A recent court opinion emphasizes the sensitive issues involved in terminating potentially difficult employees — or, from the employee’s or perhaps the government’s perspective, in terminating whistleblowers who were retaliated against for being willing to point out compliance failures. Although this competing dynamic applies across all industries, a recent opinion from the U.S. Federal District Court for the Eastern District of Louisiana, Kell v. Iberville Bank, addressed such a situation in the Anti-Money Laundering (“AML”)/Bank Secrecy Act (“BSA”) context, in which a bank’s former compliance officer sued her former employer for allegedly terminating her in retaliation for raising uncomfortable issues about claimed insider abuse and the alleged failure to file a Suspicious Activity Report (“SAR”). Continue Reading Case Highlights Potential Protections for BSA Whistleblowers
Second Post in a Two-Part Series
NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants
In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.
In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.
Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.
The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.
In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.
The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.
Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators. Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action
Estonian “Non-Resident Portfolio” Produces Colossal Money Laundering Scandal
This week Danske Bank released a report detailing the results of its much anticipated internal investigation into allegations of money laundering perpetrated in its Estonian branch. The results of the investigation dwarfed even the boldest predictions. The report found between 2007 and 2015 the Estonian branch processed a staggering 200 billion Euros, or $234 billion, in suspicious transactions by thousands of non-resident costumers. The report finds the AML procedures at the Estonian branch were “manifestly insufficient and inadequate,” resulting in numerous breaches of legal obligations by the Estonian branch. The report details a numerous red flags that allegedly should have alerted the parent Danske Bank Group (“Group”) to the issues.
However, the report also concludes that the Group’s Board of Directors, Chairman, Audit Committee, or Chief Executive Officer did not violate any legal obligations in failing to detect or stop the suspicious transactions. Despite this finding, the CEO, Thomas Borgan, resigned the same day the report was released. Borgan stated, “Even though I was personally cleared from a legal point of view, I hold the ultimate responsibility. There is no doubt that we as an organization have failed in this situation and did not live up to expectations.” The consequences of this colossal money laundering scandal are unlikely to stop with Brogan’s resignation.
This blog post will summarize the scope of the report, findings of suspicious activity, the causes and red flags of potential money laundering violations, and outline the known and anticipated consequences of this scandal for Danske Bank. Continue Reading Danske Bank CEO Resigns on Heels of Report Detailing an Astounding $234 Billion in Suspicious Transactions in Money Laundering Scandal
In the wake of this week’s revelations of years-long and significant alleged money laundering failures involving ING Bank and Danske Bank, European regulators have circulated a confidential “reflection paper” warning national governments and the European Parliament about shortcomings in the European Union’s (“EU”) anti-money laundering (“AML”) efforts and providing recommendations to strengthen these efforts. The reflection paper recommends centralizing the enforcement of AML rules through a powerful new EU authority to ensure that banks implement background checks and other AML measures, and setting a deadline for the European Central Bank to reach agreement with national authorities to allow for the sharing of sensitive data.
Congress enacted the safe harbor provision of the Bank Secrecy Act (BSA), codified at 31 U.S.C. §5318(g)(3)(A), to shield financial institutions, their officers and employees from civil liability for reporting known or suspected criminal offenses or suspicious activity by filing a Suspicious Activity Report, or SAR. More particularly, the safe harbor provides immunity to any “financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency.” This comprehensive protection precludes liability under any federal, state or local law or regulation or under any contract. Nonetheless, despite the broad wording of this provision, courts have disagreed about the scope of the protection it affords.
Specifically, federal courts have disagreed about whether a bank and its officers and employees must have a “good faith” belief that a possible violation of law occurred before filing a SAR. Some courts, particularly those in the 11th Circuit (which covers Alabama, Florida and Georgia), have provided immunity only when the financial institution has a “good faith suspicion that a law or regulation may have been violated.” However, the majority of courts have found that the safe harbor provision provides unqualified protection to financial institutions and their employees from civil liability for filing a SAR.
A recent case from the District of Massachusetts, AER Advisors Inc. v. Fidelity Brokerage Services, LLC , demonstrates just how unqualified that protection is. AER Advisors Inc. (AER) filed a complaint alleging that Fidelity Brokerage Services, LLC (Fidelity) falsely implicated them in a SAR, a SAR that was filed in bad faith. As a result, AER claimed it was subject to multiple investigations by state and federal agencies. Fidelity sought to dismiss the complaint, arguing that it had complete immunity from any liability for any SARs it filed. The court agreed.
