Heightened Enforcement Efforts Focus on Financial Institutions’ ‘Culture of Compliance’
The first of a three-part series on the new landscape of anti-money laundering enforcement
During hearings conducted in 2012 by the U.S. Senate’s Permanent Subcommittee on Investigations, Senator Tom Coburn commented that in its approach to anti-money laundering (AML) compliance lapses by the bank under investigation, the Office of the Comptroller of the Currency (OCC) had resembled “a lapdog” rather than the “watchdog that we sorely need.” The remark resonated. Part of the political fallout from the financial crisis that began in 2008 was a sense that the federal government had not been nearly vigilant enough in its oversight of financial institutions with respect to AML. Regulators and prosecutors have responded to Congress’s rebuke, ramping up their focus on AML through more public and more punitive enforcement.
Federal regulators have long agreed on the elements of a satisfactory compliance program for Bank Secrecy Act/anti-money laundering (BSA/AML) purposes. So what has changed since the financial crisis? Prior to 2012, findings of deficiencies or weaknesses in a BSA/AML compliance program were most often imparted in a formal but nonpublic communication from a regulatory agency to an institution’s board of directors. Many enforcement actions did not include monetary penalties. But around 2012, at the urging of Congress and others, regulators began issuing large numbers of public enforcement actions that included significant, record-breaking fines.
One notable example is the settlement entered by JPMorgan Chase Bank in January 2014 under which the bank forfeited $1.7 billion pursuant to a deferred prosecution agreement with the U.S. Attorney’s Office for the Southern District of New York and separately paid $350 million in civil penalties assessed by the OCC. Altogether, the financial penalty was at the time the largest ever imposed for violations of the BSA. Prosecutors and regulators accused JPMorgan of having systemic failures in its BSA/AML compliance program which allowed Bernard Madoff’s now notorious Ponzi scheme, administered primarily through Chase accounts, to continue undetected and unreported from 1986 to 2008.
A common basis for escalating BSA/AML enforcement actions into the public realm is a finding that a program deficiency was coupled with an “aggravating factor,” such as deficiencies resulting in highly suspicious activity going unreported, systemic failures to file currency transaction reports or suspicious activity reports (SARs), or an institution’s failure to correct a previously reported problem. Increasingly, regulators have also relied on more subjective bases for bringing a public enforcement action, such as the apparent severity of the noncompliance or deficiencies, the perceived lack of cooperation or remediation by the institution’s management, or the agency’s lack of confidence that the institution will take appropriate and timely corrective action.
The heightened focus on enforcement has led banks to build stronger BSA/AML compliance programs by automating monitoring to identify suspicious activity and prevent money laundering, and using risk assessments to identify high-risk products, services, customers and geographies. Prior to its settlement of the Madoff-related allegations, JPMorgan had already begun a massive expansion of its BSA/AML compliance program in response to consent orders it entered with the OCC and the Federal Reserve Board in January 2013. Under the deferred prosecution agreement, it was required to continue those efforts to reform its BSA/AML program and to submit quarterly reports to the U.S. Attorney’s Office detailing the status of its reforms and disclosing any newly discovered BSA violations.
But one of the biggest factors regulators have identified is an emphasis on ensuring that a financial institution’s upper-level management and board of directors have taken a direct interest in and responsibility for a bank’s BSA/AML compliance program. Regulators are convinced that a robust and effective program fundamentally depends on a “culture of compliance” which can only be achieved through active involvement and personal responsibility at the top levels of every bank. Financial institutions will be expected not only to allocate significantly more resources to their BSA/AML programs, but also to ensure the effectiveness of those programs by requiring that all bank employees play a role, including through the active involvement of bank presidents, CEOs and boards of directors.
The Financial Crimes Enforcement Network (FinCEN), which has authority to assess civil money penalties and often does, particularly in connection with failure to file SARs, recently addressed the importance of promoting a culture of compliance in an August 11, 2014, advisory. In that advisory, FinCEN outlined six areas of importance in strengthening an institution’s compliance culture, including:
- The active role of leadership in supporting and understanding compliance efforts
- The independence of compliance functions from influence by revenue interests
- The sharing of information from across the institution with BSA/AML compliance staff
- The allocation of adequate resources to the compliance program and staff
- The unbiased testing of the compliance program’s effectiveness by an independent party
- Communicating to the institution’s leadership and staff the purpose and importance of the BSA/AML program and the use made by regulators of BSA/AML reports
Regulators and prosecutors are backing up their demand for a culture of compliance that starts with the “tone at the top” by bringing BSA/AML enforcement actions against individual bank directors and managers, sometimes assessing personal monetary penalties from those individuals. A later article in this series will delve more deeply into individual liability for BSA/AML violations and regulators’ increasing efforts to hold individuals liable for their institutions’ compliance deficiencies.
Republished with permission. This article first appeared in Inside Counsel on January 30, 2015 .