                     FOR PUBLICATION

   UNITED STATES COURT OF APPEALS
        FOR THE NINTH CIRCUIT


 CALIFORNIA PACIFIC BANK,                          No. 16-70725
                        Petitioner,

                      v.
                                                      OPINION
 FEDERAL DEPOSIT INSURANCE
 CORPORATION,
                      Respondent.

          On Petition for Review of an Order of the
           Federal Deposit Insurance Corporation

         Argued and Submitted November 15, 2017
                 San Francisco, California

                      Filed March 12, 2018

 Before: Ronald M. Gould and Mary H. Murguia, Circuit
     Judges, and James E. Gritzner, * District Judge.

                   Opinion by Judge Gritzner




    *
      The Honorable James E. Gritzner, United States District Judge for
the Southern District of Iowa, sitting by designation.
2             CALIFORNIA PACIFIC BANK V. FDIC

                          SUMMARY **


         Federal Deposit Insurance Corporation /
                   Bank Secrecy Act

    The panel denied a petition for review brought by
California Pacific Bank, challenging the constitutionality of
the Bank Secrecy Act (“BSA”) and its implementing
regulations, and alleging that the Federal Deposit Insurance
Corporation Board of Directors’ decision – finding that the
Bank violated the BSA and ordering the Bank to implement
a plan to bring the Bank into compliance – was not supported
by substantial evidence.

    The FDIC Board concluded that the Bank did not comply
with the BSA’s implementing regulations because it failed
to establish and maintain procedures designed to ensure
adequate     internal    controls,    independent  testing,
administration, and training – the “four pillars.”

    As a preliminary matter, the panel held that the Bank
preserved its constitutional challenges, and they were not
waived.

    The panel held that the BSA and its implementing
regulations were not unconstitutionally vague, and the FDIC
and the administrative law judge did not exhibit
unconstitutional bias against the Bank. The panel further
held that the FDIC acted in accordance with the law by
relying on the Federal Financial Institutions Examination
Council Manual to clarify its four pillars regulation. The

    **
      This summary constitutes no part of the opinion of the court. It
has been prepared by court staff for the convenience of the reader.
            CALIFORNIA PACIFIC BANK V. FDIC               3

panel also held that substantial evidence supported the FDIC
Board’s decisions that the Bank failed to comply with the
four pillars and that the Bank failed to file a suspicious
activity report, where one was needed, and thus, that the
Bank did not comply with the BSA.


                       COUNSEL

Matthew W. Powell (argued) and Steven J. Williamson,
Wilke, Fleury, Hoffelt, Gould & Birney, LLP, Sacramento,
California, for Petitioner

Joseph Brooks (argued), Counsel, Colleen J. Boles,
Assistant General Counsel, Kathryn R. Norcross, Senior
Counsel, Federal Deposit Insurance Corporation, Arlington,
Virginia, for Respondent.


                        OPINION

GRITZNER, District Judge:

    California Pacific Bank (the Bank) appeals the issuance
of a cease and desist order by the Board of Directors of the
Federal Deposit Insurance Corporation (FDIC). The FDIC
Board, which adopted in full the Recommended Decision of
the Administrative Law Judge (ALJ), found that the Bank
violated the Bank Secrecy Act (BSA), 31 U.S.C. §§ 5311–
5330, and ordered the Bank to implement a corresponding
plan to bring the Bank into compliance. The FDIC Board
concluded that the Bank did not comply with the BSA’s
implementing regulations because it failed to establish and
maintain procedures designed to ensure adequate internal
controls, independent testing, administration, and training.
4           CALIFORNIA PACIFIC BANK V. FDIC

The Bank filed a timely petition for review, challenging the
constitutionality of the BSA and its implementing
regulations and alleging that the FDIC Board’s decision is
not supported by substantial evidence. We deny the Bank’s
petition for review.

                   I. BACKGROUND

    The BSA establishes, among other things, the
recordkeeping and reporting requirements for private
individuals, banks, and other financial institutions. 31
U.S.C. §§ 5311–5330; 12 U.S.C. §§ 1829b and 1951–1959.
The BSA was enacted in 1970 as Title II of the Bank Records
and Foreign Transactions Act, which was a response to
rising Congressional concern over the use of foreign banks
to launder the proceeds of illegal activity and evade federal
income taxes. Pursuant to its purpose of identifying the
source, volume, and movement of currency and other
monetary instruments into and out of the United States or
deposited into financial institutions, the BSA requires banks
and other financial institutions to maintain a paper trail by
keeping appropriate records of financial transactions.

    To ensure compliance, Section 8(s) of the Federal
Deposit Insurance Act directs the FDIC to issue regulations
requiring banks to maintain a BSA compliance program, to
review the program during bank examinations, to describe
any problems with the program in its report of examination
(ROE), and to state in that report whether a bank has failed
to correct any problem with its program. 12 U.S.C.
§ 1818(s). In the event that a bank fails to correct any
problem with its BSA compliance that the FDIC previously
brought to its attention, the FDIC is required to issue a cease
and desist order against the bank. 12 U.S.C. § 1818(s)(3)(B).
              CALIFORNIA PACIFIC BANK V. FDIC                       5

    FDIC regulations require that all insured nonmember
banks “establish and maintain procedures reasonably
designed to assure and monitor their compliance with the
requirements of” the BSA and its implementing regulations.
12 C.F.R. § 326.8(a). Section 326.8(c) outlines the “four
pillars” of compliance, which require that insured
nonmember banks, at minimum,

        (1) Provide for a system of internal controls
        to assure ongoing compliance;

        (2) Provide for independent testing for
        compliance to be conducted by bank
        personnel or by an outside party;

        (3) Designate an individual or individuals
        responsible for coordinating and monitoring
        day-to-day compliance; and

        (4) Provide         training    for    appropriate
        personnel.

The failure of any individual pillar can result in the FDIC
deeming a bank noncompliant with the BSA. The Federal
Financial Institutions Examination Council (FFIEC) Manual
clarifies compliance requirements and provides for
consistent examination procedures. 1 In January 2012, the
Bank issued its revised “Bank Secrecy Act/Anti-Money
Laundering Program Risk Assessment” Manual (Bank BSA



    1
       The FFIEC Manual is written collaboratively among the FDIC, the
Board of Governors of the Federal Reserve System, the National Credit
Union Administration, the Office of the Comptroller of the Currency,
state banking agencies, and the Financial Crimes Enforcement Network.
6           CALIFORNIA PACIFIC BANK V. FDIC

Policy Manual), which serves as the Bank’s in-house guide
for BSA compliance.

    As defined by the BSA, the Bank is a “State non-member
bank” and an “insured depository institution.” 12 U.S.C.
§ 1813(c)(2) and (e)(2). The Bank is a community bank with
offices in San Francisco and Fremont, California. In 2012,
the Bank had fewer than fifteen employees, approximately
200 customers, and approximately 500 deposit accounts.
The Bank’s customer base consists of a significant number
of import-export customers, accounts held by non-resident
aliens, and accounts with international transactions.

