Compliance Program

Subscribe to Compliance Program

The Southern District of New York (“SDNY”) recently rejected a retaliation claim brought by a former bank employee under the Bank Secrecy Act (“BSA”), granting summary judgment in favor of the employer bank because the former employee failed to demonstrate that his firing was caused by his act of reporting a potential violation of law to the government. Although the reasoning underlying the Court’s Order is straight-forward, the case provides another reminder of the often difficult employment issues that both financial institutions and potential whistleblowers can face.

Whistleblowing as to alleged anti-money laundering (AML) violations is a growing phenomenon, perhaps best exemplified by the fact that a whistleblower precipitated the colossal Dankse Bank money laundering scandal. Previously, we blogged about a bank whistleblower case producing the opposite result as the SDNY Order here. In this post, we discuss both the BSA whistleblower statute and the SDNY Order, and, more generally, we note steps that financial institutions might take to protect themselves from liability and legitimate whistleblowers from retaliation.
Continue Reading Would-Be Whistleblower Fails to Show Causation Under the Bank Secrecy Act for Termination

Examiners Should Focus on Risk, Not Technical Perfection

On April 15, 2020, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual (the “Manual”). As the FFIEC Interagency press release described, the Manual provides “instructions to examiners when assessing the adequacy of a bank’s BSA/AML compliance program.” The “release of the updated sections provides further transparency into the BSA/AML examination process and does not establish new requirements.” The press release further stated the revisions were made to, among other objectives, emphasize examiners should be “tailoring BSA/AML examination to a bank’s risk profile,” to “ensure language clearly distinguishes between mandatory regulatory requirements and supervisory expectations” for examiners, and to “incorporate regulatory changes since the last update of the Manual in 2014.”

The Federal Deposit Insurance Corporation (“FDIC”) also issued a press release regarding the updates. Its statement recognized “financial institutions are faced with uncertainty during this unprecedented time,” therefore the FDIC cautioned the update, “which supports tailored examination work, has been in process for an extended period and should not be interpreted as new instructions or as an augmented focus.”

The updates focus on four steps in the examination process:

  • Scoping and Planning
  • BSA/AML Risk Assessment
  • Assessing the BSA Compliance Program
  • Developing Conclusions and Finalizing the Examination

The updates emphasize examiners should take a “risk-focused” approach to tailor the review of a regulated institution’s BSA/AML compliance program, meaning the examination should be tailored to the risk profile of that specific institution.  The Manual updates incorporate guidance on more recent developments such as Customer Due Diligence (“CDD”) and Beneficial Ownership requirements and a recognition of innovations in collaborations among smaller institutions.  Importantly, the Manual reminds examiners that banks have flexibility in the design of their BSA/AML compliance programs, and that minor weaknesses, deficiencies, and technical violations alone do not indicate an inadequate program.
Continue Reading FFIEC BSA/AML Examination Manual Updates Reveal Exam Process and Expectations

Regulatory Examination and Related Enforcement Also Highlights Perceived Risks of Banking Crypto Clients

The Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) recently issued a Consent Order against M.Y. Safra Bank arising from the bank’s decision to accept a variety of high-risk, Digital Asset Customers (“DACs”), allegedly without implementing the necessary Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) controls. Although the OCC did not impose a monetary penalty against the bank, it demanded that the bank implement and maintain a remarkably broad array of potentially costly and extremely detailed measures to strengthen its AML program. And, notably, the OCC specifically tasked the bank’s Board of Directors with implementing, overseeing, and reporting on these measures.

We describe here the OCC’s examination into and requirements imposed on M.Y. Safra Bank. The Consent Order is a reminder to the boards and management of all financial institutions that if they pursue novel and higher-risk customers – certainly, a potentially defensible business plan in our increasingly competitive business environment – then they absolutely have to adjust accordingly their AML compliance program and accompanying transaction monitoring to compensate for such increased risk. This is particularly true when those new customers employ novel technologies or business products which require a particularized ability to understand and address from an AML perspective. New, creative business lines are not necessarily bad – so long as the implementation of the AML compliance program is adjusted appropriately to identify and manage the new risk.

The Consent Order also is a reminder that, as the BSA/AML Examination Manual of the Federal Financial Institutions Examination Council states, “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure,” and otherwise must create a culture of compliance.

