Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators. Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action

The Treasury Inspector General for Tax Administration, or TIGTA, issued last month a Report, entitled The Internal Revenue Service’s Bank Secrecy Act Program Has Minimal Impact on Compliance, which sets forth a decidedly dim view of the utility and effectiveness of the current Bank Secrecy Act (“BSA”) compliance efforts by the Internal Revenue Service (“IRS”).  The primary conclusions of the detailed Report are that (i) referrals by the IRS to the Financial Crimes Enforcement Network (“FinCEN”) for potential Title 31 penalty cases suffer lengthy delays and have little impact on BSA compliance; (ii) the IRS BSA Program spent approximately $97 million to assess approximately $39 million in penalties for Fiscal Years (FYs) 2014 to 2016; and (iii) although referrals regarding BSA violations were made to IRS Criminal Investigation (“IRS CI”), most investigations were declined and very few ultimately were accepted by the Department of Justice for prosecution.

Arguably, the most striking claim by the Report is that “Title 31 compliance reviews [by the IRS] have minimal impact on Bank Secrecy Act compliance because negligent violation penalties are not assessed.”

A primary take-away from the Report is that an examination program lacking actual enforcement power is, unsurprisingly, not very effective.  The Report also highlights some potential problems which beset the IRS BSA Program, which include lack of staffing, lack of planning and coordination, and delay. Although the Report’s findings clearly suggest that what the IRS BSA Program really needs are resources and enhanced enforcement power, the repeated allusions in the Report to a certain purposelessness of the current BSA examination regime nonetheless might help fuel the current debate regarding possible AML/BSA reform, with an eye towards curbing regulatory burden.

The Report made five specific recommendations to the IRS for remedial steps. We will focus on four of those recommendations, and the findings upon which they rest:

  • Coordinate with FINCEN on the authority to assert Title 31 penalties, or reprioritize BSA Program resources to more productive work;
  • Leverage the BSA Program’s Title 31 authority and annual examination planning in the development of the IRS’s virtual currency strategy;
  • Evaluate the effectiveness of the newly implemented review procedures for FinCEN referrals; and
  • Improve the process for referrals to IRS CI.

Continue Reading U.S. Treasury Report: IRS BSA Program “Has Minimal Impact on Compliance”

Conduct Performed Without Knowledge Still Can Lead to the Most Serious Penalties

Under the Bank Secrecy Act (“BSA”), the most onerous civil penalties will be applied for “willful” violations. That mental state standard might sound hard for the government to prove.  For example, in criminal and civil tax fraud cases under the Internal Revenue Code, “willfulness” is defined to mean a voluntary and intentional violation of a known legal duty – a very demanding showing. But as we will discuss, two very new court opinions discussing a required BSA filing – a Form TD F 90-22.1, or Report of Foreign Bank and Financial Accounts, otherwise know as a FBAR – remind us that, under the BSA, a “willful” violation does not require proof of actual knowledge. A “willful” BSA violation only needs to be reckless, and the government can prove it through the doctrine of “willful blindness” or “conscious avoidance.”

The fact that courts in civil FBAR cases have been holding that “willfulness” can mean “just recklessness” is not a new development, and it is well known to those practicing in the tax fraud and tax controversy space. This blog post will not attempt to delve into the long-running offshore account enforcement campaign that has been waged by the IRS and the DOJ; the related case decisions; or the related voluntary disclosure programs for offshore accounts (for those interested in this fascinating but complicated topic, the Federal Tax Crimes blog is one of many excellent resources). Rather, the point of this post is that the case law now being made in the FBAR and offshore account context will have direct application to more traditional Anti-Money Laundering (“AML”)/BSA enforcement actions, because the civil penalty statute being interpreted in the FBAR cases is the same provision which applies to claimed failures to maintain an adequate AML program and other violations of the BSA.  Thus, the target audience of this post is not people involved in undisclosed offshore bank account cases, but rather people involved in day-to-day AML compliance for financial institutions, who may not realize that some missteps may be branded as “willful” and entail very serious monetary penalties, even if they were done without actual knowledge.  This may be news to some, and it underscores in particular the risks presented by one the topics that this blog frequently has discussed: the potential AML liability of individuals. Continue Reading The BSA Civil Penalty Regime: Reckless Conduct Can Produce “Willful” Penalties

Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance

Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months.  The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.

A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties.  The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems.  Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.”  After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed.  The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016.  Settlement followed, resulting in sanctions and the FCA’s published final notice.

These three visits from the FCA generated a laundry list of Canara’s AML shortcomings.  This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists. Continue Reading Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures

Commonwealth Bank of Australia (“CBA”), the largest bank in Australia, has agreed to a proposed civil settlement — subject to court approval — of historic proportions, involving a fine of approximately $700 million Australian dollars (roughly equivalent to $530 million U.S. dollars) regarding numerous alleged Anti-Money Laundering (“AML”) and Counter Terrorism Financing (“CTF”) violations.  The settlement is with the Australian Transaction Reports and Analysis Center (“AUSTRAC”) – a government financial intelligence agency whose counterpart in the U.S. would be the Financial Crimes Enforcement Network (“FinCEN”) — and represents the largest such enforcement action in the history of Australia.  Under the settlement, AUSTRAC also will recoup its legal costs of $2.5 million Australian dollars.