    In July 2010, FDIC Examiner Heather Rawlins
conducted a safety and soundness examination of the Bank.
Rawlins deemed the Bank’s BSA program satisfactory but
identified several areas that “must be corrected.” Among the
corrective requirements were that the Bank document its
director training and incorporate a method of testing
employees’ knowledge of training; designate new customers
that have high levels of activity as high risk for at least six
months; monitor and analyze aggregate activity for at least
three months to establish a pattern of activity; and increase
the risk rating for the customer base. Rawlins reviewed the
results of the examination with the Bank’s CEO, Richard
Chi, and the Bank’s third-party auditor, Joan Vivaldo. The
Bank’s management agreed to the recommendations.

    During 2011, at least four individuals served
sequentially as the Bank’s BSA compliance officer (BSA
Officer). In August 2011, Alan Chi, CEO Richard Chi’s son,
became acting BSA Officer without the Bank’s Board of
Directors interviewing for the position. Further, the Bank’s
Board of Directors did not recruit anyone else for the
vacancy. Following election by the Bank’s Board of
            CALIFORNIA PACIFIC BANK V. FDIC                  7

Directors in January 2012, Alan Chi became the Bank’s
permanent BSA Administrator, in addition to the Bank’s
Senior Vice President, Senior Credit Officer, Chief Financial
Officer, Internal Auditor, and Operations Compliance
Officer.

    After becoming acting BSA Officer in 2011, Alan Chi
revised the Bank’s new customer deposit account risk
assessment form. Under the revised form, accounts would
be downgraded (assessed a lower score on the risk-point
scale) if a customer already maintained an account at the
bank or if a customer had been referred to the Bank by an
employee or well-known customer. Vivaldo criticized the
revised scoring methodology, and in correspondence with
Alan Chi, noted that this methodology failed to identify three
new high risk deposit accounts. Vivaldo commented that
Alan Chi’s use of an automatic twelve point reduction for
certain customers “could turn around and bite them
someday.” Vivaldo informed Alan Chi that if he ignored
her, he would be left “to the tender mercies of the FDIC.”
Alan Chi replied that he deemed the lower risk rating
satisfactory, given his longstanding knowledge of the
customers. In a follow-up communication, Vivaldo flagged
the potential for the FDIC to criticize the Bank for failing to
report high risk accounts. This prompted Alan Chi to further
revise his risk assessment form. In the updated version,
accounts would be downgraded only if directly related to any
loan or existing deposit account. Vivaldo’s concerns
persisted: “Again, I suggest you lower the score tiers to pre
July 2011 levels. With the proposed ranges, almost no
account will be medium risk or high risk. An unnatural
system. The FDIC recommended the pre July 2011 scoring
tiers.”
8           CALIFORNIA PACIFIC BANK V. FDIC

    Alan Chi also revised the risk assessment form the Bank
used to assess its own risk. Using this altered methodology
resulted in the Bank having a “low,” rather than “medium to
high,” overall risk rating. Vivaldo disagreed with the new
methodology.

    FDIC examiner Rawlins performed another examination
of the Bank beginning on December 3, 2012, which used the
Bank’s information as of September 30, 2012. The FDIC’s
2012 ROE concluded that the Bank failed to administer a
BSA compliance program in accordance with the four pillars
and failed to file a Suspicious Activity Report (SAR) where
one was needed.

    Rawlins assessed the Bank’s progress for the first BSA
pillar, internal controls, by selecting twenty-four deposit
accounts for review. Rawlins found that the information
contained within sixteen of the accounts was incomplete and
that activity in those accounts was higher than expected.
Although Alan Chi informed Rawlins that the Bank’s loan
accounts contained additional information, Rawlins
reviewed only the deposit accounts. Rawlins echoed
Vivaldo’s concerns regarding the Bank’s revised risk
ratings. Rawlins discovered that the Bank had persisted with
daily batch reviews of account activity, rather than adopting
Rawlins’ recommendation for longer-term monitoring. The
Bank’s loan documentation revealed four site visits between
August 2009 and May 2012, only one of which occurred
after Alan Chi became acting BSA Officer. Rawlins
considered Alan Chi’s due diligence with respect to site
visits to be inadequate. Alan Chi testified at the ALJ hearing
that he kept his BSA assessments relating to the site visits
“in my head, as well as [the heads of] the other officers that
went with me.”
             CALIFORNIA PACIFIC BANK V. FDIC                   9

    The FDIC’s review of the second pillar, independent
testing, centered on Vivaldo. Vivaldo was the Bank’s
internal auditor from 2005 through the second quarter of
2012 and performed quarterly reviews. Prior to the 2012
review, FDIC examiners had not criticized Vivaldo’s
methods. Nonetheless, Rawlins deemed Vivaldo’s 2012
review inadequate. Rawlins noted that Vivaldo’s 2012
report failed to assess Alan Chi’s qualifications as BSA
Officer, to assess the sufficiency of the Bank’s compliance
training, or to identify the deficiencies relating to risk rating
and customer monitoring that the examiners discovered
during the 2010 examination and continued in the 2012
examination. Rawlins also considered Vivaldo’s role with
the Bank to be a conflict of interest. Although Vivaldo was
the Bank’s designated auditor, her engagement agreement
with the Bank identified her role as “consultant,” and she
provided monthly BSA administrator reports directly to the
Bank’s Board of Directors. Vivaldo also drafted the Bank’s
BSA Policy Manual in 2006 and recommended yearly
updates.

    The FDIC’s review of the third pillar, administration,
centered on Alan Chi. Alan Chi had received no training in
BSA compliance before taking over as BSA Officer in
August 2011. After his appointment, he attended several
Independent Community Bankers of America courses and
completed a webinar. He also gained familiarity with the
BSA through interactions with the FDIC and review of FDIC
reports. Rawlins determined that this was inadequate
experience to administer the Bank’s BSA compliance
program. Rawlins also concluded that Alan Chi could not
dedicate sufficient time to compliance amidst his many roles
at the Bank. Rawlins believed that sharing BSA and credit
responsibilities created a conflict of interest and inhibited
10            CALIFORNIA PACIFIC BANK V. FDIC

Alan Chi’s ability to assess the Bank’s compliance efforts
objectively.

    With regard to the fourth pillar, training, Alan Chi
offered presentations to Bank staff on customer
identification, currency transaction reporting, anti-money
laundering, identity theft, and unlawful internet gambling.
He also provided employees with copies of the Bank’s BSA
Policy Manual and tested their knowledge through quizzes.
Employees were expected to attend a webinar, which
Rawlins considered rudimentary. Rawlins found that the
Bank’s training materials were not tailored to specific job
functions. Rawlins concluded that Alan Chi was an
inadequate BSA Officer who was not qualified to serve as
the sole person responsible for BSA compliance training,
thus rendering the training insufficient.

    In addition to her review of the Bank’s compliance with
the four pillars, Rawlins noticed that the Bank did not file a
SAR or document its decision not to file a SAR relating to
several transactions. 2 In 2011 and 2012, the Bank received
grand jury subpoenas seeking information on several
customers who were part of a Federal Bureau of
Investigation (FBI) investigation into international
espionage and misappropriation of trade secrets. The
Department of Justice (DOJ) directed the Bank to “maintain
the utmost secrecy with regard to this Federal grand jury
subpoena.” Alan Chi interpreted this to mean that he could
not disclose any aspect of the FBI investigation and decided
not to file a SAR. Rawlins’ draft 2012 ROE concluded that
the Bank should have filed a SAR pursuant to 12 C.F.R.

