InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCrimes Webinar Series Recap: Individual Liability - FinCrimes Professionals in the Spotlight
BuckleySandler hosted a webinar, Individual Liability: Financial Crimes Professionals in the Spotlight, on January 22, 2015 as part of its ongoing FinCrimes Webinar Series. Panelists included Polly Greenberg, Chief, Major Economic Crimes Bureau at the New York County District Attorney’s Office, and Richard Small, Senior Vice President for Enterprise-Wide AML, Anti-Corruption and International Regulatory Compliance at American Express. The following is a summary of the guided conversation moderated by Jamie Parkinson, Partner at BuckleySandler, and key take-aways you can implement in your company.
Best Practice Tips and Take-Aways:
- Be completely transparent with senior management and your board of directors when escalating issues and concerns. Document your requests for program enhancements and management responses.
- Assure yourself that your team is up to the task at hand, adequately resourced and knows that they can escalate anything that concerns them to compliance and/or senior management/the Board.
- When considering the quality of your compliance program, be sure that your program is tested internally by your compliance function, tested again by your organization’s internal audit team, and in addition is examined every few years by external counsel/consultant.
- If confronted with management unwillingness to commit adequate headcount and resources necessary to the compliance program, serious consideration has to be given to resigning and/or reporting these deficiencies.
Significant Actions and Regulatory Statements
The discussion began by giving an overview of trends in enforcement actions in the last few decades, commenting that this topic has been simmering for a long time. In the Bank context, in the late 1980s a series of prosecutions against the Bank of New England, Shearson Lehman, and Bank Boston involved efforts to hold the institution as well as individuals liable. Largely, the government had success against the institutions on theories of collective knowledge and willful blindness but was less successful when prosecuting individuals.
In the brokerage context, the SEC has brought recent actions as part of the Compliance Program Initiative, including charges against compliance personnel when they were clearly responsible for the failure to adopt or implement adequate compliance programs. The SEC has signaled that it will take action against compliance officers if:
- They actively participated in misconduct;
- They helped mislead regulators; or
- They have clear responsibility to implement compliance programs or policies and wholly failed to carry out that responsibility.
Then identified recent enforcement actions taken against board members, including Pacific National Bank involving a failure to remedy deficiencies in that institution’s BSA program. In the Pacific National Bank case, the OCC levied individual fines against the bank’s chairman and three board members who served on its BSA compliance committee for failing to act in their official capacities to correct the failures.
Finally, identified remarks made by three key regulators at the November 2013 ABA/ABA and the March 2014 ACAMS conferences. These speeches reflect clear statements with respect to the government’s intention to hold individuals personally liable when the facts warrant. The remarks were made by:
- Jim Cole (Deputy Attorney General, retired Jan. 8, 2015)
- Thomas Curry (Comptroller of the Currency)
- Jennifer Shasky Calvery (Director, FINCEN)
Mr. Small then gave an overview of two significant enforcement actions that involved individual liability. The first case, Brown Brothers Harriman, was brought by FINRA in early 2014 and arose from penny stock transactions executed by the firm through an omnibus brokerage account structure. While the case resulted in an $8 million fine for Brown Brothers, the firm’s Global AML Compliance Officer, Harold Crawford, was also the subject of the enforcement action and was fined $25,000 and barred from working in a compliance function for one month. Crawford’s personal liability was premised on his alleged failure to effectively monitor suspicious activity and to report it as required. Mr. Small pointed out that there were references in the case to an internal Brown Brothers’ memorandum that was developed by their compliance group that cited the increase in potentially suspicious activity and recommended stopping the trades and discontinuing the omnibus brokerage structure that had been used to carry out the transactions. This memo was written in November 2011, and was not acted upon prior to FINRA’s action. Mr. Small observed that the Brown Brothers case was the first time that action was taken against an AML compliance officer for failures in the AML compliance program at their company. He further observed that the case raises the question of what a compliance officer should do if they are raising issues, but not receiving resources from management to address those issues.
The second action Mr. Small discussed, MoneyGram, also involved individual liability for a compliance officer. There, FINCEN and DOJ took joint action against MoneyGram related to a significant number of transactions initiated by MoneyGram that were connected to various fraud schemes. FINCEN and DOJ alleged that MoneyGram received a significant number of complaints from consumers but took no action to address them. FINCEN issued a $1 million civil money penalty against Thomas Haider, who served as ManeyGram’s Chief Compliance Officer from 2003-2008. DOJ filed a complaint to enforce the penalty and also seeking to bar Haider from employment in the financial services industry.
