California Pacific Bank v. Fdic , 885 F.3d 560 ( 2018 )


Menu:
  •                      FOR PUBLICATION
    UNITED STATES COURT OF APPEALS
    FOR THE NINTH CIRCUIT
    CALIFORNIA PACIFIC BANK,                          No. 16-70725
    Petitioner,
    v.
    OPINION
    FEDERAL DEPOSIT INSURANCE
    CORPORATION,
    Respondent.
    On Petition for Review of an Order of the
    Federal Deposit Insurance Corporation
    Argued and Submitted November 15, 2017
    San Francisco, California
    Filed March 12, 2018
    Before: Ronald M. Gould and Mary H. Murguia, Circuit
    Judges, and James E. Gritzner, * District Judge.
    Opinion by Judge Gritzner
    *
    The Honorable James E. Gritzner, United States District Judge for
    the Southern District of Iowa, sitting by designation.
    2             CALIFORNIA PACIFIC BANK V. FDIC
    SUMMARY **
    Federal Deposit Insurance Corporation /
    Bank Secrecy Act
    The panel denied a petition for review brought by
    California Pacific Bank, challenging the constitutionality of
    the Bank Secrecy Act (“BSA”) and its implementing
    regulations, and alleging that the Federal Deposit Insurance
    Corporation Board of Directors’ decision – finding that the
    Bank violated the BSA and ordering the Bank to implement
    a plan to bring the Bank into compliance – was not supported
    by substantial evidence.
    The FDIC Board concluded that the Bank did not comply
    with the BSA’s implementing regulations because it failed
    to establish and maintain procedures designed to ensure
    adequate     internal    controls,    independent  testing,
    administration, and training – the “four pillars.”
    As a preliminary matter, the panel held that the Bank
    preserved its constitutional challenges, and they were not
    waived.
    The panel held that the BSA and its implementing
    regulations were not unconstitutionally vague, and the FDIC
    and the administrative law judge did not exhibit
    unconstitutional bias against the Bank. The panel further
    held that the FDIC acted in accordance with the law by
    relying on the Federal Financial Institutions Examination
    Council Manual to clarify its four pillars regulation. The
    **
    This summary constitutes no part of the opinion of the court. It
    has been prepared by court staff for the convenience of the reader.
    CALIFORNIA PACIFIC BANK V. FDIC               3
    panel also held that substantial evidence supported the FDIC
    Board’s decisions that the Bank failed to comply with the
    four pillars and that the Bank failed to file a suspicious
    activity report, where one was needed, and thus, that the
    Bank did not comply with the BSA.
    COUNSEL
    Matthew W. Powell (argued) and Steven J. Williamson,
    Wilke, Fleury, Hoffelt, Gould & Birney, LLP, Sacramento,
    California, for Petitioner
    Joseph Brooks (argued), Counsel, Colleen J. Boles,
    Assistant General Counsel, Kathryn R. Norcross, Senior
    Counsel, Federal Deposit Insurance Corporation, Arlington,
    Virginia, for Respondent.
    OPINION
    GRITZNER, District Judge:
    California Pacific Bank (the Bank) appeals the issuance
    of a cease and desist order by the Board of Directors of the
    Federal Deposit Insurance Corporation (FDIC). The FDIC
    Board, which adopted in full the Recommended Decision of
    the Administrative Law Judge (ALJ), found that the Bank
    violated the Bank Secrecy Act (BSA), 31 U.S.C. §§ 5311–
    5330, and ordered the Bank to implement a corresponding
    plan to bring the Bank into compliance. The FDIC Board
    concluded that the Bank did not comply with the BSA’s
    implementing regulations because it failed to establish and
    maintain procedures designed to ensure adequate internal
    controls, independent testing, administration, and training.
    4           CALIFORNIA PACIFIC BANK V. FDIC
    The Bank filed a timely petition for review, challenging the
    constitutionality of the BSA and its implementing
    regulations and alleging that the FDIC Board’s decision is
    not supported by substantial evidence. We deny the Bank’s
    petition for review.
    I. BACKGROUND
    The BSA establishes, among other things, the
    recordkeeping and reporting requirements for private
    individuals, banks, and other financial institutions. 31
    U.S.C. §§ 5311–5330; 12 U.S.C. §§ 1829b and 1951–1959.
    The BSA was enacted in 1970 as Title II of the Bank Records
    and Foreign Transactions Act, which was a response to
    rising Congressional concern over the use of foreign banks
    to launder the proceeds of illegal activity and evade federal
    income taxes. Pursuant to its purpose of identifying the
    source, volume, and movement of currency and other
    monetary instruments into and out of the United States or
    deposited into financial institutions, the BSA requires banks
    and other financial institutions to maintain a paper trail by
    keeping appropriate records of financial transactions.
    To ensure compliance, Section 8(s) of the Federal
    Deposit Insurance Act directs the FDIC to issue regulations
    requiring banks to maintain a BSA compliance program, to
    review the program during bank examinations, to describe
    any problems with the program in its report of examination
    (ROE), and to state in that report whether a bank has failed
    to correct any problem with its program. 12 U.S.C.
    § 1818(s). In the event that a bank fails to correct any
    problem with its BSA compliance that the FDIC previously
    brought to its attention, the FDIC is required to issue a cease
    and desist order against the bank. 12 U.S.C. § 1818(s)(3)(B).
    CALIFORNIA PACIFIC BANK V. FDIC                       5
    FDIC regulations require that all insured nonmember
    banks “establish and maintain procedures reasonably
    designed to assure and monitor their compliance with the
    requirements of” the BSA and its implementing regulations.
    12 C.F.R. § 326.8(a). Section 326.8(c) outlines the “four
    pillars” of compliance, which require that insured
    nonmember banks, at minimum,
    (1) Provide for a system of internal controls
    to assure ongoing compliance;
    (2) Provide for independent testing for
    compliance to be conducted by bank
    personnel or by an outside party;
    (3) Designate an individual or individuals
    responsible for coordinating and monitoring
    day-to-day compliance; and
    (4) Provide         training    for    appropriate
    personnel.
    The failure of any individual pillar can result in the FDIC
    deeming a bank noncompliant with the BSA. The Federal
    Financial Institutions Examination Council (FFIEC) Manual
    clarifies compliance requirements and provides for
    consistent examination procedures. 1 In January 2012, the
    Bank issued its revised “Bank Secrecy Act/Anti-Money
    Laundering Program Risk Assessment” Manual (Bank BSA
    1
    The FFIEC Manual is written collaboratively among the FDIC, the
    Board of Governors of the Federal Reserve System, the National Credit
    Union Administration, the Office of the Comptroller of the Currency,
    state banking agencies, and the Financial Crimes Enforcement Network.
    6           CALIFORNIA PACIFIC BANK V. FDIC
    Policy Manual), which serves as the Bank’s in-house guide
    for BSA compliance.
    As defined by the BSA, the Bank is a “State non-member
    bank” and an “insured depository institution.” 12 U.S.C.
    § 1813(c)(2) and (e)(2). The Bank is a community bank with
    offices in San Francisco and Fremont, California. In 2012,
    the Bank had fewer than fifteen employees, approximately
    200 customers, and approximately 500 deposit accounts.
    The Bank’s customer base consists of a significant number
    of import-export customers, accounts held by non-resident
    aliens, and accounts with international transactions.
    In July 2010, FDIC Examiner Heather Rawlins
    conducted a safety and soundness examination of the Bank.
    Rawlins deemed the Bank’s BSA program satisfactory but
    identified several areas that “must be corrected.” Among the
    corrective requirements were that the Bank document its
    director training and incorporate a method of testing
    employees’ knowledge of training; designate new customers
    that have high levels of activity as high risk for at least six
    months; monitor and analyze aggregate activity for at least
    three months to establish a pattern of activity; and increase
    the risk rating for the customer base. Rawlins reviewed the
    results of the examination with the Bank’s CEO, Richard
    Chi, and the Bank’s third-party auditor, Joan Vivaldo. The
    Bank’s management agreed to the recommendations.
    During 2011, at least four individuals served
    sequentially as the Bank’s BSA compliance officer (BSA
    Officer). In August 2011, Alan Chi, CEO Richard Chi’s son,
    became acting BSA Officer without the Bank’s Board of
    Directors interviewing for the position. Further, the Bank’s
    Board of Directors did not recruit anyone else for the
    vacancy. Following election by the Bank’s Board of
    CALIFORNIA PACIFIC BANK V. FDIC                  7
    Directors in January 2012, Alan Chi became the Bank’s
    permanent BSA Administrator, in addition to the Bank’s
    Senior Vice President, Senior Credit Officer, Chief Financial
    Officer, Internal Auditor, and Operations Compliance
    Officer.
    After becoming acting BSA Officer in 2011, Alan Chi
    revised the Bank’s new customer deposit account risk
