Category: AML Regulations and Enforcement Actions

On December 20th the Treasury Department released its National Illicit Finance Strategy (something required under the Countering America’s Adversaries Through Sanctions Act of 2017 (CAATSA). That Strategy was based on three risk assessments that were released simultaneously, but to little or no fanfare:

1. 2018 National Proliferation Financing Risk Assessment
2. 2018 National Terrorist Financing Risk Assessment
3. 2018 National Money Laundering Risk Assessment

The 2018 National Money Laundering Risk Assessment (2018 NMLRA) is available at https://home.treasury.gov/system/files/136/2018NMLRA_12-18.pdf. It follows the June 2015 NMLRA, available at https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Laundering%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf.

What threats, vulnerabilities, and risks have changed or been added in the last 3 1/2 years since the 2015 NMLRA? Oddly … not much.

The 2018 NMLRA begins with an estimate of the size of the AML problem:

“The United States continues to estimate that domestic financial crime, excluding tax evasion, generated approximately $300 billion of proceeds for potential laundering, based on the sources and analysis cited in the 2015 NMLRA.”

So over the last 2 1/2 years, the size of the AML problem in the US hasn’t changed – it remains $300 billion of proceeds for potential laundering. In other words, not all of the proceeds of criminal activity make it into the financial system for potential laundering. But for arguments sake, let’s assume that all of the proceeds of criminal activity in the US make it into the financial system (and of course the NMLRA notes that proceeds of criminal activity from outside the United States are laundered through financial institutions based in the United States, and much of that simply passes through US-based financial institutions that are facilitating US DOllar-based transactions). Three hundred billion dollars is a lot of dirty money to go into, pass through, and/or end up in US financial institutions … but how much total money flows through those institutions? The 2015 NMLRA gives a clue: at page 35 is a reference to the volume of funds flowing through Fedwire, CHIPS, and ACH. The Fedwire and CHIPS numbers are daily volumes: $3.5 trillion per day and $1.5 trillion per day, respectively (ACH is measly $10 trillion per year). By my math, the three main US-based financial payments systems move ~two quintillion dollars a year, which means that criminal proceeds make up about $3 for every $20,000 that flow through US based financial institutions.  To put that in perspective, $300 billion in criminal proceeds out of $2 quintillion in total proceeds is equivalent to 1 drunk fan at a Yankees game every other game. OR to put it another way, 99.999985% of dollars moving through US financial institutions are “clean”. This is different than the other anecdotes and axioms we hear about the volume of dirty money in (or flowing through?) the financial system. Regardless, we can all agree that $300 billion is too much … and I digress …

What is particularly interesting about the 2018 NMLRA is that the sources of criminal proceeds, and how those proceeds are laundered, didn’t materially change from 2015 to 2018.

Both the 2015 and 2018 NMLRAs conclude that the biggest sources of criminal proceeds are the common frauds – bank fraud, consumer fraud, healthcare fraud, securities fraud, and tax refund fraud – drug trafficking, human smuggling and human trafficking (correctly noted as two very different crimes), organized crime, and corruption. Health care fraud and drug trafficking each account for the bulk of the $300 billion in criminal proceeds – $1oo billion each. Human trafficking is a large and growing source at an estimated $36 billion a year.

Notably, the most significant money laundering risks in the United States in 2018 are essentially the same risks found in 2015: the misuse of cash (pages 4, 20), complicit individuals and financial services employees, and lax compliance at financial institutions (pages 40-45). And the “main risk that facilitates money laundering”? Anonymity in transactions and funds transfers (pages 4, 46). Much of the 2015 and 2018 NMLRAs deal with the misuse of cash – bulk cash smuggling, structuring, and funnel accounts are detailed in both assessments. And according to the 2018 NMLRA, cash structuring is a predominate activity reported in Suspicious Activity Reports: at page 24 is a table of SARs filed in 2015, 2016, and 2017. At a high level, over those three years the ratio of “structuring” SARs didn’t change much: about one in seven SARs had structuring as the sole category of reported activity, and about four in ten SARs had structuring as one of the categories of reported activity.