When asked how this case might bear on the design of a Financial Crimes compliance program, Mr. Small commented that it was his personal opinion that this case could be read as counseling against integrating an institution’s BSA compliance function with other functions, such as fraud monitoring if the compliance officer lacks the expertise or full authority over the integrated areas. For example, Mr. Haider had responsibility for performing due diligence on agents, terminating agents, and identifying fraud, in addition to suspicious activity monitoring and SAR filing. The first two of these tasks were ones over which he may not have had full authority and as to the fraud area one in which he lacked the expertise to properly oversee. The panelists agreed that while an institution’s compliance function must have unfettered access to the institution’s data, it is important that the compliance function does not take on responsibilities outside of its area of expertise.
Theories of Individual Liability
Ms. Greenberg then discussed the different theories that can be used to find individual liability. She emphasized that the underlying basis of criminal liability is criminal knowledge and intent to do a particular act. Ms. Greenberg explained that it can be easier to find liability for a corporation due to the theory of collective knowledge. Under this theory, the knowledge of the corporation’s employees is imputed to the corporation, and the corporation is bound by this collective knowledge. So, while no single employee might possess sufficient knowledge to support individual liability, numerous individuals’ knowledge may be combined and imputed to the corporation and this collective knowledge may be sufficient to hold the corporation liable.
Ms. Greenberg also discussed the theory of willful blindness, which is primarily used under federal law. Under this theory, an individual has a subjective belief that there is a high probability that a fact exists but avoids learning whether the fact actually exists. Ms. Greenberg also pointed out that there is a similar concept under New York law called conscious avoidance.
Finally, Ms. Greenberg discussed the considerations taken into account in assessing whether it is appropriate to charge an individual in the corporate crimes context. Initially, authorities must consider whether there was criminal intent and whether that intent can be proven. They must also consider whether they can prove the level of knowledge required by the relevant statute, such as, knowingly, intentionally, or willfully. After deciding that there is probable cause to believe an individual had the required intent, Ms. Greenberg explained that the authority will then consider various factors in exercising prosecutorial discretion. In deciding whether to charge an individual in the corporate crime context, fairness is given much consideration. Ms. Greenberg observed that charging higher-level employees in this context may be more common than charging lower-level employees because higher-level employees bear more responsibility for the corporation and play a much larger role in influencing the corporate culture.
Considerations for Compliance Professionals
The panelists noted that it is very important for compliance professionals to have their areas of responsibility clearly defined, and to ensure that they have the control and expertise to manage these areas appropriately, as well as sufficient resources to carry out the compliance program effectively. It was pointed out that the areas most often associated with institutional and individual liability include:
- Failures in the culture of compliance within the organizations;
- Inadequate resources committed to BSA compliance;
- Weaknesses in the organization’s technology and transaction monitoring processes; and
- Inadequacies in the quality of risk management.
Mr. Small stressed the importance of being transparent with senior management and the board of directors when faced with a lack of resources, commenting that it is important to discuss the issue, listen to any proposed alternatives, and take a stance on what the best solution is. The panelists stressed the importance of documenting your requests and the responses and agreed that such documentation can be important to enforcement authorities in deciding whether to charge individuals. The panelists agreed that the trend towards increased individual liability could result in increased SAR filings. IT was suggested that it may be safer to file a SAR when in doubt but defensive SAR filing should be avoided if possible. He noted too that it is very important to thoroughly document decisions not to file.
FinCEN Fines NY-Based Securities Broker-Dealer for Anti-Money Laundering Shortfalls
On January 27, FinCEN fined a New York securities broker-dealer firm $20 million for violating the BSA. According to the press release, the firm failed to (i) establish an adequate anti-money laundering program; (ii) conduct proper due diligence on a foreign correspondent account; and (iii) comply with Section 311 of the USA Patriot Act. These failures resulted in customers engaging in suspicious trading, including prohibited third-party activity and illegal penny stock trading, without it being detected or reported. The firm must pay $10 million of the $20 million penalty to the US Department of the Treasury. The remaining $10 million will be paid to the SEC to settle a parallel enforcement action.
