How U.S. Banks Can Stay Ahead of Sanctions and AML Pressure

The threat of enforcement actions has grown and the response required has become more complex as fines and reputational risk increase for U.S. banks. The regulatory and enforcement bodies tasked with keeping watch over different aspects of banking activities, such as OFAC, the Office of the Comptroller of the Currency (OCC) and FinCEN, are increasing pressure and issuing significant penalties for sanctions and anti-money laundering failures. It makes for a challenging environment for U.S. compliance teams.

On 25 June 2025, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued orders identifying three Mexico-based financial institutions as primary money laundering concerns. These institutions are accused of processing millions of dollars in transactions linked to Mexican drug cartels. A result of the new FEND Off Fentanyl Act, this action by FinCEN now means that U.S. Financial Institutions are prohibited from processing transactions involving these three entities or any accounts they administer. 

Since February 2022, there has been a significant surge in sanctions imposed by the U.S. Treasury’s Office of Foreign Assets Control (OFAC), largely in response to Russia’s full-scale invasion of Ukraine. OFAC has coordinated closely with allies such as the UK, EU, and Canada, to isolate Russia from the international financial system and curtail its capacity to fund the war. Sanctions have been imposed on Russian oligarchs, government officials, major banks, state-owned enterprises, and enablers worldwide, reflecting a strategic shift towards more aggressive, systemic economic pressure. 

In this article, we examine three recent cases of enforcement actions issued to U.S. financial institutions to understand what went wrong and how technology, specifically AI, could have helped avoid regulatory fallout. These examples demonstrate the operational and strategic value of modernising compliance frameworks.

Case Study: State Street Bank and Trust Company

(OFAC Enforcement  – July 2024)

In July 2024, the OFAC announced a $7.45 million settlement with State Street Bank and Trust Company and its subsidiary Charles River Systems, Inc. for apparent violations of the Ukraine-/Russia-Related Sanctions Regulations. Specifically, the firms processed 38 transactions involving Russian financial institutions that exceeded the 90-day maturity cap imposed by OFAC, violating debt-related sanctions.

To facilitate the transactions, the institutions allegedly altered invoice dates to appear compliant with the restrictions  –  an action that OFAC viewed as deliberate circumvention. OFAC considered the conduct egregious and noted that it was not voluntarily self-disclosed.

Regulatory risk can emerge not just from overt sanctions violations, but also from internal workarounds and flawed compliance logic. It also demonstrates the need for precise controls around time-sensitive sanctions, particularly those affecting debt instruments and payment terms.

How AI Could Have Helped Prevent the Enforcement Action:

• Anomaly detection on invoice dates: AI could have flagged manipulated or irregular invoice dates, identifying discrepancies between trade data and payment records that suggested circumvention
  
  

• Automated maturity tracking: Machine learning models could have monitored the 90-day debt maturity cap in real time, alerting teams when instruments neared or exceeded thresholds
  
  

• NLP Analysis of documentation and communications: Natural language processing could have been applied to invoice meta data, emails or payment instructions to detect rewording or intent to bypass sanctions restrictions
  
  

• Behavioral pattern recognition: AI could have identified unusual processing patterns or repeated date alteration across similar transactions - prompting compliance intervention early on.
  
  

• Validation of compliance logic: AI systems can act as a second layer of control, reviewing internal rules and workflows to ensure human decisions don't create regulatory blind spots
  
  

• Proactive Escalation: AI-enabled systems could assign elevated risk scores to transactions involving sensitive jurisdictions, time-sensitive sanctions or overridden parameters - supporting timely decision making 

Case Study: Bank of America – OCC Cease-and-Desist Order (December 2024)

In December 2024, the OCC issued a cease-and-desist order against Bank of America, citing significant deficiencies in its Bank Secrecy Act (BSA), anti-money laundering (AML), and sanctions compliance programmes. The OCC order required the bank to overhaul its BSA AML and sanctions compliance programmes due to untimely filing of Suspicious Activity Reports (SARs), inadequate customer due diligence, and weaknesses in internal controls, governance, independent testing, and training components of the bank’s BSA compliance programme. 