I highly recommend that every AML professional download and read the 2018 National Money Laundering Risk Assessment. It is well-written, well-organized, and provides links to excellent resources. It refers to and provides a link to the 2015 NMLRA, which, in some respects, is a more comprehensive (and still relevant) source.  Many of us still have the 2005 United States Money Laundering Threat Assessment on our book shelves: for those that don’t …

https://www.treasury.gov/resource-center/terrorist-illicit-finance/documents/mlta.pdf

The only time the public (and Congress) hears about a bank’s BSA program is when the program has failed and a regulator issues a public censure. These public censures are rare, but drive the narrative that banks are doing a poor job when it comes to BSA compliance. In the last 12 months we’ve read about Rabobank California’s February $50 million OCC and $369 million forfeiture, US Bank’s February $613 million in penalties from multiple agencies, Danske Bank’s September €775 million in penalties, Société Générale’s November “stripping” penalty of $1.34, UBS’s December $15 million penalty, and Morgan Stanley’s December $10 million penalty. With those as the only narrative, one could imagine an industry out of control.  Which isn’t the case: 99% of financial institutions are doing a pretty good job with their BSA/AML and sanctions programs.  So … why not use a CRA-like approach and publish the evaluations of all bank’s BSA compliance programs?

According to the OCC, “the Community Reinvestment Act of 1977 (CRA) provides a framework for financial institutions, state and local governments, and community organizations to jointly promote banking services to all members of a community. In a nutshell, the CRA: prohibits redlining (denying or increasing the cost of banking to residents of racially defined neighborhoods); and encourages efforts to meet the credit needs of all community members, including residents of low- and moderate-income neighborhoods.” https://www.occ.gov/topics/compliance-bsa/cra/index-cra.html

Again, according to the OCC, the CRA requires each federal financial supervisory agency, when examining financial institutions subject to its supervision, to use its authority to assess the institution’s record of meeting the credit needs of its entire community, including low- and moderate-income neighborhoods, consistent with safe and sound operation of the institution. Upon the examination’s conclusion, the agency must prepare a written evaluation of the institution’s record of meeting the credit needs of its community. This document is an evaluation of the CRA performance of the bank as of the date of the evaluation. The agency rates the CRA performance of an institution consistent with appendix A to 12 CFR part 25 across lending, investment, and servicing using a scale of Outstanding, Satisfactory, Needs to Improve, and Substantial Noncompliance.  There is also a narrative summarize the major factors supporting the bank’s rating. And when illegal discrimination or discouragement has been discovered (substantive violations, not merely technical) and has affected the rating, the summary should state that the rating was influenced by those violations.

These CRA evaluations are made public. For example, on December 4, 2018 the OCC released CRA Evaluations for 28 National Banks and Federal Savings Associations that became public during the period of November 1, 2018 through November 30, 2018. Of the 28 evaluations, 25 were rated satisfactory and three were rated outstanding. In the last six monthly releases of the OCC’s CRA evaluations, 30 banks received an Outstanding grade, 139 received a Satisfactory grade, 1 received a Needs to Improve grade, and 1 received a “Substantial Needs to Improve” grade. If these were BSA results, and the Needs to Improve and Substantial Needs to Improve results were the equivalent of Consent Orders, the public (and Congress) would only have read about the 2 banks, not the 169 that had satisfactory or outstanding programs.  Not only is this context critical (169 of 171 banks had satisfactory or outstanding programs), but it encourages the regulated banks to strive to build and maintain an outstanding program.  This is important, because currently the only opportunity a BSA Officer has to get his or her program mentioned publicly is in a negative context of a Cease & Desist or Consent Order. There is no upside.  So perhaps the regulators can take a page from the CRA Handbook and publish their results of BSA evaluations. My guess is that 169 of 171 will be satisfactory or outstanding.  And BSA Officers everywhere would have hope …

I know many of you will immediately react that this is a bad idea. But as Arthur Clarke (is alleged to have) said: “New ideas pass through three phases: it’s a bad idea; it may be a good idea, but it’s not worth doing; and … I knew it was a good idea all along!”

