U.S. Bancorp, the parent company of U.S. Bank, will pay a total of $613 million in penalties for willfully failing to have an adequate anti-money laundering compliance program and willfully failing to file a suspicious activity report in violation of the Bank Secrecy Act.

The penalties reflect settlements reached with the U.S. Attorney’s Office for the Southern District of New York; the Office of the Comptroller of the Currency (OCC); the Federal Reserve Board; and the Financial Crimes Enforcement Network (FinCEN).

“U.S. Bank’s AML program was highly inadequate,” U.S. Attorney Geoffrey Berman stated. “The bank operated the program ‘on the cheap’ by restricting headcount and other compliance resources and then imposed hard caps on the number of transactions subject to AML review in order to create the appearance that the program was operating properly.”

“The bank also concealed its wrongful approach from the OCC,” Berman added. “As a result, U.S. Bank failed to detect and investigate large numbers of suspicious transactions.  With today’s resolution, the bank has accepted responsibility for its criminal conduct and committed to completing the reform of its AML program.”

According to court documents, from 2009 and continuing until 2014, USB “willfully failed to establish, implement, and maintain an adequate AML program. Among other things, USB capped the number of alerts generated by its transaction monitoring systems, basing the number of such alerts on staffing levels and resources, rather than setting thresholds for such alerts that corresponded to a transaction’s level of risk. The bank deliberately concealed this from the OCC, the bank’s primary regulator,” the Justice Department release stated. 

The Justice Department continued: U.S. Bancorp knew “these practices were improper, were resulting in the bank missing substantial numbers of suspicious transactions, and were placing the bank at risk of regulatory action,” the Justice Department release stated. Bank documentation from as early as 2005 acknowledged that alert limits were based on staffing levels and, as a result, a risk item for the bank.”

The bank conducted below-threshold testing (BTT), consisting of investigating a limited number of transactions that fell outside alert limits to see if thresholds should be adjusted so that more alerts would be investigated. “The bank’s BTT regularly found that SARs should have been filed on more than 25 percent, and as much as 80 percent, of the tested transactions. Rather than increase resources and lower thresholds to detect such suspicious activity, as repeatedly requested by the responsible AML employees, the bank instead decided to stop conducting BTT altogether,” the release stated.

USB also failed to monitor Western Union transactions involving non-customers of the bank that took place at bank branches. “Even when bank employees flagged specific non-customer transactions raising AML-related concerns, the transactions went uninvestigated,” the release stated. It was not until July 2014 that the bank implemented a new policy that prohibited Western Union transactions by non-customers.

Failure to file SARs

From October 2011 through November 2013, the bank “willfully failed to timely report suspicious banking activities” of Scott Tucker, a long-time customer, despite being on notice that Tucker had been using the bank to launder proceeds from an illegal and fraudulent payday lending scheme using a series of sham bank accounts opened under the name of companies nominally owned by various Native American tribes. “U.S. Bancorp employees responsible for servicing Tucker’s ongoing account activity disregarded numerous red flags that Tucker was using the tribes to conceal his ownership of the accounts,” the Justice Department stated.

“USB also received subpoenas from regulators investigating Tucker’s businesses.  In September 2011, after news organizations published reports examining Tucker’s history and questionable business practices, the bank reviewed Tucker’s accounts, and an AML investigator reported to supervisors, among other things, that ‘it looks as though Mr. Tucker is quite the slippery individual” who “really does hide behind a bunch of shell companies.’ Based on its findings, the bank closed the accounts in the names of the Tribal Companies but failed to file a SAR,” the Justice Department stated.

Bank response

“Today’s resolution finalizes legacy matters involving our AML compliance program,” U.S. Bank President and CEO Andy Cecere said in a statement. “We regret and have accepted responsibility for the past deficiencies in our AML program. Our culture of ethics and integrity demands that we do better. One of U.S. Bank’s key priorities is to maintain an exceptional AML program and we are confident in the strength of the program we have in place today.”

Cecere added that the bank has “worked diligently over the past several years to make significant investments to improve and strengthen our AML controls, processes and staff, which includes our efforts under a 2015 OCC consent order.”

Specifically, the company said its improved AML program includes:

New leadership team running the bank’s AML program since 2014;

A more transparent and frequent AML reporting and escalation process to the board and executive management;

A centralized, independent, enterprise-wide financial crimes compliance function;

Improved AML controls and training for all customer-facing employees;

Expanded transaction monitoring to identify potentially suspicious activity;

AML compliance staff that has increased significantly; and

Improved risk identification, oversight, and reporting functions.

U.S. Bancorp has also entered into a two-year deferred prosecution agreement with the Department of Justice.  Assuming the bank’s continued compliance with the agreement, “the government has agreed to defer prosecution for a period of two years, after which time the government will seek to dismiss the charges,” the Justice Department stated. Its agreement is pending review by the court.