Daily Briefing: New DOJ corp. compliance guidance talks tone, culture, crypto shadow bank, and more
Thursday, May 2, 2019
Posted by: Brian Monroe
By Brian Monroe
May 2, 2019
Quote of the Day: “I hear, I know. I see, I remember. I do, I understand.” – Confucius
In today’s ACFCS Fincrime Briefing, DOJ updates corporate compliance guidance, focusing on effectiveness, results, U.S. takes down crypto exchange ‘shadow bank,’ and more.
Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.
Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!
New DOJ guidance on corporate compliance programs shifts focus to ‘effectiveness,’ including executive-level culture, tone, training, tip lines
The U.S. Department of Justice has updated guidance related to what is expected of corporate and financial crime compliance programs to gain credit when failings occur – a key shift toward the effectiveness of company efforts, rather than just having detailed policies and procedures.
The guidance, which applies to the whole of the department’s Criminal Division, including corporate and banking compliance settlements, builds on 2017 guidelines, which included a list of sample topics and questions for prosecutors to calculate when deciding if a company has demonstrated a true commitment to compliance and should get credit in a corporate settlement.
The guidance document sets “forth topics that the Criminal Division has frequently found relevant in evaluating a corporate compliance program, organizing them around three overarching questions that prosecutors ask in evaluating compliance programs: First, is the program well-designed? Second, is the program effectively implemented? And, third, does the compliance program actually work in practice?
The guidance is laid out in three parts:
· Part I – Risk assessments, training tip lines: Discusses various hallmarks of a well-designed compliance program relating to risk assessment, company policies and procedures, training and communications, confidential reporting structure and investigation process, third-party management, and mergers and acquisitions.
· Part II – Effectiveness, tone at the top, resources: Details features of effective implementation of a compliance program, including commitment by senior and middle management, autonomy and resources, and incentives and disciplinary measures.
· Part III – Effectiveness in action, failings, remediation: Analyzes metrics of whether a compliance program is in fact operating effectively, exploring a program’s capacity for continuous improvement, periodic testing, and review, investigation of misconduct, and analysis and remediation of underlying misconduct.
In October, Benczkowski issued separate guidance that was widely viewed as potentially curtailing a long-running practice of settlement agreements requiring companies to hire outside monitors to ensure their compliance with federal laws, an on-the-ground sentinel that reports progress directly to federal prosecutors.
That guidance, urging prosecutors to consider the “projected costs and burdens” of such an outside monitor, typically a highly-respected, but very expensive, compliance professional, directed Justice Department lawyers to take stock of a company’s compliance program at the time of a settlement, (via DOJ). To read the full press release, click here. For more coverage, click here and here.
This move mirrors what is occurring at federal and state regulator levels and, more broadly, follows recommendations set out by global financial crime compliance watchdog body, the Paris-based Financial Action Task Force (FATF).
This guidance makes it clear that simply through warm bodies at compliance, or having reams of policies and procedures – while allowing the business lines to override compliance concerns – simply won’t cut it any more.
In recent exam cycles, federal examiners have cited banks, and penalized them, for a lack of a “culture of compliance” and a weak “tone at the top,” where compliance officers were not given authority, independence and final say on what risks a bank can mitigate effectively.
DOJ appears to be following some of these sentiments, wanting to see that compliance programs are staffed with adequate resources, expertise and that professionals in this capacity also have an emergency, last ditch option to get outside help in the form of clear and confidential whistleblower lines.
Now, if this sounds expensive, and if you imagine some corporates collectively groaning at this guidance, you are right. But there is a very powerful potential upside: if a bank aggressively invests in compliance on the front end, and has an overall effective program, whatever criminal failings DOJ could nail them for may end up not as a penalty at all – due to investigators and prosecutors giving credit for the full depth and breadth of effective compliance practices.
Federal investigators take down ‘shadow bank’ that illegally helped move hundreds of millions of dollars for crypto exchanges, skirting AML rules
Federal prosecutors this week brought charges against two individuals for acting as a “shadow bank” that investigators say helped process hundreds of millions of dollars worth of transactions for cryptocurrency exchanges, skirting anti-money laundering rules.
In court documents, the U.S. Attorney’s Office for the Southern District of New York charged Reginald Fowler, 60, of Arizona, with bank fraud and operating as an unlicensed money transmitting business, and also unsealed bank fraud charges against an Israeli woman, Ravid Yosef. Fowler has been arrested, but Yosef currently remains at large.
The two “worked for several related companies that provided fiat-currency banking services to various cryptocurrency exchanges” making “numerous false and misleading statements to banks to open bank accounts that were used to receive deposits from individuals purchasing cryptocurrency.”
The pair “falsified electronic wire payment instructions to conceal the true nature of a voluminous cryptocurrency exchange business,” according to federal prosecutors.
The pair “ran a shadow bank that processed hundreds of millions of dollars of unregulated transactions on behalf of numerous cryptocurrency exchanges,” said U.S. Attorney Geoffrey Berman in a statement.
Their organization allegedly “skirted the anti-money laundering safeguards required of licensed institutions that ensure the U.S. financial system is not used for criminal purposes, and did so through lies and deceit.”
Investigators also say that though one of the exchanges touted anti-money laundering (AML) know-your-customer (KYC) processes, those didn’t extend to operations where Fowler and Yosef were involved.
Although the unnamed exchange-1 “advertised itself as providing required ‘know your customer’ and anti-money laundering verification services in connection with Exchange-1’s platform, this was false with respect to the shadow banking services provided by” the pair, according to court documents, (via DOJ). For additional coverage, click here.
Expect to see more actions like this as a plethora of government agencies are aggressively following illicit financial flows, particularly when they intersect virtual worlds.
