The nearly $1.5 billion penalty against a German Bank for extensive financial crime violations is notable for more than just the heft of the settlement and tight turnaround timeframes.
The enforcement action is also significant as it shows distrust in the institution’s leadership, holding the chief executive accountable for progress.
That stratagem is a yet unprecedented move by government officials in a high-stakes bid to pressure a monolithic banking group to improve the tone at the top of its compliance hierarchy and ensure that message is felt in the organization’s most distant nerve endings and reverberates out into the broader universe of banks comprising the international financial system.
The multijurisdictional $1.45 billion deferred prosecution agreement (DPA) between state and federal regulators, investigators and Frankfurt-based Commerzbank centers on the institution’s decision to do business with blacklisted entities and regimes and a large Japanese optics company, Olympus, which was engaged in a massive accounting fraud.
The bank chose to continue doing business with these potentially illicit entities in many instances even after internal staff members stated such practices could be illegal and external investigators stated the bank could be breaching US Treasury rules by “stripping” incriminating wire information tied to Iran and Sudan so they could pass through sanctions filters at the New York branch.
As part of the settlement, the government installed a corporate monitor that will report on the progress to adhere to the DPA every 90 days and additional requirements that the bank and monitor report any stumbles immediately. US officials are also requiring a personal signature from the bank’s chief executive that the required improvements are in place.
The resolution is “kind of schizophrenic,” said Michael Volkov, a former federal prosecutor now head of a Washington, D.C.-based boutique law firm specializing in compliance and civil and criminal investigations.
The various tenets are “the toughest I have ever seen” in a sanctions and AML compliance-related DPA, even though there have been larger penalties in past agreements, he said. “The government is clearly frustrated and bothered by the culture of compliance at the bank and there is a distrust” the bank will not be able to fulfill its obligations to improve controls and uncover missed activity.
“The government is saying, yes, we will give you the DPA and you don’t have to plead guilty and no one is charging individuals, but when you read it, some of the terms in the agreement are unprecedented,” Volkov said, pointing to fact that government officials not only required a monitor, but that the person must report on progress every 90 days for three years.
Prior settlements have not, as in the case of Commerzbank, required the CEO to sign an “original signature,” not a copy or rubber stamp, “attesting to the fact that all of the compliance improvements have been made,” Volkov said. “The government also requires that if the bank finds another violation, the government must be informed. It’s not discretionary.”
The settlement with Commerzbank is just the latest massive penalty action against a large foreign bank for “stripping” violations since 2009, numbering now more than a half dozen and including household name operations in the biggest financial centers around the globe.
In June, France’s largest bank, BNP Paribas, paid a record nearly $9 billion penalty and had to plead guilty, an extreme measure, for knowingly stripping interbank data out of wires tied to regimes including Iran and Sudan, even after investigators warned the institution it was being formally investigated for such practices.
The bank’s penalty was so massive because it blithely continued its activities when investigators requested it to cease, and was not forthright in responding to information requests. Other banks that have been penalized for similar missteps include ING Bank, Barclays, Royal Bank of Scotland, Standard Chartered and Lloyds. A $1.9 billion penalty against HSBC also included such activities.
For Commerzbank, the overall $1.45 billion penalty includes $610 million to the Department of Financial Services (DFS); $300 million to the US Attorney’s Office for the Southern District of New York; $200 million to the Federal Reserve; $172 million to the Manhattan District Attorney’s Office and $172 million to the US Department of Justice.
Creatively evading sanctions, thwarting AML controls
Federal investigators state that from 2002 to as late as 2008, Commerzbank used a plethora of measures to evade sanctions controls at its New York branch, including stripping out information involved in more than 60,000 US dollar clearing transactions valued at roughly $250 billion on behalf of Iranian and Sudanese entities.
Beyond that, the bank, with operations in 50 countries and assets of more than $580 billion, intentionally sabotaged its own anti-money laundering (AML) transaction monitoring systems to facilitate “numerous payments” worth $1.6 billion through the New York branch tied to a wide-ranging accounting fraud by Olympus, which was used to hide “hundreds of millions of dollars in losses” from accountants and auditors.
To disguise transactions tied to Iran and Sudan, foreign branches would often use amorphous and non-transparent SWIFT payment messages hiding the identity of the remitter or beneficiary, with the result being that the New York operation’s compliance controls were hamstrung and “ineffective” with “fewer alerts of red flags raised than would have been if full information had been shared.”
The New York staff, thusly, didn’t have access to the customer information needed to investigate the alerts trigged by the transaction monitoring or filtering systems, but when they requested further details from foreign bank officers, they were rebuffed or ignored for months or gave “inadequate or insufficient responses,” according to settlement documents.
New York staff attempted to clear alerts with “perfunctory” open source Internet searches.
Tug of war between compliance, business side
The degree and level of tension between the compliance staff in the New York operation and the higher ranking executive and business line officials is “very common in multinational banks everywhere, including in US banks,” said Ross Delston, a Washington, DC-based attorney and AML compliance specialist.
