| | | Effective PR

U.S Bancorp N.A. case continues with personal responsibility order

The USA's Financial Crimes Enforcement Network (is that horrible logo new? FinCEN used to be so elegant) has issued a civil money penalty notice against a former Chief Officer of U.S. Bancorp N.A. for "failure to prevent" breaches of the Bank Secrecy Act during his employment at the company. But, FinCEN's allegations go further than simply "failing to prevent."

According to a statement from FinCEN "U.S. Bank used automated transaction monitoring software to spot potentially suspicious activity, but it improperly capped the number of alerts generated, limiting the ability of law enforcement to target criminal activity... LaFontaine was warned by his subordinates and by regulators that capping the number of alerts was dangerous and ill-advised. His actions prevented the proper filing of many, many SARs, which hindered law enforcement’s ability to fully combat crimes and protect people,” said FinCEN Director Kenneth A. Blanco.

In February 2018, FinCEN, in coordination with the Office of the Comptroller of the Currency (OCC) and the U.S. Department of Justice, issued a USD185 million civil money penalty against U.S. Bank for, among other things, deliberately breaching the BSA’s requirements to implement and maintain an effective anti-money laundering system and to file Suspicious Activity Reports (SARs) "in a timely manner".

LaFontaine was advised by two subordinates that they believed the existing automated system was inadequate because caps were set to limit the number of alerts. The OCC warned U.S. Bank on several occasions that using numerical caps to limit the Bank’s monitoring programs based on the size of its staff and available resources could result in a potential enforcement action. This is nothing new: FinCEN has previously taken public action against banks for the same activity.

FinCEN says that LaFontaine received internal memos from staff claiming that significant increases in the number of Suspicious Activity Reports, law enforcement enquiries and closure recommendations created a situation where the money laundering risk and compliance staff “is stretched dangerously thin.” He failed to take sufficient action when presented with significant deficiencies in the Bank’s money laundering risk and control and SAR-monitoring system and the number of staff to fulfil the money laundering compliance function. "The Bank had maintained inappropriate alert caps for at least five years."

It was not the only fault although to what extent this was LaFontaine's alone must be open to debate: FinCEN said "the bank failed to staff the BSA compliance function with enough people to review even the reduced number of alerts enabling criminals to escape detection. "

FinCEN promotes the use of technology for risk and compliance support. But it expects that it won't be fettered.

" “FinCEN encourages technological innovations to help fight money laundering, but technology must be used properly," Blanco said.

LaFontaine admitted his failings and was ordered to pay a penalty of USD450,000.

The case against him carries on the investigation by FinCEN and others into the risk and compliance methods adopted at U.S. Bankcorp N.A, In 2018, the bank entered into a agreement with the Department of Justice and paid USD528 under a Deferred Prosecution Agreement that was due to expire just two weeks ago. The bank admitted its failures: there was no "without admitting or denying the allegations" which means that the case is available for evidence elsewhere. At the time, the Department of Justice said "The penalty shall be collected through the Bank’s forfeiture to the United States of USD453 million in a civil forfeiture action also filed today, with the remaining USD75 million satisfied by the Bank’s payment of a civil money penalty assessed by the Office of the Comptroller of the Currency."

U.S. Attorney Geoffrey S. Berman said "U.S. Bank’s [counter-money laundering system] was highly inadequate. The Bank operated the program ‘on the cheap’ by restricting headcount and other compliance resources, and then imposed hard caps on the number of transactions subject to [money laundering risk and compliance]review in order to create the appearance that the system was operating properly. The Bank also concealed its wrongful approach from the OCC. As a result, U.S Bank failed to detect and investigate large numbers of suspicious transactions."

The failures went far below those of inadequately staffing the money laundering risk and compliance unit and artificially limiting the number of reports that the tech could make. Here, unedited, is what the DoJ said in its announcement in February 2018:

According to the documents filed today in Manhattan federal court:

USB’s Failure to Maintain an Adequate AML Program

From 2009 and continuing until 2014, USB willfully failed to establish, implement, and maintain an adequate AML program. Among other things, USB capped the number of alerts generated by its transaction monitoring systems, basing the number of such alerts on staffing levels and resources, rather than setting thresholds for such alerts that corresponded to a transaction’s level of risk. The Bank deliberately concealed this from the OCC, the Bank’s primary regulator.

USB was well aware that these practices were improper, were resulting in the Bank missing substantial numbers of suspicious transactions, and were placing the Bank at risk of regulatory action. Bank documentation from as early as 2005 acknowledged that alert limits were based on staffing levels and, as a result, a risk item for the bank. For example, in a December 1, 2009,F memo from the Bank’s then AML Officer (the “AMLO”) to the then Chief Compliance Officer (the “CCO), the AMLO explained that while the Bank was experiencing significant increases in SAR volumes, the Bank’s staff was “stretched dangerously thin” and warned that a “regulator could very easily argue that this testing should lead to an increase in the number of queries worked.” The Bank conducted below-threshold testing (“BTT”), which consisted of investigating a limited number of transactions that fell outside alert limits to see if thresholds should be adjusted so that more alerts would be investigated. The Bank’s BTT regularly found that SARs should have been filed on more than 25 percent, and as much as 80 percent, of the tested transactions. Rather than increase resources and lower thresholds to detect such suspicious activity, as repeatedly requested by the responsible AML employees, the Bank instead decided to stop conducting BTT altogether.

