On August 27, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order involving a $35 million settlement with Nordea Bank Abp (“Nordea”) for alleged significant failures related to anti-money laundering (“AML”) compliance. Nordea, headquartered in Helsinki, Finland, operates globally, including through a licensed branch in New York, which has its own AML and transaction monitoring requirements.

The enforcement action, which followed revelations from the Panama Papers leak, found that Nordea allegedly failed to conduct proper due diligence on high-risk correspondent banking relationships and maintained inadequate AML controls.  According to the NYDFS, the Panama Papers implicated Nordea in aiding clients in establishing offshore shell companies in order to facilitate illicit activities.

The consent order alleges that Nordea violated New York law by allowing compliance failures in its AML program and procedures to persist.  Meanwhile, Danish officials recently charged Nordea with repeatedly violating Denmark’s anti-money laundering act between 2012 and 2015, thereby exposing Nordea, potentially, to extremely significant fines.  As we will discuss, although the consent order implicates many different issues, the NYDFS enforcement action represents, in part, the latest chapter in the continued fall-out from the massive AML scandal involving Dankse Bank.  The consent order also highlights, once again, the particular risks posed by correspondent banking relationships, on which we repeatedly have blogged (for example, here, here, and here).

Continue Reading  NYDFS Imposes $35 Million Fine on Nordea Bank for Alleged AML Failures Following Panama Papers Revelations

With Guest Speaker IRS Criminal Investigation Special Agent Jonathan Schnatz

We are very fortunate to have Special Agent Jonathan Schnatz as our guest speaker in this podcast on international efforts to investigate tax evasion and money laundering, and how they relate to criminal investigations and civil audits of U.S. businesses and individuals.

Special Agent Schnatz

Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.

ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI.  Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve.  As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law.  Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.

This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.

Continue Reading  ICBC Agrees to Two Consent Orders for Alleged BSA/AML Deficiencies and Disclosure of Confidential Supervisory Information

Farewell to 2023, and welcome 2024.  As we do every year, let’s look back.

We highlight 10 of our most-read blog posts from 2023, which address many of the key issues we’ve examined during the past year: criminal money laundering enforcement; compliance risks with third-party fintech relationships; the scope of authority of bank regulators; sanctions

A Huge Monetary Penalty for Sprawling Allegations – But Will Zhao Receive a Prison Sentence?

As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).  

Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.

Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.

As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.

The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.

As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.

Continue Reading  Binance Settles Criminal and Civil AML and Sanctions Enforcement Actions for Multiple Billions – While its Founder, Owner and Former CEO Zhao Pleads Guilty to Single AML Crime

On September 29, the Financial Crimes Enforcement Network (“FinCEN”) entered into a consent order with Shinhan Bank America (“SHBA”), which imposed a $15 million dollar civil penalty against SHBA for allegedly willfully failing to implement and maintain an AML program that meets the minimum requirements of the Bank Secrecy Act (“BSA”), and for allegedly willfully failing to accurately and timely report suspicious transactions to FinCEN.

In its press release, FinCEN noted that, as a result of SHBA’s inactions, “tens of millions of dollars in suspicious transactions were not reported to FinCEN in a timely manner, including transactions connected to tax evasion, public corruption, money laundering, and other financial crimes.”

Working in collaboration with FinCEN, the FDIC also separately issued a civil penalty against SHBA in the amount of $5 million dollars – which FinCEN will credit toward its own fine, leaving an amount owed of $10 million dollars – and the NYDFS also issued a stand-alone civil penalty in the amount of $10 million dollars.

As we will discuss, this enforcement action involves several typical allegations by the government, including an alleged failure to file required SARs, prior regulatory problems, and insufficient AML compliance staffing and funding.

