"Regulators Renew Their Focus on Anti-Money Laundering Compliance"

by Skadden, Arps, Slate, Meagher & Flom LLP
Contact

A resurgence in anti-money laundering (AML) enforcement over the last few years reflects a renewed post-crisis focus on compliance with the regulatory requirements of the Bank Secrecy Act (BSA) imposed on banks (AML Compliance). With financial institutions generally on the mend in the wake of the global financial crisis, state and federal prosecutors, as well as the federal banking agencies, have redirected their attention toward AML Compliance lapses. This trend has resulted in a number of notable enforcement actions against major financial institutions leading to deferred prosecution agreements, regulatory sanctions and large fines. Fines have grown substantially during this period; internationally active banks, in particular, have incurred staggering fines up to nearly $2 billion. In addition, for such banks, AML Compliance deficiencies have been associated, from a supervisory perspective, with problems in related areas such as compliance with economic and trade sanctions administered by the Office of Foreign Assets Control (OFAC).

In recent statements, regulators have signaled a greater focus on pursuing enforcement efforts. For example, in a speech to the Global Economic Policy Forum in November 2013, New York Federal Reserve President William Dudley highlighted “the apparent lack of respect for law, regulation and the public trust” evident by some large financial institutions, adding that “[t]ough enforcement and high penalties will certainly help focus management’s attention on this issue.” This tough enforcement posture, coupled with mounting pressure on Capitol Hill to criminally indict financial institutions for BSA/AML violations, sets the stage for a very active enforcement landscape in 2014.

At the same time, there has been an increase in enforcement actions and penalties directed at the AML Compliance shortcomings of regional and smaller banks. The growth in such actions also has emerged as an obstacle for institutions contemplating or engaging in mergers and acquisitions.

Recent Supervisory and Enforcement Actions

Internationally Active Banks. Authorities have scrutinized large banks with global footprints for AML Compliance in connection with alleged oversight and monitoring deficiencies of their international activities. When entering into deferred prosecution agreements or cease-and-desist orders, authorities have identified a number of AML Compliance issues:

  • Not maintaining an effective AML program and system of internal controls to adequately oversee the institution’s activities.
  • Failure to conduct appropriate due diligence on foreign correspondent account holders.
  • Inadequate monitoring involving remote deposit capture/international cash letter activity in the institution’s foreign correspondent banking business.
  • Deficiencies in ensuring that suspicious activity at a foreign branch is communicated effectively to other affected branches within the institution’s network.
  • Failure to ensure that, on a risk basis, customer transactions at foreign branch locations can be effectively assessed, aggregated and monitored.
  • Conducting inadequate customer due diligence on retail and international banking customers.

In addition to AML Compliance shortcomings, some institutions were cited for OFAC violations, reflecting a growing interconnection between OFAC and BSA/AML issues as matters of supervisory concern. To address these deficiencies, institutions have been required to take various remedial actions, including:

  • Retaining independent compliance monitors.
  • Improving information sharing systems and increasing AML staffing.
  • Linking executive bonuses to compliance performance.
  • “Clawing back” deferred compensation bonuses given to senior AML and compliance officers.
  • Ensuring compliance officer independence from the business lines.
  • Establishing board-level compliance committees.

Of note, the United Kingdom’s Financial Conduct Authority (FCA), and its predecessor, the Financial Services Authority, coordinated closely with U.S. authorities, including federal and local prosecutors as well as federal regulators, in a recent multiparty investigation of an internationally active bank. The FCA also independently required the institution to bolster its AML compliance systems and employ an independent monitor.


Suspicious Activity Report (SARs) Filings. Regulators have taken a closer look at the adequacy and promptness of SARs filings. Last fall, the Office of the Comptroller of the Currency (OCC) and the Financial Crimes Enforcement Network (FinCEN) announced a civil money penalty against a national bank. The penalty was for the bank’s failure to file a series of SARs relating to suspicious account activity involving a fraudulent investment scheme undertaken by one of the bank’s customers. The SEC also fined the bank and filed charges against one of its former executives who was accused of enabling the scheme. In connection with this matter, Andrew J. Ceresney, co-director of the SEC’s Division of Enforcement, stated that “[f]inancial institutions are key gatekeepers in the transactions and investments they facilitate and will be held to a high standard of accountability when their officers enable fraud.” Earlier in 2013, the OCC similarly assessed a civil money penalty against another national bank for, among other alleged misconduct, the bank’s late filing of SARs involving cash transactions in which there were indications of illegal “structuring.”

Smaller Institutions Subject to Scrutiny. Regional and smaller institutions also face greater AML Compliance scrutiny. Regulators and prosecutors have expressed concern that as larger institutions move to reduce risk in their foreign correspondent banking and bulk cash businesses, smaller banks will assume these activities despite having less developed systems of controls and infrastructure to manage the associated risks. For example, FinCEN and the OCC levied a fine on a community bank in September 2013 in conjunction with a civil forfeiture action brought by the DOJ. Regulators identified AML Compliance deficiencies in connection with the bank’s failure to conduct adequate due diligence on foreign correspondent accounts, and to detect and adequately report in a timely manner suspicious activities in the accounts of foreign money exchange houses.

Impact on an Institution’s Growth. Federal banking agencies’ response to AML Compliance deficiencies includes enforcement actions and assessing money penalties, but also places limits on institutions’ growth via mergers and acquisitions. The Federal Reserve recently exercised such powers by suspending a bank acquisition pending the implementation of a comprehensive plan to fix deficiencies in the acquiror’s internal BSA/AML controls. As an institution expands, whether organically or through acquisitions, regulators expect compliance resources, staffing and expertise to keep pace with growth. Changes in regulatory compliance and bank examination priorities have created greater uncertainty for buyers and sellers alike for transactions that may require at least six months to complete.

Key Takeaways From Recent Supervisory and Enforcement Actions

A review of the publicly available actions reveals the following important takeaways:

High-Risk Areas. Institutions should ensure adequate and effective AML Compliance programs, systems and procedures. Specifically, BSA/AML programs need to be updated to take into account higher risk areas, such as foreign correspondent banking practices and bulk cash transactions. AML information technology and transaction monitoring systems should be updated to reflect these risks.

Compliance Infrastructure. Institutions should commit more resources to ensure strong compliance programs. Moreover, compliance staff must have the authority to fully implement a BSA compliance program consistent with the risks and the institution’s profile, and, as needed, to question account relationships and business plans.

Independent Compliance Function. Compliance staff also should be independent from the business line and not subject to evaluation or performance determinations from the business.

Independent Reviews. In scrutinizing the adequacy and promptness of SARs filings, enforcement actions increasingly are requiring institutions to conduct independent reviews of transaction and account activity.

* This article appeared in the firm's sixth annual edition of Insights on January 16, 2014

Download PDF

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Written by:

Skadden, Arps, Slate, Meagher & Flom LLP
Contact
more
less

Skadden, Arps, Slate, Meagher & Flom LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!