    assessment form. Under the revised form, accounts would
    be downgraded (assessed a lower score on the risk-point
    scale) if a customer already maintained an account at the
    bank or if a customer had been referred to the Bank by an
    employee or well-known customer. Vivaldo criticized the
    revised scoring methodology, and in correspondence with
    Alan Chi, noted that this methodology failed to identify three
    new high risk deposit accounts. Vivaldo commented that
    Alan Chi’s use of an automatic twelve point reduction for
    certain customers “could turn around and bite them
    someday.” Vivaldo informed Alan Chi that if he ignored
    her, he would be left “to the tender mercies of the FDIC.”
    Alan Chi replied that he deemed the lower risk rating
    satisfactory, given his longstanding knowledge of the
    customers. In a follow-up communication, Vivaldo flagged
    the potential for the FDIC to criticize the Bank for failing to
    report high risk accounts. This prompted Alan Chi to further
    revise his risk assessment form. In the updated version,
    accounts would be downgraded only if directly related to any
    loan or existing deposit account. Vivaldo’s concerns
    persisted: “Again, I suggest you lower the score tiers to pre
    July 2011 levels. With the proposed ranges, almost no
    account will be medium risk or high risk. An unnatural
    system. The FDIC recommended the pre July 2011 scoring
    tiers.”
    8           CALIFORNIA PACIFIC BANK V. FDIC
    Alan Chi also revised the risk assessment form the Bank
    used to assess its own risk. Using this altered methodology
    resulted in the Bank having a “low,” rather than “medium to
    high,” overall risk rating. Vivaldo disagreed with the new
    methodology.
    FDIC examiner Rawlins performed another examination
    of the Bank beginning on December 3, 2012, which used the
    Bank’s information as of September 30, 2012. The FDIC’s
    2012 ROE concluded that the Bank failed to administer a
    BSA compliance program in accordance with the four pillars
    and failed to file a Suspicious Activity Report (SAR) where
    one was needed.
    Rawlins assessed the Bank’s progress for the first BSA
    pillar, internal controls, by selecting twenty-four deposit
    accounts for review. Rawlins found that the information
    contained within sixteen of the accounts was incomplete and
    that activity in those accounts was higher than expected.
    Although Alan Chi informed Rawlins that the Bank’s loan
    accounts contained additional information, Rawlins
    reviewed only the deposit accounts. Rawlins echoed
    Vivaldo’s concerns regarding the Bank’s revised risk
    ratings. Rawlins discovered that the Bank had persisted with
    daily batch reviews of account activity, rather than adopting
    Rawlins’ recommendation for longer-term monitoring. The
    Bank’s loan documentation revealed four site visits between
    August 2009 and May 2012, only one of which occurred
    after Alan Chi became acting BSA Officer. Rawlins
    considered Alan Chi’s due diligence with respect to site
    visits to be inadequate. Alan Chi testified at the ALJ hearing
    that he kept his BSA assessments relating to the site visits
    “in my head, as well as [the heads of] the other officers that
    went with me.”
    CALIFORNIA PACIFIC BANK V. FDIC                   9
    The FDIC’s review of the second pillar, independent
    testing, centered on Vivaldo. Vivaldo was the Bank’s
    internal auditor from 2005 through the second quarter of
    2012 and performed quarterly reviews. Prior to the 2012
    review, FDIC examiners had not criticized Vivaldo’s
    methods. Nonetheless, Rawlins deemed Vivaldo’s 2012
    review inadequate. Rawlins noted that Vivaldo’s 2012
    report failed to assess Alan Chi’s qualifications as BSA
    Officer, to assess the sufficiency of the Bank’s compliance
    training, or to identify the deficiencies relating to risk rating
    and customer monitoring that the examiners discovered
    during the 2010 examination and continued in the 2012
    examination. Rawlins also considered Vivaldo’s role with
    the Bank to be a conflict of interest. Although Vivaldo was
    the Bank’s designated auditor, her engagement agreement
    with the Bank identified her role as “consultant,” and she
    provided monthly BSA administrator reports directly to the
    Bank’s Board of Directors. Vivaldo also drafted the Bank’s
    BSA Policy Manual in 2006 and recommended yearly
    updates.
    The FDIC’s review of the third pillar, administration,
    centered on Alan Chi. Alan Chi had received no training in
    BSA compliance before taking over as BSA Officer in
    August 2011. After his appointment, he attended several
    Independent Community Bankers of America courses and
    completed a webinar. He also gained familiarity with the
    BSA through interactions with the FDIC and review of FDIC
    reports. Rawlins determined that this was inadequate
    experience to administer the Bank’s BSA compliance
    program. Rawlins also concluded that Alan Chi could not
    dedicate sufficient time to compliance amidst his many roles
    at the Bank. Rawlins believed that sharing BSA and credit
    responsibilities created a conflict of interest and inhibited
    10            CALIFORNIA PACIFIC BANK V. FDIC
    Alan Chi’s ability to assess the Bank’s compliance efforts
    objectively.
    With regard to the fourth pillar, training, Alan Chi
    offered presentations to Bank staff on customer
    identification, currency transaction reporting, anti-money
    laundering, identity theft, and unlawful internet gambling.
    He also provided employees with copies of the Bank’s BSA
    Policy Manual and tested their knowledge through quizzes.
    Employees were expected to attend a webinar, which
    Rawlins considered rudimentary. Rawlins found that the
    Bank’s training materials were not tailored to specific job
    functions. Rawlins concluded that Alan Chi was an
    inadequate BSA Officer who was not qualified to serve as
    the sole person responsible for BSA compliance training,
    thus rendering the training insufficient.
    In addition to her review of the Bank’s compliance with
    the four pillars, Rawlins noticed that the Bank did not file a
    SAR or document its decision not to file a SAR relating to
    several transactions. 2 In 2011 and 2012, the Bank received
    grand jury subpoenas seeking information on several
    customers who were part of a Federal Bureau of
    Investigation (FBI) investigation into international
    espionage and misappropriation of trade secrets. The
    Department of Justice (DOJ) directed the Bank to “maintain
    the utmost secrecy with regard to this Federal grand jury
    subpoena.” Alan Chi interpreted this to mean that he could
    not disclose any aspect of the FBI investigation and decided
    not to file a SAR. Rawlins’ draft 2012 ROE concluded that
    the Bank should have filed a SAR pursuant to 12 C.F.R.
    2
    To the extent that this opinion references information that has been
    filed under seal, we hereby unseal that information for purposes of this
    opinion.
    CALIFORNIA PACIFIC BANK V. FDIC                    11
    § 353.3(a)(4), describing at a general level the suspicious
    transactions of the customers who were under investigation.
    Although Edmund Wong, Rawlins’ immediate supervisor,
    initially disagreed, he ultimately concluded that the Bank
    should have filed a SAR after Wong discovered evidence of
    a so-called “layering scheme” involving several customers.
    After the Bank refused to agree to a consent order
    following the 2012 examination, the FDIC issued a notice of
    charges seeking to impose a cease and desist order against
    the Bank. The Bank’s Answer denied the material
    allegations contained in the notice. The ALJ, C. Richard
    Miserendino, conducted a four-day hearing in San
    Francisco. The ALJ’s Recommended Decision concluded
    that the Bank had violated the BSA and its implementing
    regulations. The ALJ found the Bank’s ancillary defenses
    that the BSA regulations and the FDIC’s alleged bias
    violated the Bank’s due process rights were unavailing. The
    ALJ recommended the issuance of a cease and desist order.
    The FDIC Board affirmed the ALJ’s Recommended
    Decision and issued a cease and desist order. 3 The Bank
    timely filed this petition for review.
    II. STANDARD OF REVIEW
    “Whether a statute or regulation is unconstitutionally
    vague is a question of law and the standard of review is de
    novo.” United States v. Helmy, 
    951 F.2d 988
    , 993 (9th Cir.
    1991) (citation omitted). Due process challenges are also
    3
    The FDIC Board’s Decision and Order to Cease and Desist, and
    the ALJ’s Recommended Decision, can be found at Cal. Pac. Bank, No.
    FDIC-13-094b, 
    2016 WL 2997645
    (Feb. 17, 2016).
    12          CALIFORNIA PACIFIC BANK V. FDIC
    subject to de novo review. Lord Jim’s v. NLRB, 
    772 F.2d 1446
    , 1448 (9th Cir. 1985).
    Under the Administrative Procedure Act (APA), agency
    action must be set aside if it is “arbitrary, capricious, an
    abuse of discretion, or otherwise not in accordance with law”
    or if it is “unsupported by substantial evidence.” 5 U.S.C.
    § 706(2)(A) and (E). “Substantial evidence is more than a
    mere scintilla but less than a preponderance; it is such
    relevant evidence as a reasonable mind might accept as
    adequate to support a conclusion.” De La Fuente v. FDIC,
    