     2
      To the extent that this opinion references information that has been
filed under seal, we hereby unseal that information for purposes of this
opinion.
             CALIFORNIA PACIFIC BANK V. FDIC                    11

§ 353.3(a)(4), describing at a general level the suspicious
transactions of the customers who were under investigation.
Although Edmund Wong, Rawlins’ immediate supervisor,
initially disagreed, he ultimately concluded that the Bank
should have filed a SAR after Wong discovered evidence of
a so-called “layering scheme” involving several customers.

    After the Bank refused to agree to a consent order
following the 2012 examination, the FDIC issued a notice of
charges seeking to impose a cease and desist order against
the Bank. The Bank’s Answer denied the material
allegations contained in the notice. The ALJ, C. Richard
Miserendino, conducted a four-day hearing in San
Francisco. The ALJ’s Recommended Decision concluded
that the Bank had violated the BSA and its implementing
regulations. The ALJ found the Bank’s ancillary defenses
that the BSA regulations and the FDIC’s alleged bias
violated the Bank’s due process rights were unavailing. The
ALJ recommended the issuance of a cease and desist order.
The FDIC Board affirmed the ALJ’s Recommended
Decision and issued a cease and desist order. 3 The Bank
timely filed this petition for review.

               II. STANDARD OF REVIEW

   “Whether a statute or regulation is unconstitutionally
vague is a question of law and the standard of review is de
novo.” United States v. Helmy, 951 F.2d 988, 993 (9th Cir.
1991) (citation omitted). Due process challenges are also




    3
     The FDIC Board’s Decision and Order to Cease and Desist, and
the ALJ’s Recommended Decision, can be found at Cal. Pac. Bank, No.
FDIC-13-094b, 2016 WL 2997645 (Feb. 17, 2016).
12          CALIFORNIA PACIFIC BANK V. FDIC

subject to de novo review. Lord Jim’s v. NLRB, 772 F.2d
1446, 1448 (9th Cir. 1985).

     Under the Administrative Procedure Act (APA), agency
action must be set aside if it is “arbitrary, capricious, an
abuse of discretion, or otherwise not in accordance with law”
or if it is “unsupported by substantial evidence.” 5 U.S.C.
§ 706(2)(A) and (E). “Substantial evidence is more than a
mere scintilla but less than a preponderance; it is such
relevant evidence as a reasonable mind might accept as
adequate to support a conclusion.” De La Fuente v. FDIC,
332 F.3d 1208, 1220 (9th Cir. 2003) (citation omitted). The
substantial evidence standard requires that this court review
the administrative record as a whole, weighing both the
evidence that supports and the evidence that detracts from
the ALJ’s conclusion. Andrews v. Shalala, 53 F.3d 1035,
1039 (9th Cir. 1995). The ALJ is responsible for
determining credibility and resolving ambiguities when
relevant. Id. The APA’s standard of review is “highly
deferential, presuming the agency action to be valid and
affirming the agency action if a reasonable basis exists for
its decision.” Indep. Acceptance Co. v. California, 204 F.3d
1247, 1251 (9th Cir. 2000) (citation omitted).

                    III. DISCUSSION

     A. Constitutional Challenges

    The Bank advances two constitutional challenges. The
Bank first challenges that the BSA and its implementing
regulations are unconstitutionally vague. The Bank’s
second constitutional challenge is that the FDIC conducted
a biased investigation that violated the Bank’s due process
rights.
            CALIFORNIA PACIFIC BANK V. FDIC                 13

       1. Waiver

    As a preliminary matter, the FDIC argues that the Bank’s
constitutional challenges were waived because they were
inadequately briefed. In resistance, the Bank argues that it
did not waive its constitutional challenges, as its brief cited
Supreme Court decisions and facts from the record that
support its constitutional challenges.

    Federal Rule of Appellate Procedure 28(a)(8)(A)
requires that the argument section of a brief contain
“appellant’s contentions and the reasons for them, with
citations to the authorities and parts of the record on which
the appellant relies.” We have held that arguments are
waived where the appellant does not present any argument
to support its assertions and cites no authority. United States
v. Alonso, 48 F.3d 1536, 1544–45 (9th Cir. 1995).
Inadequately briefed and perfunctory arguments are also
waived. United Nurses Assocs. of Cal. v. NLRB, 871 F.3d
767, 780 (9th Cir. 2017).

    In support of its constitutional vagueness challenge, the
Bank cites 12 C.F.R. § 326.8(c) (the FDIC’s four pillars
regulation) and three Supreme Court decisions that discuss
vagueness. The Bank also cites passages from the record
comparing the 2010 and 2012 ROE findings. In addition,
the Bank references the ALJ’s finding that the FFIEC
Manual is not entitled to Chevron deference. The Bank’s
argument relating to FDIC bias, while similarly abbreviated,
cites to the record and references a Supreme Court case. For
both constitutional arguments, the Bank cites valid legal
authorities and references the record, and therefore has at
least minimally preserved its constitutional challenges. See
Fed. R. App. P. 28(8)(A); Alonso, 48 F.3d at 1544.
14          CALIFORNIA PACIFIC BANK V. FDIC

       2. Vagueness

   Turning to the merits of the constitutional challenges, the
Bank argues that the BSA is unconstitutionally vague
because neither the statute nor its implementing regulations
were precise enough to inform the Bank of its required
conduct. The Bank also contends that the statute and
regulations are unconstitutionally vague because the FDIC
can arbitrarily determine whether BSA compliance
procedures are sufficient. The Bank further argues that the
FFIEC Manual cannot clarify compliance procedures
because the FFIEC Manual lacks the force and effect of law.

     “To pass constitutional muster against a vagueness
attack, a statute must give a person of ordinary intelligence
adequate notice of the conduct it proscribes.” Craft v. Nat’l
Park Serv., 34 F.3d 918, 921 (9th Cir. 1994) (quoting United
States v. 594,464 Pounds of Salmon, 871 F.2d 824, 829 (9th
Cir. 1989)). Various factors affect our analysis, including
“whether or not the statute at issue (1) involved only
economic regulation, (2) contained only civil, not criminal
penalties, (3) contained a scienter requirement, . . . and (4)
threatened any constitutionally protected rights.” Hanlester
Network v. Shalala, 51 F.3d 1390, 1398 (9th Cir. 1995)
(citing Vill. of Hoffman Estates v. Flipside, Hoffman Estates,
Inc., 455 U.S. 489, 498–99 (1982)). “Further, exactness can
be achieved not just on the face of the statute, but also
through limiting constructions given to the statute by the . . .
enforcement agency.” Hess v. Bd. of Parole & Post-Prison
Supervision, 514 F.3d 909, 914 (9th Cir. 2008).

