Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 8th, a former executive of a Hungarian telecommunications company settled a 2011 civil complaint filed by the SEC. The trial of the remaining co-defendants is scheduled for May 8. As part of the settlement, the former executive agreed to pay a $60,000 civil penalty and did not admit or deny the SEC’s allegations. The former executive also admitted that U.S. courts had jurisdiction over the case. The issue of jurisdiction had been contested; in 2013, the court denied the defendants’ motion to dismiss for lack of personal jurisdiction.
The SEC’s complaint alleged that the former executive, along with two other co-defendants, authorized bribes to Macedonian government officials and others. In 2014, the SEC dropped allegations regarding payments to government officials in Montenegro, substantially narrowing the allegations in the case. The company and its parent settled allegations regarding payments to government officials in Macedonia and Montenegro with the SEC and DOJ in 2011. Prior Scorecard coverage of the company’s investigation can be found here.
This outcome of this lengthy case illustrates that individual defendants can still achieve relatively favorable outcomes when they choose to litigate FCPA cases, even after the corporate defendants have reached a resolution.
On January 30, the New York Department of Financial Services (NYDFS) announced that it had assessed a $425 million fine against a German bank as part of a consent order addressing allegations that the bank allowed $10 billion in “mirror trades” involving Russian investors by failing to properly enforce protections against money laundering. According to the press release, the bank and several of its senior managers allegedly “missed key opportunities to detect, intercept and investigate a long-running mirror-trading scheme facilitated by its Moscow branch and involving New York and London branches.” Specifically, the consent order claims the bank (i) conducted its business in an unsafe and unsound matter; (ii) implemented weak “Know Your Customer” processes; (iii) failed to accurately rate its country and client risks for money laundering throughout the relevant time period and lacked a global policy benchmarking its risk appetite; (iv) maintained ineffective, understaffed anti-financial crime, AML, and compliance units; and (v) had a flawed corporate structure and organization.
In addition to the $425 million monetary penalty, the bank must, within 60 days of the consent order, engage an independent monitor to “conduct a comprehensive review of the [b]ank’s existing BSA/AML compliance programs, policies and procedures.” Furthermore, the bank must submit in writing for NYDFS review an action plan outlining enhancements to its current BSA/AML compliance programs.
On January 27, the Federal Reserve publically released a cease-and-desist order against a regional bank concerning its anti-money laundering (AML) program. The order, which is dated January 25, requires the bank to address certain deficiencies identified in a review of the bank’s AML compliance program by the Federal Reserve Bank of Richmond and develop a firm-wide compliance risk management program addressing the AML requirements. The order follows a recent Stipulated Order with the FDIC against the same bank concerning similar allegations and calling for, among other things, corrective actions and enhancements to address certain internal control deficiencies.
On October 18, OFAC granted General License No. 2B renewing the authorization regarding nine Belarusian entities to enter into transactions otherwise prohibited by Executive Order 13405. General License No. 2B replaces and supersedes in its entirety General License No. 2A, which was set to expire later this month, and authorizes transactions with any entities that are owned 50 percent or more by the nine named entities. All property and interests in property of these entities, if blocked, remain blocked. U.S. persons must report authorized transactions or any series of transactions exceeding $50,000 to the U.S. Department of State no later than 30 days after execution. The authorization expires on April 30, 2017, unless otherwise extended or revoked.
On February 19, FinCEN withdrew three findings and proposed rulemakings under Section 311 of the USA PATRIOT Act. FinCEN determined that the three entities subject to the proposed rulemakings “no longer pose a money laundering threat to the U.S. financial system.” FinCEN withdrew its findings and proposed rulemakings against (i) a Costa Rica-based financial institution; (ii) a Belarus-based financial institution; and (iii) an Andorra-based financial institution. Regarding the Costa Rica-based institution, FinCEN noted that the DOJ “seized [its] accounts and Internet domain names and charged seven of its principals and employees with money laundering;” the institution stopped functioning after such actions were taken. According to FinCEN, the Belarus-based entity, along with its successor, no longer operates as a foreign financial institution and does not operate in a way that poses a threat to the U.S. financial system. Finally, concerning the third entity, FinCEN noted that Andorran authorities assumed control of the management and operations of the entity, arrested its chief executive officer on money laundering charges, and “are in the final stages of implementing a resolution plan that is isolating the assets, liabilities, and clients of [the entity] that raise money laundering concerns.”
