Fed hits Deutsche Bank with $41 million AML penalty on lax staffing, monitoring

By Brian Monroe
June 1, 2017

The U.S. regulator with chief oversight of foreign banks operating in the United States penalized Germany’s largest bank $41 million for extensive financial crime compliance failings related to sparse staffing, a lack of cumulative expertise and faulty monitoring.

At the heart of the Federal Reserve action against the U.S. operations of Deutsche Bank was a weak and improperly tuned transaction monitoring system that allowed billions of dollars in suspicious transactions to flow through the operation over a four-year period.

The penalty, while not as high as other anti-money laundering (AML) and sanctions related fines hitting into the billion dollar ranges, is another costly reminder for institutions of the importance of creating strong controls across national borders and business lines, whether the unit is engaged in securities trading, wires, correspondent banking or other areas.

The Fed action also mirrors many of the issues highlighted in other penalties against foreign and domestic banks.

These recent actions have put a harsh light on AML programs that, as in the case of Deutsche Bank, lacked qualified compliance officers with the requisite expertise to create world class compliance programs, were short-staffed, and had subpar transaction monitoring systems.

The latest action follows a landmark penalty totaling more than $600 million against Deutsche Bank by regulators in New York and the UK. In the prior action, the New York Department of Financial Services (NYDFS) and the U.K.’s Financial Conduct Authority (FCA) issued penalties of $425 million and $204 million respectively for systemic failings at Deutsche Bank, chiefly tied to the laundering of some $10 billion out of Russia.

The modus operandi of the laundering occurred through a simple yet brutally effective securities scheme called “mirror trades” between 2011 and 2015.

The mirror trades typically involved a three-part system. In the first step, a trader in Russia put in a trade through Deutsche Bank’s Russian branch to buy Russian Blue Chip stocks. At roughly the same time, the same person or a co-conspirator used another company secretly owned by the group to place an order to sell the same amount of Russian stock through London.

Deutsche bank has had high-profile battles tied to its AML program, apart from the rapid fire formal regulatory settlements.

Earlier this year, the Wall Street Journal reported that the bank’s AML officer quit after only six months due to a staffing fracas. The top compliance cop reportedly requested approval for 600 new hires, but the bank balked, only acquiescing to 400 hires.

Overall, in the first quarter, the bank had estimated it need some $3.6 billion for legal provisions, so the penalty and upcoming remediation, though likely to soar into the tens of millions of dollars, will be easily absorbed.

The bank has also settled many of its largest probes, paying more than $7 billion in January tied to toxic mortgage-backed securities.

The most recent order also gives a glimpse of where federal regulators and focusing on in terms of compliance expectations.

In the Fed action, Deutsche Bank must ensure that international wires and cross-border funds transfers have “appropriate risk-based monitoring processes to identify improper payments messages,” beyond just automated sanctions screening to catch designated entities and ties to rogue regimes.

The action also noted that Deutsche Bank – and other banks writ large – should have detailed methods to craft, run, update and validate the transaction monitoring system and related rules, scenarios and thresholds.

The order highlights some of the key goals of AML monitoring systems including:

· Correspondent monitoring: Effective monitoring of customer accounts and transactions, through foreign correspondent accounts.

· Resource Appropriation, alerts:  Allocation of resources to manage alert and case inventory.

· Escalation station: Adequate escalation of information about potentially suspicious activity through appropriate levels of management.

· Documentation, decision making: Maintenance of sufficient documentation tied to investigation and analysis of potentially suspicious activity, including the resolution and escalation of concerns.

· Data mining: Maintenance of accurate and comprehensive customer and transactional data and ensuring that it is applied to the headquarter’s and the Branch’s compliance programs.

· Monitoring tune-ups: Controls to ensure that transaction monitoring systems and associated automated processes are subject to periodic reviews and timely updates.

The bank addressed the order in a short statement, stating it was “committed to implementing every remediation measure referenced in the Fed’s order and to meeting their expectations.”