This Consent Order and related OCC AML exam and enforcement issues – including the liability of not just institutions, but also the potential individual liability of AML in-house professionals – will be the topic of a forthcoming installment in Ballard Spahr’s Consumer Finance Monitor Podcast by the firm’s AML Team. Please stay tuned our podcast, and read on here.
Continue Reading OCC Action Highlights Increased Accountability Facing Boards of Directors

Last Wednesday, FinCEN Deputy Director Jamal El-Hindi appeared at the annual conference of the Money Transmitter Regulators Association and delivered prepared remarks. The topics of his address covered three issues of continuing interest: (i) innovation and reform with respect to implementation of the Bank Secrecy Act (BSA); (ii) FinCEN supervision of non-banking financial institutions; and (iii) maintaining a strong culture of compliance.
Continue Reading FinCEN Deputy Director Stresses Technological Innovation, Virtual Currency Enforcement and the U.S. Culture of Compliance

As we have blogged, courts have held that financial institutions generally do not owe a duty of care to a noncustomer and that no special duty of care arises from the duties and obligations set forth in the Bank Secrecy Act (“BSA”), absent a special relationship or contractual relationship. Moreover, there is no private right of action stemming from the BSA. Nor does the BSA define a financial institution’s standard of care for the purposes of a negligence claim.  A majority panel of the Eighth Circuit (“the Court”) very recently confirmed these principles in a detailed opinion which affirmed summary judgment in favor of a bank which had provided services to the alleged perpetrators of a $193 million Ponzi scheme, thereby rejecting claims brought by a Receiver on behalf of defrauded investors that the bank had aided and abetted fraud, breach of fiduciary duty, and other claims.

After dissecting the record in detail, the Court determined in Zayed v. Associated Bank, N.A. — over a vigorous dissent — that the Receiver failed to present direct or circumstantial evidence that the bank actually knew about the Ponzi scheme being perpetrated by its former customers, much less that it substantially assisted the scheme. The Court emphasized the fact that evidence of possible “sloppy banking” and the existence of potential red flags fell short of the high bar required to sustain a claim for aiding and abetting a fraud against the third party non-customers.

Although the Zayed opinion is one of many cases rejecting AML-inspired tort claims by defrauded investors against a financial institution which had done business with a fraudster, it is notable for its methodical treatment of the facts — many of which appear in one form or another in other cases — regarding the various red flags which the Receiver claimed that the bank had missed, or the alleged misconduct which the Receiver claimed that bank personnel had perpetrated.  The list of alleged compliance failures discussed and found insufficient to establish potential liability in Zayed demonstrates that, however rigorous AML/BSA obligations and programs may be for financial institutions, their alleged violations often fail to pave a path to recovery for civil plaintiffs.
Continue Reading Alleged BSA Violations Do Not Support Civil Negligence/Fraud Claims – Again

Former Bankers Allegedly Concealed “Master of Kickbacks” from Internal Compliance Department

Sculpture on top of Credit Suisse headquarters in Zürich, Switzerland

A detailed indictment unsealed on January 3 in the Eastern District of New York alleges that former Credit Suisse bankers, a Lebanese businessman, and former top officials in Mozambique, including the former Minister of Finance, participated in a $2 billion corruption, fraud and money laundering scheme (“the Indictment”).

The defendants, including three former members of Credit Suisse’s Global Financing Group, face charges of conspiracy to commit money laundering, wire fraud, securities fraud, and Foreign Corrupt Practices Act (“FCPA”) violations. As we will discuss, the former bankers are alleged to have thwarted Credit Suisse’s compliance department by circumventing internal controls and hiding information in order to convince the bank to fund the illicit investment projects at issue.

The Indictment represents another example of DOJ using the money laundering statutes to enforce the FCPA, as we have blogged repeatedly: defendant Manuel Chang, the former Minister of Finance of Mozambique, has been charged with conspiracy to launder the proceeds of FCPA violations, but not with violating the FCPA itself – because the FCPA provides that it cannot be used to directly charge foreign officials themselves. The Indictment is also another example of the DOJ using the money laundering and FCPA statutes to prosecute conduct, however reprehensible if proven, committed entirely by non-U.S. citizens operating in foreign countries and involving alleged corruption by foreign officials, with an arguably incidental connection to the U.S. Although the Indictment alleges that certain illicit loans were sold in part to investors located in the U.S., the Indictment again recites now-familiar allegations that the illegal monetary transactions at issue, including bribe and kickback payments, in part flowed through U.S. correspondent bank accounts as the money traveled from one foreign country to another.