    Where economic regulation is involved, vagueness is
less of a concern because “the regulated enterprise may have
the ability to clarify the meaning of the regulation by its own
inquiry, or by resort to an administrative process.” United
            CALIFORNIA PACIFIC BANK V. FDIC                15

States v. Doremus, 888 F.2d 630, 634–35 (9th Cir. 1989)
(quoting Hoffman Estates, 455 U.S. at 498). “In considering
whether an administrative regulation is unconstitutionally
vague, the reviewing court must assess it within the context
of the particular conduct to which it is being applied.” Great
Am. Houseboat Co. v. United States, 780 F.2d 741, 747 (9th
Cir. 1986) (citing United States v. Nat’l Dairy Prods. Corp.,
372 U.S. 29, 33–36 (1963)). We must consider if the
regulation “applies to ‘a select group of persons having
specialized knowledge.’” United States v. Elias, 269 F.3d
1003, 1015 (9th Cir. 2001) (quoting United States v.
Weitzenhoff, 35 F.3d 1275, 1289 (9th Cir. 1993)).

    “Interpretations such as those in opinion letters—like
interpretations contained in policy statements, agency
manuals, and enforcement guidelines, all of which lack the
force of law—do not warrant Chevron-style deference.”
Christensen v. Harris Cty., 529 U.S. 576, 587 (2000).
However, an agency-issued instruction manual, even if
lacking the force of law itself, can clarify what conduct is
expected of a person subject to a particular regulation and
thus mitigate against vagueness. See Pinnock v. Int’l House
of Pancakes Franchise, 844 F. Supp. 574, 581 (S.D. Cal.
1993) (citing Ward v. Rock Against Racism, 491 U.S. 781,
795 (1989); Hoffman Estates, 455 U.S. at 502, 504; Grayned
v. City of Rockford, 408 U.S. 104, 110 (1972)); accord
United States v. Woodley, 9 F.3d 774, 778 (9th Cir. 1993)
(rejecting a vagueness challenge to Health Care Financing
Administration’s “related party regulation” based, in part, on
the fact that the regulation referenced a “Provider
Reimbursement Manual” that had been issued by the
Department of Health and Human Services); Magic Valley
Potato Shippers, Inc. v. Sec’y of Agric., 702 F.2d 840, 841–
42 (9th Cir. 1983) (per curiam) (rejecting a vagueness
challenge to a Department of Agriculture regulation based,
16           CALIFORNIA PACIFIC BANK V. FDIC

in part, on the availability of “instructional manuals” issued
by that agency).

    Not only are the BSA and FDIC’s implementing
regulations economic in nature and threaten no
constitutionally protected rights, but it is clear that a detailed
manual issued by agencies with enforcement authority, such
as the FFIEC Manual, can put regulated banks on notice of
expected conduct. The BSA authorizes the FDIC to review
banks for compliance. 12 U.S.C. § 1818(s). The FFIEC
Manual frames the examiners’ expectations in anticipation
of routine compliance checks. The Bank knew these
expectations. Indeed, the FDIC Board found that provisions
of the FFIEC Manual were incorporated in the Bank’s own
BSA Policy Manual, and copies of the FFIEC Manual were
found scattered throughout the Bank. A BSA Officer at the
Bank bearing the requisite “specialized knowledge” would
understand that compliance with the FFIEC Manual ensures
compliance with the BSA. See Elias, 269 F.3d at 1015. The
BSA and its implementing regulations are not
unconstitutionally vague.

        3. Investigative Bias

     The Bank’s second constitutional challenge is that the
FDIC violated its due process rights by conducting a biased
investigation. The Bank argues that comments made by
examiners charged with assisting in the investigation
demonstrate that the 2012 examination was predetermined.
As examples of bias, the Bank points to Rawlins’ decision to
disregard the Bank’s loan files when she was reviewing the
Bank’s deposit files for due diligence information, her
criticism of Alan Chi for not filing a SAR, and her refusal to
look at Vivaldo’s Fourth Quarter 2011 Report. The Bank
also asserts that bias was demonstrated by the ALJ’s failure
             CALIFORNIA PACIFIC BANK V. FDIC                     17

to consider the 2010 ROE, which concluded that the Bank’s
BSA program was generally adequate. The FDIC counters
that the Bank’s unconstitutional bias charge fails as a matter
of law and as a matter of fact.

    “[W]hen governmental agencies adjudicate or make
binding determinations which directly affect the legal rights
of individuals, it is imperative that those agencies use the
procedures which have traditionally been associated with the
judicial process.” Hannah v. Larche, 363 U.S. 420, 442
(1960).      However, “when a general fact-finding
investigation is being conducted, it is not necessary that the
full panoply of judicial procedures be used.” Id. “Whether
the Constitution requires that a particular right obtain in a
specific proceeding depends upon a complexity of factors.
The nature of the alleged right involved, the nature of the
proceeding, and the possible burden on that proceeding, are
all consider[ed].” Id. Inherent in an agency’s power of
investigation is the authority “to prevent the sterilization of
investigations by burdening them with trial-like
procedures.” Id. at 448. Administrative prosecutors are thus
“accorded wide discretion” and “need not be entirely
‘neutral and detached.’” 4 Marshall v. Jerrico, Inc., 446 U.S.
238, 248 (1980) (quoting Ward v. Vill. of Monroeville, 409
U.S. 57, 62 (1972)). However, the Supreme Court has
advised that we should be chary of schemes that inject “a
personal interest, financial or otherwise, into the
enforcement process [which] may bring irrelevant or
impermissible factors into the prosecutorial decision and in
some contexts raise serious constitutional questions.” Id. at
249–50. In the event there was no scheme injecting a

    4
       The Bank concedes that, “generally, bias exhibited during a
regulatory investigation does not rise to the level of a due process
violation.” Pet’r’s Br. 21.
18          CALIFORNIA PACIFIC BANK V. FDIC

personal or financial interest into the FDIC examiners’
investigation, and in the event the Bank received neutral
adjudicatory review by the ALJ and the FDIC Board, the
Bank’s due process rights were not violated.

    The FDIC examiners’ function is exclusively fact-
finding. Thus, their review of the Bank during the 2012
examination need not have been “neutral and detached.” See
id. at 248 (quoting Ward, 409 U.S. at 62). Even were the
Bank correct in pointing to examiner comments and
Rawlins’ examination protocol as examples of bias, the
Bank has failed to demonstrate that the FDIC examiners
worked under a scheme which injected a personal or
financial interest into their enforcement efforts. Moreover,
the Bank participated in an ALJ hearing, during which it
could cross-examine the FDIC’s allegedly biased examiners,
and the FDIC Board reviewed the ALJ’s findings. The
Bank’s charge that the FDIC examiners were
unconstitutionally biased is unavailing.

    The Bank further argues that the ALJ was biased,
specifically noting that the ALJ failed to consider the 2010
ROE. Contrary to the Bank’s challenge, the ALJ did
consider the 2010 ROE. The ALJ noted that, while the
Bank’s compliance was generally adequate, the 2010 ROE
concluded “there were a number of areas that needed
improvement, particularly given the Bank’s risk profile.”
Cal. Pac. Bank, 2016 WL 2997645, at *20. The ALJ
highlighted two places where the Bank came up short in
implementing the 2010 ROE: by failing to monitor and
aggregate activity in high risk accounts and by improperly
lowering its self-assessed risk rating. The Bank’s charge that
the ALJ failed to consider the 2010 ROE is contradicted by
the record. There are no other allegations of bias relating to
the ALJ. And in reviewing the record, we find that the ALJ’s
            CALIFORNIA PACIFIC BANK V. FDIC                19

extensive four-day hearing was conducted in a fair,
impartial, and efficient manner as FDIC regulations require.
12 C.F.R. § 308.5(a).