    332 F.3d 1208
    , 1220 (9th Cir. 2003) (citation omitted). The
    substantial evidence standard requires that this court review
    the administrative record as a whole, weighing both the
    evidence that supports and the evidence that detracts from
    the ALJ’s conclusion. Andrews v. Shalala, 
    53 F.3d 1035
    ,
    1039 (9th Cir. 1995). The ALJ is responsible for
    determining credibility and resolving ambiguities when
    relevant. 
    Id. The APA’s
    standard of review is “highly
    deferential, presuming the agency action to be valid and
    affirming the agency action if a reasonable basis exists for
    its decision.” Indep. Acceptance Co. v. California, 
    204 F.3d 1247
    , 1251 (9th Cir. 2000) (citation omitted).
    III. DISCUSSION
    A. Constitutional Challenges
    The Bank advances two constitutional challenges. The
    Bank first challenges that the BSA and its implementing
    regulations are unconstitutionally vague. The Bank’s
    second constitutional challenge is that the FDIC conducted
    a biased investigation that violated the Bank’s due process
    rights.
    CALIFORNIA PACIFIC BANK V. FDIC                 13
    1. Waiver
    As a preliminary matter, the FDIC argues that the Bank’s
    constitutional challenges were waived because they were
    inadequately briefed. In resistance, the Bank argues that it
    did not waive its constitutional challenges, as its brief cited
    Supreme Court decisions and facts from the record that
    support its constitutional challenges.
    Federal Rule of Appellate Procedure 28(a)(8)(A)
    requires that the argument section of a brief contain
    “appellant’s contentions and the reasons for them, with
    citations to the authorities and parts of the record on which
    the appellant relies.” We have held that arguments are
    waived where the appellant does not present any argument
    to support its assertions and cites no authority. United States
    v. Alonso, 
    48 F.3d 1536
    , 1544–45 (9th Cir. 1995).
    Inadequately briefed and perfunctory arguments are also
    waived. United Nurses Assocs. of Cal. v. NLRB, 
    871 F.3d 767
    , 780 (9th Cir. 2017).
    In support of its constitutional vagueness challenge, the
    Bank cites 12 C.F.R. § 326.8(c) (the FDIC’s four pillars
    regulation) and three Supreme Court decisions that discuss
    vagueness. The Bank also cites passages from the record
    comparing the 2010 and 2012 ROE findings. In addition,
    the Bank references the ALJ’s finding that the FFIEC
    Manual is not entitled to Chevron deference. The Bank’s
    argument relating to FDIC bias, while similarly abbreviated,
    cites to the record and references a Supreme Court case. For
    both constitutional arguments, the Bank cites valid legal
    authorities and references the record, and therefore has at
    least minimally preserved its constitutional challenges. See
    Fed. R. App. P. 28(8)(A); 
    Alonso, 48 F.3d at 1544
    .
    14          CALIFORNIA PACIFIC BANK V. FDIC
    2. Vagueness
    Turning to the merits of the constitutional challenges, the
    Bank argues that the BSA is unconstitutionally vague
    because neither the statute nor its implementing regulations
    were precise enough to inform the Bank of its required
    conduct. The Bank also contends that the statute and
    regulations are unconstitutionally vague because the FDIC
    can arbitrarily determine whether BSA compliance
    procedures are sufficient. The Bank further argues that the
    FFIEC Manual cannot clarify compliance procedures
    because the FFIEC Manual lacks the force and effect of law.
    “To pass constitutional muster against a vagueness
    attack, a statute must give a person of ordinary intelligence
    adequate notice of the conduct it proscribes.” Craft v. Nat’l
    Park Serv., 
    34 F.3d 918
    , 921 (9th Cir. 1994) (quoting United
    States v. 594,464 Pounds of Salmon, 
    871 F.2d 824
    , 829 (9th
    Cir. 1989)). Various factors affect our analysis, including
    “whether or not the statute at issue (1) involved only
    economic regulation, (2) contained only civil, not criminal
    penalties, (3) contained a scienter requirement, . . . and (4)
    threatened any constitutionally protected rights.” Hanlester
    Network v. Shalala, 
    51 F.3d 1390
    , 1398 (9th Cir. 1995)
    (citing Vill. of Hoffman Estates v. Flipside, Hoffman Estates,
    Inc., 
    455 U.S. 489
    , 498–99 (1982)). “Further, exactness can
    be achieved not just on the face of the statute, but also
    through limiting constructions given to the statute by the . . .
    enforcement agency.” Hess v. Bd. of Parole & Post-Prison
    Supervision, 
    514 F.3d 909
    , 914 (9th Cir. 2008).
    Where economic regulation is involved, vagueness is
    less of a concern because “the regulated enterprise may have
    the ability to clarify the meaning of the regulation by its own
    inquiry, or by resort to an administrative process.” United
    CALIFORNIA PACIFIC BANK V. FDIC                15
    States v. Doremus, 
    888 F.2d 630
    , 634–35 (9th Cir. 1989)
    (quoting Hoffman 
    Estates, 455 U.S. at 498
    ). “In considering
    whether an administrative regulation is unconstitutionally
    vague, the reviewing court must assess it within the context
    of the particular conduct to which it is being applied.” Great
    Am. Houseboat Co. v. United States, 
    780 F.2d 741
    , 747 (9th
    Cir. 1986) (citing United States v. Nat’l Dairy Prods. Corp.,
    
