A resurgence in anti-money laundering (AML) enforcement over the last few years reflects a renewed post-crisis focus on compliance with the regulatory requirements of the Bank Secrecy Act (BSA) imposed on banks (AML Compliance). With financial institutions generally on the mend in the wake of the global financial crisis, state and federal prosecutors, as well as the federal banking agencies, have redirected their attention toward AML Compliance lapses. This trend has resulted in a number of notable enforcement actions against major financial institutions leading to deferred prosecution agreements, regulatory sanctions and large fines. Fines have grown substantially during this period; internationally active banks, in particular, have incurred staggering fines up to nearly $2 billion. In addition, for such banks, AML Compliance deficiencies have been associated, from a supervisory perspective, with problems in related areas such as compliance with economic and trade sanctions administered by the Office of Foreign Assets Control (OFAC).
In recent statements, regulators have signaled a greater focus on pursuing enforcement efforts. For example, in a speech to the Global Economic Policy Forum in November 2013, New York Federal Reserve President William Dudley highlighted “the apparent lack of respect for law, regulation and the public trust” evident by some large financial institutions, adding that “[t]ough enforcement and high penalties will certainly help focus management’s attention on this issue.” This tough enforcement posture, coupled with mounting pressure on Capitol Hill to criminally indict financial institutions for BSA/AML violations, sets the stage for a very active enforcement landscape in 2014.
At the same time, there has been an increase in enforcement actions and penalties directed at the AML Compliance shortcomings of regional and smaller banks. The growth in such actions also has emerged as an obstacle for institutions contemplating or engaging in mergers and acquisitions.
Recent Supervisory and Enforcement Actions
Internationally Active Banks. Authorities have scrutinized large banks with global footprints for AML Compliance in connection with alleged oversight and monitoring deficiencies of their international activities. When entering into deferred prosecution agreements or cease-and-desist orders, authorities have identified a number of AML Compliance issues:
Not maintaining an effective AML program and system of internal controls to adequately oversee the institution’s activities.
Failure to conduct appropriate due diligence on foreign correspondent account holders.
Inadequate monitoring involving remote deposit capture/international cash letter activity in the institution’s foreign correspondent banking business.
Deficiencies in ensuring that suspicious activity at a foreign branch is communicated effectively to other affected branches within the institution’s network.
Failure to ensure that, on a risk basis, customer transactions at foreign branch locations can be effectively assessed, aggregated and monitored.
Conducting inadequate customer due diligence on retail and international banking customers.
In addition to AML Compliance shortcomings, some institutions were cited for OFAC violations, reflecting a growing interconnection between OFAC and BSA/AML issues as matters of supervisory concern. To address these deficiencies, institutions have been required to take various remedial actions, including:
Retaining independent compliance monitors.
Improving information sharing systems and increasing AML staffing.
Linking executive bonuses to compliance performance.
“Clawing back” deferred compensation bonuses given to senior AML and compliance officers.
Ensuring compliance officer independence from the business lines.
Establishing board-level compliance committees.
Of note, the United Kingdom’s Financial Conduct Authority (FCA), and its predecessor, the Financial Services Authority, coordinated closely with U.S. authorities, including federal and local prosecutors as well as federal regulators, in a recent multiparty investigation of an internationally active bank. The FCA also independently required the institution to bolster its AML compliance systems and employ an independent monitor.
Suspicious Activity Report (SARs) Filings. Regulators have taken a closer look at the adequacy and promptness of SARs filings. Last fall, the Office of the Comptroller of the Currency (OCC) and the Financial Crimes Enforcement Network (FinCEN) announced a civil money penalty against a national bank. The penalty was for the bank’s failure to file a series of SARs relating to suspicious account activity involving a fraudulent investment scheme undertaken by one of the bank’s customers. The SEC also fined the bank and filed charges against one of its former executives who was accused of enabling the scheme. In connection with this matter, Andrew J. Ceresney, co-director of the SEC’s Division of Enforcement, stated that “[f]inancial institutions are key gatekeepers in the transactions and investments they facilitate and will be held to a high standard of accountability when their officers enable fraud.” Earlier in 2013, the OCC similarly assessed a civil money penalty against another national bank for, among other alleged misconduct, the bank’s late filing of SARs involving cash transactions in which there were indications of illegal “structuring.”
Smaller Institutions Subject to Scrutiny. Regional and smaller institutions also face greater AML Compliance scrutiny. Regulators and prosecutors have expressed concern that as larger institutions move to reduce risk in their foreign correspondent banking and bulk cash businesses, smaller banks will assume these activities despite having less developed systems of controls and infrastructure to manage the associated risks. For example, FinCEN and the OCC levied a fine on a community bank in September 2013 in conjunction with a civil forfeiture action brought by the DOJ. Regulators identified AML Compliance deficiencies in connection with the bank’s failure to conduct adequate due diligence on foreign correspondent accounts, and to detect and adequately report in a timely manner suspicious activities in the accounts of foreign money exchange houses.
Impact on an Institution’s Growth. Federal banking agencies’ response to AML Compliance deficiencies includes enforcement actions and assessing money penalties, but also places limits on institutions’ growth via mergers and acquisitions. The Federal Reserve recently exercised such powers by suspending a bank acquisition pending the implementation of a comprehensive plan to fix deficiencies in the acquiror’s internal BSA/AML controls. As an institution expands, whether organically or through acquisitions, regulators expect compliance resources, staffing and expertise to keep pace with growth. Changes in regulatory compliance and bank examination priorities have created greater uncertainty for buyers and sellers alike for transactions that may require at least six months to complete.
Key Takeaways From Recent Supervisory and Enforcement Actions
A review of the publicly available actions reveals the following important takeaways:
High-Risk Areas. Institutions should ensure adequate and effective AML Compliance programs, systems and procedures. Specifically, BSA/AML programs need to be updated to take into account higher risk areas, such as foreign correspondent banking practices and bulk cash transactions. AML information technology and transaction monitoring systems should be updated to reflect these risks.
Compliance Infrastructure. Institutions should commit more resources to ensure strong compliance programs. Moreover, compliance staff must have the authority to fully implement a BSA compliance program consistent with the risks and the institution’s profile, and, as needed, to question account relationships and business plans.
Independent Compliance Function. Compliance staff also should be independent from the business line and not subject to evaluation or performance determinations from the business.
Independent Reviews. In scrutinizing the adequacy and promptness of SARs filings, enforcement actions increasingly are requiring institutions to conduct independent reviews of transaction and account activity.
* This article appeared in the firm's sixth annual edition of Insights on January 16, 2014