Deficiencies in the bank’s BSA/AML program included those related to internal controls and risk management practices; risk assessments; customer due diligence; customer risk ratings; suspicious activity identification, evaluation, and reporting; governance; staffing; independent testing; and training, among others.