THE FIGHT AGAINST FINANCIAL CRIMES AND ITS EFFECT ON THE CHIEF COMPLIANCE OFFICER How proposed New York regulations and the Department of Justice may hold CCOs personally liable Sara K. Weed Global Banking and Payments Systems Practice Group Paul Hastings, LLP
2 PENDING NEW YORK REGULATIONS The Compliance Officer Certification of Effectiveness
OVERVIEW 3 New York s proposed regulations are driven originally by concerns regarding terrorist financing Money is the fuel that feeds the fire of international terrorism [I]t is especially vital that banks and regulators do everything they can to stop that flow of illicit funds. - Governor Andrew Cuomo
OVERVIEW 4 New York Department of Financial Services (the Department ) conducted a series of investigations into terrorist finance and compliance issues The Department identified shortcomings regarding transaction monitoring and filtering Additionally, found a lack of robust governance and oversight at the senior levels of management
OVERVIEW 5 The Department responded with new proposed regulation: Part 504 Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications First, the proposed regulation sets forth minimum requirements for anti-money laundering transaction monitoring systems and watch list filtering systems Second, it requires chief compliance officers of banks and money transmitters to annually certify that their monitoring and filtering programs are in compliance Could hold CCOs of banks and money transmitters personally and criminally liable for the effectiveness of these programs
COVERED INSTITUTIONS 6 Two types of entities would be affected by this regulation: Bank Regulated Institutions, meaning all banks, trust companies, private bankers, savings banks, and savings and loan associations chartered by the Department and all branches and agencies of foreign banking corporations licensed by the Department Nonbank Regulated Institutions, money transmitters and check cashers licensed by the Department
CURRENT COMPLIANCE OBLIGATIONS 7 Federal rules require financial institutions to report suspicious activity above certain dollar thresholds to the federal government in the form of Suspicious Activity Reports ( SARs ) Office of Foreign Assets Control ( OFAC ) Rules generally prohibit persons from engaging in transactions involving the targets of OFAC sanctions Financial institutions must screen transaction participants against lists of sanctions targets to ensure the proper transactions are blocked
SHORTCOMINGS OF CURRENT OBLIGATIONS 8 Do not specify the exact steps for institutions. Currently only say institutions need a program reasonably designed to satisfy the requirements No certification requirement The proposed New York regulation aims to cure this by: (1) requiring monitoring systems with specific features; and (2) holding individuals accountable for AML and sanctions compliance failures
9 PENDING NEW YORK REGULATION Transaction Monitoring and Watch List Filtering Program Requirements PART ONE
TRANSACTION MONITORING PROGRAM REQUIREMENTS (1 OF 2) 10 1. Be based on the Risk Assessment of the institution; 2. Reflect all current BSA/AML laws, regulations, and alerts, as well as any relevant information available from the institution s related programs and initiatives; 3. Map BSA/AML risks to the institution s businesses, products, services, and customers/counterparties; 4. Utilize BSA/AML detection scenarios that are based on the institution s Risk Assessment with threshold values and amounts set to detect potential money laundering or other suspicious activities;
TRANSACTION MONITORING PROGRAM REQUIREMENTS (1 OF 2) 11 5. Include an end-to-end, pre- and post-implementation testing of the Transaction Monitoring Program, including governance, data mapping, transaction coding, detection scenario logic, model validation, data input and Program output, as well as periodic testing; 6. Include easily understandable documentation that articulates the institution s current detection scenarios and the underlying assumptions, parameters and thresholds; 7. Include investigative protocols detailing how alerts generated by the Transaction Monitoring Program will be investigated, the process for deciding which alerts will results in a filing or other action, who is responsible for making such a decision, and how investigative and decision-making processes will be documented; and 8. Be subject to an on-going analysis to assess the continued relevancy of the detection scenarios, the underlying rules, threshold values, parameters and assumptions
ADDITIONAL REQUIREMENTS 12 Watch List Filtering Program to be maintained for the purpose of interdicting prohibited transactions Both the Transaction Monitoring Program and Watch List Filtering Program must include various safeguards and oversight, as well as receive adequate staffing and funding
13 PENDING NEW YORK REGULATION Annual Certification of Compliance PART TWO
CERTIFICATION REQUIREMENTS 14 Must attest that to the best of their knowledge that: 1) Monitoring and filtering programs comply with the requirements 2) He or she reviewed the programs Certification performed by the Chief Compliance Officer or equivalent Submitted annually
POTENTIAL RISK: SUBJECTIVITY 15 The CCO must attest not only that there are controls in place, but that the controls all comply This is especially significant because some of the requirements have subjective components For example, the detection scenarios must be easily understandable A CCO who, in good faith, believes the subjective requirements are satisfied may still be held liable if the Department takes a different view
CONSEQUENCES FOR NON-COMPLIANCE 16 Large fines for the institution A CCO who files an incorrect or false certification may be subject to fines and criminal penalties Additionally, there is no intent standard for imposing these penalties