Australian AML Regulator Fines Company For Failing to Register Affiliates
On January 21, the Australian Transaction Reports and Analysis Centre (AUSTRAC) announced a $122,400 penalty (Australian dollars) against a large financial services company for failing to register six affiliate businesses as remittance services providers. AUSTRAC serves as Australia’s regulator of anti-money laundering and counter-terrorism financing activities. AUSTRAC noted the company’s voluntary disclosure was taken into consideration when determining its enforcement approach.
FinCEN Fines Former CCO For Maintaining Ineffective AML Program
Recently, FinCEN announced a $1 million civil money penalty against the former Chief Compliance Officer (CCO) of a large financial services company for allegedly violating the Bank Secrecy Act (BSA) and its implementing regulations. In its complaint, FinCEN alleges that the CCO, from 2003 through 2008, failed to implement and maintain an effective AML program and file timely Suspicious Activity Reports as required by the BSA. As a result, the company’s money transfer system was used to carry out fraudulent activities causing customers to incur substantial losses. In addition to the penalty, FinCEN is seeking to prohibit the former CCO from participating, directly or indirectly, in the affairs of any financial institution.
FinCrimes Webinar Recap: Dealing with PEPs - AML & Corruption Risks
BuckleySandler hosted a webinar, Dealing with PEPs: AML & Corruption Risks, on December 18, 2014 as part of its ongoing FinCrimes Webinar Series. Panelists included Mary Butler, Deputy Chief, International Unit, at the Asset Forfeiture & Money Laundering Section, Criminal Division at the U.S. Department of Justice; Paul Dougherty, Managing Director of the anti-money laundering program for the United States and Canada at Bank of America; and Noreen Fierro, Vice President and Chief Compliance Officer of the Group Insurance Division of Prudential Financial. The following is a summary of the guided conversation moderated by Jamie Parkinson, partner at BuckleySandler, and key take-aways you can implement in your company.
Key Tips and Take-Aways:
- Make sure that the organization has appropriate procedures in place to identify Politically Exposed Persons (PEPs) and that those procedures appropriately explain how a PEP is defined by the institution.
- Understand the different global standards for PEP compliance and, where appropriate, have country-specific policies and procedures to manage onboarding and monitoring.
- Encourage cooperation among the different financial crime compliance disciplines within your institution to assist in identifying and monitoring PEPs.
Onboarding and Monitoring PEP Accounts
The session began with a discussion of the basic regulatory requirements associated with the onboarding of PEP accounts. The panel addressed the significance of having specific policies and established procedures to identify PEPs on the front end. Specifically, the panelists noted the importance of having procedures that discuss the borrower approval process, the steps taken to onboard the customer and how those steps differ from normal customer onboarding steps, and who is involved in the process. The panelists further noted that regulators pay significant attention to how transactions are monitored for PEPs in comparison to normal customers and what the organization does when an account is flagged. With regard to the actual onboarding procedures, the panelists noted that the primary concern is associated with identifying risks associated with the PEP and investigating the source of the PEPs funds.
Global Approaches to PEP Programs
The panelists then discussed the complications that arise when dealing with the global application of PEP requirements. Specifically, the panelists noted the significant differences from country to country regarding who qualifies as a PEP and whether or not an individual’s status as a PEP continues after the individual leaves his position. Significantly, one of the panelists noted that their company took a country by country approach with regard to PEP onboarding and monitoring in order to address the differences. Panelists further noted a concern regarding the duplication of names between OFAC screening lists and local country lists. Panelists also noted that because of the global nature of PEP regulations, they tend to refer to Senior Foreign Political Figures as Senior Political Figures, even though official guidance uses the foreign distinction.
Intersection of PEPs, Money Laundering and Corruption
Panelists next discussed how the DOJ views the intersection of programs dealing with money laundering and corruption. The panel noted the significant cooperation that exists between individuals working in different areas associated with AML and bribery. The panel highlighted the importance of Suspicious Activity Reports and their use in investigating alleged illegal conduct. The panel also noted that with the increase in disclosure requirements, it is becoming easier to find evidence of money laundering and to eventually recover those illegal proceeds.
