In the past year, a number of major financial institutions have
been hit not just once, but twice by federal and state regulators
for follow-on regulatory violations, including financial sanctions
issues. Other institutions have suffered record breaking fines for
Foreign Corrupt Practices Act (FCPA) and economic sanctions
violations. In this environment, the Superintendent of the New York
Department of Financial Services (DFS) Benjamin Lawsky announced
just last week that his agency is about to propose a requirement
that senior banking executives personally "sign off" on
the "adequacy and robustness" of the anti-money
laundering (AML) compliance programs that their firms use to spot
suspicious customer financial transactions. This requirement would
represent a major escalation of pressure on firms to prevent the
types of serious financial crimes and abuses that have recently
received significant attention.
The DFS proposal arises after a string of recent breaches that have
included cases against chief compliance officers and actions
against major institutions as repeat offenders. Just a few months
ago, for example, the U.S. Department of Justice (DOJ) fined
MoneyGram's chief compliance officer $1 million for failing to
maintain adequate controls and address significant money laundering
activity that occurred on the officer's watch. Further, last
summer, Britain's Standard Charter PLC was hit with a second
$300 million penalty after it allegedly failed to meet the
requirements set in an earlier agreement that included a $340
million penalty for failing to adhere to Iran sanctions. Similarly,
last fall, Bank of Tokyo-Mitsubishi received a $315 million penalty
on top of a previous $250 million fine by DFS for allegedly
misleading regulators about its transactions with Iran, Sudan and
other countries placed under U.S. sanctions. And these amounts,
while very large, pale in comparison to the landmark case of a
financial institution in France, which paid nearly $8.9 billion to
settle charges that it willfully continued to do business with
countries and entities on U.S. Sanctions Lists, including Iran,
Sudan and Cuba. It was the largest sanctions fine in U.S. history,
more than four times larger than the next highest penalty.
In December 2012, HSBC paid nearly $1.3 billion as part of a
deferred prosecution agreement, as well as $665 million in civil
penalties after the institution was accused of conducting
transactions on behalf of customers in Cuba, Iran, Libya, Sudan and
Burma, all of which were, at the time, on U.S. Sanctions Lists.
U.S. federal authorities claimed that HSBC helped launder $880
million in drug proceeds through the U.S. financial system. Also in
2012, ING was assessed with a $619 million penalty for moving $2
billion on behalf of Cuban and Iranian entities.
Still other prominent institutions have paid large fines, in
earlier periods. In December 2009, Credit Suisse paid $536 million
for customer transactions from Iran and Sudan. Law enforcement
authorities claimed that Credit Suisse trained Iranian clients to
falsify wire transfer orders so the messages would not be picked up
by U.S. financial institution filters. Following resolution of this
issue, Credit Suisse agreed to pay another $2.6 billion over tax
fraud charges. Similarly, in January 2009, Lloyd's was charged
with a $350 million fine related to transactions with Iranian
customers. U.S. officials asserted that the transactions allowed
for more than $350 million to be processed by U.S. correspondent
banks that otherwise would have been rejected. In August 2010,
Barclays paid $298 million for stripping wire transfer records of
references to sanctioned countries in order to pass filters.
More recently, the fines and penalties have reached beyond U.S.
federal and state government action. Indeed, just last month, a $67
million civil judgment against a Canadian-based bank was upheld on
appeal. The case was brought by shareholders alleging that the bank
allowed proceeds of money laundering to flow through client
accounts. Now, it appears that HSBC is heading towards a possible
second penalty assessment by the Swiss, after Swiss authorities
raided HSBC's offices in Geneva, Switzerland a few weeks
ago.
In addition to these high profile sanctions issues, other
regulators also have been aggressive in pursuing financial
institutions for other financial regulatory transgressions. In
2014, the Financial Industry Regulatory Authority (FINRA) imposed
$134 million in sanctions for industry rules violations, including
against some major financial institutions. These included
substantial fines against several individual institutions, such as
Brown Brothers Harriman, which received an $8 million fine for AML
rules violations over its alleged failure to detect and investigate
suspicious penny stock transactions, and a larger $43.5 million
settlement with ten investment banks over their alleged promise to
provide research tips in exchange for a portion of the
Toys"R"Us initial public offering.
Notwithstanding the penalties already imposed, money laundering in
particular remains challenging for institutions to address and
prevent, given the myriad of obligations imposed through the
Financial Recordkeeping and Reporting Currency and Foreign
Transactions Act, the Bank Secrecy Act of 1970 (BSA), the Money
Laundering Control Act of 1986 (MLCA), and the Patriot Act of 2001,
enacted in the wake of the September 11 attacks, which strengthened
the provisions of both the BSA and the MCLA.
These and other laws, rules and regulations already, among many
other things, require financial institutions to establish
sufficient AML programs; compel the Treasury to adopt regulations
requiring financial institutions to establish customer
identification programs; and allow the Treasury to institute
special measures for financial institutions, foreign jurisdictions
and "primary money laundering concerns." These
requirements mean that financial institutions must keep abreast of
the latest laundering techniques, vehicles and methods.
Mr. Lawsky's proposal will add more requirements for financial
institutions and another significant hurdle for bank executives to
meet. One significant difference in the proposal is that it will
seek to hold executives personally liable in the event
further major breaches come to light. It is now axiomatic that a
financial institution adopt, employ and enforce a sophisticated and
timely AML program as part of a sound sanctions compliance program.
Institutions that engage in foreign acquisitions and mergers must
also undertake stringent FCPA due diligence efforts.
The penalty leveled by the Securities And Exchange Commission (SEC)
against Goodyear Tire & Rubber Company, although not a
financial institution, illustrates the risks a company runs when it
acquires subsidiaries or merges with companies in developing
regions. The issue Goodyear faced, its subsidiaries in Kenya and
Angola paying bribes to government officials to obtain lucrative
contracts, is not confined to these locations or unique to
Goodyear. Many companies have faced significant FCPA penalties for
the acts and transgressions of subsidiaries and agents, including
Avon, Alcoa, Hewlett-Packard, and Alstom. Financial institutions
that seek to acquire foreign assets face similar risks and must
take similar preventive and due diligence efforts.
In addition, other recent pronouncements by senior U.S. Department
of Justice, SEC and UK officials clearly also reflect the need for
institutions to adopt advanced, sound and comprehensive compliance
and due diligence programs that are routinely tested and upgraded.
Even if not completely successful, it is clear that a good faith
and meaningful effort will substantially reduce any penalty that
might be assessed in the event a violation does occur. Training key
staff, especially in offices abroad and in merger or acquisition
targets, is essential. Many of the significant violations can be
traced to individuals in subsidiaries that were not aware of the
rules and regulations or the potential gravity of the penalties.
Now, DFS's proposal will likely require that added efforts be
applied. Notably, in a speech last week at Columbia Law School, Mr.
Lawsky said that his office is looking to increase its use of
random audits of the automatic transaction monitoring and filtering
systems at the thousands of firms it regulates.
In light of these comments, as well as the increased scrutiny from
other regulatory bodies, it is time for institutions to re-examine
the quality of their programs and ensure, among other things, not
only that their AML and compliance systems are state of the art,
but also that their key personnel understand the importance of AML
compliance. Now, it is also personal.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.