Office of the Comptroller of the Currency (OCC)

FinCEN recentlty announced entry of a $2 million assessment against Lone Star National Bank, a private bank operating out of Texas, for the bank’s allegedly willful violations of the Bank Secrecy Act (“BSA”) and inadequate Anti-Money Laundering (“AML”) monitoring programs.  The primary violations relate to Lone Star’s alleged failure to comply with due diligence requirements imposed by Section 312 of the USA PATRIOT Act in establishing and conducting its correspondent banking relationship with a Mexican bank.  As a result of Lone Star’s insufficient due diligence and AML program, the Mexican bank was “allowed to move hundreds of millions of U.S. dollars in suspicious cash shipments through the U.S. financial system in less than two years.”  The FinCEN’s announcement warns that this “action underscores the dangers that institutions face when taking on international correspondence activities without properly equipping themselves” to manage the enhanced obligations that arise with such relationships.

This new FinCEN assessment underscores the continued regulatory interest in the AML risks presented by correspondent banking relationships. We therefore first will provide a brief overview of correspondent banking relationships and the enhanced regulatory attention often paid to them. Armed with this context, we then will analyze the findings and lessons learned from the Lone Star assessment, including the value touted by FinCEN of Lone Star’s efforts to cooperate with its own investigation. Further, this new assessment suggests that the U.S. government does not always present a consistent voice regarding correspondent banking relationships: although the U.S. Treasury has tried to encourage financial institutions in general to not “de-risk” and thereby terminate correspondent banking relationships, we see that enforcement agencies continue to penalize institutions in individual cases for not mitigating sufficiently the risks of correspondent banking.
Continue Reading

As widely reported, the Spanish police raided last year the Madrid offices of the Chinese state-run Industrial and Commercial Bank of China (“ICBC”), the world’s biggest bank by assets. In the nearly 18 months following that raid and the numerous arrests made at that time, very little information about this money laundering investigation became known publically. That is, until Reuters recently published a lengthy article resulting from its review of “thousands of pages of confidential case submissions” and its “interviews with investigators and former ICBC employees.” The article raises numerous questions regarding the enforcement of European money laundering laws against Chinese banks operating abroad, as well as certain unique political and diplomatic considerations that may exist in those enforcement efforts. Below, we will compare these efforts with similar U.S. enforcement efforts, which are potentially gaining steam.
Continue Reading

The Supreme Court granted certiorari on April 3 to decide whether Jordan-based Arab Bank may be liable for claims including allegations that its New York branch processed transactions for known terrorists. While the central issue before the Court will be the scope of the Alien Tort Statute (“ATS”) – namely whether it permits corporate liability for violations of international law – Jesner v. Arab Bank also illustrates how alleged AML/BSA failures can lead to yet another avenue for secondary legal liability for financial institutions, as we previously have noted in other contexts. Depending on the outcome of the Court’s opinion in Jesner, such U.S. exposures may extend to foreign financial institutions even when the alleged conduct occurs primarily abroad.Detail view of the United States Supreme Court
Continue Reading

Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory, cybersecurity, and employment issues. These issues were front and center in a recent whistleblower case pitting a bank against its former internal auditor, who engaged in computer-facilitated misappropriation of the bank’s confidential information allegedly to support whistleblower conduct.Whistle

The U.S. District Court for the Southern District of California recently declined to summarily adjudicate whether the employee’s confidentiality agreement precluded any whistleblower affirmative defense based on the employee’s alleged violation of computer fraud, contract, and tort laws. The whistleblower laws in question included the Bank Secrecy Act, Sarbanes-Oxley, Dodd-Frank, and the California Labor Code.

In Erhart v. Bofi Holding, plaintiff Charles Matthew Erhart filed a whistleblower complaint against his employer, Bank of the Internet (BofI), alleging BofI retaliated against him for reporting unlawful conduct to the government. BofI, in turn, filed a complaint, alleging that Erhart breached his employee confidentiality agreement by misappropriating confidential data relating to his employer and its clients and disseminating that data to the government, family members, and the national press.

Erhart illustrates the complex and practical problems faced by employers dealing with employees who engage in conduct that would otherwise constitute computer fraud, intellectual property theft, breaches of employment-related agreements and policies, and related tort claims under the mantle of “whistleblower.” A key issue in the case was whether Erhart would be entitled to pursue his retaliation claims before a jury or would be precluded from doing so as a matter of law given his computer-facilitated theft of confidential information.
Continue Reading