The most recent AML-related public censure comes in the form of a FINRA “AWC” or Letter of Acceptance, Waiver and Consent voluntarily submitted by Morgan Stanley to its self-regulatory organization, FINRA, on December 12, 2018. The AWC is a reasonably typical example of a public settlement (in the case of FINRA) or consent order or assessment of a money penalty (in the case of bank regulators and FinCEN) in that it uses colorful but vague adjectives and adverbs to describe the impugned activity – words such as willful, insufficient, appropriate, adequate, extraordinary (describing workloads) frequent, and sufficient – as well as to describe the actions taken after getting caught or self-reporting the impugned activity  – words such as extraordinary, substantial, and sufficient. We can guess or imagine what Morgan Stanley and FINRA mean by “extraordinary workloads” (bad) and “extraordinary steps” (good), but it would be much more instructive to all industry participants if the adjectives, adverbs, and phrases used in all public AML documents were more precise and instructive. I give a few examples below. But …

Perhaps the most interesting thing about this AWC is what is NOT written! There is nothing in it that suggests that Morgan Stanley did a review or look-back of the almost 500,000 wires for almost $100 billion over a 5 year period that didn’t make it into its AML transaction monitoring system … was there any undetected and thus unreported suspicious activity? We don’t know. But back to what WAS written in the AWC …

http://www.finra.org/sites/default/files/Morgan_Stanley_AWC_122618.pdf

There is quite a bit of detail on Morgan Stanley’s failure to feed at least four wire transfer and foreign currency transfer systems to its main transaction monitoring system, some for as long as 5+ years (January 2011 to at least April 2016):

• from 2011 through 2016 two main wire systems failed to feed 140,000 wire transfers for $43 billion, including $3.2 billion to or from high risk countries;
• from December 2014 through April 2016 an incoming wire system failed to feed 267,000 incoming wires for $30.4 billion, including $1.8 billion from high risk countries; and
• from January 2014 through August 2015 an outgoing wire system failed to feed 91,000 outgoing wires for $25.5 billion, including $1.2 billion to high risk countries.

That’s almost 500,000 wires over a 5+ year period totaling almost $100 billion ($100,000,000,000), including $6,200,000,000 to or from high risk countries.

It would be instructive if the AWC included the total number and dollar amount of all Morgan Stanley wires during this period, and to/from which high risk countries they came from or went to.  Was 500,000 wires 10% of the total? 50%? 90%?  If $6.2 billion in wires to/from high risk countries went un-monitored, how much WAS monitored? And how much of that monitored activity was alerted on? Knowing the answers to these questions would be instructive. In addition, there is nothing about WHY these systems weren’t connected to the transaction monitoring system: that information would also be instructive for the industry.  What did FINRA and Morgan Stanley learn that could be used by the industry to prevent another $6.2 billion in wires to and from high risk countries?

In addition, the AWC notes that 24 AML analysts and contractors “had extraordinary workloads that likely contributed to their unreasonable reviews” of those wire transfers that did alert on the transaction monitoring system.

What is “extraordinary”? To answer that, FINRA needs to explain what it considers “ordinary”: how many Analysts should Morgan Stanley have had to handle the number of alerts produced? There is nothing in the AWC that provides something like “the AML analysts were required to clear 50 alerts per day yet received between 70 and 100 each day.

The AML team and senior management at Morgan Stanley deserve credit for taking “extraordinary steps” and devoting “substantial resources” and investing “substantial additional financial resources in the AML program”, and they “greatly increased” the AML staffing. But, like the vague words to describe the impugned behavior, these vague words to describe the remediation efforts are simply not helpful to anyone trying to learn from this case and make their own institution’s program better. Just what were those extraordinary steps? What resources were added? And they greatly increased the AML staffing … but from 24 to what?