   Neither the FDIC’s investigation nor the ALJ was
unconstitutionally biased against the Bank.

   B. The FDIC Board’s BSA Compliance Findings

    Under the APA, agency action can be set aside only if
“arbitrary, capricious, an abuse of discretion, or otherwise
not in accordance with law” or “unsupported by substantial
evidence.” 5 U.S.C. § 706(2)(A) and (E). The APA’s
standard is “highly deferential.” Indep. Acceptance Co., 204
F.3d at 1251. The FDIC Board adopted in full the ALJ’s
findings, which looked to the FFIEC Manual as an authority
on compliance with the FDIC’s four pillars regulation. The
FDIC Board found that the Bank failed to comply with the
four pillars of BSA compliance: adequate controls,
independent testing, administration, and training. The FDIC
Board further found that the Bank did not file a SAR where
one was required. The Bank argues that the FDIC Board
erred with each of these decisions.

       1. FDIC Reference to the FFIEC Manual

    The Bank takes issue with the FDIC’s use of the FFIEC
Manual as relevant authority in interpreting what the four
pillars regulation required of the Bank. The Bank argues that
the FDIC Board’s reliance on the guidance and
recommendations found in the FFIEC Manual was not in
accordance with the law, as the FFIEC Manual could not
impose legal obligations on the Bank. The FDIC counters
that an agency may properly rely on, and clarify regulations
with, an instructional manual promulgated to provide
guidance on what is required by the regulation it administers.
20          CALIFORNIA PACIFIC BANK V. FDIC

      Under Auer v. Robbins, 519 U.S. 452 (1997), an
agency’s interpretation of its own regulations is “controlling
unless plainly erroneous or inconsistent with the regulation.”
Id. at 461 (citation and internal quotation marks omitted).
“Under Auer . . . the court must first determine whether the
regulation was ambiguous.” Bassiri v. Xerox Corp., 463
F.3d 927, 931 (9th Cir. 2006) (citing Christensen, 529 U.S.
at 588). Ambiguous regulations include those that are “not
entirely ‘free from doubt,’” id. (quoting Providence Health
System-Washington v. Thompson, 353 F.3d 661, 665 (9th
Cir. 2003)), or “susceptible to different interpretations and
. . . discretionary elements,” Siskiyou Regional Education
Project v. U.S. Forest Service, 565 F.3d 545, 557 (9th Cir.
2009). If the regulation in question is ambiguous, we defer
to the agency’s interpretation unless “an alternative reading
is compelled by the regulation’s plain language or by other
indications of the [agency’s] intent at the time of the
regulation’s promulgation.” Bassiri, 463 F.3d at 931
(alteration in original) (quoting Thomas Jefferson Univ. v.
Shalala, 512 U.S. 504, 512 (1994)).             An agency’s
interpretation of its own regulation can be advanced through
informal means, including an agency manual. See Pub.
Lands for the People, Inc. v. U.S. Dep’t of Agric., 697 F.3d
1192, 1199 (9th Cir. 2012) (according “wide deference” to
the U.S. Forest Service’s interpretation of a regulation
contained in the “Forest Service Manual”).

    The FDIC’s four pillars regulation is ambiguous. The
four pillars are not entirely “free from doubt,” given the
complexity of BSA compliance and the need for FDIC
officials to conduct administrative examinations of bank
BSA programs. See Bassiri, 463 F.3d at 931. That banks
can design different compliance programs further
demonstrates that the four pillars are “susceptible to different
interpretations.” See Siskiyou, 565 F.3d at 557.
            CALIFORNIA PACIFIC BANK V. FDIC                21

    In Financial Institution Letter 17-2010, the FDIC
announced the release of the 2010 version of the FFIEC
Manual.      Though the FFIEC Manual was written
collaboratively among multiple federal and state agencies,
the Letter clarified that the FFIEC Manual contained the
FDIC’s supervisory expectations with respect to BSA
compliance. We must thus defer to the FFIEC Manual
unless it is “plainly erroneous or inconsistent” with the
FDIC’s four pillars regulation, or unless “an alternative
reading is compelled by the regulation’s plain language.”
Auer, 519 U.S. at 461; Bassiri, 463 F.3d at 931 (quoting
Thomas Jefferson, 512 U.S. at 512); Pub. Lands, 697 F.3d at
1199. As the ALJ noted, the FFIEC Manual is “a uniformly
recognized ‘authority’ on BSA policies, procedures, and
processes” with “[e]ach section serv[ing] as a platform for
the BSA/AML examination and, for the most part,
address[ing] the legal and regulatory requirements of the
BSA/AML compliance program.” Cal. Pac. Bank, 2016 WL
2997645, at *36. As explained in the next section, the
FFIEC Manual defines and provides clarifying guidance on
each of the four pillars. Rawlins testified that FDIC
examiners and banks alike use the FFIEC Manual as a
roadmap for banks’ compliance with the four pillars.
Fittingly, Vivaldo also described the FFIEC Manual as an
authority for BSA compliance, and the Bank’s own BSA
Policy Manual repeatedly referenced the FFIEC Manual.
The FFIEC Manual is not plainly erroneous or inconsistent
with the FDIC’s four pillars regulation. Nor is an alternative
reading compelled by the plain language of 12 C.F.R.
§ 326.8(c), given the generalized framing of the four pillars.
The FFIEC Manual must receive Auer deference.

    The FDIC Board acted in accordance with the law in
referencing the FFIEC Manual to clarify the four pillars
analysis for determining violations of the BSA.
22          CALIFORNIA PACIFIC BANK V. FDIC

       2. The Four Pillars

    The Bank next argues that the FDIC Board’s
determination that the Bank failed to comply with each of
the BSA’s four pillars—internal controls, independent
testing, administration, and training—is not supported by
substantial evidence.

           a. Internal Controls

    The first pillar of BSA compliance requires that banks
“[p]rovide for a system of internal controls to assure ongoing
compliance.” 12 C.F.R. § 326.8(c)(1). The FFIEC Manual
advises that “[t]he level of sophistication of the internal
controls should be commensurate with the size, structure,
risks, and complexity of the bank.” The FFIEC Manual
provides that banks are required to maintain controls that
identify vulnerabilities and monitor the bank’s risk profile.

    The FDIC Board adopted the ALJ’s findings that the
Bank failed to conduct and document adequate customer due
diligence, to identify certain customers as high risk, to
conduct adequate site visits, and to sufficiently monitor
accounts for suspicious activity. The Bank argues that the
FDIC Board’s decision is not supported by substantial
evidence. The Bank asserts that its deposit and loan
documentation, as well as its review of daily batch reports,
demonstrate that it adequately evaluated and monitored its
depositors. The Bank also argues that its site visits were
sufficiently documented in its loan files and that the 2010
ROE recommendations were either complied with or were
unnecessary.

   Although Rawlins deemed the Bank’s overall
compliance satisfactory in her 2010 ROE, she identified
several areas that “must be corrected.” In the event a bank
            CALIFORNIA PACIFIC BANK V. FDIC                23

“has failed to correct any problem” with BSA compliance
that was previously brought to its attention, the FDIC shall
issue a cease and desist order against the bank. 12 U.S.C.
§ 1818(s)(3)(B) (emphasis added).

