Strengthening Your AML Compliance Program
Matthew L. Biben provides specific suggestions to compliance officers, senior management teams and boards of directors for strengthening their financial institutions' AML compliance programs, and includes important upcoming AML compliance deadlines.
March 27, 2018 at 02:30 PM
10 minute read
In 2017, we saw an increased focus on anti-money laundering (AML) by regulators, which has continued in 2018 as seen in the recent enforcement action against Rabobank, N.A. See United States v. Rabobank, N.A., No. 18 Cr. 0614 (S.D. Cal.) (Department of Justice enforcement action); In the Matter of Rabobank, N.A., No. AA-WE-2017-82 (FinCEN enforcement action). Given this increased focus, we wanted to provide specific suggestions to compliance officers, senior management teams and boards of directors for strengthening their financial institutions' AML compliance programs. We've also included important upcoming AML compliance deadlines.
|Seven Suggestions for Strengthening AML Compliance
(1) Cut the flow of suspicious transactions. Several of 2017's AML enforcement actions illustrated the need for financial institutions to go beyond merely detecting and reporting suspicious transactions. Financial institutions should continue to review and file suspicious activity reports (SARs) on related, ongoing activity and where appropriate, stop transactions by closing accounts or otherwise interdicting their flow through the institution. See In re Deutsche Bank, Consent Order, 2017 WL 735666 (N.Y. Bnk. Dept. Jan. 30, 2017) (noting the bank failed to identify suspicious activity). Further, it is pertinent to have written procedures regarding ongoing monitoring and the steps to be taken in response to suspicious activity—even if the jurisdiction does not require written guidelines. In addition, there should be checks in place to ensure that decisions to file SARs are not impeded by concerns about internal requirements to close accounts, as the decisions are related but independent of each other.
(2) Review institutional subpoena compliance processes. Last year, significant AML enforcement actions continued to be brought by criminal prosecutors—and it is likely that these investigations all began with the service of a subpoena. But in the United States, at least, investigation by the government of suspicious activity does not relieve financial institutions of their responsibility to continue to monitor that same activity and file SARs when appropriate. (The rules vary in other jurisdictions.) Financial institutions should ensure that they have written procedures detailing when such cases should be escalated to the AML compliance staff. Whether or not a SAR is warranted, such incidents may also reveal risks that warrant additional controls or procedures.
(3) Remember that subpoena compliance is not 'cooperation'. Some of last year's enforcement actions serve as a reminder that in a serious AML compliance failure, U.S. law enforcement and regulatory agencies take a narrow view of the term “cooperation” when determining whether a financial institution is entitled to a reduced penalty or other favorable treatment. See U.S. Department of Justice, Criminal Division, Money Laundering and Asset Recovery Section, Banamex USA and Citigroup, Non-Prosecution Agreement (May 18, 2017) (noting Banamex received only partial cooperation credit for its cooperation because its initial efforts to provide information to the DOJ were neither timely nor substantial). Legal counsel experienced in corporate cooperation cases should be consulted when law enforcement inquiries turn from a routine review of transactional records to examining the roles of institutional personnel or processes, such as transaction surveillance, sanctions compliance or fraud detection, among others.
(4) Continue to invest in your people. Having a strong in-house AML team and providing effective and ongoing AML training to all staff is essential for reliable AML compliance. However, given the U.S. government's continued focus on enforcing individual liability, we expect that the process of attracting and retaining senior compliance officers will continue to be challenging. See the following for examples of instances where regulators have brought enforcement actions against individuals: U.S. Department of Justice, Criminal Division, Money Laundering and Asset Recovery Section, Banamex USA and Citigroup, Non-Prosecution Agreement (May 18, 2017); Press Release, FinCEN, FinCEN and Manhattan U.S. Attorney Announce Settlement with Former MoneyGram Executive Thomas E. Haider (May 4, 2017); Press Release, U.S. Attorney's Office, N. Dist. of Cal., Russian National and Bitcoin Exchange Charged in 21-Count Indictment for Operating Alleged International Money Laundering Scheme and Allegedly Laundering Funds from Hack of Mt. Gox (July 26, 2017).
Despite this challenge, it is crucial that financial institutions have adequate staffing with respect to AML. This is highlighted by the Financial Crimes Enforcement Network's (FinCEN) most recent action against Rabobank, N.A. See United States v. Rabobank, N.A., No. 18 Cr. 0614 (S.D. Cal.) (Department of Justice enforcement action); In the Matter of Rabobank, N.A., No. AA-WE-2017-82 (FinCEN enforcement action). FinCEN specifically cited to the fact that Rabobank at one point only had three people to review approximately 2,300 alerts and two people to conduct at times 100 investigations per month. Statement of Facts, United States v. Rabobank, N.A. These numbers of staff, taken together with the size of Rabobank, N.A. and the profile of its customers, among other factors, was deemed insufficient by FinCEN. Further, in a recent coordinated action by the OCC, FinCEN, the Federal Reserve Board and the Department of Justice against U.S. Bank, regulators noted that the bank operated its AML program “on the cheap by restricting head count and other compliance resources. Press Release, Dep't of Justice, Manhattan U.S. Attorney Announces Criminal Charges Against U.S. Bancorp for Violations of the Bank Secrecy Act, (Feb. 15, 2018). U.S. Bank was ordered to pay over $600 million in forfeitures and fines.