Continue Reading  FinCEN Issues $15 Million Dollar Civil Penalty Against Shinhan Bank America for Alleged Failure to Implement and Maintain Effective AML Compliance Program

On July 31, 2023, the United States Securities and Exchange Commission (“SEC”) published an alert outlining deficiencies the Division of Examinations has observed in broker-dealers’ (“BD”) compliance with anti-money laundering (“AML”) and countering terrorism financing (“CTF”) requirements.  While the alert addresses overarching compliance requirements for BDs, it focuses on deficiencies the Division of Examinations has observed with regard to independent testing of BDs’ AML programs, personnel training and identification and verification of customers and their beneficial owners.

The alert makes two over-arching observations.  First, BDs “did not appear to devote sufficient resources, including staffing, to AML compliance given the volume and risks of their business.”  Second, the “effectiveness of policies, procedures, and internal controls was reduced when firms did not implement those measures consistently.”  Emphasizing the key elements of an adequate AML program BDs must implement, the Alert then shifts its focus to independent testing and training and customer identification and customer due diligence.

Continue Reading  SEC Issues Alert Outlining Deficiencies in Broker-Dealers’ AML Compliance

In an unusual move, Laura Akahoshi, former Rabobank (the “Bank”) Chief Compliance Officer (“CCO”), filed on July 6, 2023 an opposition to the Office of the Comptroller of the Currency’s (“OCC”) dismissal of its own administrative enforcement proceeding against her.  Akahoshi filed her petition in the U.S. Ninth Circuit Court of Appeals, arguing in part that the Administrative Procedures Act and 18 U.S.C. § 1818 provide the court with jurisdiction to review the OCC’s dismissal.

The OCC’s initial enforcement proceeding stemmed from allegations that Akahoshi participated in an effort to withhold information from an OCC examiner in connection with an examination of the Bank’s Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) program.  Specifically, the OCC alleged that Akahoshi had committed misconduct by failing to provide a report created by a third-party consulting firm regarding the adequacy of the Bank’s BSA/AML program.

The case against Akahoshi was one of several administrative enforcement actions that the OCC pursued after Rabobank NA agreed in February 2018 to pay more than $360 million in AML-related settlements reached with the U.S. Department of Justice (“DOJ”) and the OCC. As we previously blogged, the Bank’s former general counsel Daniel Weiss entered into a 2019 Consent Order in which he agreed to be barred from the banking industry and to pay a $50,000 fine.  Many of the allegations contained within the Notice of Charges against Akahoshi mirrored those contained within the Notice of Charges against Weiss.

Akahoshi’s efforts face significant legal challenges, as exemplified by the fact that, as we discuss, an ALJ recently denied her application for the $4.2 million in attorney fees and costs that she expended defending herself against the OCC enforcement action.  Nonetheless, the matter highlights several important and inter-related issues:  the potential liability of individuals for alleged AML compliance failures, and the related powers of regulators; the potential tensions between the interests of individual AML compliance personnel and the financial institution; the role of whistleblowers; and how regulators and the government can use AML compliance audits and reviews by third-party consultants – which can vary greatly in quality, and sometimes can double as stealth business pitches by the consultants – as a sword against the institution.

Continue Reading  Former Bank Compliance Chief Seeks Appellate Review of OCC Administrative Enforcement Proceeding Dismissal

Last week, FinCEN “communicated,” so to speak, to private industry, law enforcement, regulators, and legislators in three very different ways:  through a FY 2022 Year In Review infographic; a first-of-its kind enforcement action against a trust company; and in statements before the U.S. House of Representatives.  This post summarizes each of these developments, which are unified by the motif of FinCEN asserting that it has an increasing role in protecting the U.S. financial system against money laundering, terrorist financing and other illicit activity; providing critical data and analytical support to law enforcement agencies pursuing these goals; and simultaneously policing and trying to collaborate with private industry regarding these goals.

Continue Reading  FinCEN Round Up:  FY 2022 in Review; First AML Enforcement Against a Trust Company; and Comments to Congress

On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC.  The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.

As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business.  Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government.  It appears that the civil complaint may represent something of a formality:  it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.

According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government.  The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.”  Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.  

Continue Reading  DOJ Files Lawsuit for $60 Million in Civil Penalties for Alleged BSA Violations by Crypto “Mixer”