To conclude, it would be extraordinarily helpful if FINRA, FinCEN, and others devoted substantial resources and greatly decreased their use of descriptive but vague adjectives and adverbs, and instead invested substantial additional resources in providing actionable, specific information.

https://www.banking.senate.gov/hearings/10/24/2018/combating-money-laundering-and-other-forms-of-illicit-finance-regulator-and-law-enforcement-perspectives-on-reform

From obvious tension between FinCEN and the OCC, to patiently waiting for marijuana guidance, to missteps on CTR filings and thresholds, to grocery stores in Bucksnort, Louisiana, and ending with a statement from a Senator that “I don’t think you’re ever going to get the safety and soundness regulator to make this a priority”, this hearing was worth watching.

To lay the groundwork, some of the more salient features of the written submissions:

FinCEN Director Ken Blanco’s written testimony began with FinCEN’s mission:

“FinCEN’s mission is to safeguard the financial system from illicit use and to promote national security through the collection, analysis, and dissemination of financial intelligence.” And he further testified that FinCEN accomplishes that mission by: “(1) aggressively investigating and pursuing illicit activity; (2) ensuring that we collect the financial intelligence necessary to support these investigations; (3) understanding the evolving trends and typologies of illicit activity; and (4) closing any regulatory gaps that expose our financial system to money laundering and the other underlying illicit activity that threaten our financial system and put our nation, communities, and families in harm’s way.”

Director Blanco then commented on the importance of the BSA information:

“nearly 500 federal, state, and local law enforcement and regulatory agencies with direct access to FinCEN’s database of BSA records. Within these agencies, there are an estimated 11,000 active users of BSA data. This consists of 149 SAR Review Teams and Financial Crimes Task Forces located all around the country, covering all 94 federal judicial districts, including one in each state, the District of Columbia, and Puerto Rico. In the last five years, FinCEN query users have made more than ten million queries of the FinCEN database.”

“Internal Revenue Service Criminal Investigation alone conducts more than 126,000 BSA database inquiries each year. And, 24 percent of its investigations begin with a BSA source. As my colleague from the Federal Bureau of Investigation (FBI) will discuss, financial intelligence is a key tool for FBI criminal investigations. All FBI subjects have their names run against the BSA database. More than 21 percent of FBI investigations use BSA data, and for some types of crime, like organized crime, nearly 60 percent of FBI investigations use BSA data. Roughly, 20 percent of FBI international terrorism cases contain BSA data.”

“We are getting better at this every day, but we believe we can do much more. Part of getting better and doing more includes providing both our financial institutions and delegated examiners better and more consistent feedback on how we use BSA data so they understand our priorities and how to better use their resources more effectively and efficiently in a more targeted and focused way.”

Director Blanco then turned to regulatory reform:

“Our goal is to ensure that financial institutions are devoting their resources to identify and report activity that relates to the highest priority national security and law enforcement interests. This effort requires a multi-prong approach with three key priorities: (1) understanding BSA value; (2) promoting responsible innovation; and (3) fostering information sharing, including through public-private partnerships.”

The OCC’s Senior Deputy Comptroller for Compliance & Community Affairs, Grovetta Gardineer, testified that: “We at the Office of the Comptroller of the Currency (OCC) support the purpose of the BSA to combat money laundering and terrorist financing (illicit finance). Toward this end, the OCC is committed to ensuring that the institutions under its supervision have robust controls in place to safeguard them from being used as vehicles to launder money for drug traffickers and other criminal organizations, or to facilitate the financing of terrorist acts. Together, with the other federal banking agencies and the law enforcement community, our goal is to prevent the misuse of our nation’s financial institutions.”

She also stated:

“New technologies such as artificial intelligence (AI) and machine learning offer banks opportunities to better manage their costs and increase the ability of their monitoring systems to identify suspicious activity, while reducing the number of false positive alerts and investigations.”

I disagree with this statement, to a degree. There is nothing wrong with the existing technologies: it is their misapplication that is the primary problem, and the secondary problem is the fear of banks – brought on by regulatory expectations and published sanctions – that they cannot afford to miss any potential suspicious activity. AI and Machine Learning are great technologies, and have been effectively deployed for 10 years by some vendors (Verafin is one), but they are not the sole answer. For a BSA Officer to blame false positives on his or her technology is like a carpenter blaming his tools … you should look first to the carpenter …

Deputy Comptroller Gardineer then testified on proposed legislative reforms, using the Economic Growth & Regulatory Paperwork Reduction Act (EGRPRA, or “Eegrippa”) process.

