While financial institutions have long faced the possibility of civil monetary penalties and criminal prosecution for violations of the Bank Secrecy Act (“BSA”) and its implementing regulations, found at 31 C.F.R. Chapter X, a recent FinCEN enforcement action against former MoneyGram chief compliance officer Thomas Haider highlights the most recent trend in BSA enforcement: holding compliance officers personally liable for corporate AML deficiencies.
In November 2012, MoneyGram entered into a deferred prosecution agreement with the United States Department of Justice stemming from allegations that MoneyGram failed to maintain an effective anti-money laundering compliance program and, as a result, aided in multiple instances of wire fraud. In the agreement, MoneyGram admitted that its AML program was ineffective due to the company’s failure to report the perpetrators of the fraud. As part of the deferred prosecution agreement, MoneyGram agreed to forfeit $100 million. A copy of the deferred prosecution agreement can be read here.
Pursuant to 31 U.S.C. § 5324, FinCEN is authorized to assess civil monetary penalties against a financial institution and its partners, directors, officers, or employees for violations of the Bank Secrecy Act. At the time of the signing of the deferred prosecution agreement, FinCEN did not assess any additional civil monetary penalties. However, as reported in a recent Reuters article, earlier this year, FinCEN sent former MoneyGram chief compliance officer Thomas Haider a letter notifying him of that he may be liable for a potential civil monetary penalty of $5 million stemming from the admissions made by MoneyGram in its deferred prosecution agreement. A copy of the article can be read here.
The Haider penalty comes as FinCEN has faced increased pressure from Congress to hold individual officers and personally accountable for institutional BSA violations in the wake of the HSBC Consent Decree and Deferred Prosecution Agreement wherein HSCB agreed to a record $1.9 billion in penalties but no individuals were held civilly or criminally liable. After the HSBC case concluded and in the face of mounting pressure from Congress, Treasury undersecretary David Cohen assured the Senate Banking Committee that FinCEN would look for more opportunities to issue civil penalties to partners, officers, directors, and employees of financial institutions who actively participated in the misconduct. A transcript of Mr. Cohen’s testimony before the Senate Banking Committee can be read here.
FinCEN’s new focus on individual corporate compliance officer liability has drawn harsh criticism from the regulatory compliance community for the potential chilling effect it will have on financial institutions’ willingness to cooperate with law enforcement and on quality personnel avoiding entering the field. As explained by Rob Rowe of the American Bankers Association in a recent interview, the potential for corporate officer civil liability, regardless of the amount, “will cause all compliance officers to think” and could “lead to a shortage of compliance officers.”
Although cases like Mr. Haider’s are relatively new in the BSA/AML environment, they are not unique, and we can point to various cases in other environments where individuals have been held personally liable for institutional misdeeds. For example, as we previously reported, although criminal sanctions against corporate officers for violations for the Food, Drug & Cosmetic Act (FDCA) have been on the books since 1938, federal prosecutors have recently taken aim at individual executives through the use of the “responsible corporate officer doctrine,” better known as the Park doctrine. (More information regarding the Park doctrine can be read in our other reports here, here, here, and here.)
We will continue to watch for the latest developments.