     The FDIC Board found that the Bank failed to
adequately collect, document, and update BSA-relevant
information about its depositors, as shown by the lack of
information in the Bank’s deposit account files. During her
2012 examination, Rawlins reviewed twenty-four deposit
accounts.      Although eight were adequate, Rawlins
determined that the information contained within the
remaining sixteen was incomplete, with account activity
significantly higher than expected. The Bank argues that
Rawlins failed to consider the Bank’s loan files, which it
asserts provided the information that was absent from the
twenty-four accounts reviewed by Rawlins. Rawlins
focused on the Bank’s deposit files, not its loan files, since
suspicious account activity was more likely to be found in
the deposit files. Loan files, by contrast, generally focus on
a customer’s creditworthiness rather than on the sources of
funds deposited into a bank. The Bank’s BSA Policy
Manual also provided that deposit accounts should be the
locus of risk assessment and that depositors’ loan files would
be copied into the Bank’s deposit account files. The FDIC’s
Board’s finding that the Bank did not sufficiently document
its depositors is supported by substantial evidence.

    The FDIC Board also found that the Bank failed to
adequately monitor depositors’ activity. Regarding the
monitoring requirement, the FFIEC Manual provides that
review of customer accounts can involve either daily reports
or reports covering a period of time. However, this choice
bears the caveat that “[t]he type and frequency of reviews
and resulting reports used should be commensurate with the
24            CALIFORNIA PACIFIC BANK V. FDIC

bank’s BSA/AML risk profile and appropriately cover its
higher-risk products, services, customers, entities, and
geographic locations.” The 2010 ROE determined that for
certain customers the Bank needed to monitor and analyze
aggregate activity over three months or more to establish a
pattern of activity, rather than rely on daily reports to
monitor those customers. The Bank, however, persisted
with daily batch reviews of account activity. The FDIC
Board’s finding that, by failing to monitor long-term
activity, the Bank contravened the 2010 ROE is supported
by substantial evidence.

    The FDIC Board also found that the Bank failed to
properly risk-rate its depositors’ accounts. The 2010 ROE
directed that the Bank designate new customers with high
levels of activity as high risk for at least six months and to
increase the risk rating for the customer base overall to
medium or high risk. Rawlins determined that the Bank’s
customer base, lack of internal controls, deficient BSA
program, and geographic location demonstrated an overall
high risk for the Bank. 5 Following her 2010 review, Rawlins
made clear to Richard Chi and Vivaldo the need for a higher
risk assessment, which was tailored to “a bank of their size
and their complexity with their risk profile.”

    After assuming the role of BSA Officer in 2011, Alan
Chi revised the Bank’s new customer deposit account risk
assessment form. Vivaldo advised Alan Chi that the revised
risk ratings failed to identify high risk accounts. Alan Chi

    5
      This assessment correlated with Part I of the Bank’s BSA Policy
Manual, which noted that the “Bank’s Inherent Risk Assessment of
BSA/AML is HIGH because the Bank is in both a High Intensity Drug
Trafficking Area and a High Intensity Financial Crime Area.” Vivaldo’s
Fourth Quarter 2011 Report also described the Bank’s risk as “inherently
High.”
            CALIFORNIA PACIFIC BANK V. FDIC                  25

amended the risk assessment form in light of Vivaldo’s
criticisms.    However, instead of using the FDIC’s
recommended scoring tiers, he merely altered the
circumstances under which customer risk would be
downgraded. Alan Chi also revised the risk assessment form
the Bank used to assess its own risk, which resulted in a
“low” risk rating for the Bank and drew further criticism
from Vivaldo. The ALJ found no evidence, nor does the
record indicate, that Alan Chi followed through on Vivaldo’s
guidance. The FDIC Board’s finding that the Bank’s risk
assessment practices did not accord with the 2010 ROE is
supported by substantial evidence.

    The FDIC Board also found that the Bank failed to
document BSA site visits to its customers. The Bank argues
that it did conduct site visits, and that documentation relating
to the visits was included in its loan files. However, Vivaldo
testified that not all of the site visits were documented in the
loan files, and Alan Chi testified that he kept BSA
assessments “in [his] head.” Rawlins considered the Bank’s
loan site visits inadequate, reasoning that they focused more
on credit risk than cash activity. The ALJ found that the
Bank’s loan documentation revealed just four site visits,
only one of which occurred after Alan Chi became the
Bank’s BSA Officer—a visit that was prompted by a loan
application and not a newly opened deposit account. The
FDIC Board’s finding that the site visits did not reflect
adequate monitoring is supported by substantial evidence.

    The Bank’s failure to correct problems with its internal
controls that were previously brought to its attention in the
2010 ROE, on its own, required the FDIC to issue a cease
and desist order against the Bank.               12 U.S.C.
§ 1818(s)(3)(B). As repeatedly noted, the Bank’s failure to
address corrective measures from the 2010 ROE is a material
26            CALIFORNIA PACIFIC BANK V. FDIC

factor in reaching the substantial evidence threshold. De La
Fuente, 332 F.3d at 1220 (“Substantial evidence . . . is such
relevant evidence as a reasonable mind might accept as
adequate to support a conclusion.”). The FDIC Board’s
determination that the Bank did not maintain adequate
internal controls, and thus, did not comply with the BSA, is
supported by substantial evidence. 6

             b. Independent Testing

    The second pillar of compliance requires that banks
“[p]rovide for independent testing for compliance to be
conducted by bank personnel or by an outside party.” 12
C.F.R. § 326.8(c)(2). The FFIEC Manual provides that
“independent testing” includes, at a minimum, providing
sufficient information to allow a reviewer “to reach a
conclusion about the overall quality of the BSA/AML
compliance program.” The FFIEC Manual further provides
that an auditor “must not be involved in any part of the
bank’s BSA/AML compliance program.” The FDIC Board
adopted the ALJ’s findings that Vivaldo’s 2012 Quarterly
Report was deficient and that the Bank’s independent testing
was inadequate. The Bank argues that this decision is not
supported by substantial evidence.

    The Bank argues that the examiners failed to consider
Vivaldo’s Fourth Quarter 2011 Report, which it asserts
concluded that the Bank’s performance was satisfactory. At
the ALJ hearing, however, Vivaldo conceded that, while the
Fourth Quarter 2011 Report described certain components
of the Bank’s BSA program as “satisfactory,” the report


     6
        The FDIC Board’s SAR determination overlaps with the first
pillar, but it also falls under an FDIC regulation distinct from the four
pillars. It is therefore addressed separately. See infra Part III.B.3.
              CALIFORNIA PACIFIC BANK V. FDIC                       27

lacked an explicit conclusion with respect to the BSA
program as a whole.