This is where things got interesting during the question and answer session. Chairman Crapo (R. IL) opened with a question to Director Blanco whether the OCC’s proposed EGRPRA process was the right way to make BSA changes. Director Blanco said it wasn’t necessary and was, in fact, “another layer of bureaucracy”. Ms. Gardineer disagreed. The back and forth got so intense that Senator Crapo called it “a little bit of tension” and moved on.

Senator Sherrod Brown (D. OH), the Ranking Member, chastised the OCC for calling for regulatory relief at a time when the bigger banks’ misconduct seems to continue.

There was testimony and many questions on the CTR threshold. In his written testimony, Director Blanco noted that raising the CTR threshold to $20,000 would eliminate 60% of CTRs, and raising it to $30,000 would eliminate 80%. Senator Moran asked FBI Agent Steve D’Antuono about that: Agent D’Antuono made an excellent point that it isn’t simply the amount that is important, but all the other information reported in a CTR, such as addresses, telephone numbers, etc.

The exchange with Senator Toomey was interesting for many reasons. He noted that the $10,000 threshold has been in place since 1970, and has not been adjusted for inflation. He referred to a 1994 GAO study that found that 30% – 40% of CTRs were filed by large, well-known cash intensive companies that should have been depositing large volumes of cash, and that those reports offered little value to law enforcement.

Senator Toomey – or his staff or others he and they are relying on – appear misinformed and misguided. First, the Money Laundering Suppression Act of 1994 addressed the issue of large-dollar, well-known cash businesses by providing for the CTR exemption process. That problem has (partially) been solved. Second, the “inflation” argument ignores other more relevant factors: (i) in 1970 the CTR process was entirely manual, without the aid of desk-top computer systems, with forms copied with carbon paper and mailed in envelopes; (ii) in 1970 there were no ATMs, no debit cards, no ACH, no Internet, no mobile, certainly no peer-to-peer electronic (Venmo) transactions … the world has changed, and I would argue that $10,000 in cash today is just as unusual or anomalous as $10,000 in 1970.

A recent study conducted by the Federal Reserve Bank of Boston (a study titled “the Diary of Consumer Payment Choice”) found that the average cash transaction is $22: surely a reporting threshold that requires banks to report cash deposits that are almost 500 times the average cash transaction is a reasonable threshold.

Approximately 50 minutes into the hearing (at the 1:07:10 mark), Senator Menendez (D. NY) asked Director Blanco “does FinCEN have any plans to clarify how financial institutions can provide services to marijuana related businesses …?”. Director Blanco replied “we’re still having those [interagency] conversations … the 2014 guidelines are still the guidelines.” So no help there to those banks and credit unions considering whether to provide, and which, banking services to direct, indirect, or ancillary cannabis businesses and persons.

Senator Cortez Masto (D. NV) made two important points about possible changes to FinCEN’s mandate: giving FinCEN the authority to work with tribal police, and allowing FinCEN to investigate domestic terrorism. Director Blanco agreed with both.

The exchange with Senator Kennedy (R. LA) was particularly interesting. Like Senator Toomey, Senator Kennedy – or his staff or others he and they are relying on – appear misinformed and misguided. The Senator began his questions of Director Blanco with a scenario of a well known local grocery store in a small town that deposits $15,000 in cash every day into its account at a small bank. He asked Director Blanco if a CTR would have to be filed. Unfortunately, Director Blanco replied that yes, a CTR would have to be filed. In fact, in that scenario, the bank could exempt that well-known, cash-intensive business from the CTR filing requirement. It would be good to have that corrected for the record. Senator Kennedy actually gave a name to that small town – he called it “Bucksnort, Louisiana”. I Google Mapped (is that a verb?) “Bucksnort” … there appears to be one in Tennessee and another in Alabama. I couldn’t find the Louisiana Bucksnort.