The court noted that the extent of immunity varied from circuit to circuit, but in the 1st Circuit where it sits (which covers Maine, Massachusetts, New Hampshire, Puerto Rico and Rhode Island), financial institutions are afforded immunity under Stoutt v. Banco Popular de Puerto Rico, even when disclosures are fabricated, unfounded, incomplete or malicious. The sweeping coverage is based on the court’s reasoning that “Congress did not intend to include a good faith qualification to immunity because (1) it easily could have written the requirement into the statute; (2) it removed a good faith requirement from an earlier draft of the provision; and (3) any limitation on immunity would discourage disclosure.”
AER also argued that Fidelity should not be granted immunity, because by knowingly reporting false information, it had not actually reported a “possible violation of law.” The court rejected this argument as well, saying that, regardless of what Fidelity actually believed, the SAR, on its face, reported a possible violation of law.
Finally, AER argued that fraudulent SARs should not insulate financial institutions from civil liability. The court rejected this argument as well, finding that financial institutions could be prosecuted criminally for knowingly filing false reports.
So just how safe is the safe harbor provision? It depends on where you sit. For most of the country, the safe harbor affords a financial institution total immunity, even if it maliciously files a false SAR. And, as we have blogged, Congress is contemplating codifying this authority by amending 31 U.S.C. § 5318(g)(3)(B) to provide that the safe harbor provision does not create “any duty or requirement of a financial institution or any director, officer, employee, or agent of such institution to demonstrate to any person . . . that a disclosure . . . is made in good faith.”
So keep filing those SARs. And no matter where you sit, it is obviously best to ensure that the SARs you file are factually supported.
Public Risks Posed by Unbanked and Cash-Heavy Industry Deemed Insufficient to Outweigh Federal Law Concerns
As we just blogged, the New York State Department of Financial Services (“NYDFS”) has published guidance to “clarify the regulatory landscape and encourage” New York, state-chartered banks and credit unions to “offer banking services” to “marijuana related businesses licensed by New York state[,]” thereby identifying New York as a state friendly to financial services for marijuana-related businesses. In stark contrast, Ed Leary, Commissioner of the Utah Department of Financial Institutions (“UDFI”), recently articulated the polar opposite position, thereby exemplifying the increasingly bewildering patchwork quilt of approaches to banking and anti-money laundering (“AML”) policy in regards to state-licensed marijuana businesses.
In a presentation on August 17, 2018 to members of the National Association of Industrial Banks and the Utah Association of Financial Services, Commissioner Leary advised that UDFI will not ask any financial institutions regulated by his department to provide banking or payment processing services to cannabis-related businesses. To the contrary, if any examination conducted by UDFI identifies evidence of cannabis-related banking activities, UDFI will cite the conduct as an apparent violation of federal law. Continue Reading Banking and Marijuana, Redux: Utah Department of Financial Institutions Commissioner Declares Opposite Position to New York’s Encouragement of Banking Services for Marijuana Businesses Licensed Under State Law
In February 2017, we blogged about a whistleblower complaint filed against Bank of the Internet (“BofI”) by its former internal auditor. The blog post addressed what the whistleblower believed was BofI’s wrongdoing in relation to responding to a subpoena from the Securities and Exchange Commission (“SEC”), and when dealing with a certain loan customer in potential violation of the Anti-Money Laundering (“AML”) rules of the Bank Secrecy Act (“BSA”).
Less than two months after our blog post, three BofI stockholders brought a putative class action complaint against BofI seeking to represent a class of individuals who purchased BofI stock, in a case captioned Mandalevey v. BofI Holding, Inc. These plaintiffs alleged BofI violated the Securities Exchange Act through, among other alleged misrepresentations, falsely denying the company was under investigation for money laundering violations. A federal court recently dismissed all claims against BofI.
This post focuses on that decision, the allegations relating to the federal investigation of BofI, and the Court’s interesting reasoning in dismissing these plaintiffs’ claims. Although the bank won this latest round, the saga involving BofI underscores how financial institutions face an increasing risk that alleged AML and Counter-Terrorism Financing (“CTF”) violations will lead to follow-on allegations of securities law violations – allegations brought not only by the government (see here), but also by investor class action suits (see here, here and here). Continue Reading When A Purported Money Laundering Investigation Turns Into a Class Action Complaint: The Latest Round in BofI’s Fight to Put Money Laundering Allegations in the Rearview Mirror
The U.S. Government Accountability Office (“GAO”) issued a statement earlier this week regarding testimony before the U.S. House of Representatives Subcommittee on Financial Institutions and Consumer Credit Committee on Financial Services regarding the potential perils of “derisking.”