    372 U.S. 29
    , 33–36 (1963)). We must consider if the
    regulation “applies to ‘a select group of persons having
    specialized knowledge.’” United States v. Elias, 
    269 F.3d 1003
    , 1015 (9th Cir. 2001) (quoting United States v.
    Weitzenhoff, 
    35 F.3d 1275
    , 1289 (9th Cir. 1993)).
    “Interpretations such as those in opinion letters—like
    interpretations contained in policy statements, agency
    manuals, and enforcement guidelines, all of which lack the
    force of law—do not warrant Chevron-style deference.”
    Christensen v. Harris Cty., 
    529 U.S. 576
    , 587 (2000).
    However, an agency-issued instruction manual, even if
    lacking the force of law itself, can clarify what conduct is
    expected of a person subject to a particular regulation and
    thus mitigate against vagueness. See Pinnock v. Int’l House
    of Pancakes Franchise, 
    844 F. Supp. 574
    , 581 (S.D. Cal.
    1993) (citing Ward v. Rock Against Racism, 
    491 U.S. 781
    ,
    795 (1989); Hoffman 
    Estates, 455 U.S. at 502
    , 504; Grayned
    v. City of Rockford, 
    408 U.S. 104
    , 110 (1972)); accord
    United States v. Woodley, 
    9 F.3d 774
    , 778 (9th Cir. 1993)
    (rejecting a vagueness challenge to Health Care Financing
    Administration’s “related party regulation” based, in part, on
    the fact that the regulation referenced a “Provider
    Reimbursement Manual” that had been issued by the
    Department of Health and Human Services); Magic Valley
    Potato Shippers, Inc. v. Sec’y of Agric., 
    702 F.2d 840
    , 841–
    42 (9th Cir. 1983) (per curiam) (rejecting a vagueness
    challenge to a Department of Agriculture regulation based,
    16           CALIFORNIA PACIFIC BANK V. FDIC
    in part, on the availability of “instructional manuals” issued
    by that agency).
    Not only are the BSA and FDIC’s implementing
    regulations economic in nature and threaten no
    constitutionally protected rights, but it is clear that a detailed
    manual issued by agencies with enforcement authority, such
    as the FFIEC Manual, can put regulated banks on notice of
    expected conduct. The BSA authorizes the FDIC to review
    banks for compliance. 12 U.S.C. § 1818(s). The FFIEC
    Manual frames the examiners’ expectations in anticipation
    of routine compliance checks. The Bank knew these
    expectations. Indeed, the FDIC Board found that provisions
    of the FFIEC Manual were incorporated in the Bank’s own
    BSA Policy Manual, and copies of the FFIEC Manual were
    found scattered throughout the Bank. A BSA Officer at the
    Bank bearing the requisite “specialized knowledge” would
    understand that compliance with the FFIEC Manual ensures
    compliance with the BSA. See 
    Elias, 269 F.3d at 1015
    . The
    BSA and its implementing regulations are not
    unconstitutionally vague.
    3. Investigative Bias
    The Bank’s second constitutional challenge is that the
    FDIC violated its due process rights by conducting a biased
    investigation. The Bank argues that comments made by
    examiners charged with assisting in the investigation
    demonstrate that the 2012 examination was predetermined.
    As examples of bias, the Bank points to Rawlins’ decision to
    disregard the Bank’s loan files when she was reviewing the
    Bank’s deposit files for due diligence information, her
    criticism of Alan Chi for not filing a SAR, and her refusal to
    look at Vivaldo’s Fourth Quarter 2011 Report. The Bank
    also asserts that bias was demonstrated by the ALJ’s failure
    CALIFORNIA PACIFIC BANK V. FDIC                     17
    to consider the 2010 ROE, which concluded that the Bank’s
    BSA program was generally adequate. The FDIC counters
    that the Bank’s unconstitutional bias charge fails as a matter
    of law and as a matter of fact.
    “[W]hen governmental agencies adjudicate or make
    binding determinations which directly affect the legal rights
    of individuals, it is imperative that those agencies use the
    procedures which have traditionally been associated with the
    judicial process.” Hannah v. Larche, 
    363 U.S. 420
    , 442
    (1960).      However, “when a general fact-finding
    investigation is being conducted, it is not necessary that the
    full panoply of judicial procedures be used.” 
    Id. “Whether the
    Constitution requires that a particular right obtain in a
    specific proceeding depends upon a complexity of factors.
    The nature of the alleged right involved, the nature of the
    proceeding, and the possible burden on that proceeding, are
    all consider[ed].” 
    Id. Inherent in
    an agency’s power of
    investigation is the authority “to prevent the sterilization of
    investigations by burdening them with trial-like
    procedures.” 
    Id. at 448.
    Administrative prosecutors are thus
    “accorded wide discretion” and “need not be entirely
    ‘neutral and detached.’” 4 Marshall v. Jerrico, Inc., 
    446 U.S. 238
    , 248 (1980) (quoting Ward v. Vill. of Monroeville, 
    409 U.S. 57
    , 62 (1972)). However, the Supreme Court has
    advised that we should be chary of schemes that inject “a
    personal interest, financial or otherwise, into the
    enforcement process [which] may bring irrelevant or
    impermissible factors into the prosecutorial decision and in
    some contexts raise serious constitutional questions.” 
    Id. at 249–50.
    In the event there was no scheme injecting a
    4
    The Bank concedes that, “generally, bias exhibited during a
    regulatory investigation does not rise to the level of a due process
    violation.” Pet’r’s Br. 21.
    18          CALIFORNIA PACIFIC BANK V. FDIC
    personal or financial interest into the FDIC examiners’
    investigation, and in the event the Bank received neutral
    adjudicatory review by the ALJ and the FDIC Board, the
    Bank’s due process rights were not violated.
    The FDIC examiners’ function is exclusively fact-
    finding. Thus, their review of the Bank during the 2012
    examination need not have been “neutral and detached.” See
    
    id. at 248
    (quoting 
    Ward, 409 U.S. at 62
    ). Even were the
    Bank correct in pointing to examiner comments and
    Rawlins’ examination protocol as examples of bias, the
    Bank has failed to demonstrate that the FDIC examiners
    worked under a scheme which injected a personal or
    financial interest into their enforcement efforts. Moreover,
    the Bank participated in an ALJ hearing, during which it
    could cross-examine the FDIC’s allegedly biased examiners,
    and the FDIC Board reviewed the ALJ’s findings. The
    Bank’s charge that the FDIC examiners were
    unconstitutionally biased is unavailing.
    The Bank further argues that the ALJ was biased,
    specifically noting that the ALJ failed to consider the 2010
    ROE. Contrary to the Bank’s challenge, the ALJ did
    consider the 2010 ROE. The ALJ noted that, while the
    Bank’s compliance was generally adequate, the 2010 ROE
    concluded “there were a number of areas that needed
    improvement, particularly given the Bank’s risk profile.”
    Cal. Pac. Bank, 
    2016 WL 2997645
    , at *20. The ALJ
    highlighted two places where the Bank came up short in
    implementing the 2010 ROE: by failing to monitor and
    aggregate activity in high risk accounts and by improperly
    lowering its self-assessed risk rating. The Bank’s charge that
    the ALJ failed to consider the 2010 ROE is contradicted by
    the record. There are no other allegations of bias relating to
    the ALJ. And in reviewing the record, we find that the ALJ’s
    CALIFORNIA PACIFIC BANK V. FDIC                19
    extensive four-day hearing was conducted in a fair,
    impartial, and efficient manner as FDIC regulations require.
    12 C.F.R. § 308.5(a).
    Neither the FDIC’s investigation nor the ALJ was
    unconstitutionally biased against the Bank.
    B. The FDIC Board’s BSA Compliance Findings
    Under the APA, agency action can be set aside only if
    “arbitrary, capricious, an abuse of discretion, or otherwise
    not in accordance with law” or “unsupported by substantial
    evidence.” 5 U.S.C. § 706(2)(A) and (E). The APA’s
    standard is “highly deferential.” Indep. Acceptance 
    Co., 204 F.3d at 1251
    . The FDIC Board adopted in full the ALJ’s
    findings, which looked to the FFIEC Manual as an authority
    on compliance with the FDIC’s four pillars regulation. The
    FDIC Board found that the Bank failed to comply with the
    four pillars of BSA compliance: adequate controls,
    independent testing, administration, and training. The FDIC
    Board further found that the Bank did not file a SAR where
    one was required. The Bank argues that the FDIC Board
    erred with each of these decisions.
    1. FDIC Reference to the FFIEC Manual
    The Bank takes issue with the FDIC’s use of the FFIEC
    Manual as relevant authority in interpreting what the four
    pillars regulation required of the Bank. The Bank argues that
    the FDIC Board’s reliance on the guidance and
    recommendations found in the FFIEC Manual was not in
    accordance with the law, as the FFIEC Manual could not
    impose legal obligations on the Bank. The FDIC counters
    that an agency may properly rely on, and clarify regulations
    with, an instructional manual promulgated to provide
    guidance on what is required by the regulation it administers.
    20          CALIFORNIA PACIFIC BANK V. FDIC
    Under Auer v. Robbins, 
    519 U.S. 452
    (1997), an
    agency’s interpretation of its own regulations is “controlling
    unless plainly erroneous or inconsistent with the regulation.”
    