Dealing with Local Political Officials
In response to questions from attendees, the panelists then shifted to discussing the domestic application of PEP policies and procedures. The key points discussed were associated with how local political officials are categorized when dealing with PEPs. Specifically, the panelists noted the difficulties associated with deciding how broadly to extend the definition of a PEP with regard to local political officials. The panel suggested that the primary concern when defining local PEPs was to make sure that an organization’s policies and procedures are clearly defined and at least reasonably defensible. Panelists observed that the key regulatory concern is not that the definitions should be identical, but that entities have reasonable definitions that are enforced uniformly.
Monitoring Techniques and Metrics
The panel also discussed the specific complications associated with dealing with the monitoring of PEP accounts. The panelists noted that one of the key aspects of account monitoring is to leverage any AML programs currently in place and allowing that process to help identify any particularly suspicious practices. Furthermore, the panelists pointed out that a key aspect of dealing with suspicious PEP activity is the filing of SARs. One panelist also noted that, while not required statutorily, cooperation with local law enforcement can greatly assist the DOJ with recovering any illegal proceeds.
FDIC Orders Maryland-Based Bank to Improve Its BSA/AML Compliance Program
On December 24, a Maryland-based bank entered into an FDIC consent order involving alleged deficiencies in its BSA/AML compliance program. The consent order requires that the bank’s board of directors increase its oversight of the bank’s BSA compliance program. In addition, under the consent order, the bank must (i) appoint a qualified BSA officer and (ii) conduct a retrospective review of currency transaction reports beginning in May 2013 until the effective date of the consent order to determine whether transactions were properly identified and reported.
FINRA Fines Financial Firms for Anti-Money Laundering Failures
On December 18, FINRA announced a joint $1.5 million penalty against two broker-dealers for anti-money laundering failures. According to anti-money laundering compliance program requirements, broker-dealers opening new accounts must identify each customer through an established written Customer Identification Program (CIP). FINRA alleges that the broker-dealers had a deficient CIP system, which over nine years resulted in the failure to conduct customer identity verification for nearly 220,000 new accounts. The firms neither admitted nor denied FINRA’s charges, but agreed to the entry of the agency’s findings.
NY Superintendent of Financial Services Proposes Lighter BitLicense Regulations
On December 18, Superintendent Lawsky delivered remarks regarding New York’s revised proposal for regulating virtual currency companies. The new proposal stems from the original July 17 proposal and includes certain revisions previously alluded to on October 17. Lawsky noted that the revisions will provide flexibility to virtual currency startups, while simultaneously allowing the New York Department of Financial Services to remain committed to protecting consumers. Most notably, the revised regulation “will offer a two-year transitional BitLicense, which may be issued to those firms who are unable to satisfy all of the requirements of a full license, and will be tailored to startups and small businesses.” According to Lawsky, while the companies will still have to abide by anti-money laundering and consumer protection requirements, the revisions are intended to “strike an appropriate balance between permitting innovation to proceed, while at the same time strongly protecting consumers and helping root out illicit activity.”
FFIEC Releases Updated BSA/AML Examination Manual
On December 2, the FFIEC announced the release of its revised BSA/AML examination manual. The updated revisions address supervisory expectations and include regulatory changes since the manual’s last publication in 2010. Significantly modified sections of the examination include (i) Suspicious Activity Reporting, (ii) Currency Transaction Reporting, (iii) Foreign Bank and Financial Accounts Reporting, and (iv) Third-Party Payment Processors. The manual is available on the FFIEC BSA/AML InfoBase.
FinCEN Fines Small Credit Union for BSA Violations
On November 25, FinCEN fined a small Florida-based credit union $300,000 in civil monetary penalties for violating the Bank Secrecy Act (BSA). From 2009 through 2014, FinCEN charged that, among other deficiencies within its anti-money laundering program, the credit union lacked proper internal controls and failed to designate a BSA compliance officer to monitor suspicious transactions. The credit union admitted that it violated Section 314(a) of the USA PATRIOT ACT, which requires financial institutions to search their records of accounts and transactions of individuals who may be involved in money laundering or terrorist financing activities. The credit union, with assets of $4 million and five employees, contracted with a third party vendor to provide services and subaccounts to 56 money services businesses located in Central America, Middle East, and Mexico. FinCEN stated that 90% of the credit union’s annual revenue was generated from these accounts.