Sanction against Promontory, New York regulator sends warning to financial crime consultant industry

New York’s state financial regulator sharply criticized Promontory Financial Group LLC on Monday for its handling of a transactional review tied to Standard Chartered Plc’s possible dealings with blacklisted regimes like Iran, effectively blocking it from future work on certain projects.

The New York Department of Financial Services (DFS) stated the analysis by Promontory – a politically savvy and influential consulting firm replete with the former heads of regulatory agencies like the Securities Exchange Commission and Office of the Comptroller of the Currency – lacked independence. In response, the DFS cut off Promontory’s ability to access confidential reports required for client work until further notice. The regulator’s report can be found here.

The DFS report highlights the often nebulous, ill-defined boundaries of what is legal and ethical in the area of anti-money laundering (AML) and financial crime remediation engagements, where consultants are being paid by banks to uncover the depths of compliance deficiencies, but are constantly facing pressure to put the institution in the best possible light – or potentially lose a lucrative client.

After an “extensive, two-year investigation” and corresponding review of thousands of documents, the testimony of five current and two former Promontory employees and other submissions, DFS concluded the consultancy “exhibited a lack of independent judgment” in the preparation of certain reports to the department between 2010 and 2011 and that testimony of certain witnesses “lacked credibility.”

The action against Promontory, though, will no doubt reverberate through the banking and consulting circles, resulting in reviewers digging deeper, documenting findings more completely and critically and being more transparent about any changes between drafts and final reports, engagements taking longer and corresponding costs rising.

Sanction for Promontory puts ‘every consultant on defensive’

The outcome of the latest action against Promontory will likely result in AML consultants and related reports being more exacting and inflexible, with reviewers taking a harsher, more inclusive stance toward potential missteps, said Jeff Sklar, managing director of SHC Consulting Group in Bellmore, NY.

“They will assume every regulator wants to see what they are doing, so every ‘I’ will be dotted and every ‘T’ crossed,” he said, adding that will mean longer and more costly engagements. “Every consultant will be on the defensive to make sure their work papers and engagement letters are bulletproof.”

The DFS report noted that although Promontory stated in documents and company collateral that its work would be independent, objective and dispassionate and that it would only allow clients to change factual inaccuracies or style changes, such as a different font, it engaged in email communications that contradicted such ideals.

For example, one Senior Analyst wrote during Project Green, “[t]he most important thing is that we get to the end of the project without jeopardizing our relationship with [Standard Chartered Bank] as a whole.”

Standard Chartered paid $340 million in 2012 and installed a compliance monitor to settle charges it didn’t adequately review nearly 60,000 transactions worth upwards of $250 billion tied to Iranian and other entities, with the institution later paying an additional $300 million in 2014 after the monitor found more suspect actions.

DFS concerned banks command too much power over consultants

The action by DFS is the third fusillade against top tier consulting firms for their handling of remediation assignments tied to potential anti-money laundering (AML) and sanctions violations. The regulator in the last two years has penalized Deloitte $10 million and PwC $20 million for similar failings, with bans of one and two years respectively.

In the Deloitte action, the order also laid out reforms to be used a model for future work in the state, with DFS urging federal regulators to voluntarily follow. The reforms include disclosures of past work, a declaration of independence, anti-tampering provisions, detailing of any recommendations a bank chose not to adopt, allowing the consultant to speak privately with regulators and policies to protect confidential information.

In the PricewaterhouseCoopers action in 2014, it paid DFS $25 million and agreed to not engage in certain consulting work for two years due to sanitizing a report about sanctions filtering controls at Bank of Tokyo-Mitsubishi UFJ, which a year prior paid $250 million to the state tied to $100 billion in wire transfers tied to blacklisted regimes.

Looking at the past actions against several other consultancies and the Promontory order, the state regulator “was concerned it appears the client banks exercised too much authority and editorial oversight before the report was finalized and went to DFS,” said Michael McDonald, a South Fl.-based financial crime consultant and former IRS Criminal Investigation special agent.

The key issue at the heart of the action, and question on the minds of state examiners, is if the “bank is writing its own report” and getting a consultancy to put their label on it, he said, noting that would tarnish the independence and credibility of such a report, which is meant to impartial, forthright and fact-based.

After analyzing the report and the specific points highlighted by DFS, McDonald “didn’t see anything particularly alarming that changed the content or hid facts,” he said, adding that it’s not surprising a bank’s legal team would lobby to change words, terms and emphasis in key areas to hopefully put the institution in the best possible light.

