UniCredit Bank, a Munich-based financial institution operating under the name HypoVereinsbank, has pleaded guilty and will pay total financial penalties of approximately $1.3 billion for processing hundreds of millions of dollars of transactions through the U.S. financial system on behalf of an entity designated as a weapons of mass destruction proliferator and other Iranian entities subject to U.S. economic sanctions.

UniCredit Bank (UCB AG) and UniCredit Bank Austria (BA)—both part of the UniCredit Group—agreed to forfeit $20 million and enter into a non-prosecution agreement (NPA) to resolve an investigation into its violations of the International Emergency Economic Powers Act (IEEPA). UniCredit SpA, the parent of both UCB AG and BA, has agreed to ensure that UCB AG and BA’s obligations are fulfilled.

According to court documents, UCB AG over 10 years “knowingly and willfully moved at least $393 million through the U.S. financial system on behalf of sanctioned entities, most of which was for an entity the U.S. government specifically prohibited from accessing the U.S. financial system. UCB AG engaged in this criminal conduct through a scheme formalized in its own bank polices and designed to conceal from U.S. regulators and banks the involvement of sanctioned entities in certain transactions.”

Court documents describe how UCB AG routed illegal payments through U.S. financial institutions for the benefit of the sanctioned entities in ways that concealed the involvement of the sanctioned entities, including through companies UCB AG knew would appear unconnected to the sanctioned entity despite being controlled by the sanctioned entity. “When the United States sanctioned Iranian entities for proliferating weapons of mass destruction, UCB AG went to great lengths to help one such entity—Islamic Republic of Iran Shipping Lines—evade sanctions to gain access to the U.S. financial system,” said Assistant Attorney General Brian Benczkowski.

UCB AG will waive indictment and be charged in a one-count felony criminal information, according to documents to be filed in federal court in the District of Columbia, charging UCB AG with knowingly and willfully conspiring to commit violations of IEEPA and to defraud the United States from 2002 through 2011. UCB AG has agreed to plead guilty to the information, has entered into a written plea agreement, and has accepted responsibility for its criminal conduct. The plea agreement, subject to approval by the court, provides that UCB AG will forfeit $316.5 million and pay a fine of $468.3 million.

According to admissions in the NPA and accompanying statement of facts, between 2002 and 2012, BA used non-transparent methods to send payments related to sanctioned jurisdictions such as Iran through the United States. BA conspired to violate IEEPA and defraud the United States by processing transactions worth at least $20 million through the United States on behalf of customers located or doing business in Iran and other countries subject to U.S. economic sanctions or customers otherwise subject to U.S. economic sanctions. Due to its crimes, BA will forfeit $20 million and has agreed to additional compliance and sanctions enhancements. 

In addition, UCB AG has entered into a plea agreement with the New York County District Attorney’s Office (DANY) for violating New York State law and will pay $316.5 million. BA has also entered an NPA with DANY for violating New York State law. DANY conducted its own investigation alongside the Justice Department.

UniCredit SpA, UCB AG, and BA have also entered into various settlement agreements, including with the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC); the Board of Governors of the Federal Reserve System; and the New York State Department of Financial Services under which they will pay additional penalties of $611 million to OFAC, which will be satisfied in part by payments to the Justice Department and the Federal Reserve; $157.7 million to the Federal Reserve, and $405 million to NYDFS.

Compliance obligations

According to OFAC, between January 2007 and December 2011, UCB AG processed over 2,000 payments totaling over $500 million through financial institutions in the United States in violation of multiple U.S. sanctions programs. During this time, UniCredit operated U.S. dollar accounts on behalf of the Islamic Republic of Iran Shipping Lines (IRISL) and several companies owned by or otherwise affiliated with IRISL, and managed the accounts of those companies in a manner that obscured the interest or involvement of IRISL in transactions sent to or through U.S. intermediaries. 

For several years up to and including 2011 (UCB AG) and 2012 (BA and UniCredit Bank S.p.A.), all three banks processed payments to or through the United States in a manner that did not disclose underlying sanctioned persons or countries to U.S. financial institutions that were acting as financial intermediaries. These transactions constitute violations of contemporaneous sanctions programs targeting proliferators of weapons of mass destruction, global terrorism, and the following countries: Burma, Cuba, Iran, Libya, Sudan, and Syria.

“UniCredit Group banks routed transactions through the United States in a non-transparent manner, when those payments would have been blocked or rejected if their true nature had been clear, in violation of multiple sanctions programs,” said Sigal Mandelker, Under Secretary for Terrorism and Financial Intelligence. “These banks have agreed to implement and maintain commitments to enhance their sanctions compliance. As the United States continues to enhance our sanctions programs, incorporating compliance commitments in OFAC settlement agreements is a key part of our broader strategy to ensure that the private sector implements strong and effective compliance programs that protect the U.S. financial system from abuse.”

Under the settlement agreements, each bank must implement and maintain compliance commitments designed to minimize the risk of violations reoccurring. The full set of commitments are identified in each of the banks’ public settlement agreements and include a commitment from senior management to promote a “culture of compliance” throughout each organization; a commitment that each bank implements internal controls that adequately address the results of its OFAC risk assessment and profile; and a commitment to providing adequate training to support each bank’s OFAC compliance efforts.