New York’s state regulator Thursday penalized the world’s largest money transmitter $60 million for historical financial crime compliance failures and willfully ignoring fraudulent transactions involving China, a sliver of the nearly $600 million federal fine issued less than a year ago.

The New York State Department of Financial Services (NYDFS) stated it sanctioned Western Union for allowing a lax anti-money laundering (AML) program to linger and limp along for more than a decade, with rogue agents moving hundreds of millions of dollars tied to potentially illicit scams – aided by executives and managers covering their tracks and failing to report suspicious activity.

At its heart, these top Western Union officials chose profit over proper controls, shielding, lauding and even rewarding high volume agents in New York working with locations in China, other states and around the world for boosting the bottom line, all-the-while supporting foreign fraud schemes and possibly even human trafficking, according to the NYDFS.

The action is yet more evidence that the AML programs at financial institutions – banks, money services businesses and every entity in this rubric – must tacitly go beyond looking for classical red flags of money laundering, but must also look for fraudulent activity that could be harming their operations and customers.

“Western Union executives put profits ahead of the company’s responsibilities to detect and prevent money laundering and fraud, by choosing to maintain relationships with and failing to discipline obviously suspect, but highly profitable, agents,” said NYDFS Superintendent Maria Vullo, in a statement.

The state action mirrors federal momentum – and global efforts by countries and watchdog groups – exhorting financial institutions to converge their AML, fraud and cyber programs, in the end creating an agile, informed and interwoven compliance team.

The end goal: to create a virtual phalanx preventing all threats from all sources and detecting and reporting aberrant activities with depth, nuance and context.

As part of the settlement, the regulator is requiring Western Union to designate a “Compliance Point of Contact,” to give updates on overall remediation efforts and keep tabs on agents in New York filing the most suspicious activity reports (SARs).

Part of that effort will include requiring all agents to adhere to U.S. AML standards, including filing customer transaction reports (CTRs), a key criticism in the state action where agents – and even a compliance staffer – helped fraudsters structure wires to evade reporting requirements.

The remitter must also submit an improvement plan and update the state regulator every six months for the next two years.

NYDFS has also used its influence to capture more data on transactions far below the $5,000 SAR and $10,000 CTR thresholds, cognizant that part of the problem was Western Union agents allowing and in some cases coaching customers to evade reporting requirements by structuring transactions.

The order states that Western Union now must look for and report suspicious or potentially fraudulent transactions at $2,000 or more, significantly lower than the federal $5,000 SAR threshold, if they touch the United States, regardless of what country they originated or were received.

State penalty follows less than a year after federal DPA

The NYDFS action highlights many of the same issues cited in a prior federal settlement.

In January, Englewood, Colorado-based Western Union forfeited $586 million in a deferred prosecution agreement (DPA) with the U.S. Department of Justice, the Federal Trade Commission (FTC) and U.S. Attorney’s offices in Pennsylvania, California and Florida on charges of wire fraud and having a criminally threadbare AML program.

The action was the largest compliance-related penalty against an MSB.

The order also focuses on actions between 2004 and 2012, where Western Union violated U.S. AML laws and anti-fraud statutes by “processing hundreds of thousands of transactions for Western Union agents and others involved in an international consumer fraud scheme,” involving rogue agents and sub agents in and doing business with jurisdictions including Mexico, Latin America, the United Kingdom and China.

The schemes include those many have scene come in their email – like Nigerian Prince scams, false lotteries, romance scams, and others were customers are duped into wiring money in exchange for something they will never receive.

The DPA notes key gaps in the supervision and management of agents and subagents, including instances where Western Union’s analytics spotlighted problem actors with months or years of issues, but nothing was done in response.

The orders also note a failure for agents to actually visit sub agents in risky regions and determine, in person, if they are following protocols or are potential puppets for the criminally inclined. To read ACFCS coverage of the original DOJ penalty, please click here.

Remitter ‘willfully ignored’ improper conduct for NY, China agents

In the state action, NYDFS investigators concluded that several Western Union executives and managers “knew about or willfully ignored improper conduct involving ‘NY China Corridor agents,’” from 2004 to 2012 – in some cases even after the U.S. Department of Justice launched an investigation of agent activities.

Western Union also waited two years to reveal the probe to the NYDFS.

But the remitter should have been clued in to the aberrant activities due to the diminutive size of the agent locations.

The NY China Corridor agents include “a small business located in Lower Manhattan, one in Sunset Park, Brooklyn, and another in Flushing, Queens,” according to the order. “Despite their small size, these agents were some of Western Union’s largest agent locations in the world by transaction volume – and thus some of the most profitable for the company.”

The Lower Manhattan agent, a small travel agency that offered Western Union money transmission services, processed more than 447,000 transactions totaling more than $1.14 billion between 2004 and 2011, according to the regulator.

The Sunset Park location, a smaller business selling wireless cellphone services to consumers, and ostensibly offering Western Union money transmission services as a side business, processed more than 302,000 transactions, totaling more than $600 million, between 2005 and 2011.

But when state examiners looked more closely, many of those transactions bore hallmarks of classic structuring techniques.

“Almost all of the more than $1.7 billion transfers processed in this time period processed by the Lower Manhattan and Sunset Park agents were transmitted to China,” the regulator stated in the action, adding that according to federal law enforcement authorities, “at least 25 to 30 percent of these transactions showed indications of illegal structuring.”

Agent oversight a persistent problem for largest remitters

Agent oversight has been at the core of some of the largest financial crime compliance-related penalties against remitter industry heavyweights MoneyGram and Western Union.

In February of 2016, MoneyGram paid $13 million to settle an investigation by U.S. states stemming from customer complaints that scam artists duped them into wiring funds via the money transfer service.

That action followed prior problems tied to fraud and AML. In 2012, MoneyGram was hit with a $100 million monetary penalty by the US Department of Justice for widespread failings in its AML and fraud programs.

The key issue related to agents actively scamming individuals in “secret shopper” and other frauds and the company not terminating them, even though they knew about the problems, because these were also highly profitable agent portals.

That bled over into 2014, when FinCEN levied a $1 million individual penalty against Thomas Haider, who oversaw MoneyGram’s AML and fraud prevention program during a six-year period in which the money transfer service processed thousands of transactions for agents involved in fraud schemes.

Western Union has also not been spared major penalties tied to AML programs and agent actions, prior to the record action Thursday.

The company paid $94 million in 2010 to settle charges by investigators in Arizona and other states that it, and its agents, were not doing enough to stop human traffickers and drug gangs in the Southwest Border.

In face of investigations, compliance pariah now a partner

But in recent years, the penalties paid are only part of the total spend by Western Union to improve compliance practices.

The remitter detailed in a statement that compliance spending since 2012 has risen by hundreds of millions of dollars.

Over the past six years, Western Union increased overall compliance funding by more than 200 percent, currently spending some $200 million annually.

The result: more than 20 percent of the company’s workforce is currently dedicated to functions in the area of financial crime compliance, with more coming from law enforcement and regulatory backgrounds.

Part and parcel of the improvements are also focused outside compliance teams, adding more training for global agents, offering more education to consumers about potential scams and red flags and bolstering technology to better uncover potentially fraudulent transactions and illicit funds, according to a Western Union statement.

The conclusion of those efforts: a drop in in the dollar value of reported fraud tied to customer-based transactions by more than 60 percent.

“We share the New York Department of Financial Services’ goal of protecting consumers and the integrity of our global money transfer network,” the company said in a statement, adding that it has made “substantial improvements since then as part of our commitment to continually enhance our compliance programs.”