The Financial Crimes Enforcement Network (FinCEN) has imposed a $450,000 civil money penalty on a former compliance / chief operational risk officer at U.S. Bank for anti-money laundering deficiencies at the Bank, once again underscoring regulators’ willingness to hold accountable the individuals “who willfully participate” in the institution’s violations of anti-money laundering requirements.
On Wednesday, March 4th, FinCEN fined Michael LaFontaine for his failure to prevent anti-money laundering violations at the Bank. This is by far the largest fine FinCEN has imposed on an individual compliance officer. In 2018, the Bank settled enforcement actions brought against it by multiple regulatory bodies by paying a fine of $613 million and entering into a deferred prosecution agreement.
This latest action is just another in a long series of similar actions by FinCEN, securities and bank regulators, as well federal prosecutors, to hold individual officers in financial institutions responsible for AML program failings. The move follows suit with the Department of Justice’s initiative over the past five years to increase its focus on individual accountability related to corporate wrongdoing. It is a reminder that even the most robust anti-corruption and compliance programs can fall vulnerable to the weakness of their gatekeepers.
According to FinCEN, LaFontaine (who had been involved in and oversaw the Bank’s AML program in different capacities while employed at the Bank) was aware that the Bank’s suspicious activity detection software was generating far too many alerts for the current staff to review. According to FinCEN, his solution was to put a cap on the number of alerts the system generated. Therefore, the monitoring system did not generate alerts for many of the transactions that a risk-based approach would have flagged as suspicious.
The OCC had repeatedly warned the Bank not to maintain numerical caps on transaction alerts. Nevertheless, according to FinCEN, the Bank “failed to properly address the numerical caps because they permitted the Bank to hire fewer employees and investigators” in the AML department – a move that was likely intended to save the Bank money, only to cost it more in litigation, penalties and reputational damage in the long run.
FinCEN also noted, in its Order, that Wachovia Bank had been the subject of a regulatory action for conduct similar to that underlying the U.S. Bank violations, the relevance of which “Mr. LaFontaine should have known based on his position.” LaFontaine was apparently warned several times by subordinate officers that limiting the Bank’s monitoring programs could result in a potential enforcement action; and the AML department determined, by performing a review on a group of alerts that had not been previously reviewed, that because the Bank had not reviewed this group of alerts, it had failed to identify suspicious activity and as a result, failed to file SARs.
The Impact of the LaFontaine / U.S. Bank Penalty in a Post-COVID19 World
Despite the clear warnings offered by recent regulatory actions, compliance officers may still hesitate to surface AML inadequacies—particularly if bank revenue declines and costs spiral in the wake of the global pandemic. Although regulatory oversight may be eased in this environment— regulators will have resource constraints similar to the institutions they regulate—it is important to remember that AML laws and regulations are still in place and are not going away.
Regardless of the appetite for additional investment at a particular financial institution, compliance officers are well-served by taking prompt and effective remedial action when issues are uncovered. After all, a problem delayed eventually leads to bigger and more expensive problems down the line. Taking these steps may also result in regulators viewing compliance efforts more favorably if / when misconduct is uncovered:
1. Ensure that Remediation Efforts are Undertaken in a Timely Fashion: Once a problem is uncovered, it is important to take immediate action, as this may result in avoidance of severe penalties.
2. Get Help: Consider temporary assistance from experts in risks, controls, forensic analytics and audit if current staff levels are not sufficient to cull through data.
3. Conduct Risk Assessments: Holistically assess internal controls – particularly with input from objective third parties – to ensure misconduct is not occurring elsewhere and that controls design is sound.
4. Use Data Analytics: In the case of a backlog of transactions for review, employ data analytics to ensure higher risk transactions receive priority reviews.
Key Takeaways for Financial Institutions
Financial institutions and their compliance executives should anticipate continuing scrutiny around individual accountability in anti-money laundering efforts. While the global pandemic may delay regulatory action against individuals and/or their employers, this will not eliminate the need for compliance leaders to convey difficult messages to management in order to avoid bigger future problems.
Author Julie Copeland, Partner, StoneTurn