Senator Kennedy then asked about the questions that needed to be asked of customers at account opening. He asked Director Blanco “does the bank have to ask if my company is a shell company?”. Again, unfortunately, Director Blanco answered “yes”, when in fact that is NOT a question that needs to be asked. Nor can it be reasonably answered: the only answer you’ll get is “no”. Rather, the new Beneficial Owner rule simply requires banks to ask the person opening the account to provide the names and identifying information of any natural person owning at least 25% of the entity (up to four legal owners) and the name of one controlling person, and the bank can rely on that information unless it has reason to believe it is false. Neither the Rule, nor any regulatory expectation I am aware of requires a bank to ask “is your company a shell company?”

Senator Warner (D.VA) had arguably the most interesting observation of the entire ninety minute hearing. At 1:33:17 of the hearing, after some discussion about the different missions of the OCC and FinCEN, he stated “I don’t think you’re ever going to get the safety and soundness regulator to make this a priority.”

This last statement may be getting to the crux of the matter. Depending on your perspective, do FinCEN and the safety and soundness regulators have different perspectives of the same problem, or are they competing interests? As Director Blanco put it, FinCEN has a dual mission: to safeguard the financial system from illicit use, and to promote national security through the collection, analysis, and dissemination of financial intelligence. Deputy Comptroller Gardineer testified that the OCC is committed to ensuring that the institutions under its supervision have robust controls in place to safeguard them from being used as vehicles to launder money. So FinCEN – and law enforcement – are focused on the actionable intelligence that financial institutions can provide: the OCC is focused on whether those institutions have robust controls in place. In my White Paper titled “50 Years of the Bank Secrecy Act: It’s Time to Renew the Purpose of Providing Actionable Intelligence to Law Enforcement” (https://verafin.com/resource/50-years-bank-secrecy-act/) I conclude with the following:

“I, and many others, believe that providing timely and actionable intelligence to law enforcement is critical to the successful prevention of illicit activity. Of course, as outlined in the FFIEC manual, a sound BSA/AML compliance program provides the necessary foundation for providing that intelligence. With that in mind, a first step in reforming the BSA/AML regime in the United States may be changing the language of the Manual itself. I propose that the language is changed from ‘a sound BSA/AML compliance program is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions…’ to ‘providing timely and actionable intelligence to law enforcement is critical in deterring and preventing these types of activities at, or through, banks and other financial institutions, and a sound BSA/AML compliance program provides the foundation for the ability to provide that intelligence.’ The change is subtle but important as it strengthens and focuses the very purpose of the BSA. Providing actionable, timely intelligence to law enforcement, while maintaining sound but rational programs, should be the new goal.”

I believe that the safety and soundness regulators and FinCEN have different perspectives, not competing interests. But I would stress that a financial institution be supervised, examined, and judged first and foremost on whether it is providing actionable intelligence to law enforcement over whether the hundreds or even thousands of BSA compliance program requirements are ticked and tied and documented.

To conclude, testifying before Congress is a nerve-wracking and difficult thing to do (I’ve done it once, in 2004) and Director Blanco, Deputy Comptroller Gardineer, and Agent D’Antuono are to be commended for jobs well done. The public/private partnerships are better than they’ve ever been, and with courage, commitment, collaboration, and compromise, we can make them even better.

With today’s announcements from the US Attorney for the Southern District of New York, OFAC, Federal Reserve, New York State Department of Financial Services, and the Manhattan DA’s Office, the almost-ten year “Strip Club” investigations and prosecutions may have come to a close. Today was Société Générale’s turn, closing a six year investigation into ten years of sanction violations with penalties totaling more than $1.34 billion paid to five county, state, and federal agencies. Notably, the Manhattan DA press release mentioned a “concealment practice” that ended in early 2007, and, because of SocGen’s alleged “untimely disclosure, the statute of limitations for violations relating to the concealment practice and to much of the conduct involving the Cuban credit facilities had already run by the time the investigating agencies learned of them.” The press release contains a list of, and links to, the ten banks that paid penalties for “stripping out” information about sanctioned entities in order to avoid US sanctions controls. Perhaps we’ve seen the last member added to the Manhattan DA’s “Strip Club” …  https://www.manhattanda.org/d-a-vance-announces-162-8-million-payment-from-societe-generale-to-new-york-city-and-state/ 