    Id. at 461
    (citation and internal quotation marks omitted).
    “Under Auer . . . the court must first determine whether the
    regulation was ambiguous.” Bassiri v. Xerox Corp., 
    463 F.3d 927
    , 931 (9th Cir. 2006) (citing 
    Christensen, 529 U.S. at 588
    ). Ambiguous regulations include those that are “not
    entirely ‘free from doubt,’” 
    id. (quoting Providence
    Health
    System-Washington v. Thompson, 
    353 F.3d 661
    , 665 (9th
    Cir. 2003)), or “susceptible to different interpretations and
    . . . discretionary elements,” Siskiyou Regional Education
    Project v. U.S. Forest Service, 
    565 F.3d 545
    , 557 (9th Cir.
    2009). If the regulation in question is ambiguous, we defer
    to the agency’s interpretation unless “an alternative reading
    is compelled by the regulation’s plain language or by other
    indications of the [agency’s] intent at the time of the
    regulation’s promulgation.” 
    Bassiri, 463 F.3d at 931
    (alteration in original) (quoting Thomas Jefferson Univ. v.
    Shalala, 
    512 U.S. 504
    , 512 (1994)).             An agency’s
    interpretation of its own regulation can be advanced through
    informal means, including an agency manual. See Pub.
    Lands for the People, Inc. v. U.S. Dep’t of Agric., 
    697 F.3d 1192
    , 1199 (9th Cir. 2012) (according “wide deference” to
    the U.S. Forest Service’s interpretation of a regulation
    contained in the “Forest Service Manual”).
    The FDIC’s four pillars regulation is ambiguous. The
    four pillars are not entirely “free from doubt,” given the
    complexity of BSA compliance and the need for FDIC
    officials to conduct administrative examinations of bank
    BSA programs. See 
    Bassiri, 463 F.3d at 931
    . That banks
    can design different compliance programs further
    demonstrates that the four pillars are “susceptible to different
    interpretations.” See 
    Siskiyou, 565 F.3d at 557
    .
    CALIFORNIA PACIFIC BANK V. FDIC                21
    In Financial Institution Letter 17-2010, the FDIC
    announced the release of the 2010 version of the FFIEC
    Manual.      Though the FFIEC Manual was written
    collaboratively among multiple federal and state agencies,
    the Letter clarified that the FFIEC Manual contained the
    FDIC’s supervisory expectations with respect to BSA
    compliance. We must thus defer to the FFIEC Manual
    unless it is “plainly erroneous or inconsistent” with the
    FDIC’s four pillars regulation, or unless “an alternative
    reading is compelled by the regulation’s plain language.”
    
    Auer, 519 U.S. at 461
    ; 
    Bassiri, 463 F.3d at 931
    (quoting
    Thomas 
    Jefferson, 512 U.S. at 512
    ); Pub. 
    Lands, 697 F.3d at 1199
    . As the ALJ noted, the FFIEC Manual is “a uniformly
    recognized ‘authority’ on BSA policies, procedures, and
    processes” with “[e]ach section serv[ing] as a platform for
    the BSA/AML examination and, for the most part,
    address[ing] the legal and regulatory requirements of the
    BSA/AML compliance program.” Cal. Pac. Bank, 
    2016 WL 2997645
    , at *36. As explained in the next section, the
    FFIEC Manual defines and provides clarifying guidance on
    each of the four pillars. Rawlins testified that FDIC
    examiners and banks alike use the FFIEC Manual as a
    roadmap for banks’ compliance with the four pillars.
    Fittingly, Vivaldo also described the FFIEC Manual as an
    authority for BSA compliance, and the Bank’s own BSA
    Policy Manual repeatedly referenced the FFIEC Manual.
    The FFIEC Manual is not plainly erroneous or inconsistent
    with the FDIC’s four pillars regulation. Nor is an alternative
    reading compelled by the plain language of 12 C.F.R.
    § 326.8(c), given the generalized framing of the four pillars.
    The FFIEC Manual must receive Auer deference.
    The FDIC Board acted in accordance with the law in
    referencing the FFIEC Manual to clarify the four pillars
    analysis for determining violations of the BSA.
    22          CALIFORNIA PACIFIC BANK V. FDIC
    2. The Four Pillars
    The Bank next argues that the FDIC Board’s
    determination that the Bank failed to comply with each of
    the BSA’s four pillars—internal controls, independent
    testing, administration, and training—is not supported by
    substantial evidence.
    a. Internal Controls
    The first pillar of BSA compliance requires that banks
    “[p]rovide for a system of internal controls to assure ongoing
    compliance.” 12 C.F.R. § 326.8(c)(1). The FFIEC Manual
    advises that “[t]he level of sophistication of the internal
    controls should be commensurate with the size, structure,
    risks, and complexity of the bank.” The FFIEC Manual
    provides that banks are required to maintain controls that
    identify vulnerabilities and monitor the bank’s risk profile.
    The FDIC Board adopted the ALJ’s findings that the
    Bank failed to conduct and document adequate customer due
    diligence, to identify certain customers as high risk, to
    conduct adequate site visits, and to sufficiently monitor
    accounts for suspicious activity. The Bank argues that the
    FDIC Board’s decision is not supported by substantial
    evidence. The Bank asserts that its deposit and loan
    documentation, as well as its review of daily batch reports,
    demonstrate that it adequately evaluated and monitored its
    depositors. The Bank also argues that its site visits were
    sufficiently documented in its loan files and that the 2010
    ROE recommendations were either complied with or were
    unnecessary.
    Although Rawlins deemed the Bank’s overall
    compliance satisfactory in her 2010 ROE, she identified
    several areas that “must be corrected.” In the event a bank
    CALIFORNIA PACIFIC BANK V. FDIC                23
    “has failed to correct any problem” with BSA compliance
    that was previously brought to its attention, the FDIC shall
    issue a cease and desist order against the bank. 12 U.S.C.
    § 1818(s)(3)(B) (emphasis added).
    The FDIC Board found that the Bank failed to
    adequately collect, document, and update BSA-relevant
    information about its depositors, as shown by the lack of
    information in the Bank’s deposit account files. During her
    2012 examination, Rawlins reviewed twenty-four deposit
    accounts.      Although eight were adequate, Rawlins
    determined that the information contained within the
    remaining sixteen was incomplete, with account activity
    significantly higher than expected. The Bank argues that
    Rawlins failed to consider the Bank’s loan files, which it
    asserts provided the information that was absent from the
    twenty-four accounts reviewed by Rawlins. Rawlins
    focused on the Bank’s deposit files, not its loan files, since
    suspicious account activity was more likely to be found in
    the deposit files. Loan files, by contrast, generally focus on
    a customer’s creditworthiness rather than on the sources of
    funds deposited into a bank. The Bank’s BSA Policy
    Manual also provided that deposit accounts should be the
    locus of risk assessment and that depositors’ loan files would
    be copied into the Bank’s deposit account files. The FDIC’s
    Board’s finding that the Bank did not sufficiently document
    its depositors is supported by substantial evidence.
    The FDIC Board also found that the Bank failed to
    adequately monitor depositors’ activity. Regarding the
    monitoring requirement, the FFIEC Manual provides that
    review of customer accounts can involve either daily reports
    or reports covering a period of time. However, this choice
    bears the caveat that “[t]he type and frequency of reviews
    and resulting reports used should be commensurate with the
    24            CALIFORNIA PACIFIC BANK V. FDIC
    bank’s BSA/AML risk profile and appropriately cover its
    higher-risk products, services, customers, entities, and
    geographic locations.” The 2010 ROE determined that for
    certain customers the Bank needed to monitor and analyze
    aggregate activity over three months or more to establish a
    pattern of activity, rather than rely on daily reports to
    monitor those customers. The Bank, however, persisted
    with daily batch reviews of account activity. The FDIC
    Board’s finding that, by failing to monitor long-term
    activity, the Bank contravened the 2010 ROE is supported
    by substantial evidence.
    The FDIC Board also found that the Bank failed to
    properly risk-rate its depositors’ accounts. The 2010 ROE
    directed that the Bank designate new customers with high
    levels of activity as high risk for at least six months and to
    increase the risk rating for the customer base overall to
    medium or high risk. Rawlins determined that the Bank’s
    customer base, lack of internal controls, deficient BSA
    program, and geographic location demonstrated an overall
    high risk for the Bank. 5 Following her 2010 review, Rawlins
    made clear to Richard Chi and Vivaldo the need for a higher
    risk assessment, which was tailored to “a bank of their size
    and their complexity with their risk profile.”
    After assuming the role of BSA Officer in 2011, Alan
    Chi revised the Bank’s new customer deposit account risk
    assessment form. Vivaldo advised Alan Chi that the revised
    risk ratings failed to identify high risk accounts. Alan Chi
    5
    This assessment correlated with Part I of the Bank’s BSA Policy
    Manual, which noted that the “Bank’s Inherent Risk Assessment of
    BSA/AML is HIGH because the Bank is in both a High Intensity Drug
    Trafficking Area and a High Intensity Financial Crime Area.” Vivaldo’s
    Fourth Quarter 2011 Report also described the Bank’s risk as “inherently
    High.”
    CALIFORNIA PACIFIC BANK V. FDIC                  25
    amended the risk assessment form in light of Vivaldo’s
    criticisms.    However, instead of using the FDIC’s
    recommended scoring tiers, he merely altered the
    circumstances under which customer risk would be
    downgraded. Alan Chi also revised the risk assessment form
    the Bank used to assess its own risk, which resulted in a
    “low” risk rating for the Bank and drew further criticism
    from Vivaldo. The ALJ found no evidence, nor does the
    record indicate, that Alan Chi followed through on Vivaldo’s
    guidance. The FDIC Board’s finding that the Bank’s risk
    assessment practices did not accord with the 2010 ROE is
    supported by substantial evidence.
    The FDIC Board also found that the Bank failed to
    document BSA site visits to its customers. The Bank argues
    that it did conduct site visits, and that documentation relating
    to the visits was included in its loan files. However, Vivaldo
    testified that not all of the site visits were documented in the
    loan files, and Alan Chi testified that he kept BSA
    assessments “in [his] head.” Rawlins considered the Bank’s
    loan site visits inadequate, reasoning that they focused more
    on credit risk than cash activity. The ALJ found that the
    Bank’s loan documentation revealed just four site visits,
    only one of which occurred after Alan Chi became the
    Bank’s BSA Officer—a visit that was prompted by a loan
    application and not a newly opened deposit account. The
    FDIC Board’s finding that the site visits did not reflect
    adequate monitoring is supported by substantial evidence.
    The Bank’s failure to correct problems with its internal
    controls that were previously brought to its attention in the
    2010 ROE, on its own, required the FDIC to issue a cease
    and desist order against the Bank.               12 U.S.C.
    § 1818(s)(3)(B). As repeatedly noted, the Bank’s failure to
    address corrective measures from the 2010 ROE is a material
    26            CALIFORNIA PACIFIC BANK V. FDIC
    factor in reaching the substantial evidence threshold. De La
    
