Financial institutions face enormous pressures with respect to anti-money laundering compliance. These burdens are about to grow with implementation of customer due diligence rules. In 2017, federal and state regulators stepped up AML enforcement. Here is a quick rundown of some of the enforcement actions:
Citibank paid a $70 million penalty to the Office of the Comptroller of the Currency (here) for violating its 2012 consent order relating to Bank Secrecy Act and AML deficiencies. The original 2012 order found that Citibank failed to file suspicious activity reports (SARs) and conduct customer due diligence and enhanced due diligence on accounts. Citibank’s BSA/AML function missed systemic deficiencies identified by the OCC during the examination process.
Merrill Lynch paid $26 million, half to the Securities and Exchange Commission (here), and half to the Financial Industry Regulatory Authority (here), for failing to detect and report suspicious banking activity involving billions of dollars in transactions. Merrill’s AML system and its parent Bank of America’s system failed to identify suspicious activities of high-risk customers.
In particular, FINRA noted that Merrill and Bank of America failed to link accounts with common owners between the institutions. The SEC specifically cited Merrill’s failure to exclude transactions of more than $22 billion in retirement and managed accounts and accounts involving securities-based loans from its AML monitoring system. In 2013, these omitted accounts registered 2.5 million transactions that were not monitored.
The SEC also noted that Merrill excluded approximately 12 million transactions involving $105 billion to and from Merrill accounts via checks, ATM withdrawals, cash deposits, wires and ACH transactions. As an example, the SEC noted that Merrill’s San Diego branch had unreported suspicious transactions, including patterns of large currency deposits through ATMs to off-shore company accounts where there was no apparent business reason for such deposits; accounts that moved large, even-dollar funds through transactions involving third-party institutions in high-risk jurisdictions; and customers withdrawing currency via debit-card cash advances and ATM withdrawals in an apparent attempt to circumvent reporting requirements.
Wells Fargo paid a $3.5 million civil penalty to the SEC (here) for failure to file suspicious activity reports (SARS) with FinCEN. The SEC maintains an ongoing monitoring program focused on broker-dealers and their compliance with SARS filing requirements. Broker-dealers are required to file SARs with FinCEN when, FinCEN requires SARs filings within 90 -120 days of a pattern of suspicious transactions. Wells Fargo implemented changes to its SARs system and eliminated “continuing activity” review, and instead insisted that a SAR required proof of illegal activity. As a result, the number of filed SARs fell and relevant notes were not maintained about activity.
California Card Club, Artichoke Joe’s, paid FinCEN $8 million penalty (here) for failure to implement and maintain an effective AML program and failed to detect, deter and report suspicious transactions. In addition, FinCEN determined that Artichoke Joe violated reporting requirement under Section 1021.320 of the BSA by blindly ignoring loan sharking, suspicious transfers of high-value gaming chips and criminal activity occurring in plain sight.
The Loan Star National Bank, a private bank operating in Texas, paid FinCEN a $2 million penalty (here) for violations of BSA and AML monitoring programs. Lone Star failed to follow due diligence requirements when establishing and conducting its correspondent bankin relationship with a Mexican bank. As a result, the Mexican bank moved hundreds of millions of US dollars through suspicious cash shipments.
Loan Star failed to identify public information regarding the owner of the Mexican Bank; to verify the correspondent bank’s description of the source of funds or purpose; to investigate inexplicable justifications of the source of US dollars and unusual wire transactions and cash transactions. Finally, FinCEN found that Lone Star failed to institute an adequate AML monitoring program to file SARs reports for high-risk accounts and customers.
Deutsche Bank paid a $41 million penalty to the Federal Reserve Board (here) for AML deficiencies. Specifically, Deutsche Bank’s monitoring program prevented it from properly assessing BSA/AML risks involving billions of dollars in potentially suspicious transactions for affiliates in Europe.
BTC-e a/k/a Canton Business Corporation, one of the largest digital currency traders, was assessed a $110 million civil penalty, and Alexander Vinnik was assessed a $12 million civil penalty by FinCEN. (Here). BTC permitted users to trade in bitcoin with anonymity, and had numerous customers that used the exchange to facilitate criminal activity and launder proceeds.
A parallel criminal indictment was unsealed at the same time in the Northern District of California. (Here). BTC was an unregistered money service business. BTC was noted for its role in numerous ransomware and other cyber-crime activity. Vinnik is a notorious criminal involved in theft of identities, facilitated drug trafficking and helped to launder proceeds from syndicates around the world. Vinnik allegedly received funds from the infamous computer hack of Mt. Gox, a digital currency exchange that eventually failed.
In addition to federal enforcement efforts, the New York Department of Financial Services continues to make its mark in AML regulatory and enforcement actions.
Habib Bank, Pakistan’s largest bank, paid the NYDFS $225 million for failure to comply with AML laws and regulations at the bank’s New York branch. (Here) Habib Bank also agreed to surrender its license to operate the New York branch. Habib Bank’s facilitated billions of dollars of transactions with a Saudi-bank with reported links to Al Qaeda, allowed at least 13,000 transactions to flow through the branch with omitted information, and used a ‘good guy’ list to enable at least $250 million in transactions with an identified terrorist, international arms dealer, and other potentially sanctioned entities and persons.
Deutsche Bank paid the NYDFS a $425 million fine for violations of New York AML laws relating to “mirror trading” schemes among the bank’s Moscow, London and New York offices that laundered $10 billion out of Russia. (Here). According to the NYFDS , the offsetting transactions among the banks were not justified by any business purpose. The NYFDS enforcement action was coordinated with the UK’s Financial Conduct Authority.
Deutsche Bank failed to monitor the trading scheme which involved purchase of Russian stocks with rubles, and a related counterparty sale of the same stock in the same quantity at the same price. The counterparties were closely related, linked by beneficial owners, management or agents, and paid for in US dollars from an offshore territory.