    Moreover, despite Rawlins’ request for copies of any
audits completed since the 2010 ROE, the Bank provided
Rawlins with only one audit report prepared by Vivaldo
covering the first two quarters of 2012. 7 Rawlins found
Vivaldo’s review inadequate, as it lacked an overall
assessment and failed to identify the deficiencies that had
been identified by the FDIC examiners. For example,
Vivaldo did not assess Alan Chi’s qualifications or review
the Bank Board’s decision-making in appointing Alan Chi
as the Bank’s BSA Officer. Although Vivaldo noted the
Bank’s review of daily batch reports, she did not assess
whether this was adequate for monitoring risk. Similarly,
while Vivaldo observed that the Bank’s staff attended a
webinar, she did not assess whether this was adequate
training. The FDIC Board’s finding that Vivaldo’s 2012
report was inadequate is supported by substantial evidence.

    Although the FDIC Board primarily based its finding
that the Bank’s independent testing was inadequate on
Vivaldo’s 2012 report, the record further suggests that
Vivaldo had a conflict of interest. Vivaldo’s testimony at the
ALJ hearing contradicted her 2011 criticism of Alan Chi’s
revised risk rating methodology. As noted, in 2011, Vivaldo
told Alan Chi that his revised ratings were inadequate and
flagged concerns with respect to several customers whose
risk scores were underrated. At the ALJ hearing, on the other
hand, Vivaldo testified that Alan Chi’s revised risk
assessment form was “not a bad form at all” and that she
thought “they had a very good handle on the activity of their

    7
     The Bank concedes that it brought up the Fourth Quarter 2011
Report for the first time at the exit meeting for the 2012 examination.
28            CALIFORNIA PACIFIC BANK V. FDIC

portfolio by virtue of various monitorings they do.” In
addition to contradicting her contemporaneous criticisms,
Vivaldo’s role with the Bank was described as “consultant,”
and she wrote and updated the Bank’s BSA Policy Manual.
Vivaldo’s close involvement with the Bank and its BSA
compliance program contravened the FFIEC Manual’s
guidance on independent testing.

    The FDIC Board’s decision that Vivaldo did not perform
independent testing as required by the BSA is supported by
substantial evidence. 8

             c. Administration

    The third pillar of compliance requires that banks
“[d]esignate an individual or individuals responsible for
coordinating and monitoring day-to-day compliance.” 12
C.F.R. § 326.8(c)(3). The FFIEC Manual provides,


     8
       The Bank advances several additional arguments that merit only
brief discussion. The Bank argues that because Vivaldo had extensive
experience and had not been criticized previously by the FDIC, her
auditing was satisfactory. But a record of successful examinations alone
is not sufficient to overcome the substantial evidence that supports the
FDIC Board’s decision. Moreover, the FDIC was not estopped from
citing inadequate independent testing in 2012 simply because it did not
raise that issue in the 2010 ROE. See De La Fuente, 332 F.3d at 1220.
The Bank argues that the examiners’ assessment of Vivaldo was based
on guidance in the FFIEC Manual, which has no legal effect. This
argument is mooted by our conclusion that the FDIC Board acted in
accordance with the law in relying on the FFIEC Manual as an
interpretive authority on the FDIC’s four pillars regulation. Finally, the
Bank argues that Rawlins was not a credible expert under Federal Rule
of Evidence 702, because she, unlike Vivaldo, failed to consider relevant
facts in the form of the Bank’s loan files. Contrary to this argument, the
record indicates that Rawlins did consider the loan files, but refused to
accord them any weight in her examination.
               CALIFORNIA PACIFIC BANK V. FDIC                         29

         The BSA compliance officer should be fully
         knowledgeable of the BSA and all related
         regulations. The BSA compliance officer
         should also understand the bank’s products,
         services, customers, entities, and geographic
         locations, and the potential money laundering
         and terrorist financing risks associated with
         those activities. The appointment of a BSA
         compliance officer is not sufficient to meet
         the regulatory requirement if that person does
         not have the expertise, authority, or time to
         satisfactorily complete the job.

The FDIC Board adopted the ALJ’s finding that Alan Chi
lacked the experience, training, and time to adequately
perform as BSA Officer. The Bank argues that this decision
was not supported by substantial evidence, asserting that
Alan Chi was qualified based on his experience serving in
multiple roles at the Bank, his on-the-job training, and his
prior interactions with the FDIC. The Bank further argues
that Alan Chi’s due diligence adhered to the 2010 ROE. 9

    Alan Chi acknowledged that until taking over as BSA
Officer in the summer of 2011, he had received no training
in BSA compliance. Alan Chi was appointed without the
Bank recruiting or interviewing anyone else, nor did the

    9
       The Bank argues that Alan Chi should be subject to a lesser
standard of qualification for the role of BSA Officer, given the Bank’s
smaller size. This argument is unavailing. The FFIEC Manual provides
that compliance should be tailored to both a Bank’s size and risk profile.
The Bank’s customer base reflects a high risk profile. “[A]ll institutions,
regardless of size, must operate in a safe and sound manner.” First Bank
of Jacksonville, No. FDIC-96-155b, 1998 WL 363852, at *13 (May 26,
1998), aff’d mem., First Bank of Jacksonville v. FDIC, 180 F.3d 269
(11th Cir. 1999) (unpublished table decision).
30            CALIFORNIA PACIFIC BANK V. FDIC

Bank interview Alan Chi before hiring him as its BSA
Officer. Furthermore, the extent of Alan Chi’s training for
the role included only his attending several Independent
Community Bankers of America courses and a webinar.
Interactions with the FDIC and review of FDIC reports
provided him with some additional on-the-job training. The
FDIC Board’s findings that Alan Chi was an underqualified
candidate, and that his “on-the-job” training did not equip
him with the expertise the FFIEC Manual advises a BSA
Officer have before assuming the role, is supported by
substantial evidence.

    In addition to serving as BSA Officer, Alan Chi held five
other senior roles at the Bank. Rawlins testified that “not
even the most experienced BSA officer would be able to
have the time to run an adequate BSA program given this
many other duties at the institution.”10 Rawlins further
concluded that Alan Chi’s overlapping loan approval and
BSA compliance roles created a conflict of interest, with
Alan Chi potentially unwilling to objectively risk-rate
longstanding customers. 11 Alan Chi admitted that he
considered his BSA Officer and Senior Credit Officer roles
“an aggregate,” and as noted, Alan Chi’s revised risk
assessment methodology contravened the 2010 ROE. The
FDIC Board’s finding that Alan Chi lacked the requisite time



     10
       The FFIEC Manual also recommends that banks “[p]rovide for
dual controls and the segregation of duties to the extent possible.”
     11
        The Bank argues that Alan Chi’s long-term investment in the
Bank, a family business, provided sufficient disincentive to loan money
to anyone potentially involved in illegal activity. The FDIC Board’s
rejection of this line of reasoning, which was based on the fact that Alan
Chi was a longstanding credit officer with customer relationships to
maintain, and thereby conflicted, is supported by substantial evidence.
            CALIFORNIA PACIFIC BANK V. FDIC                 31

and independence befitting of an adequate BSA Officer is
supported by substantial evidence.

    The FDIC Board’s decision that Alan Chi was an
inadequate BSA Officer, and thus, the Bank did not comply
with the BSA, is supported by substantial evidence.

           d. Training

    The fourth pillar of compliance requires that banks
“[p]rovide training for appropriate personnel.” 12 C.F.R.
§ 326.8(c)(4). The FFIEC Manual advises,

       Training      should      include    regulatory
       requirements and the bank’s internal
       BSA/AML policies, procedures, and
       processes. . . . The training should be tailored
       to the person’s specific responsibilities. . . .
       The BSA compliance officer should receive
       periodic training that is relevant and
       appropriate given changes to regulatory
       requirements as well as the activities and
       overall BSA/AML risk profile of the bank.