But, in a change from recent years, there is an “increasing understanding that the business side is not going to get its way 100 percent of the time,” he said. “One of the lessons from recent enforcement actions, and not just Commerzbank, is banks that allow the business side to overrule the compliance side are cruising for a smack down.”
Moreover, any top officials making those decisions to eschew compliance controls and protestations could find themselves fired, named in enforcement actions and possibly sanctioned themselves, Delston said, noting that a recent high-profile penalty action centered on a former compliance officer at MoneyGram.
“No one is safe,” he said. “The obvious next step for regulators would be to not just go after the chief compliance officers, but also go after senior management. I could see a regulator looking at an egregious situation and say that senior management knew or should have known what was going on and therefore will be held liable.”
System tuned to lower, not generate, suspicious alerts
In one interview with investigating agents, an unnamed New York-based vice president in compliance who work with transaction monitoring tuning and alert threshold management said the system, the thresholds were not fully driven by identifying suspicious activity, but were calibrated to not generate “too many alerts.”
The settlement states that both the head of regional compliance for Commerzbank’s New York branch and the head of AML compliance pressured staffers to tweak transaction systems to generate fewer alerts.
The case also displays the tensions in compliance and other parts of the bank, and at some points, the no-win situations financial crime officers can be put into, Volkov said.
For the New York staff trying to get more information on amorphous entities and transactions, they had little recourse in the bank, but to make career-threatening decisions and break ranks, going directly to the CEO, board of directors, US regulators or investigators or, lastly, to “speak with their feet and go to another company where the culture is better,” he said.
Part and parcel of not creating alerts of tripping filtering systems was the creation of a “special team of employees to manually process Iranian transactions” to strip incriminating wire data and evade controls required by the US Treasury’s Office of Foreign Assets Control.
The bank “circulated both formal written instructions and informal guidance via email directing lower-level staff to strip information that could identify sanctioned parties from wire messages before sending the payment messages to U.S. clearing banks,” according to investigators.
Bank displayed an ‘institutional reluctance’ to comply with US laws
In reading the settlement documents, it is clear there was a sense that “because of their stature, it wouldn’t come to this,” said John Wood, president of the Atlanta-based Playfair Group, an AML consultancy. “There was an institutionalized reluctance to follow US sanctions rules, and belief that US sanctions rules would get in the way of business.”
The reality of the situation is that the bank had “legacy relationships” with sanctioned regimes and entities that they didn’t feel they had to let go, he said.
“They are a very big and influential bank, especially in the EU, so they felt that due to their history and geography,” the bank could continue to bank rogue regimes and be far enough from US jurisdiction to get caught or penalized.
Moreover, as other banks shied away from Sudan, Commerzbank saw an opportunity to boost profits.
From at least 2002 to 2006, the bank “maintained US dollar accounts for as many as 17 Sudanese banks, including five [specially designated nationals], and processed approximately 1,800 U.S. dollar transactions valued at more than $224 million through the U.S. using non-transparent methods for these clients and other Sudanese entities.”
Even after so many settlements, however, institutions shouldn’t feel they are at the end and in the clear, Wood said.
“This is only the beginning of a new round of multi-billion dollar penalties,” he said, adding that there are likely still banks in Asia, the Middle East and other regions still willing to do business with designated groups in Iran, Iraq and Syria and other off limits jurisdictions. “One person’s sanction is another person’s opportunity.”
For instance, when certain Iranian sanctions were first put in place in the early 2010s, there “were Turkish banks charging a special premium for Iranians to handle their transactions,” Wood said. “They will do business and let them access the international financial system, and hide that, for a 25 percent premium on the individual transactions.”
There are still financial institutions helping in illicit oil and other types of transactions on behalf of Iran, including China, South Korea, Japan and others, such as Cyprus and Turkey, that could be “playing all sides,” for a profit, he said.
More naming, shaming and penalties coming for senior decision makers
The settlement orders note that while many of the employees involved are no longer at the bank, including the head of AML, fraud and sanctions at the New York, federal officials are requiring the termination of at least four employees who “played central roles” in the conduct.
The action calls for the firing of a relationship manager, a staff member in interest, currency and liquidity and two members in the cash management and international business department.
Those firings should not be surprising as the bank displayed a “cavalier attitude” in terms of sanctions compliance, in some cases “not just having one way to evade sanctions,” he said. “If one way didn’t work, they actively promoted and used different techniques to be able to continue the scheme. These guys were out of control. This was a systemic breakdown.”
It’s also rare that, in these agreements, individuals, or their positions, at the bank are named and those persons be required to be fired, Volkov said, a decision giving a glimpse of what is to come in future settlements.
“There are going to be more of these settlements and government investigators are looking to go after individuals, they are just looking for the right set of facts and the bank where they can get the biggest bang for their buck,” he said.
“More importantly, you could see current banks under settlements get more sanctions, penalties or their DPAs extended if they don’t get their act together.”