An OCC examiner assigned to the Bank repeatedly warned USB officials, including the AMLO, of the impropriety of managing the Bank’s monitoring programs based on the size of its staff and other resources. Knowing that the OCC would find USB’s resource-driven alert limits to be improper, Bank officials, including the CCO, deliberately concealed these practices from the OCC. For example, a Bank employee deliberately excluded references to resource limitations from the minutes of an internal Bank meeting for fear that the OCC would disapprove of the Bank’s practices, and in order to protect himself and his supervisor from adverse consequences. Indeed, the AMLO described USB’s AML program to another senior manager as an effort to use “smoke and mirrors” to “pull the wool over the eyes” of the OCC.

USB also failed to monitor Western Union (“WU”) transactions involving non-customers of the Bank that took place at Bank branches. The Bank processed WU transactions involving non-customers even though they would not be subject to the Bank’s transaction monitoring systems. Even when Bank employees flagged specific non-customer transactions raising AML-related concerns, the transactions went uninvestigated. It was not until July 1, 2014, that the Bank implemented a new policy that prohibited WU transactions by non-customers.

In the course of this investigation, the Bank analyzed the impact of its deficient monitoring practices. For just the six months prior to taking steps to remedy the practices, the Bank’s analysis resulted in the generation of an additional 24,179 alerts and the filing of 2,121 SARs.

USB’s Failure to Timely File Suspicious Activity Reports Relating to Scott Tucker

From October 2011 through November 2013, the Bank willfully failed to timely report suspicious banking activities of Scott Tucker, its longtime customer, despite being on notice that Tucker had been using the Bank to launder proceeds from an illegal and fraudulent payday lending scheme using a series of sham bank accounts opened under the name of companies nominally owned by various Native American tribes (the “Tribal Companies”). From 2008 through 2012, Tucker’s companies extended approximately five million loans to customers across the country, while generating more than $2 billion in revenues and hundreds of millions of dollars in profits. Most of this money flowed through accounts that Tucker maintained at the Bank.

USB employees responsible for servicing Tucker’s ongoing account activity disregarded numerous red flags that Tucker was using the tribes to conceal his ownership of the accounts. For example, Tucker spent large sums of monies from accounts in the names of Tribal Companies on personal items, including tens of millions of dollars on a vacation home in Aspen and on Tucker’s professional Ferrari racing team. USB also received subpoenas from regulators investigating Tucker’s businesses. In September 2011, after news organizations published reports examining Tucker’s history and questionable business practices, the Bank reviewed Tucker’s accounts, and an AML investigator reported to supervisors, among other things, that “it looks as though Mr. Tucker is quite the slippery individual” who “really does hide behind a bunch of shell companies.” Based on its findings, the Bank closed the accounts in the names of the Tribal Companies but failed to file a SAR.

The Bank also left open Tucker’s non-tribal accounts and opened new ones, allowing over $176 million more from his illegal payday business to flow into the Bank. Despite also learning of an April 2012 Federal Trade Commission lawsuit against Tucker and the Tribal Companies, the Bank did not file a SAR regarding Tucker until served with a subpoena by this Office in November 2013.

On October 13, 2017, Tucker was convicted in the United States District Court for the Southern District of New York of various offenses arising from his payday lending scheme. The Government intends to recommend that the amounts forfeited by USB be distributed to victims of Tucker’s scheme, consistent with the applicable Department of Justice regulations, through the ongoing remission process.

All in all, while LaFontaine is the one with his head on the block, it's clear that the problems at the bank were systemic and no one person could be the single point of failure.

It has to be noted that the USA has only very rarely pursued an individual - and then almost never an American working for an American bank. This case and the very substantial financial penalty is a warning to all. In some countries, the admitted actions might have been considered criminal. The effect of the case may be to accellerate cases against individuals around the world - particularly in those jurisdictions which have introduced a personal liability / responsibility regime.

To put this into perspective - job after job after job in London for an Money Laundering Reporting Officer - the equivalent position to that held by LaFontaine, is advertised with the salary range GBP35,000 to 50,000 per annum. Given that there's about a 35% tax bill, so the net pay at the top of that scale is about USD50,000. So the penalty, if the USA were to drag a UK Money Laundering Reporting Officer there under the very one-sided extradition agreement surrendered by Tony Blair's government and not addressed since, is some nine years' net pay.

---------------- Advertising ----------------

World Money Lau...