The order mandated comprehensive corrective actions:

• Engagement of an Independent Consultant to assess the bank’s BSA/AML and  sanctions compliance programmes and conduct lookback reviews to ensure all suspicious activity was appropriately reported.
  
  

• Formation of a Compliance Committee within 30 days, comprising at least three members, with a majority being independent directors not affiliated with the bank, to oversee adherence to the order's provisions.
  
  

• Development of a Comprehensive Action Plan within 90 days, detailing remedial actions to achieve and sustain compliance with BSA and sanctions laws.

Bank of America acknowledged the order and affirmed its commitment to improving its AML and sanctions compliance programs, whilst the order avoided any monetary penalties,  the bank’s reputation and relationship with regulators was damaged. The OCC's order included ongoing oversight, quarterly progress reports and potential additional reviews, to ensure corrective actions were implemented adequately. 

How AI Could Have Helped Prevent the Enforcement Action:

• Automated Alert Triage: Fit-for-purpose AI models could have helped flag BofA’s high-risk alerts, ensuring timely investigation and reporting of suspicious activities.
  
  

• Enhanced Customer Due Diligence: AI-driven analytics could continuously assess customer risk profiles, adapting to new information and behaviours.
  
  

• Improved Transaction Monitoring: AI systems could detect complex patterns and anomalies indicative of money laundering, beyond the capabilities of rule-based systems.
  
  

• Efficient SAR Filing: Natural language processing tools could assist in drafting SARs, reducing delays and improving accuracy.

By integrating AI technologies, financial institutions like BofA could enhance their compliance frameworks, proactively identifying and mitigating risks associated with AML and sanctions violations.

Case Study: GVA Capital Ltd.  – OFAC Enforcement Action (June 2025)

In June 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed a $215,988,868 civil penalty on GVA Capital Ltd., a San Francisco-based venture capital firm, for egregious violations of Ukraine-/Russia-related sanctions and reporting obligations.

Between April 2018 and May 2021, GVA Capital managed an investment for Suleiman Kerimov, a Russian oligarch designated by OFAC in April 2018. Despite being aware of Kerimov's blocked status, GVA Capital continued to facilitate his investments through his nephew, Nariman Gadzhiev, who acted as a proxy. The firm also failed to comply fully with an OFAC subpoena, delaying the production of responsive documents for over two years. 

How AI Could Have Helped Prevent the Enforcement Action:

• Beneficial Ownership Analysis: AI-driven tools could have mapped complex ownership structures, identifying Kerimov's indirect interests through entities like Heritage Trust and Prosperity Investments.
  
  

• Real-time Sanctions Screening and Alerting: AI could have provided continuous monitoring of both direct and associated entities, surfacing new designations or links to blocked persons, even after onboarding. This includes updates to sanctions lists, adverse media and public registries.
  
  

• Behavioural pattern analysis: AI could monitor investment flows and transactions structures for patterns indicative of sanctions evasion tactics, such as the use of proxies, nominee accounts or repeated structuring

Implementing AI technologies in compliance programmes can enhance the detection of complex ownership structures and proxy relationships, ensuring adherence to evolving sanctions regulations and preventing costly enforcement actions.

Navigating an Increasingly Complex Regulatory Environment

Silent Eight works with leading global banks to modernise AML and sanctions compliance using explainable AI. By embedding intelligent decisioning across screening, investigation, and case management, our solutions help institutions respond faster, reduce risk, and build trust with regulators.

As enforcement and regulatory actions continue to escalate in scope and intensity – from cross-border sanctions evasion to systemic compliance failures – the pressure on financial institutions to modernise their defenses is only growing. These recent cases illustrate that while regulatory expectations may be complex and evolving, technology can offer a practical, scalable path to achieving deeper oversight, faster risk detection, and greater regulatory resilience.