Former U.S. Bank risk officer pays $450K for AML compliance failures

According to the FinCEN order, Michael LaFontaine at various times had responsibility for overseeing U.S. Bank’s anti-money laundering (AML) compliance function. During his time with the bank, LaFontaine held roles of increasing responsibility, as chief compliance officer from 2005 through 2010, followed by senior vice president and deputy risk officer, and finally to executive vice president (EVP) and chief operational risk officer.

In his role as EVP and chief operational risk officer, LaFontaine reported directly to the chief executive officer and had direct communications with the board of directors. As chief operational risk officer, he oversaw the bank’s AML compliance department, with supervisory responsibility over the bank’s CCO, AML officer, and AML staff.

“Mr. LaFontaine at various times had responsibility for overseeing U.S. Bank’s compliance program and therefore shares responsibility for the Bank’s violations of the requirements to implement and maintain an effective AML program and file SARs in a timely manner.”

FinCEN

Because of his oversight roles, the complaint alleges, LaFontaine shared responsibility for the bank’s violations of the requirements to implement and maintain an effective AML compliance program and file in a timely manner Suspicious Activity Reports (SARs), as required by the Bank Secrecy Act (BSA). In 2018, FinCEN, with the Office of the Comptroller of the Currency (OCC) and the Department of Justice, issued a $185 million civil money penalty against U.S. Bank for its role in these violations.

Compliance lessons

The enforcement action against LaFontaine offers several important lessons for compliance officers in the financial services industry:

AML technology must be used properly to prevent violations. While U.S. Bank used automated transaction monitoring software, called SearchSpace, to spot suspicious activity, it improperly capped the number of alerts generated, misconduct that continued for at least five years. “LaFontaine was warned by his subordinates and by regulators that capping the number of alerts was dangerous and ill-advised,” said FinCEN Director Kenneth Blanco. Consequently, his actions prevented the proper filing of thousands of SARs. “FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly,” Blanco added.

Ensure the bank’s compliance division is appropriately staffed to meet regulatory expectations. According to FinCEN, U.S. Bank “failed to staff the BSA compliance function with enough people to review even the reduced number of alerts, enabling criminals to escape detection.”

Always heed the warnings of previous enforcement actions. One significant compliance misstep that U.S. Bank took was failing to heed warnings from a similar enforcement action against another large financial institution. Specifically, in 2010, FinCEN and the OCC announced regulatory action against Wachovia Bank over the same misconduct that was happening at U.S. Bank at that time.

Such misconduct included “improperly capping the number of alerts generated by its automated transaction monitoring system based on the number of compliance personnel that it had available to review transactions” and failing to adequately staff its BSA compliance function. Additionally, FinCEN said, Wachovia employed “as few as three individuals” to monitor all its correspondent relationships with foreign financial institutions.

Always heed internal warnings. According to FinCEN, LaFontaine received internal memos from staff claiming that significant increases in SAR volumes, law enforcement inquiries, and closure recommendations created a situation where AML staff was “stretched dangerously thin.” In one example, an internal AML officer told LaFontaine the SAR volume for 2009 was projected to be 47 percent higher than for 2007, law enforcement inquiries were projected to be 123 percent higher, and closure recommendations were projected to be 160 percent higher—all with a corresponding staff level increase of only 15.6 percent. Yet, FinCEN said, LaFontaine failed to act when presented with significant AML program deficiencies in the bank’s SAR-monitoring system and the number of staff to fulfill the AML compliance role.