As described by the GAO, “derisking is the practice of depository institutions limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering or other criminal activity such as financing to terrorist groups.” Derisking is a significant ongoing issue in AML-related enforcement. As we have blogged, the U.S. Treasury Department previously attempted to allay the fears driving the phenomenon of derisking by (i) suggesting that U.S. banks have overreacted to concerns over AML/BSA enforcement by unnecessarily terminating correspondent banking relationships with foreign banks; (ii) noting that these relationships are crucial to the global economy; and (iii) stating that reflexive derisking could destabilize or disrupt access to U.S. financing, hinder international trade, cross-border business, and charitable activities, and make claim remittances harder to effectuate.
It is difficult to distill clear and specific practical points from the recent GAO statement, entitled “Bank Secrecy Act – Further Actions Needed to Address Domestic and International Derisking Concerns” (“Derisking Statement”). This is partly because, during the course of listing various perceived concerns regarding the practice of derisking, the Derisking Statement merely comments somewhat vaguely that, “[w]ithout accessing the full range of BSA/AML factors that may be influencing banks to derisk or close branches, Treasury, the federal banking regulators, and Congress do not have the information needed to determine if BSA/AML regulations and their implementation can be made more effective or less burdensome.”
Bearing in mind the above limitations of the statement, the Derisking Statement summarizes itself as follows:
Why GAO Did This Study
In recent years, some Southwest border residents and businesses reported difficulty accessing banking services, including experiencing bank account terminations and bank branch closings in the region. In addition, the World Bank and others have reported that some money transmitters have been losing access to banking services with depository institutions.
This statement is based on findings from GAO’s February 2018 report on access to banking services along the Southwest border (GAO-18-263) and March 2018 report on the effects of derisking on remittance flows to fragile countries (GAO-18-313). GAO discusses (1) the extent to which banks are terminating accounts and closing branches in the Southwest border region, (2) the extent to which money transmitters serving selected fragile countries are facing banking access challenges, and (3) actions relevant U.S. agencies have taken to respond to these challenges. For those reports, GAO surveyed more than 400 banks, developed an econometric model on the drivers of branch closures, and conducted case studies on four countries to assess the effects of derisking on remittances flows.
What GAO Recommends
GAO made five recommendations in the two reports: to Treasury and the federal banking regulators to conduct a retrospective review of BSA/AML regulations and their implementation, and to Treasury to assess shifts in remittance flows to nonbanking channels. Banking regulators agreed with the recommendations. GAO requested comments from Treasury, but none were provided.
Ultimately, what is clear from the Derisking Statement is that the spectrum of financial services available to certain markets is shrinking due to concerns over AML/BSA enforcement, which the U.S. government somewhat perversely suggests are overblown. What is not clear from the statement is whether U.S. regulators will tackle this issue, or how they should tackle this issue.
Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance
Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months. The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.
A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties. The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems. Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.” After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed. The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016. Settlement followed, resulting in sanctions and the FCA’s published final notice.
These three visits from the FCA generated a laundry list of Canara’s AML shortcomings. This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists. Continue Reading Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures
Commonwealth Bank of Australia (“CBA”), the largest bank in Australia, has agreed to a proposed civil settlement — subject to court approval — of historic proportions, involving a fine of approximately $700 million Australian dollars (roughly equivalent to $530 million U.S. dollars) regarding numerous alleged Anti-Money Laundering (“AML”) and Counter Terrorism Financing (“CTF”) violations. The settlement is with the Australian Transaction Reports and Analysis Center (“AUSTRAC”) – a government financial intelligence agency whose counterpart in the U.S. would be the Financial Crimes Enforcement Network (“FinCEN”) — and represents the largest such enforcement action in the history of Australia. Under the settlement, AUSTRAC also will recoup its legal costs of $2.5 million Australian dollars.
As we have blogged, AUSTRAC filed on August 3, 2017 a claim seeking civil monetary penalties against CBA for over 53,000 alleged violations of Australia’s AML/CTF law. Although the case involves several types of alleged AML violations, it fundamentally rests on the bank’s use of so-called intelligent deposit machines (“IDMs”), a type of ATM which allowed customers to anonymously deposit and transfer cash. Unfortunately, and perhaps not surprisingly, the IDMs also became an alleged favored conduit for money laundering by criminals involved in drug trafficking and illegal firearms. Continue Reading Australia’s Largest Bank Agrees to Historic AML Penalty