    Fuente, 332 F.3d at 1220
    (“Substantial evidence . . . is such
    relevant evidence as a reasonable mind might accept as
    adequate to support a conclusion.”). The FDIC Board’s
    determination that the Bank did not maintain adequate
    internal controls, and thus, did not comply with the BSA, is
    supported by substantial evidence. 6
    b. Independent Testing
    The second pillar of compliance requires that banks
    “[p]rovide for independent testing for compliance to be
    conducted by bank personnel or by an outside party.” 12
    C.F.R. § 326.8(c)(2). The FFIEC Manual provides that
    “independent testing” includes, at a minimum, providing
    sufficient information to allow a reviewer “to reach a
    conclusion about the overall quality of the BSA/AML
    compliance program.” The FFIEC Manual further provides
    that an auditor “must not be involved in any part of the
    bank’s BSA/AML compliance program.” The FDIC Board
    adopted the ALJ’s findings that Vivaldo’s 2012 Quarterly
    Report was deficient and that the Bank’s independent testing
    was inadequate. The Bank argues that this decision is not
    supported by substantial evidence.
    The Bank argues that the examiners failed to consider
    Vivaldo’s Fourth Quarter 2011 Report, which it asserts
    concluded that the Bank’s performance was satisfactory. At
    the ALJ hearing, however, Vivaldo conceded that, while the
    Fourth Quarter 2011 Report described certain components
    of the Bank’s BSA program as “satisfactory,” the report
    6
    The FDIC Board’s SAR determination overlaps with the first
    pillar, but it also falls under an FDIC regulation distinct from the four
    pillars. It is therefore addressed separately. See infra Part III.B.3.
    CALIFORNIA PACIFIC BANK V. FDIC                       27
    lacked an explicit conclusion with respect to the BSA
    program as a whole.
    Moreover, despite Rawlins’ request for copies of any
    audits completed since the 2010 ROE, the Bank provided
    Rawlins with only one audit report prepared by Vivaldo
    covering the first two quarters of 2012. 7 Rawlins found
    Vivaldo’s review inadequate, as it lacked an overall
    assessment and failed to identify the deficiencies that had
    been identified by the FDIC examiners. For example,
    Vivaldo did not assess Alan Chi’s qualifications or review
    the Bank Board’s decision-making in appointing Alan Chi
    as the Bank’s BSA Officer. Although Vivaldo noted the
    Bank’s review of daily batch reports, she did not assess
    whether this was adequate for monitoring risk. Similarly,
    while Vivaldo observed that the Bank’s staff attended a
    webinar, she did not assess whether this was adequate
    training. The FDIC Board’s finding that Vivaldo’s 2012
    report was inadequate is supported by substantial evidence.
    Although the FDIC Board primarily based its finding
    that the Bank’s independent testing was inadequate on
    Vivaldo’s 2012 report, the record further suggests that
    Vivaldo had a conflict of interest. Vivaldo’s testimony at the
    ALJ hearing contradicted her 2011 criticism of Alan Chi’s
    revised risk rating methodology. As noted, in 2011, Vivaldo
    told Alan Chi that his revised ratings were inadequate and
    flagged concerns with respect to several customers whose
    risk scores were underrated. At the ALJ hearing, on the other
    hand, Vivaldo testified that Alan Chi’s revised risk
    assessment form was “not a bad form at all” and that she
    thought “they had a very good handle on the activity of their
    7
    The Bank concedes that it brought up the Fourth Quarter 2011
    Report for the first time at the exit meeting for the 2012 examination.
    28            CALIFORNIA PACIFIC BANK V. FDIC
    portfolio by virtue of various monitorings they do.” In
    addition to contradicting her contemporaneous criticisms,
    Vivaldo’s role with the Bank was described as “consultant,”
    and she wrote and updated the Bank’s BSA Policy Manual.
    Vivaldo’s close involvement with the Bank and its BSA
    compliance program contravened the FFIEC Manual’s
    guidance on independent testing.
    The FDIC Board’s decision that Vivaldo did not perform
    independent testing as required by the BSA is supported by
    substantial evidence. 8
    c. Administration
    The third pillar of compliance requires that banks
    “[d]esignate an individual or individuals responsible for
    coordinating and monitoring day-to-day compliance.” 12
    C.F.R. § 326.8(c)(3). The FFIEC Manual provides,
    8
    The Bank advances several additional arguments that merit only
    brief discussion. The Bank argues that because Vivaldo had extensive
    experience and had not been criticized previously by the FDIC, her
    auditing was satisfactory. But a record of successful examinations alone
    is not sufficient to overcome the substantial evidence that supports the
    FDIC Board’s decision. Moreover, the FDIC was not estopped from
    citing inadequate independent testing in 2012 simply because it did not
    raise that issue in the 2010 ROE. See De La 
    Fuente, 332 F.3d at 1220
    .
    The Bank argues that the examiners’ assessment of Vivaldo was based
    on guidance in the FFIEC Manual, which has no legal effect. This
    argument is mooted by our conclusion that the FDIC Board acted in
    accordance with the law in relying on the FFIEC Manual as an
    interpretive authority on the FDIC’s four pillars regulation. Finally, the
    Bank argues that Rawlins was not a credible expert under Federal Rule
    of Evidence 702, because she, unlike Vivaldo, failed to consider relevant
    facts in the form of the Bank’s loan files. Contrary to this argument, the
    record indicates that Rawlins did consider the loan files, but refused to
    accord them any weight in her examination.
    CALIFORNIA PACIFIC BANK V. FDIC                         29
    The BSA compliance officer should be fully
    knowledgeable of the BSA and all related
    regulations. The BSA compliance officer
    should also understand the bank’s products,
    services, customers, entities, and geographic
    locations, and the potential money laundering
    and terrorist financing risks associated with
    those activities. The appointment of a BSA
    compliance officer is not sufficient to meet
    the regulatory requirement if that person does
    not have the expertise, authority, or time to
    satisfactorily complete the job.
    The FDIC Board adopted the ALJ’s finding that Alan Chi
    lacked the experience, training, and time to adequately
    perform as BSA Officer. The Bank argues that this decision
    was not supported by substantial evidence, asserting that
    Alan Chi was qualified based on his experience serving in
    multiple roles at the Bank, his on-the-job training, and his
    prior interactions with the FDIC. The Bank further argues
    that Alan Chi’s due diligence adhered to the 2010 ROE. 9
    Alan Chi acknowledged that until taking over as BSA
    Officer in the summer of 2011, he had received no training
    in BSA compliance. Alan Chi was appointed without the
    Bank recruiting or interviewing anyone else, nor did the
    9
    The Bank argues that Alan Chi should be subject to a lesser
    standard of qualification for the role of BSA Officer, given the Bank’s
    smaller size. This argument is unavailing. The FFIEC Manual provides
    that compliance should be tailored to both a Bank’s size and risk profile.
    The Bank’s customer base reflects a high risk profile. “[A]ll institutions,
    regardless of size, must operate in a safe and sound manner.” First Bank
    of Jacksonville, No. FDIC-96-155b, 
    1998 WL 363852
    , at *13 (May 26,
    1998), aff’d mem., First Bank of Jacksonville v. FDIC, 
    180 F.3d 269
    (11th Cir. 1999) (unpublished table decision).
    30            CALIFORNIA PACIFIC BANK V. FDIC
    Bank interview Alan Chi before hiring him as its BSA
    Officer. Furthermore, the extent of Alan Chi’s training for
    the role included only his attending several Independent
    Community Bankers of America courses and a webinar.
    Interactions with the FDIC and review of FDIC reports
    provided him with some additional on-the-job training. The
    FDIC Board’s findings that Alan Chi was an underqualified
    candidate, and that his “on-the-job” training did not equip
    him with the expertise the FFIEC Manual advises a BSA
    Officer have before assuming the role, is supported by
    substantial evidence.
    In addition to serving as BSA Officer, Alan Chi held five
    other senior roles at the Bank. Rawlins testified that “not
    even the most experienced BSA officer would be able to
    have the time to run an adequate BSA program given this
    many other duties at the institution.”10 Rawlins further
    concluded that Alan Chi’s overlapping loan approval and
    BSA compliance roles created a conflict of interest, with
    Alan Chi potentially unwilling to objectively risk-rate
    longstanding customers. 11 Alan Chi admitted that he
    considered his BSA Officer and Senior Credit Officer roles
    “an aggregate,” and as noted, Alan Chi’s revised risk
    assessment methodology contravened the 2010 ROE. The
    FDIC Board’s finding that Alan Chi lacked the requisite time
    10
    The FFIEC Manual also recommends that banks “[p]rovide for
    dual controls and the segregation of duties to the extent possible.”
    11
    The Bank argues that Alan Chi’s long-term investment in the
    Bank, a family business, provided sufficient disincentive to loan money
