By Neil Bloomfield and Nathan White. After the Panama Papers exposed efforts by wealthy individuals and government officials to hide funds offshore, government authorities around the world have responded with new legislation, regulations and enforcement actions that are beginning to reshape the landscape for anti-money laundering (AML) and Bank Secrecy Act (BSA) violations. This post will be the first in a series of updates as the world begins to redefine these issues and what that means for companies that need to comply with the new standards.
In some areas, the Trump administration has been slow to take enforcement actions that will help define its approach, but that has not been the case in the AML/BSA space.
In March, the Department of Justice along with the Office of Foreign Assets Control and the Bank for International Settlement announced a $1.2 billion settlement with ZTE Corp. for criminal and civil violations uncovered during an investigation into ZTE Corp.’s “multi-year and systematic practice of utilizing third-party companies to surreptitiously supply Iran with a substantial volume of U.S.-origin goods, including controlled goods appearing on the Commerce Control List (CCL).”
In May, the Federal Reserve Board (FRB) issued a $41 million penalty and a cease and desist order against the U.S. operations of Deutsche Bank AG for AML deficiencies. Deficiencies in the bank’s transaction monitoring capabilities prevented it from “properly assessing BSA/AML risk for billions of dollars in potentially suspicious transactions processed between 2011 and 2015 for certain [Deutsche Bank] affiliates in Europe for which the affiliates failed to provide sufficiently accurate and complete information.”
In July, the Financial Crimes Enforcement Network (FinCEN) assessed a $110 million civil penalty against BTC-e a/k/a Canton Business Corporation, one of the largest digital currency traders in the world. FinCEN also assessed a $12 million civil penalty against Russian national Alexander Vinnik, one of BTC-e’s operators. On the same day FinCEN announced the civil penalties, a 21-count indictment against BTC-e and Vinnik was unsealed in the North District of California.
State authorities have also stepped up with the New York Department of Financial Services (DFS) taking the lead with several significant enforcement actions this year.
On January 30, 2017, DFS fined Deutsche Bank $425 million, the largest single fine against the bank for the failures in its AML monitoring program discussed above.
In September, the DFS fined Pakistan’s largest bank, Habib Bank $225 million for failure to comply with AML laws and regulations at the bank’s New York branch. Habib Bank also agreed to surrender its license to operate the New York branch. Continued deficiencies at the branch date back to its failure to comply with a 2006 agreement with DFS’s predecessor. More recent compliance examinations showed a continued deterioration in Habib Bank’s compliance efforts. DFS’s most recent investigation found, among other things, Habib Bank’s New York branch “facilitated billions of dollars of transactions with a Saudi-bank with reported links to Al Qaeda, allowed at least 13,000 transactions to flow through the branch with omitted information, and used a ‘good guy’ list to enable at least $250 million in transactions with an identified terrorist, international arms dealer, and other potentially sanctioned entities and persons.”
In Europe, there have been a number of significant developments demonstrating continued focus on AML.
France – In June, French financial regulator Autorité de contrôle prudentiel et de résolution fined BNP Paribas approximately $11 million for insufficient money laundering controls. The fine followed a 2015 inspection of the bank. French authorities have reportedly focused on these AML violations following a series of Islamist attacks in the country. Also in France, a Paris criminal court fined Rietumu Banka $91 million for facilitating a scam to “democratize” tax evasion among ordinary taxpayers and small businesses. It also barred the bank from operating in France for five years. Investigators charged Rietumu with helping to launder up to 850 million euros from 2007 to 2012 with the complicity of a French financier, Nadav Bensoussan, and his company, France Offshore. Bensoussan was sentenced to five years imprisonment and fined approximately $3.3 million.
Ireland – The Central Bank announced a number of AML related fines in 2017, including an approximately $3.7 million fine against Ulster Bank in November 2016, an approximately $2.5 million fine Allied Irish Bank in April 2017, and an approximately $3.58 million fine against Bank of Ireland in May.
United Kingdom – The Financial Conduct Authority (FCA) fined Deutsche Bank approximately $205MM as part of the same activity discussed above that drew fines from the FRB and DFS. The government is creating the Office for Professional Body Anti-Money Laundering Supervision within the FCA. On June 26, 2017, the new money laundering regulations (MLR) took effect. The changes were implemented to bring the UK in line with the EU’s Fourth Anti-Money Laundering Directive. The new MLR takes a more prescriptive approach to risk assessment and risk mitigation policies, which must be in writing; heightened due diligence requirements, including a “black list” of jurisdictions requiring enhanced diligence; employee screening of compliance staff and front office personnel; reliance on third parties for CDD is limited to entities covered by the MLR or similar regimes; and foreign PEP guidelines are now extended to local PEPs. Additionally, a new criminal offense was created for false or misleading statements made in relation to money laundering, which can result in prison terms of up to 2 years.
Australia – In August, the Australian Transactions Reports & Analysis Centre launched civil proceedings alleging that the Commonwealth Bank of Australia (CBA) failed to comply with the AML and terrorism financing laws on more than 50,000 occasions. The allegations follow an investigation into the CBA’s use of intelligent deposit machines between November 2012 and September 2015. The maximum penalty for each of the alleged violations is up to approximately $14 million. CBA failed to report numerous transactions involving cash deposits over approximately $7,800 (AUD$10,000). The transactions in question had a total value of approximately $487 million. The Australian Prudential Regulation Authority has announced it is establishing an independent prudential inquiry in CBA, focusing on governance, culture and accountability frameworks and practices.
Singapore – The Monetary Authority of Singapore (MAS) concluded its 2-year investigation of multiple institutions involved in the 1MDB scandal. As a result of the MAS’ investigation and Singapore’s prosecutorial efforts, several bankers were convicted and/or face prohibition orders barring them from Singapore’s banking industry, several banks incurred fines, and Falcon Bank was forced to surrender its Singapore banking license. Perhaps the most interesting development was the unprecedented steps the MAS took in publicly disclosing the enforcement actions it took against both individuals and institutions. It remains to be seen whether these public enforcement actions will be limited to 1MDB or are the beginning of a more US-like approach to publicizing financial enforcement actions.
AML/BSA violations are a global priority. We expect this trend will continue for the foreseeable future and we look forward to bringing you insights as the landscape evolves.
Neil Bloomfield has more than a decade of experience advising major financial institutions, and other highly regulated entities in responding to government investigations, including responding to global investigations into LIBOR and other reference rates, foreign exchange trading, and the allegations raised by the Panama Papers. He also frequently advises clients as they implement programs to comply with regulatory requirements, including requirements created by Recovery and Resolution Planning and CCAR. View Mr. Bloomfield’s full bio.