Germany-based Commerzbank, and its U.S. branch, Commerz New York, will pay a total of $1.45 billion in penalties to resolve criminal charges for violations of the International Emergency Economic Powers Act and the Bank Secrecy Act. The settlement provides a litany of lessons on the importance of implementing proper anti-money laundering and sanctions controls—and what can happen if you don’t.  

Commerzbank will forfeit a total of $563 million and pay a $79 million fine to the Department of Justice. Of the $563 million in forfeiture, Commerzbank will pay $263 million in forfeiture for the International Emergency Economic Powers Act (IEEPA) violations, and $300 million in forfeiture in connection with the Bank Secrecy Act (BSA) violations, which will be remitted to the victims of a multi-billion dollar securities fraud scheme that was permitted to operate through Commerzbank. 

On March 12, the Justice Department charged Commerzbank and Commerz New York with knowingly and willfully conspiring to commit violations of IEEPA and three violations of the BSA for willfully failing to have an effective anti-money laundering (AML) program; willfully failing to conduct due diligence on its foreign correspondent accounts; and willfully failing to file suspicious activity reports.

“Commerzbank concealed hundreds of millions of dollars in transactions prohibited by U.S. sanctions laws on behalf of Iranian and Sudanese businesses,” said Assistant Attorney General Leslie Caldwell.  “Commerzbank committed these crimes, even though managers inside the bank raised red flags about its sanctions-violating practices. Financial institutions must heed this message: Banks that operate in the United States must comply with our laws, and banks that ignore the warnings of those charged with compliance will pay a very steep price."

As part of the settlement, Commerzbank also entered into a deferred prosecution agreement with the Justice Department. In entering the DPA, Commerzbank admitted and accepted responsibility for its criminal conduct in violation of IEEPA, and Commerz New York admitted its criminal conduct in violation of the BSA.  Commerzbank also agreed to implement rigorous internal controls and to cooperate fully with the Justice Department, including by reporting any criminal conduct by an employee.

Assuming the bank’s continued compliance with the DPA, the government has agreed to defer prosecution for a period of three years, after which time, the government would seek to dismiss the charges. 

Commerzbank also entered into a DPA with the New York County District Attorney’s Office. In entering that DPA, Commerzbank admitted that it violated New York State law by falsifying the records of New York financial institutions.  

More Settlements

Commerzbank also will pay a monetary penalty of $610 million to the New York State Department of Financial Services. As a result of DFS’ investigation, Commerzbank’s head of AML, fraud, and sanctions compliance for Commerzbank’s New York Branch, who played a central role in the improper conduct, resigned.

DFS also ordered the bank to take all steps necessary to terminate four additional employees who played central roles in the improper conduct, but who remain employed by the bank. These individuals are a relationship manager in the Financial Institutions Department; a staff member in the Interest, Currency & Liquidity Management Department; and two members of the Cash Management & International Business Department.

Furthermore, Commerzbank agreed to a cease and desist order with the Board of Governors of the Federal Reserve System, and will take certain remedial steps to ensure its compliance with U.S. law in its ongoing operations and to pay a civil monetary penalty of $200 million. The Treasury Department’s Office of Foreign Assets Control also levied a fine of $258.6 million, which will be satisfied by payments made to the Justice Department.

IEEPA Violations

According to admissions contained in the DPA, Commerzbank from 2002 to 2008 knowingly and willfully moved $263 million through the U.S. financial system on behalf of Iranian and Sudanese entities subject to U.S. economic sanctions. Commerzbank engaged in this criminal conduct using numerous schemes designed to conceal the true nature of the illicit transactions from U.S. regulators.

Commerzbank acknowledged, for example that it used non-transparent payment messages, known as cover payments, to conceal the involvement of sanctioned entities, and also removed information identifying sanctioned entities from payment messages, in transactions processed through Commerz New York and other financial institutions in the United States. Specifically, in 2003, Commerzbank designated a group of employees in the Frankfurt back office to review and amend Iranian payments so that the payments would not be stopped by U.S. sanctions filters. In doing so, Commerzbank ensured that Iranian payment messages did not mention the Iranian entity, as transactions may have otherwise been stopped pursuant to the U.S. sanctions.

Commerzbank admitted that it hid these practices from Commerz New York. Commerzbank admitted that this conduct continued even though the head of Commerzbank’s internal audit division warned senior management that the bank’s practices for Iranian clients “raised concerns.” 

In another scheme designed to avoid U.S. sanctions, Commerzbank admitted that in 2004 it agreed with an Iranian bank client that, rather than sending direct wire payments to the United States, the Iranian bank would pay U.S. beneficiaries with Commerzbank-issued checks listing only the Iranian bank’s account number and address in London with no mention of the Iranian bank’s name.