    to anyone potentially involved in illegal activity. The FDIC Board’s
    rejection of this line of reasoning, which was based on the fact that Alan
    Chi was a longstanding credit officer with customer relationships to
    maintain, and thereby conflicted, is supported by substantial evidence.
    CALIFORNIA PACIFIC BANK V. FDIC                 31
    and independence befitting of an adequate BSA Officer is
    supported by substantial evidence.
    The FDIC Board’s decision that Alan Chi was an
    inadequate BSA Officer, and thus, the Bank did not comply
    with the BSA, is supported by substantial evidence.
    d. Training
    The fourth pillar of compliance requires that banks
    “[p]rovide training for appropriate personnel.” 12 C.F.R.
    § 326.8(c)(4). The FFIEC Manual advises,
    Training      should      include    regulatory
    requirements and the bank’s internal
    BSA/AML policies, procedures, and
    processes. . . . The training should be tailored
    to the person’s specific responsibilities. . . .
    The BSA compliance officer should receive
    periodic training that is relevant and
    appropriate given changes to regulatory
    requirements as well as the activities and
    overall BSA/AML risk profile of the bank.
    The 2010 ROE advised the Bank to test employees’
    knowledge and document director training. The FDIC
    adopted the ALJ’s findings that the Bank’s training was not
    targeted to each employee’s role and was generally
    inadequate. The Bank argues that this decision is not
    supported by substantial evidence and asserts that its training
    materials, including quizzes and presentations, were
    satisfactory.
    To carry out the FDIC’s recommendation on training,
    Alan Chi offered presentations on customer identification,
    currency transaction reporting, anti-money-laundering,
    32             CALIFORNIA PACIFIC BANK V. FDIC
    identity theft, and unlawful internet gambling. He also
    provided the Bank’s employees with copies of the Bank’s
    BSA Policy Manual. Alan Chi expected employees to read
    the manual and perform satisfactorily on the quizzes.
    Rawlins found that requiring employees to attend a webinar
    provided only rudimentary BSA training. Although quizzes
    were administered, the record contains no evidence
    suggesting that training materials were tailored to specific
    job functions at the Bank. 12 Rawlins also found that given
    Alan Chi’s lack of experience, he was unqualified to serve
    as the sole person responsible for BSA training.
    The FDIC Board’s decision that the Bank’s inadequate
    training did not comply with the BSA is supported by
    substantial evidence.
    3. Suspicious Activity Reporting
    The FDIC Board affirmed the ALJ’s finding that the
    Bank failed to file a SAR where one was needed and to
    document its decision on whether or not to file a SAR. The
    Bank argues that this decision is not supported by substantial
    evidence. The Bank argues that it could not have been
    obligated to file a SAR because the FBI and DOJ told the
    Bank not to disclose any aspect of an ongoing federal
    criminal investigation. The Bank further contends that the
    examiners manufactured a new justification for filing a SAR
    months after the 2012 examination was complete.
    12
    The Bank argues that it did not need to tailor training to individual
    employees because personnel responsibilities frequently overlap at a
    smaller bank. The Bank acknowledges, however, that staff performed
    different tasks at the Bank, and the FFIEC Manual advises that training
    should be tailored to specific responsibilities. The Bank could have, but
    did not, conduct both group and role-based BSA compliance training.
    CALIFORNIA PACIFIC BANK V. FDIC                 33
    Pursuant to 12 C.F.R. § 353.1, an insured state
    nonmember bank must file a SAR whenever it suspects “a
    known or suspected criminal violation of federal law or a
    suspicious transaction related to a money laundering activity
    or a violation of the Bank Secrecy Act.” For transactions of
    $5000 or more that involve potential money laundering or
    BSA violations, a SAR must be filed with the appropriate
    federal law enforcement agencies and the Financial Crimes
    Enforcement Network, where “[t]he transaction involves
    funds derived from illegal activities or is intended or
    conducted in order to hide or disguise funds or assets derived
    from illegal activities” or “[t]he transaction has no business
    or apparent lawful purpose or is not the sort of transaction in
    which the particular customer would normally be expected
    to engage, and the bank knows of no reasonable explanation
    for the transaction.” 
    Id. § 353.3(a)(4)(i)
    and (iii). The
    FFIEC Manual advises banks to review account activity for
    any customer for whom the bank receives a subpoena and to
    independently evaluate the need to file a SAR based on the
    bank’s review of those materials. The FFIEC Manual
    discourages banks from referencing receipt or existence of a
    grand jury subpoena in the SAR and states that the SAR
    should only reference any underlying facts supporting the
    determination that the transaction at issue in the SAR is
    suspicious.
    During 2011 and 2012, the Bank received grand jury
    subpoenas seeking documentation and other information
    regarding certain customer transactions. These customers
    were part of an FBI investigation into international
    espionage and misappropriation of trade secrets. The FBI
    executed a search warrant on the Bank and interviewed Alan
    Chi and other Bank employees regarding these accounts. In
    early 2012, some of these customers were indicted for
    economic espionage and theft of trade secrets.
    34          CALIFORNIA PACIFIC BANK V. FDIC
    It is undisputed that the Bank did not file a SAR or
    document its decision not to file a SAR. The only issue is
    whether the Bank’s non-action was excused. The FDIC
    Board found that the Bank was not legally precluded from
    filing a SAR. On August 10, 2011, the DOJ sent the Bank a
    letter, directing the Bank to maintain the utmost secrecy with
    regard to the federal grand jury subpoena. Alan Chi
    interpreted this to mean that he could not disclose any aspect
    of the FBI investigation—including providing notice to
    regulators of customer activity in a SAR, even if that SAR
    did not include any mention of the FBI investigation. But
    this interpretation was erroneous. The Federal grand jury
    subpoena letter advised that “you and employees of
    California Pacific Bank [are required to] maintain the utmost
    secrecy with regard to this Federal grand jury subpoena.” In
    recounting his conversation with an FBI agent, when Alan
    Chi asked if he could file a SAR, he recalled the agent
    saying, “Don’t mention anything about the subpoena . . . just
    don’t mention the subpoena.” The FFIEC Manual explicitly
    contemplates the filing of SARs for customer activity that is
    also subject to law enforcement investigations and
    subpoenas, which suggests that investigations and
    subpoenas should often prompt filing SARs. The Bank’s
    BSA Policy Manual reflected this guidance as well. Nothing
    prevented the Bank from filing a SAR that only referenced
    the suspicious activity at a general level without mentioning
    receipt of the subpoenas. The FDIC Board’s finding that the
    Bank was able to file a SAR is supported by substantial
    evidence.
    Rawlins’ draft 2012 ROE concluded that the Bank
    should have filed a SAR pursuant to 12 C.F.R.
    § 353.3(a)(4)(i) after learning of the indictments. Edmund
    Wong, Rawlins’ immediate supervisor, initially disagreed,
    and concluded after conducting a second-level review of the
    CALIFORNIA PACIFIC BANK V. FDIC               35
    ROE that an indictment alone was insufficient to support
    filing a SAR.       However, upon receiving additional
    information on the accounts, Wong determined that the Bank
    should have filed a SAR. Wong detected several red flags,
    including “large dollar” and “round dollar” amounts that
    were much larger than the anticipated activity in the
    accounts, large wire transfers, and transactions that lacked
    any information on source of income, purpose of account, or
    expected activity—all of which he deemed evidence of a
    “layering scheme.” The FDIC Board’s findings that the
    filing of a SAR was warranted and that the examiners did not
    manufacture a justification for filing a SAR are supported by
    substantial evidence.
    The FDIC Board’s decision that, in failing both to file a
    SAR and to document its decision not to file a SAR, the Bank
    violated 12 C.F.R. § 353 and did not comply with the BSA
    is supported by substantial evidence.
    IV. CONCLUSION
    We hold that the BSA and its implementing regulations
    are not unconstitutionally vague, and the FDIC did not
    exhibit unconstitutional bias against the Bank. We further
    hold that the FDIC acted in accordance with the law by
    relying on the FFIEC Manual to clarify its four pillars
    regulation. The FDIC Board’s decisions that the Bank failed
    to comply with the four pillars and that the Bank failed to
    file a SAR where one was needed, and thus, that the Bank
    did not comply with the BSA, are supported by substantial
    evidence. Accordingly, the Bank’s petition for review is
    denied.
    DENIED.
    