Ultimately, the alleged scheme highlights the bribery, kickback, and money laundering risks that financial institutions must consider when vetting and funding international projects. And, it starkly illustrates that internal controls may not always be sufficient to protect institutions from fraud when internal bad actors conspire to circumvent the processes.
Continue Reading Indictment Alleges Former Credit Suisse Bankers Conspired to Circumvent the Bank’s Internal Controls in $2 Billion International Corruption and Money Laundering Scheme

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators.
Continue Reading Practical Tips in Action: The Mashreqbank AML Enforcement Action

Conduct Performed Without Knowledge Still Can Lead to the Most Serious Penalties

Under the Bank Secrecy Act (“BSA”), the most onerous civil penalties will be applied for “willful” violations. That mental state standard might sound hard for the government to prove.  For example, in criminal and civil tax fraud cases under the Internal Revenue Code, “willfulness” is defined to mean a voluntary and intentional violation of a known legal duty – a very demanding showing. But as we will discuss, two very new court opinions discussing a required BSA filing – a Form TD F 90-22.1, or Report of Foreign Bank and Financial Accounts, otherwise know as a FBAR – remind us that, under the BSA, a “willful” violation does not require proof of actual knowledge. A “willful” BSA violation only needs to be reckless, and the government can prove it through the doctrine of “willful blindness” or “conscious avoidance.”

The fact that courts in civil FBAR cases have been holding that “willfulness” can mean “just recklessness” is not a new development, and it is well known to those practicing in the tax fraud and tax controversy space. This blog post will not attempt to delve into the long-running offshore account enforcement campaign that has been waged by the IRS and the DOJ; the related case decisions; or the related voluntary disclosure programs for offshore accounts (for those interested in this fascinating but complicated topic, the Federal Tax Crimes blog is one of many excellent resources). Rather, the point of this post is that the case law now being made in the FBAR and offshore account context will have direct application to more traditional Anti-Money Laundering (“AML”)/BSA enforcement actions, because the civil penalty statute being interpreted in the FBAR cases is the same provision which applies to claimed failures to maintain an adequate AML program and other violations of the BSA.  Thus, the target audience of this post is not people involved in undisclosed offshore bank account cases, but rather people involved in day-to-day AML compliance for financial institutions, who may not realize that some missteps may be branded as “willful” and entail very serious monetary penalties, even if they were done without actual knowledge.  This may be news to some, and it underscores in particular the risks presented by one the topics that this blog frequently has discussed: the potential AML liability of individuals.
Continue Reading The BSA Civil Penalty Regime: Reckless Conduct Can Produce “Willful” Penalties

Bank’s Alleged “Tick Box” Approach Failed to Attain Substantive AML Compliance

Late last week, the Financial Conduct Authority (“FCA”), the United Kingdom’s financial services regulator, imposed a $1.2 million (896,100 pound) fine on the UK division of India’s Canara Bank, an Indian state-owned bank, and ordered a moratorium on new deposits for nearly five months.  The cause—according to Reuters—was Canara’s systemic anti-money laundering (“AML”) failures.

A 44-page final notice published by the FCA explains the multi-year regulatory process that led to a finding of systemic failures and the imposition of penalties.  The FCA’s investigation began in late 2012 and early 2013 with assessments of Canara’s AML systems.  Upon inspection, the FCA “notified Canara of a number of serious weaknesses in its AML systems and controls.”  After promises of remedial action by Canara, an April 2015 visit revealed that the AML systems had not been fixed.  The investigation ended with a final report from a “skilled person,” an expert brought in by the FCA to assess Canara’s AML policies and procedures, completed in January 2016.  Settlement followed, resulting in sanctions and the FCA’s published final notice.

These three visits from the FCA generated a laundry list of Canara’s AML shortcomings.  This enforcement action reflects three main take-aways: (i) the potential risks faced by banks operating in foreign countries in which they have limited AML experience; (ii) the need for swift remedial action after the first examination finding AML deficiencies; and (iii) the need for a substantive AML policy implemented in a substantive way, rather than through a rote reliance on AML-related checklists.
Continue Reading Canara Bank of India Fined $1.2 Million by UK Regulators for Systemic AML Failures