The most complete filing is from the Manhattan US Attorney’s office: see https://www.justice.gov/usao-sdny/press-release/file/1112461/download

https://www.finma.ch/en/news/2018/09/20180917-mm-gwg-cs/

Not being able to impose monetary penalties, Swiss financial supervisor FINMA concluded two enforcement procedures against Credit Suisse AG. In the first, FINMA identified wide-ranging deficiencies in the bank’s AML program in three of the biggest global fraud/AML cases of the past ten years: the International Federation of Association Football (FIFA) scandal, Brazil’s oil corruption case involving Petrobras, and Venezuelan oil bribery and corruption case involving Petróleos de Venezuela, S.A. (PDVSA). The second procedure was a garden-variety PEP versus high-performing Relationship Manager case. Collectively, FINMA “decreed measures to further improve anti-money laundering processes and to accelerate the implementation of steps already initiated by the bank” and, notably, FINMA imposed “an independent third party to monitor the implementation and effectiveness of these measures.”

One of the most significant findings – and a warning to financial institutions everywhere – was that there was “no automated comprehensive overview of client relationships”. FINMA found:

“To combat money laundering effectively, every relevant department within the bank must be able to see all the client’s relationships with the bank instantly and automatically. Credit Suisse AG has been in the process of implementing such a “single client view” since 2015. Progress has been made, however this overview is still to be extended outside the Compliance unit. This results in organisational weaknesses in addition to the contraventions of anti-money laundering provisions.”

The result? Credit Suisse will need to build out a real-time, bank-wide single view of the customer … or Enterprise View of the Customer (EVOC).

Dutch prosecutors hammered ING Group for 7+ years of abject AML failures … missing and incomplete customer due diligence files, failing to review CDD files, improper customer risk ratings, failure to exit known bad customers in a timely fashion, late suspicious transaction reports, capping transactional alerting systems (which they called “topping”), even “culpable money laundering.” ING failed to adequately staff its financial economic crime group, knew it was understaffed, and didn’t properly staff it. The Dutch prosecutors seemed irritated about this, as they imposed a EUR 100,000,000 “disgorgement” based on the amount that ING under-staffed its FEC unit by.

Expect much industry fall-out from this. It raises the penalty bar to new heights – no European agency has imposed a fine and penalty even close to this.

Upsetting the long-held belief that legislation is clarified by regulations that are clarified and explained by written guidance and modified over time by shifting regulators’ expectations, the Ninth Circuit has recently ruled that the BSA/AML Examination Manual (written guidance) is, effectively, regulation.

In California Pacific Bank v. Federal Deposit Insurance Corporation a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit held in March 2018 that the Bank Secrecy Act (BSA) and its implementing regulations were not unconstitutionally vague, and that the FDIC had properly relied on the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual. Writing for the majority, Judge James Gritzner wrote:

“Not only are the BSA and FDIC’s implementing regulations economic in nature and threaten no constitutionally protected rights, but it is clear that a detailed manual issued by agencies with enforcement authority, such as the FFIEC Manual, can put regulated banks on notice of expected conduct. The BSA authorizes the FDIC to review banks for compliance. 12 U.S.C. § 1818(s). The FFIEC Manual frames the examiners’ expectations in anticipation of routine compliance checks … We hold that the BSA and its implementing regulations are not unconstitutionally vague, and the FDIC did not exhibit unconstitutional bias against the Bank. We further hold that the FDIC acted in accordance with the law by relying on the FFIEC Manual to clarify its four pillars regulation.”

So unless and until this Ninth Circuit decision is over-ruled or contradicted … consider the BSA/AML Exam Manual to be have the impact of regulations.