Community Federal Savings Bank faces an enforcement action from the Office of the Comptroller of the Currency over deficiencies in the New York City-based lender’s Bank Secrecy Act and anti-money laundering compliance program, the regulator announced last week.

Specifically, Community Federal – which serves as a sponsor bank for Wise's U.S. dollar accounts and Crypto.com's prepaid card, among others – has failed to develop and maintain controls and risk management processes to match the growth its payment processing line has seen since 2020, the OCC said.

Further, the bank failed to adequately identify, investigate and report potentially suspicious activity, the OCC said. The filtering criteria and thresholds in Community Federal’s automated suspicious activity alerting system had not been sufficiently calibrated for the bank’s risk profile, the regulator added. The bank’s automated alert triage system auto-closed “a very high percentage” of alerts that should have been escalated for further review, the OCC said.

The OCC also took issue with the bank’s customer due diligence program, as well as its staffing and independent testing for BSA/AML.

“The Bank does not understand the nature of certain of its customers’ businesses and the purpose of the transactions in the payment processing line, including risks related to foreign financial institutions,” the regulator said. “Additionally … the Bank failed to determine whether it had correspondent accounts for foreign financial institutions to ensure compliance with due diligence requirements under the USA PATRIOT Act.”

The OCC called Community Federal’s independent testing “weak.”

The bank’s internal auditor failed to identify weaknesses or test high-risk areas of the BSA/AML program, the OCC said.

This isn’t the first time Community Federal has run afoul of the OCC. The regulator placed the bank in “troubled condition” after it reported "unsafe or unsound” practices in February 2020 with respect to the lender’s strategic planning processes and earnings. The OCC ordered Community Federal, at the time, to form a compliance committee and write a three-year strategic plan.

Likewise, the OCC, in the order signed April 24, demanded that the bank appoint a compliance committee and submit, within 90 days, a written plan detailing necessary remedial actions.

That means a roadmap to develop, implement and maintain a system to identify and control the risks associated with money laundering and terrorist financing, as well as the recordkeeping and reporting requirements that come with it.

The OCC also wants Community Federal to write an assessment that considers the impact that certain activities, product lines and third-party relationships have on the bank’s BSA/AML risk profile.

The regulator also directed the bank to develop, implement and follow a risk-based suspicious activity review program, and to propose an independent, third-party consultant to review and report on the bank’s suspicious activity monitoring, investigation and decision-making.

Also, the OCC demands that the bank develop an improved independent testing program and ensure it employs adequate staff with the training and expertise to support that effort.

Community Federal, for its part, "began enhancing its compliance framework well before the Consent Order was issued," a spokesperson for the bank said, adding that "significant investments" have been made in the bank’s systems and programs since mid-2024.

The bank has "been actively working to remediate the identified items" and expects to resolve matters contained in the order "over the coming months," the spokesperson said.

Community Federal counted about $866 million in assets as of Dec. 31, according to Federal Deposit Insurance Corp. data.