17 PERSONAL LIABILITY FOR CHIEF COMPLIANCE OFFICERS: A CASE STUDY MoneyGram International Inc.
OVERVIEW 18 MoneyGram received thousands of complaints in the mid-2000s from consumers claiming to be victims of fraud Various scams were utilized The scammers had the victims use MoneyGram s transfer system to send them money From 2004 to 2009, the DOJ reports fraud totaling at least $100 million
MONEYGRAM S ROLE 19 MoneyGram failed to terminate agents it knew were involved The Fraud Department would identify specific agents involved in the fraud scheme and recommend termination to management The executives in control of termination included the Sales Department and the Fraud Department The agents were not terminated
INEFFECTIVE ANTI-MONEY LAUNDERING PROGRAM 20 The DOJ claimed MoneyGram had a systematic, pervasive, and willful failure to meet its AML obligations under the Bank Secrecy Act Claimed they failed in a number of ways, including: Allowing the Sales Department to have a significant influence on termination recommendations Not filing SARs on agents they knew were involved in fraud Underfunding and understaffing its AML program
CONSEQUENCES FOR MONEYGRAM 21 MoneyGram entered into a deferred prosecution agreement with the DOJ in 2012, in which it admitted to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program MoneyGram forfeited $100 million
CHIEF COMPLIANCE OFFICER UNDER FIRE 22 FinCEN has already assessed a $1 milllion penalty against the MoneyGram CCO, Thomas Haider The DOJ for the Southern District of New York and FinCEN have filed a complaint against the CCO, seeking to enforece the FinCEN penalty and bar him from working in the financial industry
CHIEF COMPLIANCE OFFICER UNDER FIRE 23 The complaint alleges that Haider willfully violated the Bank Secrecy Act by failing to ensure that MoneyGram: Implemented and maintained an effective AML program Filed timely suspicious activity reports when it knew, suspected, or had reason to suspect that third parties were using its money transfer service for criminal activity
CHIEF COMPLIANCE OFFICER UNDER FIRE 24 The complaint notes supervisory failures as well as actual knowledge of fraud To illustrate this, the following situation was highlighted: Haider was personally on notice that the Toronto Police Department regarded an agent to be a fraud outlet. MoneyGram s own Fraud Department identified it as such and recommended its termination. Despite this recommendation, the agent was not terminated.
PENALTIES 25 FinCEN assessed a $1 million civil penalty against the CCO Haider is potentially barred from working in the financial industry in the United States
27 NORTH AMERICA EUROPE ASIA Atlanta Chicago Houston Los Angeles New York Orange County Palo Alto San Diego San Francisco Washington, D.C. Brussels Frankfurt London Milan Paris Beijing Hong Kong Seoul Shanghai Tokyo 20 Offices ACROSS ASIA, EUROPE AND NORTH AMERICA 1 Legal Team TO INTEGRATE WITH THE STRATEGIC GOALS OF YOUR BUSINESS
OUR OFFICES 28 NORTH AMERICA EUROPE ASIA Atlanta 1170 Peachtree Street, N.E. Suite 100 Atlanta, GA 30309 t: +1.404.815.2400 f: +1.404.815.2424 Chicago 71 S. Wacker Drive Forty-Fifth Floor Chicago, IL 60606 t: +1.312.499.6000 f: +1.312.499.6100 Houston 600 Travis Street Fifty-Eighth Floor Houston, TX 77002 t: +1.713.860.7300 f: +1.713.353.3100 Los Angeles 515 South Flower Street Twenty-Fifth Floor Los Angeles, CA 90071 t: +1.213.683.6000 f: +1.213.627.0705 New York 75 East 55th Street First Floor New York, NY 10022 t: +1.212.318.6000 f: +1.212.319.4090 Orange County 695 Town Center Drive Seventeenth Floor Costa Mesa, CA 92626 t: +1.714.668.6200 f: +1.714.979.1921 Palo Alto 1117 S. California Avenue Palo Alto, CA 94304 t: +1.650.320.1800 f: +1.650.320.1900 San Diego 4747 Executive Drive Twelfth Floor San Diego, CA 92121 t: +1.858.458.3000 f: +1.858.458.3005 San Francisco 55 Second Street Twenty-Fourth Floor San Francisco, CA 94105 t: +1.415.856.7000 f: +1.415.856.7100 Washington, D.C. 875 15th Street, N.W. Washington, D.C. 20005 t: +1.202.551.1700 f: +1.202.551.1705 Brussels Avenue Louise 480-5B 1050 Brussels Belgium t: +32.2.641.7460 f: +32.2.641.7461 Frankfurt Siesmayerstrasse 21 D-60323 Frankfurt am Main Germany t: +49.69.907485.0 f: +49.69.907485.499 London Ten Bishops Square Eighth Floor London E1 6EG United Kingdom t: +44.20.3023.5100 f: +44.20.3023.5109 Milan Via Rovello, 1 20121 Milano Italy t: +39.02.30414.000 f: +39.02.30414.005 Paris 96, boulevard Haussmann 75008 Paris France t: +33.1.42.99.04.50 f: +33.1.45.63.91.49 Beijing 19/F Yintai Center Office Tower 2 Jianguomenwai Avenue Chaoyang District Beijing 100022, PRC t: +86.10.8567.5300 f: +86.10.8567.5400 Hong Kong 21-22/F Bank of China Tower 1 Garden Road Central Hong Kong t: +852.2867.1288 f: +852.2526.2119 Seoul 33/F West Tower Mirae Asset Center1 26, Eulji-ro 5-gil, Jung-gu, Seoul, 04539, Korea t: +82.2.6321.3800 f: +82.2.6321.3900 Shanghai 43/F Jing An Kerry Center Tower II 1539 Nanjing West Road Shanghai 200040, PRC t: +86.21.6103.2900 f: +86.21.6103.2990 Tokyo Ark Hills Sengokuyama Mori Tower 40th Floor, 1-9-10 Roppongi Minato-ku, Tokyo 106-0032 Japan t: +81.3.6229.6100 f: +81.3.6229.7100 For further information, you may visit our home page at www.paulhastings.com or email us at info@paulhastings.com www.paulhastings.com 2015 Paul Hastings LLP