“Given the same facts and circumstances, you can take a story and spin it any way you want,” McDonald said. “You can write the report one way that makes it look like there isn’t really anything wrong, but you can also write it in another way to get the company shut down.”

There is a natural give-and-take when creating reports tied to financial crime transactional lookback and other remediation assignments, he said.

Promontory accused of whitewashing language in reports to DFS

DFS stated in the report there were “numerous instances” where Promontory, of its own accord or at the direction of the bank, made changes to “soften” or “tone down” the language in the reports in a bid to “avoid additional questions from regulators, omit red flag terms or otherwise make the reports more favorable to the Bank.”

The regulator highlights several instances, where an unnamed senior analyst prodded Promontory to change the title of table from “missed terms” to something more “sterile.” The new, tamer language “failed to convey the fact that both of these types of transactions reflected failures of the Bank’s compliance systems.”

In another instance, related to potential sanctions violations, the bank’s counsel nudge Promontory to make the wording “more bland,” calling them “Categories identified in Amendment Analysis.”

In some cases, it’s not uncommon for a consultant to create a report, but bend slightly if the client asks to make minor changes, such as the order of certain individuals listed or points, or if there are factual inaccuracies, such as an incorrect name, date, title or address, McDonald said.

“That’s because those changes are not material,” he said. “Most of the time, in those instances, it’s form over substance. It’s not a substantive change and does not affect the results of the report or the content. But if a company asks for a change that makes the report factually inaccurate, I say no, that stays in.”

As a result of the latest action, the New York regulator may issue new requirements for consultants to keep original drafts available so they can compare what changes were made by client institutions, which could create more work for consulting operations large and small, lengthen engagement timeframes and increase costs.

Making the bank’s case ‘look better,’ a key motive

In other examples, the regulator noted Promontory reviewers tarried on a project that could have pushed regulators to ask for a larger sample size of transactions and that the consultancy chose timelines tied to sanctions filters that made it appear things were improving, when they were actually getting worse, a move to hide “painful information.”

DFS stated Promontory actively tried to advocate on behalf of the bank by trying to “soften the blow” in presenting negative figures and that another individual asked if a reworded statement “makes the bank’s case look better.”

When DFS presented these emails to the individuals who sent them, asking if they were trying to water down findings, the responses ranged from denial to one individual saying he thought “bland” meant “accurate.”

That DFS is focusing on emails also highlights how difficult it can be to discern “tone” in a quick, digital conversation, Sklar said.

“Do we take things out of context in an email? Yes,” he said. “It’s very hard to gauge tone when things are put down in a four sentence phrase in an email. It can be easy for any one of us to take things out of context. When viewed in hindsight, the interpretation by the reader may not have been the intention of the writer.”

One reason why AML remediation initiatives can be more easily picked apart by regulators is that there are “no technical standards” for the review, similar to what would be available in a formalized audit, Sklar said. He added that there are only the general AML program elements and an interagency exam manual, in conjunction with scattered and disparate guidance, to guide consulting firms.

In addition, the quality of AML programs – and later reviews by consulting firms, either during the independent test or in a remediation engagement – is very subjective depending on the regulator, Sklar said.

That has led to instances where, in one state, the program for a bank or MSB is “overkill, it’s so good,” but the same program viewed by another regulatory body is insufficient and slipshod, he said.

DFS report ‘willfully’ misconstrues Promontory work, emails

Promontory stated in a release Monday that its work with Standard Chartered between 2009 and 2011 met the “highest professional standards,” and it is also seeking a stay of the DFS order.

“We believe the department has willfully misconstrued our work based on a handful of emails taken out of context,” according to Promontory. “We will litigate the matter and defend our firm against this regulatory overreach. We stand behind the integrity of our professionals and the quality of our work, the accuracy of which the order does not dispute.”

Promontory reviewed approximately 131,000 Standard Chartered transactions from 2001 to 2007 totaling more than $590 billion. The two-year-long NYDFS investigation identified no substantive errors, according to the statement.

It’s also rare for a consultancy to say they will fight a federal or state regulatory order in court.

But with the communal acumen, reputation and political heft of Promontory, the upcoming legal wrangling is a matter of pride.

The key executives and board members “have reputations beyond reproach, so this is personal for them,” Sklar said. “So they have every right to disagree and fight this.”