District Court Denies Motion to Dismiss, Rules Compliance Officers Responsible for AML Program Failures
On January 8, the U.S. District Court of Minnesota ruled that individual officers of financial institutions may be held responsible for ensuring compliance with anti-money laundering laws under the Bank Secrecy Act (BSA). U.S. Dep’t of Treasury v. Haider, No. 15-cv-01518, WL 107940 (Dist. Ct. Minn. Jan. 8, 2016). In May 2015, the defendant filed a motion to dismiss the U.S. Department of the Treasury’s December 2014 complaint against him. The Treasury’s complaint alleged that the defendant failed in his responsibility as the Chief Compliance Officer for an international money transfer company to ensure that “the Company implemented and maintained an effective AML program and complied with its SAR-filing obligations.” The complaint sought a $1 million judgment against the defendant and enjoined him from working for, either directly or indirectly, any “financial institution” as defined in the BSA. In his motion to dismiss, the defendant contended that the Treasury’s complaint should be dismissed because, among other reasons, 31 U.S.C. § 5318(a) permits the imposition of a penalty for AML program failures against an entity, not an individual. However, the District Court of Minnesota dismissed the motion, ruling that the BSA’s more general civil penalty provision, § 5321(a)(1), could subject a partner, director, officer, or employee of a domestic financial institution to civil penalties for violations “of any provision of the BSA or its regulations, excluding the specifically excepted provisions.” Judge David Doty further opined, “Because § 5318(h) is not listed as one of those exceptions, the plain language of the statute provides that a civil penalty may be imposed on corporate officers and employees like [the defendant], who was responsible for designing and overseeing [the company's] AML program.” The defendant also challenged the Treasury’s complaint on the bases that (i) the request for injunctive relief was time barred by the applicable statute of limitations; (ii) FinCEN should not have been permitted to receive and publicly use grand jury information; and (iii) FinCEN violated his due process rights. For various reasons, the District Court declined to decide on such issues or to dismiss materials based on the arguments presented.
On November 16, the DOJ’s Deputy AG Sally Yates delivered remarks at the American Bankers Association and American Bar Association Money Laundering Enforcement Conference. Yates focused her remarks on recent revisions – originally outlined in a September 9 policy memorandum – to the United States Attorney’s Manual (USAM), as follows: (i) updating the corporate criminal cases section, specifically the “Principles of Federal Prosecution of Business Organizations” chapter, or the “Filip factors”; (ii) implementing an entirely new section to the civil cases chapter on enforcing claims against individuals in corporate matters; and (iii) updating its policy on parallel proceedings. First, the DOJ updated the Filip factors and the written guidance accompanying the factors to emphasize individual accountability in corporate cases and company cooperation in the DOJ’s investigation of individual wrongdoing. Yates highlighted the following policy change: “In the past, cooperation credit was a sliding scale of sorts and companies could still receive at least some credit for cooperation, even if they failed to fully disclose all facts about individuals. That’s changed now… providing complete information about individuals’ involvement in wrongdoing is a threshold hurdle that must be crossed before [the DOJ will] consider any cooperation credit.” Yates further noted that the new policy does not change the meaning of attorney-client privilege, but requires companies to turn over all relevant non-privileged information with the expectation that the companies respect the boundaries of attorney-client privilege. The USAM’s new chapter on civil cases mimics the individual accountability policies outlined in the Filip factors revisions, with the DOJ instructing its civil attorneys to abide by the same principles that guide criminal prosecutors’ efforts. Finally, revisions to the USAM’s parallel proceedings policy stress the importance of routine communication between criminal prosecutors and civil attorneys handling white collar matters to ensure a “resolution for both the individual and the corporation that is in the best interest of the public.”