Document Info

Docket Number: 16-70725

Citation Numbers: 885 F.3d 560

Filed Date: 3/12/2018

Precedential Status: Precedential

Modified Date: 3/12/2018

Authorities (28)

47 soc.sec.rep.ser. 620, unempl.ins.rep. (Cch) P 14580b ... , 53 F.3d 1035 ( 1995 )

clifton-b-craft-jack-dean-ferguson-donald-l-jernigan-michael-patrick-king , 34 F.3d 918 ( 1994 )

Lord Jim's v. National Labor Relations Board , 772 F.2d 1446 ( 1985 )

The Great American Houseboat Company, a California ... , 780 F.2d 741 ( 1986 )

United States v. Allen Elias , 269 F.3d 1003 ( 2001 )

providence-health-system-washington-dba-providence-yakima-medical-center , 353 F.3d 661 ( 2003 )

ali-bassiri-v-xerox-corporation-xerox-corporation-long-term-disability , 463 F.3d 927 ( 2006 )

United States v. John Woodley, United States of America v. ... , 9 F.3d 774 ( 1993 )

United States v. Rory Doremus and David Doremus , 888 F.2d 630 ( 1989 )

United States v. Jose A. Alonso , 48 F.3d 1536 ( 1995 )

independent-acceptance-company-dba-san-bruno-convalescent-hospital , 204 F.3d 1247 ( 2000 )

Hess v. BD. OF PAROLE AND POST-PRISON SUPERVISION , 514 F.3d 909 ( 2008 )

Roque De La Fuente II v. Federal Deposit Insurance ... , 332 F.3d 1208 ( 2003 )

Siskiyou Regional Education Project v. United States Forest ... , 565 F.3d 545 ( 2009 )

The Hanlester Network v. Donna E. Shalala, Secretary of the ... , 51 F.3d 1390 ( 1995 )

Magic Valley Potato Shippers, Inc. v. The Secretary of ... , 702 F.2d 840 ( 1983 )

United States v. 594,464 Pounds of Salmon, More or Less, ... , 871 F.2d 824 ( 1989 )

Grayned v. City of Rockford , 92 S. Ct. 2294 ( 1972 )

Ward v. Village of Monroeville , 93 S. Ct. 80 ( 1972 )

Pinnock v. International House of Pancakes Franchisee , 844 F. Supp. 574 ( 1993 )

View All Authorities »