The 2010 ROE advised the Bank to test employees’
knowledge and document director training. The FDIC
adopted the ALJ’s findings that the Bank’s training was not
targeted to each employee’s role and was generally
inadequate. The Bank argues that this decision is not
supported by substantial evidence and asserts that its training
materials, including quizzes and presentations, were
satisfactory.

    To carry out the FDIC’s recommendation on training,
Alan Chi offered presentations on customer identification,
currency transaction reporting, anti-money-laundering,
32             CALIFORNIA PACIFIC BANK V. FDIC

identity theft, and unlawful internet gambling. He also
provided the Bank’s employees with copies of the Bank’s
BSA Policy Manual. Alan Chi expected employees to read
the manual and perform satisfactorily on the quizzes.
Rawlins found that requiring employees to attend a webinar
provided only rudimentary BSA training. Although quizzes
were administered, the record contains no evidence
suggesting that training materials were tailored to specific
job functions at the Bank. 12 Rawlins also found that given
Alan Chi’s lack of experience, he was unqualified to serve
as the sole person responsible for BSA training.

    The FDIC Board’s decision that the Bank’s inadequate
training did not comply with the BSA is supported by
substantial evidence.

         3. Suspicious Activity Reporting

    The FDIC Board affirmed the ALJ’s finding that the
Bank failed to file a SAR where one was needed and to
document its decision on whether or not to file a SAR. The
Bank argues that this decision is not supported by substantial
evidence. The Bank argues that it could not have been
obligated to file a SAR because the FBI and DOJ told the
Bank not to disclose any aspect of an ongoing federal
criminal investigation. The Bank further contends that the
examiners manufactured a new justification for filing a SAR
months after the 2012 examination was complete.


     12
        The Bank argues that it did not need to tailor training to individual
employees because personnel responsibilities frequently overlap at a
smaller bank. The Bank acknowledges, however, that staff performed
different tasks at the Bank, and the FFIEC Manual advises that training
should be tailored to specific responsibilities. The Bank could have, but
did not, conduct both group and role-based BSA compliance training.
            CALIFORNIA PACIFIC BANK V. FDIC                 33

    Pursuant to 12 C.F.R. § 353.1, an insured state
nonmember bank must file a SAR whenever it suspects “a
known or suspected criminal violation of federal law or a
suspicious transaction related to a money laundering activity
or a violation of the Bank Secrecy Act.” For transactions of
$5000 or more that involve potential money laundering or
BSA violations, a SAR must be filed with the appropriate
federal law enforcement agencies and the Financial Crimes
Enforcement Network, where “[t]he transaction involves
funds derived from illegal activities or is intended or
conducted in order to hide or disguise funds or assets derived
from illegal activities” or “[t]he transaction has no business
or apparent lawful purpose or is not the sort of transaction in
which the particular customer would normally be expected
to engage, and the bank knows of no reasonable explanation
for the transaction.” Id. § 353.3(a)(4)(i) and (iii). The
FFIEC Manual advises banks to review account activity for
any customer for whom the bank receives a subpoena and to
independently evaluate the need to file a SAR based on the
bank’s review of those materials. The FFIEC Manual
discourages banks from referencing receipt or existence of a
grand jury subpoena in the SAR and states that the SAR
should only reference any underlying facts supporting the
determination that the transaction at issue in the SAR is
suspicious.

    During 2011 and 2012, the Bank received grand jury
subpoenas seeking documentation and other information
regarding certain customer transactions. These customers
were part of an FBI investigation into international
espionage and misappropriation of trade secrets. The FBI
executed a search warrant on the Bank and interviewed Alan
Chi and other Bank employees regarding these accounts. In
early 2012, some of these customers were indicted for
economic espionage and theft of trade secrets.
34          CALIFORNIA PACIFIC BANK V. FDIC

     It is undisputed that the Bank did not file a SAR or
document its decision not to file a SAR. The only issue is
whether the Bank’s non-action was excused. The FDIC
Board found that the Bank was not legally precluded from
filing a SAR. On August 10, 2011, the DOJ sent the Bank a
letter, directing the Bank to maintain the utmost secrecy with
regard to the federal grand jury subpoena. Alan Chi
interpreted this to mean that he could not disclose any aspect
of the FBI investigation—including providing notice to
regulators of customer activity in a SAR, even if that SAR
did not include any mention of the FBI investigation. But
this interpretation was erroneous. The Federal grand jury
subpoena letter advised that “you and employees of
California Pacific Bank [are required to] maintain the utmost
secrecy with regard to this Federal grand jury subpoena.” In
recounting his conversation with an FBI agent, when Alan
Chi asked if he could file a SAR, he recalled the agent
saying, “Don’t mention anything about the subpoena . . . just
don’t mention the subpoena.” The FFIEC Manual explicitly
contemplates the filing of SARs for customer activity that is
also subject to law enforcement investigations and
subpoenas, which suggests that investigations and
subpoenas should often prompt filing SARs. The Bank’s
BSA Policy Manual reflected this guidance as well. Nothing
prevented the Bank from filing a SAR that only referenced
the suspicious activity at a general level without mentioning
receipt of the subpoenas. The FDIC Board’s finding that the
Bank was able to file a SAR is supported by substantial
evidence.

    Rawlins’ draft 2012 ROE concluded that the Bank
should have filed a SAR pursuant to 12 C.F.R.
§ 353.3(a)(4)(i) after learning of the indictments. Edmund
Wong, Rawlins’ immediate supervisor, initially disagreed,
and concluded after conducting a second-level review of the
            CALIFORNIA PACIFIC BANK V. FDIC               35

ROE that an indictment alone was insufficient to support
filing a SAR.       However, upon receiving additional
information on the accounts, Wong determined that the Bank
should have filed a SAR. Wong detected several red flags,
including “large dollar” and “round dollar” amounts that
were much larger than the anticipated activity in the
accounts, large wire transfers, and transactions that lacked
any information on source of income, purpose of account, or
expected activity—all of which he deemed evidence of a
“layering scheme.” The FDIC Board’s findings that the
filing of a SAR was warranted and that the examiners did not
manufacture a justification for filing a SAR are supported by
substantial evidence.

    The FDIC Board’s decision that, in failing both to file a
SAR and to document its decision not to file a SAR, the Bank
violated 12 C.F.R. § 353 and did not comply with the BSA
is supported by substantial evidence.

                     IV. CONCLUSION

     We hold that the BSA and its implementing regulations
are not unconstitutionally vague, and the FDIC did not
exhibit unconstitutional bias against the Bank. We further
hold that the FDIC acted in accordance with the law by
relying on the FFIEC Manual to clarify its four pillars
regulation. The FDIC Board’s decisions that the Bank failed
to comply with the four pillars and that the Bank failed to
file a SAR where one was needed, and thus, that the Bank
did not comply with the BSA, are supported by substantial
evidence. Accordingly, the Bank’s petition for review is
denied.

   DENIED.