(5) Review Your AML governance and accountability guidelines. Friction between AML staff and business personnel can occur for a variety of reasons. To the extent that such friction results from active engagement with compliance issues by AML staff, these encounters are not necessarily cause for concern. Robust debate and reasoned discussions are important components of a well-functioning AML program. That said, financial institutions should review their processes for resolving such conflicts and for holding individuals accountable for their compliance-related decisions, just as they would for their business-related decisions.
(6) Ensure your board is actively engaged. New York state now requires covered financial institutions to adopt either an annual board resolution or a senior officer compliance finding to certify the institution's compliance with Rule 504, the state's new AML regulation. The early drafts of this rule imposed criminal penalties for filing an “incorrect or false” certification and would have injected into the global AML regime a new and relatively low threshold for prosecuting board members and senior management. While the provision of Rule 504 imposing criminal penalties was dropped in the final rule, the message from the New York Department of Financial Services was clear—and the sentiment is shared by regulators far beyond the state's borders. For many years, regulators have stressed the importance of the “tone at the top” and “culture of compliance” at financial institutions. When the board of directors demonstrates that rigorous risk management is a priority, accountability tends to permeate throughout the organization. However, active engagement rather than passive review requires knowing the right questions to ask. Ongoing training for the board is as important as it is for all employees.
(7) Follow proposed changes to U.S. AML regulations. A year ago, The Clearing House Association, the banking association and payments company owned by 25 of the world's largest commercial banks, issued a report identifying a number of areas where the AML/CFT (Combatting the Financing of Terrorism) process can be made more efficient, from a reordering of enforcement priorities to promoting innovation by financial institutions in developing new AML technologies. See The Clearing House, A New Paradigm: Redesigning the U.S. AML/CFT Framework to Protect National Security and Aid Law Enforcement (February 2017).
Support for AML modernization is reaching a critical mass in Congress. The Senate Banking Committee held two hearings in January devoted to reforming BSA enforcement; Committee Chair Mike Crapo (R-Id.) pointed to “a clear bipartisan interest in modernizing the BSA/AML regime.” See U.S. Senate Comm. on Banking, Housing, and Urban Affairs (Senate Banking Comm.), Hearing Testimony, Combating Money Laundering and Other Forms of Illicit Finance: Opportunities to Reform and Strengthen BSA Enforcement (Jan. 9, 2018); and Senate Banking Comm., Hearing Testimony, Administration Perspectives on Reforming and Strengthening BSA Enforcement (Jan. 17, 2018). See also Statement of Senator Mike Crapo, Committee on Banking, Housing, and Urban Affairs (Jan. 17, 2018). The impetus for such modernization will only be strengthened by the rise of virtual currency platforms, which pose a new level of enforcement challenge. Given these developments, those responsible for AML enforcement should place extra emphasis on monitoring developments in Washington.
|Upcoming AML Deadlines and Anticipated Rulemaking
Certification of Compliance with New York State Part 504 Rule—by April 15, 2018. The New York State Department of Financial Services' new anti-money laundering regulation, Rule 504, went into effect on Jan. 1, 2017. See Client Update, NYDFS Issues Final Anti-Money Laundering and Sanctions Rule (July 6, 2016). Covered institutions must adopt either an annual board resolution or a senior officer compliance finding to certify compliance with the regulation. The first such certification is due by April 15, 2018.
Full Compliance With FinCEN's Beneficial Ownership Rule—By May 11, 2018. On May 11, 2016, FinCEN published its final rule expanding customer due diligence (CDD) requirements. See Client Update, FinCEN Issues New Rule Requiring Identification of Beneficial Owners and Risk-Based Customer Due Diligence (May 16, 2016). Covered financial institutions must comply with the CDD rule by May 11, 2018.
The rule imposes two new, and significant, requirements: First, it requires covered financial institutions to establish procedures to identify, and verify the identity of, the beneficial owners of legal entity customers that open new accounts, unless there is an exception.
Second, it adds a “fifth pillar” to existing anti-money laundering (AML) program requirements. Currently, AML programs have four pillars—policies and procedures; a designated AML compliance officer; testing; and training. The final rule adds to these program requirements by mandating risk-based procedures for conducting ongoing customer diligence to understand the nature and purpose of the customer relationship.
Financial institutions have reportedly voiced concerns about some aspects of the rule including whether, and under what circumstances, financial institutions would have to identify individuals who own less than 25 percent of the equity interests of a legal entity customer. In response, FinCEN indicated that it would likely issue additional guidance.
FinCEN's Final AML Rule for Registered Investment Advisors (RIAs). On Aug. 25, 2015, FinCEN proposed regulations that would extend mandatory AML requirements to all investment advisers registered or required to be registered with the Securities and Exchange Commission under the Investment Advisers Act of 1940. See Client Update, FinCEN Proposes Anti-Money Laundering Rules for Investment Advisers (Aug. 31, 2015). RIAs anticipated the issuance of the final rule in 2017.
The proposed rules would require investment advisers to develop and implement written AML programs, put in place policies and procedures to detect and report suspicious activities, and to comply with mandatory information-sharing requirements, including responding to law enforcement inquiries under the USA PATRIOT Act. Once final rules are adopted, a RIA with deficient AML policies, procedures or controls may be at risk for civil or criminal liability.
Matthew L. Biben is a litigation partner and co-leader of the banking industry group at Debevoise & Plimpton. Zila Reyes Acosta-Grimes and Kevin Suttlehan assisted in drafting this article.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllThe Unraveling of Sean Combs: How Legislation from the #MeToo Movement Brought Diddy Down
When It Comes to Local Law 97 Compliance, You’ve Gotta Have (Good) Faith
8 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250