On October 29, OFAC granted a General License authorizing nine Belarusian entities to make transactions otherwise prohibited by Executive Order 13405, effective October 30. The General License also authorizes transactions with any entities that are owned 50 percent or more by the nine named entities. U.S. persons must report authorized transactions or series of transactions exceeding $10,000 to the U.S. Department of State no later than 15 days after execution. The General License expires on October 31, 2016, unless extended or revoked.
FinCrimes Webinar Series Recap: The Role of Corruption Risk in a Financial Crimes Compliance Program
BuckleySandler hosted a webinar, The Role of Corruption Risk in a Financial Crimes Compliance Program: What are Banks Doing to Detect Corruption in the Wake of the FIFA Scandal?, on September 24, 2015 as part of their ongoing FinCrimes Webinar Series. Panelists included Thomas Coupe, EMEA Global Financial Crimes at Bank of America Merrill Lynch; and Compliance; Gaon Hart, Global Anti-Bribery & Corruption Policy and Education Lead at HSBC; and Denisse Rudich, Financial Crimes Compliance Specialist at Firedrake Consulting. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Corruption risk for a financial services firm is presented both directly and indirectly. Corruption risk is presented directly when an employee or third parties acting on behalf of an institution act in a way that implicated anti-corruption laws, such as the Foreign Corrupt Practices Act, U.K. Bribery Act or another anti-corruption law. Corruption risk is presented indirectly when a customer seeks to use a financial institution for a corrupt deal or to hold or transmit funds associated with a corrupt scheme.
- It is important to have one person your organization can look to when an anti-corruption concern arises. This person should serve as the point of contact for your regulators and have the ability to quickly escalate concerns to senior management and the board of directors.
- New customers with past corruption issues present special challenges. Be sure that your onboarding and due diligence processes are able to identify and evaluate these concerns.
- Bear in mind that corruption risk management also requires looking at your organization internally. This means examining your own employees for conflicts issues, evaluating your organization’s sponsorships and donations, and performing due diligence on your third-party suppliers.
- Effective anti-corruption risk management requires cultivating a culture within your organization that supports your efforts. This is an area that regulators are increasingly interested in.
Structuring an Effective Corruption Risk Management Function
The panelists began the session by discussing where best to locate corruption risk management within a bank. The panelists observed that corruption risk management differs from other financial crimes areas, such as anti-money-laundering, because it is more inwardly focused. Panelists commented that, for some institutions, corruption risk management might be a better fit with areas that deal more with the culture of the organization, such as reputational risk and conduct risk. One panelist observed that the regulators have been increasing their focus on the culture of organizations, heightening the importance of this aspect of corruption risk management.
The panelists discussed the most efficient way to structure an organization’s anti-corruption standards. Generally, the panelists agreed that it makes the most sense to develop centralized standards based on the most stringent anti-corruption statutes, such as the FCPA and UK Bribery act. This approach will help account for the extraterritorial application of the FCPA and UK Bribery act. The panelists recommended developing add-on standards that apply in countries where there is a local statute with additional requirements. In particular, the panelists observed that local statutes may provide different rules for entertainment expenses and facilitating payments.
The panelists observed that corruption-risk screening should be integrated into the onboarding process for new customers. In this area, it is important to consider the differences between Public Officials (“PO’s”) and Politically-Exposed Persons (“PEP’s”). One key issue to be aware of is that screening tools and databases designed to identify PEP’s may miss lower-level PO’s. PEP screening tools may also miss State-Owned Enterprises; for example if the government owns only a small share of the company. Therefore, it is important to look closely at new customers and suppliers to identify if there are indirect links to government officials, or if the company has a history of working closely with the government, or if the company’s beneficial ownership raises any concerns.
One of the panelists observed that a new customer with past corruption issues presents special concerns in the due diligence process. Here, robust due diligence is needed to assess what changes the customer has implemented since the corruption issue came to light, and whether they have cooperated with the authorities and/or compliance monitors. Heightened monitoring should also be put in place for these customers.
