Since December 2012, when HSBC Holdings PLC reached a then record-setting $1.9 billion settlement, U.S. regulators have been flexing their anti-money laundering (AML) enforcement muscles. Just over a year later, JPMorgan gained the dubious distinction of breaking HSBC’s record, when it settled allegations of AML violations for more than $2 billion. On June 30, 2014, U.S. regulators struck again, when they reached an $8.9 billion settlement with BNP Paribas, France’s largest bank. As part of the settlement, BNP Paribas admitted to violating U.S. sanctions and money-laundering regulations by engaging in transactions for Sudan, Iran and Cuba. The message from U.S. regulators could not be clearer: They are committed to stronger and more aggressive enforcement of the AML laws.
The government has pursued enforcement actions against smaller financial institutions as well. In September 2013, Saddle River Valley Bank, a local New Jersey bank, was determined to have willfully violated AML laws by failing to monitor and report foreign currency exchange transactions with Mexican and Dominican institutions. The community bank ceased operations in 2012, but regulators still claimed $8.2 million in fines and civil forfeitures, which represented a majority of the bank’s remaining assets.
Most AML legal requirements derive from the Bank Secrecy Act (BSA), the USA PATRIOT Act and the Office of Foreign Asset Control (OFAC) regulations.
- Bank Secrecy Act: Drafted to deter financial institutions from acting as conduits for illegally derived money, the BSA requires financial institutions to maintain suitable records and to file reports regarding their financial relationships with clients and specified financial transactions. The BSA requires financial institutions to file Currency Transaction Reports (CTRs) for any daily transactions, individually or in the aggregate, totaling over $10,000. Additionally, it requires financial institutions to file Suspicious Activity Reports (SAR) when an individual engages or attempts to engage in suspicious or potentially suspicious activity at a financial institution. Violations of the BSA are primarily enforced by the Financial Crimes Enforcement Network (FinCEN), a bureau within the United States Department of Treasury tasked with combatting money laundering and a variety of other financial crimes.
- USA PATRIOT Act: Passed in the wake of Sept. 11, 2001, the Act requires financial institutions to incorporate “Customer Identification Programs” into their AML/BSA compliance program, by which the entity proactively acquires information about its customers and performs due diligence on the legitimacy of its clients’ funds.
- OFAC Regulations: OFAC is an office within the Department of the Treasury that oversees the U.S. sanctions and embargoes implemented to achieve foreign policy objectives. The OFAC regulations require financial institutions to block or prohibit certain transactions with impermissible persons, entities, and countries.
AML/BSA trends and enforcement
Enforce harshly and often
Since 2009, one thing has been evident: Regulators have a renewed focus on strict and aggressive enforcement of AML/BSA laws. Over the last several years, there has been a notable surge in the frequency of enforcement actions and the size of the monetary penalties assessed. Compounding the risk for financial institutions, regulators have also pursued larger penalties that represent higher proportions of financial institutions’ total capital. A March 2014 report published by NERA Economic Consulting found that between 2002 and 2011, fewer than 50 percent of all AML/BSA enforcement actions came with monetary penalties. Since 2012, over two-thirds of enforcement actions have included monetary penalties. Furthermore, over $4 billion of the more than $5 billion levied for violations of AML/BSA laws and regulations since 2002 have been collected in the last three years.
Forced to admit responsibility
In the past, common enforcement practice would allow companies and individuals to consent to penalties without admitting to any transgressions. To further assist enforcement efforts, however, FinCEN created a stand-alone Enforcement Division in June 2013, which, among other things, has stressed the need for financial institutions and individuals take to responsibility for their AML/BSA violations. In November 2013, during a speech before the American Bankers Association/American Bar Association Money Laundering Enforcement Conference, Jennifer Shasky Calvery, the FinCEN director, focused on this new emphasis when she said, “Those who violate the BSA must take responsibility…Acceptance of responsibility and acknowledgment of the facts is a critical component of corporate responsibility.”
Rise in private litigation
Likely a result of financial institutions having to admit responsibility, the number of private lawsuits predicated on AML/BSA violations against such entities has jumped. Despite the BSA not providing for a private right of action, private plaintiffs have attempted to hold banks liable for breaching the duty of care owed to customers and have used the institutions’ admissions of guilt against them. Likewise, if a client’s fraudulent scheme benefits a bank, and the bank willfully fails to file an SAR, the bank’s actions may make it a co-conspirator and susceptible to private litigation.
Director and officer liability
In conjunction with the above, individual directors and officers (D&O’s) have increasingly become the focus of AML/BSA litigation. Over the past few years, the government has brought both criminal and civil actions against individual D&O’s, largely for failing to maintain adequate AML/BSA compliance procedures. Historically, D&O’s have been covered by a financial institution’s D&O liability policy; the Federal Deposit Insurance Corporation, however, has stated that such policies may not indemnify D&O’s for civil monetary penalties. Accordingly, D&O’s for financial institutions are at an increased risk of personal liability if their entities do not have adequate compliance programs in place.
AML/BSA compliance programs
As U.S. regulators have shown that they are increasingly focused on AML/BSA enforcement, the need for financial institutions to develop and devote the appropriate resources to a compliance program has never been more apparent. An effective compliance program should be adequately documented and achieve the following:
- Assign an individual or team to oversee and supervise the AML/BSA compliance program
- Develop an easy pathway through which compliance issues can be reviewed by the appropriate D&O’s
- Create an internal control process by which CTRs and SARs are reviewed and filed in a timely fashion and transactions are screened for OFAC regulation compliance
- Provide training to all appropriate employees
- Undergo regular audits to ensure that the program remains effective at mitigating exposure to potential AML/BSA violations
That being said, compliance programs will necessarily vary based on the size, function, and sophistication of the financial institution. Accordingly, legal counsel should be consulted to evaluate the adequacy of any compliance program.