A new report published by the Department of the Treasury cites compliance weaknesses among the most significant illicit finance threats and vulnerabilities facing the U.S. financial system.

Published Thursday, the 2020 National Strategy for Combating Terrorist and Other Illicit Financing “provides a roadmap to modernize the U.S. anti-money laundering/countering the financing of terrorism (AML/CFT) regime to make it more effective and efficient,” Treasury said. “Financial institutions will find these documents helpful in informing their own risk assessments.”

The most significant vulnerabilities listed in the report that chief compliance officers and chief risk officers will want to pay close attention to are the sections on “complicit employees” and “compliance weaknesses.”

“Complicit employees at financial institutions as well as key gatekeepers can use their position of trust and intimate technical knowledge to undermine AML/CFT measures,” Treasury said. “For this reason, many criminal organizations seek out professionals as potential accomplices.” Another weakness, Treasury said, are companies that “knowingly fail to report receiving cash in amounts of more than $10,000 from a customer.”

In its report, Treasury cites a few examples of complicit employees engaging in illicit financial activity. One of the more egregious cases is Standard Chartered Bank, a U.K.-based financial institution, which in April 2019 reached a $1.1 billion global settlement for sanctions violations.

As part of its deferred prosecution agreement—which the Department of Justice amended and extended for an additional two years—Standard Chartered admitted that, from 2007 through 2011, two former employees of its branch in Dubai willfully conspired to help Iran-connected customers conduct U.S. dollar transactions through the U.S. financial system for the benefit of Iranian individuals and entities. As a result, Standard Chartered processed approximately 9,500 financial transactions worth approximately $240 million through U.S. financial institutions for the benefit of Iranian entities.

Compliance weaknesses

The Treasury’s report also covers areas in which there remain compliance weaknesses within regulated financial institutions. “Most regulated financial institutions in the United States have adequate AML/CFT programs,” Treasury said. “Compliance weaknesses, however, at some regulated financial institutions in the United States continue to pose a vulnerability that illicit actors may exploit.”

Several AML-related enforcement actions against U.S. financial institutions continue to identify deficiencies in “written policies and risk assessments, internal controls, training, suspicious activity monitoring and reporting, designating a BSA officer, and the overall quality of AML compliance programs,” the report states. One particularly egregious example is the $613 million settlement that U.S. Bancorp, the parent company of U.S. Bank, reached in February 2018 for willfully failing to have an adequate anti-money laundering compliance program and willfully failing to file all necessary suspicious activity reports (SARs) related to suspicious customer activity, in violation of the Bank Secrecy Act.

“The expectation for AML/CFT compliance is not perfection and the approach of supervisors is not ‘zero-tolerance,’” Treasury’s report states. “Improved communication of illicit finance risks at the national level as well as FI-specific risk information is crucial. Treasury and law enforcement will continue to issue updated illicit finance risk information via more frequent publications and targeted outreach.”

Six other vulnerabilities discussed in Treasury’s report include lack of a requirement to collect beneficial ownership information at the time of company formation and after changes in ownership; lack of comprehensive AML/CFT requirements on some financial institutions, gatekeeper professions, and anonymous real-estate purchases; significant volume of foreign funds and number of transactions that are intermediated through U.S. correspondent banks; ubiquitous and anonymous use of U.S. currency domestically and internationally; and growing misuse of digital assets and failure of foreign jurisdictions to effectively supervise digital asset activities.