Agencies including DOJ, IRS Criminal Investigations and several joint task forces have made it a priority to see what crypto exchanges are moving value, where they are touching the formal banking sector and how those firms are reviewing transactions and querying and risk assessing customers.
Obviously, due to resource constraints, these groups won’t find every operation engaging in the scheme described here, but when the funds start reaching into the millions, then tens of millions then hundreds of millions of dollars, expect that to start getting the attention of federal investigators.
Similarly, many small, medium and large banks have been primed to ask more questions of their customers in an attempt to ferret out when individuals and companies are acting as pseudo virtual currency exchanges.
So while it’s unclear in this action, investigators may have been tipped off to this scheme by bank AML officers who noticed the aberrant activity or didn’t like what the duo told them, leading to suspicious activity reports with a hot button term: unlicensed crypto exchange.
U.S. judge orders Chinese banks to hand over North Korea records
A U.S district judge has ordered three Chinese banks to comply with U.S. investigators’ demands that they hand over records connected to the alleged movement of tens of millions of dollars in violation of international sanctions on North Korea.
In a heavily redacted court opinion released by the U.S. Justice Department on Tuesday and dated March 18, Beryl Howell, Washington D.C.’s chief federal district judge, said the subpoenas were for records of dealings between a now-defunct Hong Kong-based front company and a North Korean state-run entity.
The publicly released court document did not name the banks, the Hong Kong company, or the North Korean entity. It said the front company was established by a North Korean national and a Chinese individual, who were also not named.
It said the Chinese government had ownership stakes in all three of the banks, the first two of which have branches in the United States.
The subpoenas were issued in December 2017 as part of a U.S. investigation into violations of sanctions targeting North Korea’s nuclear weapons programme, including money laundering and contravention of the U.S. Bank Secrecy Act.
According to the court document, the subpoenas demanded a wide range of bank records dating back to January 2012, (via Reuters).
On the AML front, federal investigators and regulators have made the financial crime compliance programs, and sanctions programs, of Chinese banks a major priority in recent years, with a host of formal actions and penalties against Asian institutions for broad failings in these areas.
But for every Chinese bank that finally complies, there are still likely many others that think the long arm of the U.S. will not be able to impact their affairs – so they just ignore them, as in the case here.
What they are not counting on, however, is that the U.S. will simply not take no for answer when it comes to a lack of compliance that could be a conduit for rogue regimes like North Korea to evade ever more aggressive sanctions programs.
So where could this go? If the banks comply, they could only be faced with formal orders and penalties for OFAC violations. Not fun, yes, but not nearly as bad as what could happen, as the U.S. has a very powerful bullet in the chamber.
What is this mystery caliber? For a bank that simply refuses to answer the U.S. or stop doing business with North Korea, the U.S. could designate that operation a “Primary Money Laundering Concern.”
That would effectively shut it out of the U.S. financial system – and even much of the international financial system as correspondent banks will dutifully drop ties to the operation if they are also linked with the United States.
If that sounds like a hardline stance, consider the current saber rattling going on the economic and trade front between the U.S. and China and such a draconian directive doesn’t seem so far-fetched, a move that could also be used as fulcrum and leverage to extract concessions from China.
In wake of EBA decision to halt Danske Bank laundering probe top lawmaker calls for stronger EU fincrime, compliance legislation
The European Commission’s top policymaker for the financial services sector has called for the EU to adopt new legislation in response to a decision earlier this month to close a bloc-wide investigation into the supervision of Danske Bank, the Financial Times reported.
The European Banking Authority (EBA) voted on 16 April to reject an internal report that identified four breaches of EU law by Danish and Estonian supervisory authorities related to their oversight of the bank, which is accused of being a conduit for €200 billion in suspicious transaction linked to a Russian money laundering scheme, the newspaper said.
The 45-page draft report cited “significant shortcomings” in the coordination by the two financial supervisors, insufficient policing of Danske Bank’s due diligence controls and inadequate reviews of the institution’s governance arrangements, according to the news outlet, which obtained a copy of the rejected report.
“It is disappointing that the board of supervisors of the EBA did not act on one of the biggest money-laundering scandals in Europe,” European Commission Vice President Valdis Dombrovskis told the Financial Times. The rejection of the report underlines the need to pass new legislation that would “transform” how the EBA takes such decisions, he said.
Under legislation adopted by the European Parliament in April, the EBA could soon be empowered to take on a stronger role in preventing money laundering in the economic bloc, including by conducting peer reviews of the supervisory authorities of member-states and recommending specific enforcement actions to national governments, (via KYC360).
The EBA’s decision could have further aftershocks as other EU officials and lawmakers react and put further pressure on the watchdog body to more aggressively dig into Danske bank, but also more broadly make changes to the way it oversees bloc-wide bank anti-money laundering programs and the regulators that are supposed to be policing them.
Currently, the Danske Bank scandal has roiled Europe and caused acrimony, recriminations and finger pointing at regulators in a bevy of jurisdictions, including Estonia, Sweden, Denmark and even the United States. Many regulators are pointing at the other regulator to say it was their fault.
Many pundits and prognosticators expected one, or several, EU banking supervisory bodies to hand down its own punitive measures, or at the very least, a detailed analysis on what foreign regulators failed to do and a path to stronger AML oversight.
With the EBA not yet deciding to throw down the gauntlet, expect internal and external watchdogs, journalists and counter-corruption campaigners to take up the mantle.
The potential result: Europe is going to have to make some strong statements against the Danske Bank scandal, provide a roadmap to improve current practices that allowed it to happen, and detail stronger regulations, enforcement and oversight practices to set a new tone in and out of the bloc.