Personal Liability Exposure for Bank Executives and Compliance Officers
On March 4, 2020, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”) announced its assessment of a civil monetary penalty totaling $450,000 against Michael LaFontaine, a former Chief Operational Risk Officer at U.S. Bank National Association (“U.S. Bank”). FinCEN determined that Mr. LaFontaine among other things, failed to prevent violations of the Bank Secrecy Act (“BSA”) and failed to ensure U.S. Bank’s compliance division was appropriately staffed to meet its compliance obligations.
VIOLATIONS OF THE BSA
Mr. LaFontaine was employed by U.S. Bank from 2005 to 2014. During his tenure, U.S. Bank placed caps on the number of alerts the transaction monitoring system generated for review. The alert caps prevented U.S. bank from investigating and filing suspicious activity reports (“SARs”). Mr. LaFontaine was warned by his subordinates and the Office of Comptroller of the Currency (“OCC”) that capping the number of alerts was dangerous and ill-advised.
FinCEN has authority to impose civil penalties on financial institutions and current or former employees who engage in such violations. FinCEN determined that Mr. LaFontaine willfully participated in the following violations of the BSA by:
- Failing to implement and maintain an adequate anti-money laundering (“AML”) program by imposing limits on the number of alerts generated by the bank’s automated transaction monitoring system; not including Western Union money transfers processed at the bank into the monitoring system; and not employing adequate procedures to sufficiently identify, and conduct required due diligence of, high-risk customers.
- Not providing sufficient resources necessary to fulfill the U.S. Bank’s BSA obligations. U.S. Bank employed an inadequate number of AML employees relative to its size and scope of its operations. Specifically, U.S. Bank only employed 30 AML investigators when its assets exceeded $340 billion (and branches exceed 3,000).
Notably, in February 2018, the parent of U.S. Bank, U.S. Bancorp, entered into a $528 million deferred prosecution agreement with federal prosecutors (in addition to settling with bank regulators) for its failure to implement an effective AML program and timely file SARs.
FAIR WARNING: PRIOR ENFORCEMENT ACTIONS
In a somewhat unusual fashion, FinCEN made reference to a February 2010 joint action taken by FinCEN and the Office of the Comptroller of the Currency (“OCC”) against another large financial institution, Wachovia Bank, for conduct similar to the U.S. Bank violations, which were already underway at that time. Wachovia Bank had been improperly capping the number of alerts generated by its automated transaction monitoring system based on the number of compliance personnel that it had available to review transactions.
This is not the first time that FinCEN has brought a significant action against a compliance officer for failing to properly implement a BSA program. In 2017, FinCEN and the U.S. Attorney’s Office for the Southern District of New York announced its settlement of $250,000 with the former Chief Compliance Officer of MoneyGram International Inc. (“MoneyGram”), Thomas E. Haider. During his tenure at MoneyGram, among other things, Mr. Haider (1) failed to terminate agents and outlets that were participating in fraudulent schemes, including money laundering, or implement procedures to terminate agents and outlets posing a high risk of fraud, (2) structured MoneyGram’s AML program to restrict compliance analysts’ access to information needed to support the filing of SARs, and (3) failed to conduct adequate due diligence on prospective agents or outlets.
FinCEN’s action against Haider demonstrates its willingness to hold individual compliance officers liable and was reflective of a broader regulatory trend focusing on the critical role of compliance officers and senior management in preventing crimes such as terrorist financing, money laundering, fraud, and other illicit financial activities. This policy is aligned with the Department of Justice’s (“DOJ’) Yates Memo of September 2015, which sets forth DOJ’s policy of increasing its efforts to hold individuals liable in cases of corporate misconduct; the general principles articulated in the Yates Memo remain very much relevant and in effect today.
- FinCEN continues to exercise its authority to impose civil penalties on current or former employees who engage in BSA violations;
- In determining whether an AML compliance division is fully staffed, FinCEN may consider the financial institution’s assets and overall size, both number of employees and branches; and
- Financial institutions should not rely entirely on automated BSA compliance systems, but should ensure that compliance officers exercise appropriate supervision over such systems.