As we have blogged, AUSTRAC filed on August 3, 2017 a claim seeking civil monetary penalties against CBA for over 53,000 alleged violations of Australia’s AML/CTF law.  Although the case involves several types of alleged AML violations, it fundamentally rests on the bank’s use of so-called intelligent deposit machines (“IDMs”), a type of ATM which allowed customers to anonymously deposit and transfer cash.  Unfortunately, and perhaps not surprisingly, the IDMs also became an alleged favored conduit for money laundering by criminals involved in drug trafficking and illegal firearms. Continue Reading Australia’s Largest Bank Agrees to Historic AML Penalty

FinCEN announced on May 3, 2018 that Artichoke Joe’s, a card club and casino located in San Bruno, California and founded in 1916, has entered into a revised civil money penalty assessment regarding alleged deficiencies under the Bank Secrecy Act (“BSA”).  The most interesting aspect of this revised assessment is that it allows the casino to reduce its original $8 million penalty by $3 million if it successfully completes certain compliance undertakings.

No press release has been issued to date by FinCEN regarding this revised assessment, so its specific genesis is unclear.  Nonetheless, the revised assessment illustrates that financial institutions facing Anti-Money Laundering (“AML”)/BSA enforcement actions might be able to mitigate the financial consequences — not only when negotiating the initial penalty assessment, but even after it has been imposed — by undertaking steps towards enhanced compliance and monitoring.  It is also unclear whether the onerous nature of the original assessment, when compared to the available financial resources of the assessed institution, may have played a role in the revision. Continue Reading FinCEN Extends $3 Million Carrot to Card Club and Casino: Reduce Assessed Civil Penalty by Completing Compliance Undertakings

And a Tale of Four Countries: Singapore Fines a U.K. Bank, and the U.S. Imposes a Consent Order on a Chinese Bank

Less than a week apart, two major financial institutions (“FIs”) have been hit with penalties for failing to implement adequate anti-money laundering (“AML”) protections. But the penalties imposed by the involved regulators are different.  In this post, we report on the enforcement actions recently lodged against Standard Chartered PLC and the Industrial & Commercial Bank of China Ltd. by the Monetary Authority of Singapore and the United States Federal Reserve, respectively.  We also consider the approaches of these two regulators to the banks and the differing outcomes of the enforcement actions.

Continue Reading A Tale of Two Enforcement Actions

The Office of Foreign Assets Control (“OFAC”) wrapped up 2017 by issuing a series of high-profile designations generally prohibiting U.S. persons from conducting financial or other transactions with the identified individuals and entities, and freezing any assets which these individuals and entities may have under U.S. jurisdiction. Specifically, OFAC, acting in conjunction with a new Executive Order issued by the President pursuant to the Global Magnitsky Human Rights Accountability Act (“Magnitsky Act”), sanctioned on December 21 a list of alleged international bad actors, including Dan Gertler, a billionaire and international businessman from Israel who has been involved in, among other notorious ventures, alleged corruption in the mining of diamonds and copper in the Democratic Republic of the Congo. The next day, OFAC then sanctioned individuals and entities allegedly associated with Thieves-in-Law, an alleged and unapologetically-named Eurasian criminal entity; according to the U.S. government, Thieves-in-Law originated in Stalinist prison camps and has grown over time into a “vast criminal organization” stretching across the globe and into the United States. Continue Reading OFAC Designates Diamond Mining Billionaire, “Thieves in Law,” and Many Other International Targets as Subject to U.S. Sanctions and Asset Freezes

FinCEN recentlty announced entry of a $2 million assessment against Lone Star National Bank, a private bank operating out of Texas, for the bank’s allegedly willful violations of the Bank Secrecy Act (“BSA”) and inadequate Anti-Money Laundering (“AML”) monitoring programs.  The primary violations relate to Lone Star’s alleged failure to comply with due diligence requirements imposed by Section 312 of the USA PATRIOT Act in establishing and conducting its correspondent banking relationship with a Mexican bank.  As a result of Lone Star’s insufficient due diligence and AML program, the Mexican bank was “allowed to move hundreds of millions of U.S. dollars in suspicious cash shipments through the U.S. financial system in less than two years.”  The FinCEN’s announcement warns that this “action underscores the dangers that institutions face when taking on international correspondence activities without properly equipping themselves” to manage the enhanced obligations that arise with such relationships.

This new FinCEN assessment underscores the continued regulatory interest in the AML risks presented by correspondent banking relationships. We therefore first will provide a brief overview of correspondent banking relationships and the enhanced regulatory attention often paid to them. Armed with this context, we then will analyze the findings and lessons learned from the Lone Star assessment, including the value touted by FinCEN of Lone Star’s efforts to cooperate with its own investigation. Further, this new assessment suggests that the U.S. government does not always present a consistent voice regarding correspondent banking relationships: although the U.S. Treasury has tried to encourage financial institutions in general to not “de-risk” and thereby terminate correspondent banking relationships, we see that enforcement agencies continue to penalize institutions in individual cases for not mitigating sufficiently the risks of correspondent banking. Continue Reading FinCEN Fines Texas Bank $2M for Alleged Failure to Vet and Monitor Mexican Correspondent Banking Relationship – But Touts Bank’s Cooperation

We previously have observed that financial institutions face an increasing risk that alleged Anti-Money Laundering (“AML”) and Counter-Terrorism Financing (“CTF”) violations will lead to follow-on allegations of securities law violations – allegations brought not only by the government, but also by investor class action suits (see here and here).

This phenomenon of AML law and securities law converging is not limited to the United States, as reflected by a recent class action lawsuit filed against one of the biggest banks in Australia – Commonwealth Bank – which arises out of claims by the Australian government that the bank failed to act adequately on indications that drug rings were using its network of “intelligent” deposit machines to launder tens of millions of dollars. Continue Reading Investor Class Action Lawsuit Targets Australian Bank for Alleged AML Failures and Use of “Intelligent” Machines for Anonymous Cash Deposits