Big money fines emphasize focus on AML compliance

February has been a very bad month for anti-money laundering compliance. A series of high-profile AML failings offer evidence that, despite the regulatory retreat favored by the Trump administration and its new agency heads, big fines will still follow blatant rule violations.

A perfect illustration of the current landscape of financial crimes is the California-based subsidiary of Coöperatieve Rabobank U.A. It was gobsmacked earlier this month by a $368.7 million fine for laundering money for known Mexican drug cartels.

The bank pleaded guilty to a felony conspiracy charge for impairing, impeding, and obstructing a government investigation by concealing deficiencies in its anti-money laundering program. It was also accused of obstructing regulatory examinations and monitoring by the Department of the Treasury and the Comptroller of the Currency.

The bank’s deficiencies were the subject of an earlier cease and desist order in December 2013.

The consent order, based on an OCC examination of the bank, found:

Since at least 2012, the bank failed to establish and maintain a compliance program that adequately covers required BSA/AML elements.

The bank failed to develop adequate “customer due diligence” and “enhanced due diligence” processes, as required by the Bank Secrecy Act and failed to adequately investigate questionable activity related to law enforcement subpoenas and requests received pursuant to section 314(a) of the USA PATRIOT Act. That provision requires banks to provide customer and account information upon request from the Treasury Department’s Financial Crimes Enforcement Network.

As required by the 2013 order, an independent consultant reviewed the bank’s transaction and account activity between January 2010 and December 2013, resulting in 472 Suspicious Activity Reports and reporting more than $233 million in previously unreported suspicious activity. This was in contrast to the bank’s in-house failure to report suspicious transactions and file SARs.

During the OCC’s examination in November 2012, bank senior officers participated in efforts to preclude it from obtaining requested information, and the bank concealed requested documents from agency officials.

Rabobank, N.A. (National Association) is a nationally chartered bank serving agricultural communities in California. Headquartered in Roseville, Calif., it holds more than $13 billion in assets.

“When Rabobank learned that substantial numbers of its customers’ transactions were indicative of international narcotics trafficking, organized crime, and money laundering activities, it chose to look the other way and to cover up deficiencies in its anti-money laundering program,” Acting Assistant Attorney General John Cronan said in a statement. “Worse still, Rabobank took steps to obstruct an examination by its regulator into those same deficiencies.”

Rabobank’s guilty plea and forfeiture of more than $360 million is “a warning to financial institutions that there are significant consequences for banks that engage in obstructive conduct in an effort to hide their anti-money laundering program failures from their regulators,” Cronan added

For its part, the bank is now admitting to most of the charges brought against it.

Agreements with the Department of Justice and OCC “conclude previously reported investigations,” it claimed.

“Recognizing the material improvements the bank has made to its BSA/AML compliance program, the OCC has also terminated the consent order issued in December 2013,” the bank wrote in a statement.

Settling these matters is important for the bank’s mission here in California,” said Mark Borrecco, chief executive officer of Rabobank. “Reinforced with strong levels of capital and liquidity, and enhanced internal controls and risk management functions, we are committed to growing with our customers for years to come.”

Among the lessons learned in this case is the importance of following the letter of the law when it comes to BSA compliance.

“When Rabobank learned that substantial numbers of its customers’ transactions were indicative of international narcotics trafficking, organized crime, and money laundering activities, it chose to look the other way and to cover up deficiencies in its anti-money laundering program. Worse still, Rabobank took steps to obstruct an examination by its regulator into those same deficiencies.”
John Cronan, Acting Assistant Attorney General

The BSA requires financial institutions to implement and maintain an AML compliance program reasonably designed: to detect suspicious activity indicative of money laundering and other crimes and assure and monitor compliance with recordkeeping and reporting requirements. Those requirements include robust filing of Suspicious Activity Reports.

In particular, Rabobank ignored the latter requirement even though it received regular alerts of transactions by “high-risk” customers. These accounts included those controlled and managed by Mexican businesses, non-resident aliens, and U.S.-based accountholders who transacted hundreds of millions of dollars in untraceable cash, sourced from Mexico and elsewhere, into and through the bank’s accounts.

Rabobank also implemented procedures to prevent adequate investigations into these suspicious transactions, customers, and accounts. Among them was a “verified list.” If a customer was on the “verified list,” no further review of that customer’s transactions was necessary, even if the transactions generated an internal alert. Rabobank’s compliance staff were allegedly instructed to aggressively increase the number of bank accounts on the Verified List.

