We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial institutions have been faulted in recent Anti-Money Laundering (“AML”) enforcement actions, flags other AML-related missteps that can trigger regulatory scrutiny, and offers practical tips for avoiding regulatory criticism and reducing enforcement risk. This podcast follows up on two related blog posts, in which we provided some practical tips for financial institutions to increase the chances that their AML programs will withstand regulators’ scrutiny, and then discussed the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank.

We hope that you enjoy the podcast, moderated by our partner Alan Kaplinksy, and find it useful.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To visit Ballard Spahr’s award-winning Consumer Financial Monitor blog, please click here.

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators. Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action

Conduct Performed Without Knowledge Still Can Lead to the Most Serious Penalties

Under the Bank Secrecy Act (“BSA”), the most onerous civil penalties will be applied for “willful” violations. That mental state standard might sound hard for the government to prove.  For example, in criminal and civil tax fraud cases under the Internal Revenue Code, “willfulness” is defined to mean a voluntary and intentional violation of a known legal duty – a very demanding showing. But as we will discuss, two very new court opinions discussing a required BSA filing – a Form TD F 90-22.1, or Report of Foreign Bank and Financial Accounts, otherwise know as a FBAR – remind us that, under the BSA, a “willful” violation does not require proof of actual knowledge. A “willful” BSA violation only needs to be reckless, and the government can prove it through the doctrine of “willful blindness” or “conscious avoidance.”

The fact that courts in civil FBAR cases have been holding that “willfulness” can mean “just recklessness” is not a new development, and it is well known to those practicing in the tax fraud and tax controversy space. This blog post will not attempt to delve into the long-running offshore account enforcement campaign that has been waged by the IRS and the DOJ; the related case decisions; or the related voluntary disclosure programs for offshore accounts (for those interested in this fascinating but complicated topic, the Federal Tax Crimes blog is one of many excellent resources). Rather, the point of this post is that the case law now being made in the FBAR and offshore account context will have direct application to more traditional Anti-Money Laundering (“AML”)/BSA enforcement actions, because the civil penalty statute being interpreted in the FBAR cases is the same provision which applies to claimed failures to maintain an adequate AML program and other violations of the BSA.  Thus, the target audience of this post is not people involved in undisclosed offshore bank account cases, but rather people involved in day-to-day AML compliance for financial institutions, who may not realize that some missteps may be branded as “willful” and entail very serious monetary penalties, even if they were done without actual knowledge.  This may be news to some, and it underscores in particular the risks presented by one the topics that this blog frequently has discussed: the potential AML liability of individuals. Continue Reading The BSA Civil Penalty Regime: Reckless Conduct Can Produce “Willful” Penalties

Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance

Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months.  The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.

A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties.  The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems.  Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.”  After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed.  The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016.  Settlement followed, resulting in sanctions and the FCA’s published final notice.

These three visits from the FCA generated a laundry list of Canara’s AML shortcomings.  This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists. Continue Reading Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures

On May 16, 2018, the Securities Exchange Commission (“SEC”) announced it had settled charges against a registered broker-dealer, its clearing firm, and its chief compliance and anti-money laundering (“AML”) officer brought over the firm’s failure to file Suspicious Activity Reports (“SARs”) related to customers’ liquidation of billions of penny stocks over an eight month period.  In a companion action, the Financial Industry Regulatory Authority (“FINRA”) imposed a monetary penalty against the clearing firm for various AML compliance failures.

Chardan Capital Markets, LLC (“Chardan”) was a registered broker-dealer primarily engaged in underwriting private investment in public equity (“PIPEs”), private placements and initial public offerings (“IPOs”). In 2013, Chardan allegedly began actively engaging in the liquidation of thinly-traded penny stocks of microcap issuers.  Industrial and Commercial Bank of China Financial Services, LLC (“ICBCFS”) is a registered broker-dealer that, in late 2012, began clearing equity securities and, from October 2013 through June 2014, cleared Chardan’s customers’ penny-stock transactions.

We previously have blogged about the SEC and FINRA stepping up their AML-related enforcement, as well as the issue of AML-related individual liability for compliance officers and executives (see here, here, here, here and here).  Aside from reaffirming the dubious nature of penny stock trading, this case once again reflects the need to actually act on identified red flags and file related SARs. Continue Reading SEC Sanctions Broker-Dealer, Clearing Firm and Chief Compliance Officer for AML Violations

Incorporation Solidifies Customer Due Diligence as “Fifth Pillar” to BSA/AML Compliance Program

May 11, 2018 was the much anticipated effective date for the Customer Due Diligence (“CDD”) Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule”) issued by the Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”). On the same day, the Federal Financial Institutions Examination Council (“FFIEC”) released two updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual that incorporate and clarify the CDD Requirements and Beneficial Ownership Rule.  The FFIEC is an interagency body that is “empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.”  The FFIEC examination manual drives the principles and obligations of covered financial instructions in creating BSA/AML compliance programs.  The new updates further clarify the FinCEN rules and solidify CDD as the fifth pillar of the BSA/AML compliance regime.