Additionally, Commerzbank admitted that in 2005, it created a “safe payment solution” for an Iranian shipping company client, which allowed the client to conduct transactions using the U.S. financial system.  The safe payment solution involved routing payments through special purpose entities controlled by the Iranian company, which were incorporated outside of Iran and bore no obvious connection to the Iranian client.

Commerzbank and its client switched use of such special purpose entities when Commerz New York’s sanctions compliance filters were updated to detect the use of a particular special purpose entity. Commerzbank continued to process payments on behalf the Iranian client even after the client had been designated by OFAC as an entity subject to U.S. sanctions for its involvement in weapons of mass destruction proliferation.

In addition, Commerzbank admitted that from 2002 to 2007 it provided Sudanese sanctioned entities with access to the U.S. financial system by engaging in similar schemes to remove reference to Sudanese companies from the transaction records.

Olympus Accounting Fraud

Since 2008, and continuing until at least 2013, Commerz New York violated the BSA and its implementing regulations. Specifically, Commerz New York failed to maintain adequate policies, procedures and practices to ensure its compliance with U.S. law, including its obligation to detect and report suspicious activity.

“Commerzbank stands charged with Bank Secrecy Act criminal offenses for its acute, institutional anti-money laundering deficiencies that allowed over a billion dollars of the Olympus fraud to flow through its New York office,” said U.S. Attorney Bharara.

From at least the late 1990s through 2011, Japanese-based medical-device maker Olympus perpetrated a massive accounting fraud designed to conceal from its auditors and investors hundreds of millions of dollars in losses. In 2012, Olympus and three of its senior executives pleaded guilty in Japan to inflating the company’s net worth by approximately $1.7 billion.

Commerzbank, through its branch and affiliates in Singapore, perpetrated the fraud by both loaning money to off-balance-sheet entities created by or for Olympus, and transacted more than $1.6 billion through Commerz New York in furtherance of the fraud. Such fraudulent activity continued on numerous more occasions.

AML Compliance Failures

Warnings from the compliance department were blatantly ignored. According to court documents, a senior legal and compliance officer responsible for Commerzbank’s Singapore branch and affiliates wrote at the time that he was “concerned” about fraud, asset stripping, market manipulation and tax offenses, and that “[i]f the [Olympus] structure and transactions cannot [be] explained, we must file Suspicious Transaction report as a matter of law and [Commerzbank] policy.” Under the BSA, financial institutions are required to detect and report suspicious activity.

In another example of poor compliance controls, Commerz New York had the same designated BSA Officer continuously from 2003 until 2014. According to court documents, she raised numerous concerns over those years about AML compliance, both to her superiors at Commerz New York and with Commerz Frankfurt.

In 2010, Commerz New York processed two wire transfers through the correspondent account for the Singapore branch of Commerzbank in the amounts of approximately $455 million and $67 million, respectively, related to the Olympus scheme. Those wires caused Commerz New York’s automated AML monitoring software to issue an “alert,” which the bank ultimately closed without taking further action.

In one particular e-mail, a Commerz New York-based compliance officer who had primary responsibility for automated transaction monitoring wrote in an e-mail to the BSA Officer and the Head of Compliance in New York that “we currently have 90 alerts a day,” with “808 alerts outstanding.”

“Because requests for information went unanswered for as much as eight months without SARs being filed, alerts were often closed without any response to the pending request,” the Justice Department stated. “As a result of these deficiencies, Commerz New York cleared numerous AML ‘alerts’ based on its own perfunctory Internet searches and searches of public source databases but without ever receiving responses to its requests for information.”

Due Diligence Failures

According to the Justice Department, “Commerzbank and Commerz New York also failed to conduct adequate due diligence or to obtain know-your-customer information with respect to correspondent bank accounts for Commerzbank’s own foreign branches and affiliates. Commerz New York, for example, did not conduct due diligence on the Singapore branch and affiliates of Commerzbank, consistent with Commerzbank’s policy of not conducting due diligence on its own branches and affiliates.

“These systemic deficiencies reflected a failure to maintain adequate policies, procedures and controls to ensure compliance with the BSA and regulations prescribed thereunder and to guard against money laundering,” the Justice Department stated.

Between 1999 and 2010, a total of more than $1.6 billion in furtherance of the Olympus fraud was cleared through Commerz New York. Commerz New York failed to file a SAR in the United States concerning Olympus or any of the Olympus-related entities until 2013—more than two years after the Olympus accounting fraud was revealed. 

“Commerzbank enabled Olympus to evade detection for years and, worse yet, failed to create a process to prevent this criminal behavior,” said Diego Rodriguez, Assistant Director in Charge of the FBI’s New York Field Office. “Management at banks and financial institutions should heed this warming: This behavior will be investigated, vigorously.”