All over the world, media outlets have detailed the bribery scandal that toppled leadership of the Fédération Internationale de Football Association, the international governing body of professional soccer.

In May, the Justice Department indicted 14 people on corruption charges. Among the allegations are that Jack Warner, FIFA's former vice president, accepted a $10 million bribe to secure South Africa’s bid to host the 2010 World Cup.

The indictment names 26 banks that did business with FIFA—including Bank of America, Barclays, HSBC, Citigroup, and JPMorgan Chase—in its litany of various bribery schemes. No wrongdoing on the banks’ part is alleged, but financial institutions can expect to be on the hot seat for a long while as their role is scrutinized.

Banks received grand jury subpoenas because the government needed to find the FIFA money trail, explains John O'Donnell, a partner with the law firm Herbert Smith Freehills’ corporate crime and investigations group. He believes the banks should now step back and evaluate whether they committed any compliance missteps that could cause headaches later.

“Anybody who received a subpoena will want to take a look at the account that is at issue, how the account came to be opened, and what know-your-customer due diligence was done with respect to the account,” he says. “Some of these accounts were set up as pure conduits for the bribe payments, so they are a little suspicious in terms of who the account holder was, where they were located, and things like that. I suspect that the government will have conversations with these banks about what kind of due diligence was done in terms of opening the accounts.”

Banks, already under heightened scrutiny by regulators for their KYC and anti-money laundering programs, can expect more of the same in the aftermath of the FIFA sandal.

“Part of our investigation will look at the conduct of the financial institutions to see whether they were cognizant of the fact they were helping launder these bribe payments,” Kelly Currie, acting U.S. Attorney for the Eastern District of New York, said at a press conference announcing the FIFA indictments. “It's too early to say if there is any problematic behavior, but it will be part of our investigation.”

“It is not enough to know your customer. You have to know what to expect from your customer.”
Ross Delston, Lawyer & AML Compliance Expert

Currie’s words make it clear, particularly for banks that opened and maintained accounts used by the recipients of bribe payments, “that they have to be very concerned about what procedures they followed when opening those accounts,” O’Donnell says.

Many banks, O’Donnell expects, will defend their due diligence efforts by noting that transactions were funneled through legitimate sports marketing companies, masking indications that bribe payments were made. “One argument they can make is that there wasn’t a real pattern that would raise a red flag,” he says. “The defense would be that these were legitimate people.”

On the other hand, O’Donnell adds, “the government’s response will be that FIFA has been fairly well-known to be corrupt for years, and that should have prompted more scrutiny to some of these related accounts. The takeaway is that even accounts that appear on the surface to be legitimate accounts sometimes require an added layer of scrutiny and due diligence.”

Another scandal-related lesson for banks is to pay more attention to “politically exposed persons” (PEPs) and non-governmental organizations, focusing on due diligence controls that may flag problematic situations, says Henry Balani, head of Innovation for Accuity, a firm that provides AML and compliance solutions for banks and corporations. Transaction-level oversight by banks could have prevented years of bribery, “and banks should have known better,” he said.

Balani emphasizes the importance of maintaining and consulting PEP lists. The challenge is that no formal PEP database exists—nothing akin to, say, the sanctions list maintained by the Treasury Department’s Office of Foreign Assets Control. Companies must develop or acquire PEP lists themselves, typically following definitions developed by the groups such as the Financial Action Task Force or the Organisation for Economic Co-operation and Development. The lists include individuals who are (or have been) governmental figures, senior executives of state-owned corporations, political party officials, or prominent members of an international organization.

A check of the PEP list Balani’s firm maintains, for example, that both Warner (the league official featured prominently in the indictments, and a one-time politician in his native Trinidad and Tobago) and Sepp Blatter (the former FIFA president who stood for a fifth term in office last month, won re-election, and then promptly resigned) are on the list. This indicates that FIFA deserved greater scrutiny from an anti-corruption standpoint than it received, Balani says.

“It is not just simply looking at politically exposed persons as an entity. The next step is trying to understand the risk that particular organization poses by having PEPs on [the company’s] board,” Balani says. “A lesson learned here is that banks didn’t do adequate due diligence around FIFA because it wasn’t flagged as a potential PEP-related organization. Now [banks] may want to go back to major corporate clients and start to understand whether they also have PEPs or not, asking whether they effectively assessed the risk levels associated with those organizations.”

Banks will also need to pay extra attention to due diligence efforts for high-net-worth customers, says Ross Delston, a Washington-based lawyer and AML compliance expert. “It is not enough to know your customer,” he says. “You have to know what to expect from your customer. If you are getting money transfers in amounts and volumes and originators who any one of which you are having trouble understanding or explaining, you need to look further.”

The good news for banks, such that it is, is that financial regulators have already been leaning on them to improve onboarding and monitoring processes anyway; the FIFA scandal simply underlines the point in a dramatic way. “That means that a bank can never do enough customer due diligence,” Delston says. “They can’t ever understand the customer’s business and personal transactions enough to ever rest.”

In the not-so-distant past, FIFA would have been overlooked as an organization that warranted an extraordinary degree of due diligence. “I think it is clear now that no company, organization, or individual is exempt from a higher level of due diligence,” Delston says. “There was a time when high-net-worth individuals, and people associated with prominent companies and organizations, would have been exempt from additional scrutiny. Today, not only is no one exempt, but those types of individuals should be subject to greater scrutiny and the banking regulators expect it.”

In recent months, bank regulators have constantly stressed the importance of institutional culture. “Healthy culture starts at the top, and we look to the board of directors and senior management to set a tone that encourages ethical and responsible behavior and demands individual accountability for failure to act accordingly,” Comptroller of the Currency Thomas Curry said in a speech at a banking conference in early June.

That warning echoes one of the key lessons banks should learn following the FIFA indictments, says Andrew Foose, vice president of advisory Services for NAVEX Global. While “culture” may be “a worn out word” in compliance and regulatory circles, “the indictments provide a living example of why it is important,” he says.

“Culture is something that builds over time, whether it is a positive culture or a negative culture,” he says. “What FIFA allowed to happen was for relatively small transgressions—small gifts and small favors given to officials decades ago—to slowly build into a system where officials were routinely expecting lavish treatment and special gifts. That created an environment where they became entitled and expected bribes. What everybody should be outraged about is not just the bribery, but the culture that allowed it.”