All this, despite the bank’s Calexico branch, located two blocks from the U.S.-Mexico border, was the “highest performing” branch in the Imperial Valley region due to otherwise high-risk cash deposits from Mexico.

Capping the AML/BSA violations, when the OCC began conducting its periodic examination of Rabobank, executives knowingly obstructed the agency’s examination. It also made false and misleading statements to the OCC regarding the existence of reports developed by a third-party consultant, which detailed the deficiencies and resulting ineffectiveness of Rabobank’s compliance program.

The primary lesson is to “take consent orders very seriously,” says Sandy Brown, a partner in law firm Alston & Bird’s financial services and products practice. “Almost always, when a bank officer or director is hit with a civil monetary penalty it is because they failed to comply with a previous order. Occasionally agencies will assess a civil money penalty off the bat, but almost always it is for failing to comply with a previous order.

Rabobank’s troubles, according to the government, appear to be intentional. Even honest banks, however, can find they bit off more than they could accomplish when hammering out a consent order. “We see folks agree to things they just cannot do, and that’s where they get in trouble,” Brown says.

“It is really common after the fact for an institution to realize that they may have over-committed and need some fine-tuning of the agreement,” Brown added. “You would rather not go back to the agency, but nearly every one of these has a provision for amendments under certain conditions. Most of the agencies are amenable to extending deadlines if the attempt to comply has been earnest.”

Brown recalled the sage advice of a former comptroller of the currency: “Deliver good news fast and bad news faster.”

“The regulators understand that not everything goes right all the time,” he says. “Things happen that are beyond anybody’s control and reasonable expectation or anticipation. You just need to fess up that you are going to miss a deadline.”

U.S. Bank’s $613 million misstep

As for the government easing up on enforcement, it was always unlikely in this arena. “Money laundering enforcement is apolitical,” Brown says, noting the intersection of the crime with terrorist funding. “It crosses all political boundaries.”

It is likely, however, that “the burden of filing reports will probably lessen in new administration.” Congressional efforts are, in particular, targeting the daily deluge of SARs that get filed and seldom looked at ever again.

Undaunted, regulators also ordered U.S. Bancorp, the parent company of U.S. Bank, to pay a total of $613 million in penalties for “willfully failing to have an adequate anti-money laundering compliance program and willfully failing to file a suspicious activity report in violation of the Bank Secrecy Act.”

The penalties reflect settlements reached with the U.S. Attorney’s Office for the Southern District of New York; the Office of the Comptroller of the Currency (OCC); the Federal Reserve Board; and FinCEN.

“U.S. Bank’s AML program was highly inadequate,” U.S. Attorney Geoffrey Berman said in a statement. “The bank operated the program ‘on the cheap’ by restricting headcount and other compliance resources and then imposed hard caps on the number of transactions subject to AML review in order to create the appearance that the program was operating properly.”

“The bank also concealed its wrongful approach from the OCC,” Berman added. “As a result, U.S. Bank failed to detect and investigate large numbers of suspicious transactions.  With today’s resolution, the bank has accepted responsibility for its criminal conduct and committed to completing the reform of its AML program.”

According to court documents, from 2009 to 2014, USB “willfully failed to establish, implement, and maintain an adequate AML program.” Among other things, it capped the number of alerts generated by its transaction monitoring systems, basing the number of such alerts on staffing levels and resources, rather than setting thresholds for alerts that corresponded to a transaction’s level of risk.

“The bank deliberately concealed this from the OCC, the bank’s primary regulator,” the Justice Department said.

USB also failed to monitor Western Union transactions involving non-customers that took place at bank branches.

Following the established playbook regarding such illegal discoveries, U.S. Bank President and CEO Andy Cecere boasted that the recent “resolution finalizes legacy matters involving its AML compliance program.”

“We regret and have accepted responsibility for the past deficiencies in our AML program,” he added. “Our culture of ethics and integrity demands that we do better. One of U.S. Bank’s key priorities is to maintain an exceptional AML program, and we are confident in the strength of the program we have in place today.”

Specifically, he said the improved AML program includes:

New leadership team running the bank’s AML program since 2014;

A more transparent and frequent AML reporting and escalation process to the board and executive management;

A centralized, independent, enterprise-wide financial crimes compliance function;

Improved AML controls and training for all customer-facing employees;

Expanded transaction monitoring to identify potentially suspicious activity;

AML compliance staff that has increased significantly; and

Improved risk identification, oversight, and reporting functions.

U.S. Bancorp has also entered into a two-year deferred prosecution agreement with the Department of Justice.