As we previously blogged here, when FinCEN announced its final rule on CDD requirements it established two important requirements for covered financial institutions.  First, the covered financial institutions were required to establish procedures to identify and verify the beneficial owners of all legal entity customers. Second, the rule required covered financial institutions to adopt ongoing risk-based CDD procedures as part of their AML compliance programs – including developing and updating customer risk profiles and conducting ongoing AML monitoring.  We previously provided practical guidance to aid covered financial institutions in preparing for implementation of these two requirements.  Now we will highlight the key considerations of FFIEC examination manual addressing these topics.  Of particular interest, the new FFIEC examination manual provisions state in part that regulatory examiners are not supposed to engage in second-guessing specific decisions; rather, during an examination “the bank should not be criticized for individual customer decisions unless it impacts the effectiveness of the overall CDD program, or is accompanied to evidence of bad faith or other aggravating factors.” Continue Reading FFIEC Manual Incorporates Beneficial Ownership Rule and CDD Requirements

Exterior of the Robert F. Kennedy U.S. Department of Justice Building in Washington, D.C.

In a highly anticipated speech to the New York City Bar White Collar Crime Institute this morning, Deputy Attorney General Rod Rosenstein announced two new Department of Justice (“DOJ”) policies: first, a directive encouraging “coordination among Department components and other enforcement agencies when imposing multiple penalties for the same conduct,” and second, the establishment of a new Working Group on Corporate Enforcement and Accountability designed to foster consistency in DOJ outcomes surrounding white collar crime and corporate compliance.

Although Deputy A.G. Rosenstein did not discuss specifically enforcement actions involving money laundering or violations of the Bank Secrecy Act (“BSA”), his remarks and guidance clearly will apply to such actions, because they will apply  to all corporate investigations and prosecutions. Indeed, the high-profile actions against financial institutions involving alleged AML/BSA and/or OFAC violations which we have seen over the years invariably involve numerous enforcement agencies, including but not necessarily limited to DOJ, FBI, IRS, FinCEN, the OCC, and/or state agencies — with each agency looking to assert its own particular role and agenda, sometimes to the bewilderment and detriment of the company.

This is an important development for institutions undergoing government scrutiny. I and my colleagues Hank Hockeimer, Jr. and Thomas Burke therefore discuss Deputy A.G. Rosenstein’s speech in detail here.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

FinCEN announced on May 3, 2018 that Artichoke Joe’s, a card club and casino located in San Bruno, California and founded in 1916, has entered into a revised civil money penalty assessment regarding alleged deficiencies under the Bank Secrecy Act (“BSA”).  The most interesting aspect of this revised assessment is that it allows the casino to reduce its original $8 million penalty by $3 million if it successfully completes certain compliance undertakings.

No press release has been issued to date by FinCEN regarding this revised assessment, so its specific genesis is unclear.  Nonetheless, the revised assessment illustrates that financial institutions facing Anti-Money Laundering (“AML”)/BSA enforcement actions might be able to mitigate the financial consequences — not only when negotiating the initial penalty assessment, but even after it has been imposed — by undertaking steps towards enhanced compliance and monitoring.  It is also unclear whether the onerous nature of the original assessment, when compared to the available financial resources of the assessed institution, may have played a role in the revision. Continue Reading FinCEN Extends $3 Million Carrot to Card Club and Casino: Reduce Assessed Civil Penalty by Completing Compliance Undertakings

May 11, 2018 Implementation Deadline Looms

Last year, we posted FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation regarding the Customer Due Diligence Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule” or “Rule”) issued by the Financial Crime Enforcement Center (“FinCEN”). With the Rule’s May 11 implementation date only a few weeks away, and with FinCEN recently having published its new and long-awaited FAQs regarding the Rule (FAQs), we thought that the time was right for more practical tips and answers to questions surrounding the Rule. Continue Reading FinCEN’s Beneficial Ownership Rule: More Practical Tips and Answers to Frequently Asked Questions

Australia announced on April 11 that all digital currency exchanges operating in the country will be regulated by the Transaction Reports and Analysis Centre (“AUSTRAC”), the country’s financial intelligence agency.  A byproduct of the government’s Anti-Money Laundering (“AML”) and Counter Terrorism Financing (“CTF”) Act (on which we previously have blogged, both here and here), the new laws require all “digital currency exchange providers” with operations in Australia to register with AUSTRAC and, additionally, meet compliance and reporting obligations by May 14.

AUSTRAC’s new policing mandate represents a meaningful step in strengthening the country’s efforts under the AML/CTF Act, first enacted in 2006.  In brief, that law—now applicable to all digital currency exchanges operating in Australia—requires all regulated entities such as banks and money transfer operators to collect information to establish a customer’s identity, monitor transactions, and report activity that is suspicious or involves cash over $10,000 Australian dollars.  As summarized by AUSTRAC on its website, the AML/CTF Act:

. . . . places a number of obligations on reporting entities when they provide designated services, including:

Reporting entities determine how they meet their obligations based on their assessment of the risk of whether providing a designated service to a customer may facilitate money laundering or terrorism financing.  These requirements echo similar AML regulatory requirements in the United States that require digital currency exchangers and administrators to register with FinCEN as money services businesses, and with the various States as money transmitter businesses.  AUSTRAC also has issued a guide for digital currency exchange service businesses to prepare and implement their AML/CTF programs.  The guide sets forth a check list of tasks necessary to developing and maintaining an adequate AML/CTF program, including the completion of a risk assessment of the business, designing a training program, and creating procedures for responding to AUSTRAC feedback. Continue Reading Australia’s Financial Intelligence Agency Implements AML Regulation of Digital Currencies