Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.
ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI. Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve. As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law. Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.
This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.