money laundering regulations and the Bank Secrecy Act. State Street owns the State Street Bank and Trust Co. but does little standard banking; it predominantly handles investments and recordkeeping for pension funds and large investment accounts around the world.
State Street must submit a revised program for conducting customer due diligence, ensuring that it’s obtaining proper identification and information like the source of the customer’s money. It must also assign risk ratings to customers based on their location and the services they are buying, and provide enhanced due diligence where necessary.
In addition, the bank must have policies for conducting periodic reviews of all account holders, and must document those reviews.
The regulators also are requiring State Street to write a plan for reporting any known or suspected violations of law or suspicious transactions to law enforcement and regulators. The company also must install an automated transaction monitoring system.
State Street on May 14 had warned of the regulators’ findings and said it could be subject to fines or sanctions.