Second Post in a Two-Post Series

On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.

In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.

The Report is lengthy and detailed.  As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.


Continue Reading

Danske Bank: “If we’re going down, you’re coming with us.”

First Post in a Two-Post Series

On March 19, 2020, Swedbank received the first of what will likely be multiple sanctions regarding alleged deficiencies in its Anti-Money Laundering (“AML”) processes and mishandling of information exchanges with public investigations. At the conclusion of parallel investigations by Swedish and Estonian authorities, Swedbank AB must now pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with the applicable requirements. These penalties are all prelude to the ongoing investigations by the Latvian Police Department, European Central Bank, Swedish Economic Crime Authority, several United States authorities and, presumably, the inevitable private securities litigation to come.

In this post, we will discuss the various public AML-related investigations and enforcement actions plaguing Swedbank.  In our next post, we will discuss the details and implications of the report of internal investigation regarding these problems performed by an outside law firm at the request of Swedbank, which has made the report publicly available.  The bigger picture: the saga of Swedbank is just part of the larger and seemingly non-stop AML debacle centered around Danske Bank and its now-notorious Estonian Branch.
Continue Reading

AMA Details Components of a Strong AML/BSA Program for the Gaming Industry

Earlier this month, the American Gaming Association (“AGA”) released an updated Best Practices for Anti-Money Laundering (“AML”) Compliance (“Best Practices Guidance”) reflecting a heightened focus on risk assessment as well as Know Your Customer/Customer Due Diligence measures for the gaming industry.  This update amends the industry’s first set of comprehensive best practices for AML compliance, issued in 2014.  At the time, the best practices were well-received by the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”).  These updated Best Practices have drawn from recent FinCEN guidance and enforcement actions, the Treasury Department’s National Money Laundering Risk Assessment, and the Office of Foreign Assets Control’s (“OFAC”) updated compliance guidelines and provide detailed guidance regarding how the industry can continue to be “a leader in compliance.”


Continue Reading

Bank Accused of Being Asleep at the AML-CTF Switch

On November 20, 2019, AUSTRAC, Australia’s anti money-laundering (“AML”) and counter-terrorism financing (“CTF”) regulator, initiated an action in the Federal Court of Australia seeking civil penalty orders against Westpac Banking Corporation (“Westpac”), Australia’s second largest retail bank, alleging systemic failures to comply with Australia’s AML-CTF laws.  Specifically, AUSTRAC alleges over 23 million breaches of those laws, including activity involving potential child exploitation. As we will discuss, the bank has taken, and continues to take, several steps to try to mitigate and contain the scandal’s consequences.

The Allegations

AUSTRAC’s Statement of Claim focuses on Westpac’s correspondent banking relationships with financial institutions in other countries. Correspondent banking relationships require increased due diligence efforts because of the inherent money laundering and terrorism financing risks associated with cross border movement of funds; dealing with banks in high risk jurisdictions, doing business with banks who themselves do business in, or with, sanctioned or high risk countries; and the limited information about the identity and source of funds of customers of the correspondent banks.
Continue Reading

On July 22, 2019, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) (collectively the federal banking agencies), issued a joint statement entitled Joint Statement on Risk-Focused Bank Secrecy Act/Anti-Money Laundering Supervision (the “statement”).

The specific emphasis of the statement is to reiterate that the federal agencies will take a risk-focused approach to examinations. The statement itself does not purport to create new requirements but rather is a tool to enhance transparency in the approach used by the federal banking agencies in planning and performing BSA/AML examinations. As the statement notes, it “aligns with the federal banking agencies’ long-standing practices for risk-focused safety and soundness examinations.”

Risk Profiles

At the outset, the federal banking agencies urge banks to conduct a comprehensive risk assessment, which are deemed “a critical part of sound risk management.” Specifically, banks themselves have unique risk profiles given each bank’s focus (i.e., “a bank with a localized community focus likely has a stable, known customer base”) and complexity, which must be assessed at the outset when developing and implementing an adequate BSA/AML program.

Of particular note, the federal banking agencies state that banks that “operate in compliance with applicable law, properly manage customer relationships and effectively mitigate risk by implementing controls commensurate with those risk are neither prohibited nor discouraged from providing banking services.”  The statement goes on to assert that “banks are encouraged to manage customer relationships and mitigate risks based on customer relationships rather than declining to provide banking services to entire categories of customers.”
Continue Reading

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Our podcast discusses the conduct for which financial

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators.
Continue Reading

First Post in a Two-Part Series

How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.

In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank.  Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series.  So please stay tuned.

The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:

  • Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
  • Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
  • Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
  • Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
  • Failing to conduct necessary due diligence on foreign correspondent accounts.
  • A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
  • A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.

Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:

  • An inadequate, ineffective or non-existent risk assessment.
  • Elevating the business line over the compliance function.
  • Offering products or using new technologies without adequate controls in place.
  • Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
  • Corporate silos, both human and technological, that prevent or hinder information sharing.
  • Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.

So how can you ensure that your AML program is adequate? Here are some practical tips.
Continue Reading

Denmark Suffers Greatest Increase in Annual Risk Rating

The Basel Institute on Governance (“Basel Institute”) recently announced that the associated Basel Centre for Asset Recovery has released its seventh annual Basel Anti-Money Laundering Index (“AML Index”) for 2018, described by the Basel Institute as “an independent, research-based ranking that assesses countries’ risk exposure to money laundering and terrorist financing.”  The risk scores for each country in the AML Index “are based on 14 publicly available indicators of anti-money laundering and countering the financing of terrorism (AML/CFT) frameworks, corruption risk, financial transparency and standards, and public transparency and accountability.” The Basel Institute, which is associated with the University of Basel, describes itself as “an independent not-for-profit competence centre working around the world with the public and private sectors to counter corruption and other financial crimes and to improve the quality of governance.”

The public AML Index, which pertains to 129 countries, is here; an “expert edition” containing a full list of scores and sub-indicators for all 203 countries — available for cost to private persons or industry, or for free to academic, public, supervisory and non-profit organizations — is here.  A summary of the public AML Index is here.

As we will discuss, the AML Index bemoans a lack of progress in the global fight against corruption, and in particular cites lack of enforcement of existing laws and declining press freedom across the globe. The AML Index also underscores how countries with seeming low risk in fact have lurking problems.
Continue Reading

Part Two of a Three-Part Series

In the second part of this series, we explore the practical effects of the FinCEN and DOJ guidance documents on industries attempting to serve marijuana related business (“MRBs”). On June 27, 2017, the Tenth Circuit issued an interesting and divided opinion showing us how difficult it can be to square the prohibitions in the federal Controlled Substances Act (“CSA”) and money laundering statutes with state legislation legalizing certain MRB activity and the seemingly permissive nature of the FinCEN and DOJ guidance documents.
Continue Reading