Responding to a Corruption Concern
The panelists discussed how to respond when the bank receives news that a counterparty or a customer may pose a corruption risk. Here, the panelists agreed that it is important to have a well-thought out and comprehensive incident response plan in place. This plan should:
- Identify who in the organization is the designated point person for coordinating the response. This person should serve as the contact point for regulators, and be able to quickly escalate issues to senior management and board of directors. Along these lines,
- Specify who is to be notified of the issue and when. The panelists stressed the need for the incident plan to also address reputational risk to the bank.
- Lay out steps that allow the bank to determine if the corruption risk affects the bank, and if so, to what degree. This will involve using databases to search for names of both corporate and individual customers. This will also require setting up suspense accounts if needed and reporting these accounts as appropriate. After addressing the funds on hand within the bank, it will be necessary to perform a historical look-back for suspicious transactions.
The panelists also discussed how to respond to corruption concerns that arise from within the organization. The panelists observed that AML monitoring tools will often detect transactions that may present a corruption risk. Therefore, it makes sense to have close communication between the AML function and corruption risk management. The panelists concluded the discussion by observing that corruption risk should become as central to a bank’s business function as credit-risk has been traditionally.
On September 9, the Department of Justice (DOJ), issued a policy memorandum concerning DOJ’s goal of holding individuals accountable for corporate fraud or other misconduct. While some of the guidelines set forth in the memorandum are statements of practices already being followed by DOJ, or by specific U.S. Attorney’s Offices, some of the measures are new and reflect an enhanced focus on DOJ’s goal of holding individuals criminally or civilly liable for corporate wrongdoing. The memo sets forth “six key steps” to accomplish this goal and further DOJ’s underlying policies of deterring future illegal activity, incentivizing change in corporate behavior, holding proper parties responsible for their actions, and promoting public confidence in the justice system.
First, the memo provides that, to be eligible to receive any credit for cooperating with the government in a civil or criminal investigation, a company must completely disclose to DOJ all relevant facts about individual misconduct, regardless of the individual’s position, status or seniority at the company. If a company provides incomplete information about individual employees’ misconduct, then the company’s cooperation will not be considered a mitigating factor in a criminal investigation and will not support, in the case of a prosecution, a cooperation-related reduction at sentencing. Likewise, where the company is not completely forthcoming about individual wrongdoing in a civil investigation, DOJ will not consider the company’s cooperation in negotiating a settlement agreement.
Second, the memo provides that both criminal and civil investigations should focus on individuals from the outset of the investigation, in order to discern the full extent of alleged misconduct, increase the likelihood of cooperation by individuals with knowledge of the misconduct, and maximize the chances that resolution of the investigation will include civil or criminal charges against both the company and culpable individuals.
Third, the memo emphasizes that DOJ criminal and civil attorneys should be in routine communication with one another, so that the DOJ can consider the full range of potential remedies to address alleged misconduct by individuals.
Fourth, the memo provides that, absent “extraordinary circumstances,” no corporate resolution will provide protection for criminal or civil liability for any individuals. Fifth, the memo states that DOJ attorneys should not resolve civil or criminal investigations of a corporation without a “clear plan” to resolve related individual cases. In addition, if a decision is made not to prosecute or proceed civilly against individuals who committed the misconduct, DOJ attorneys must memorialize and submit for approval the reasons for that decision.
Finally, the memo provides that civil prosecutors should consistently focus on individuals as well as the company, and evaluate the decision whether to sue an individual based on considerations beyond the individual’s ability to pay. The memo notes that, while DOJ attorneys may validly consider an individual corporate wrongdoer’s ability to satisfy a judgment in determining whether to pursue an action against that person, DOJ attorneys also should consider other goals and concerns in making this determination, including such things as the seriousness of a person’s misconduct, the person’ s past history, the ability to obtain and sustain a judgment, and the long-term deterrent effects of holding an individual accountable.
- Daniel P. Stipano to discuss "Regulatory changes: Proposed AML regulatory changes, marijuana banking and hemp/CBD" at the ACAMS Carolinas Chapter AML and OFAC Symposium-Technology and Hot Topics
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference