Enforcement actions for sanctions violations have been coming thick and fast in recent days. This week saw OFAC take action against a Brazilian institution, US regulators hit Germany’s largest bank with a substantial penalty, and ABN Amro runs afoul of authorities in the United Arab Emirates and Netherlands. Get caught up with key details and notable aspects of each of these cases in the penalty round-up below.
Deutsche Bank enters $258 million settlement agreement, fires six over stripping scheme to dodge US sanctions
Germany’s largest bank will pay state and federal regulators nearly $260 million to settle allegations it violated US sanctions policies by engaging in transactions with blacklisted regimes, including Iran, Sudan and Libya.
Under the $258 million settlement with the New York Department of Financial Services (DFS) and the US Federal Reserve, Deutsche Bank will terminate six people, block three others from any work with ties to US operations and be required to install an independent corporate monitor. The dismissals involve two managing directors, two vice presidents and two directors.
The Frankfurt-based bank, with more than $2 trillion in assets, processed nearly $11 billion through New York between 1999 and 2006 for the benefit of several designated regimes, including Iran, Sudan, Libya, Syria and Burma, according to penalty documents. The bank was able to move the funds by “stripping” out wire information mentioning the blacklisted entities or countries.
The Federal Reserve order also noted that the bank did not react in a “timely manner” to requests for information on potential compliance and sanctions violations. In addition, the Federal Reserve is prohibiting Deutsche Bank from re-employing the individuals involved in the past actions or retaining them as consultants or contractors.
Deutsche Bank has agreed to cooperate in the investigations of former individuals who may have been involved in the conduct underlying the enforcement action, but is not the subject of these investigations.
In a separate, DFS order, it revealed that Deutsche bank had created what it called an “OFAC-Safe” payment processing scheme to evade OFAC sanctions.
For example, the state regulator highlighted one email that illustrated the depth of violations.
The Deutsche Bank employee email stated: “Let’s not revert to the client in writing due to the reputational risk involved if the e-mail goes to wrong places. Someone should call [the client] and tell them orally and ensure that the conversation is not taped. . . . Let’s also keep this e-mail strictly on a ‘need-know’ basis, no need to spread the news…what we do under OFAC scenarios”
The overall $258 million penalty Deutsche Bank will pay includes $200 million to the New York State Department of Financial Services (NYDFS) and $58 million to the Federal Reserve.
The bank instructed customers to make sure to mention certain code words so their transactions would get “special attention,” and the bank even created a training manual to strip out transactions or change cover payment messages.
Customers, in turn, included notes in free-text fields of SWIFT messages such as “Please do not mention our bank’s name or SWIFT code in any msg sent via USA,” “PLS DON’T MENTION THE NAME OF BANK SADERAT IRAN OR IRAN IN USA,” or “THE NAME BANK MELLI OR MARKAZI SHOULD NOT BE MENTIONED . . . IMPORTANT: NO IRANIAN NAMES TO BE MENTIONED WHEN MAKING PAYMENT TO NEW YORK.”
The state regulator also noted that the practice of non-transparent payment processing was “not isolated or limited to a specific relationship manager or small group of staff.”
Rather, the illicit actions were employed by bank employees in many overseas offices, in different business divisions, and with various levels of seniority were actively involved or knew about it.
In addition, “some evidence indicates that at least one member of the Bank’s Management Board was kept apprised about and approved of the Bank’s business dealings with customers subject to U.S. sanctions,” according to the DFS.
Banco do Brasil, S.A., New York (BBNY) penalized for exception list errors
The bank paid OFAC $139,500 to settle charges of seven apparent violations of Iranian transactions regulations due to manually adding the name of a company, Isfahan Internacional Importadora Ltda, to its “Good Guy Exception List,” in June 2010 to prevent its interdiction software from generating alerts on an ongoing basis. The term Isfahan is also the name of a location in Iran.
Even so, although Isfahan’s line-of-business included the importation of carpets from various countries to Brazil, the company verbally assured the bank it did not export products to or import products from Iran, which made the bank feel comfortable enough to exempt the entity from its automated sanctions filtering.
This is the second time in less than a month OFAC has issued a violation order tied to the proper maintenance of sanctions exceptions lists. To read prior coverage in ACFCS, please click here.
The problems for the bank started between October 22, 2010 and February 11, 2011, when BBNY processed three funds transfers totaling $70,244.61 originated by Isfahan’s account at BB-Brazil and destined for a third-country beneficiary’s account at multiple third-country financial institutions.
Although “BBNY later determined that these funds transfers, in part, constituted payments for Iranian origin goods, BBNY did not stop the funds transfers for manual review because its payment system cleared the alert against the phrase ‘Isfahan’ due to the originator’s inclusion on the ‘Good Guy Exception List.’”
In another instance, the bank requested supporting documentation from its parent operation, receiving an invoice and bill of lading, but deemed the report of “poor quality,” in October 2011 and thus concluded the document didn’t mention Iran.
In addition, despite receiving information from a U.S. intermediary financial institution that it had rejected the October 24, 2011 funds transfer because it involved Iran, BBNY processed an additional three funds transfers totaling $94,714.28 between November 14, 2011 and June 4, 2012 that involved Isfahan and payments for Iranian-origin goods.
That lax investigation later caused problems for compliance staff.
In responses to OFAC, the bank stated that two of its OFAC analysts and a Senior Compliance Officer relied on the investigation the bank conducted in connection with the October 24, 2011 funds transfer (including their interpretation that the invoice did not reference Iran despite its poor quality) and released the funds transfer without requesting any additional information.”
In another occurrence, two BBNY Compliance Department employees released the funds transfer after determining it had been stopped solely due to the word “Isfahan” and likewise did not request any additional information.
OFAC has determined that BBNY did not voluntarily self-disclose the apparent violations and that the apparent violations constitute a non-egregious case. The total base penalty amount for the apparent violations was $310,000.
OFAC found the following to be aggravating factors in this case: several BBNY employees “failed to exercise a minimal degree of caution or care with regard to the conduct that led to the apparent violations, including reliance on a partially illegible invoice to assess sanctions compliance.
As well, staff-level BBNY personnel and/or a BBNY senior compliance cfficer knew of the conduct that led to two of the apparent violations, and had reason to know that the BB-Brazil’s customer might process additional transactions in apparent violation of sanctions rules.
Conversely, OFAC considered the following to be mitigating factors: BBNY had not previously received a penalty notice or Finding of Violation from OFAC. It also took appropriate remedial action in response to the apparent violations and substantially cooperated with OFAC during the course of the investigation, including by identifying four of the apparent violations.
OFAC, in a bit of guidance, noted that the enforcement action “highlights the risks associated with failing to review multiple OFAC warnings signs with respect to a particular customer – including transactions blocked or rejected by other financial institutions specifically due to OFAC sanctions – as well as the risks posed by relying on incomplete or inaccurate information when assessing a potential OFAC alert or match.”
ABN Amro hit with regulatory action in Dubai and Netherlands for AML, sanctions shortcomings
The Dutch bank, which already in the mid-2000s paid US regulators and investigators tens of millions of dollars for dealing with sanctioned regimes, has been fined this time more than 1 million euros in two different jurisdictions for “serious shortcomings” in procedures to prevent money laundering at its private banking branch in Dubai, called the DIFC branch. You can read a copy of the order here.
The bank announced Wednesday it has been fined 625,000 euros, or $682,000, by the Dutch central bank and a further $640,000 by the Dubai Financial Services Authority (DFSA), a worrisome move evincing that global regulators may be following the lead of aggressive tactics employed in the United States and United Kingdom.
The regulators had found “serious shortcomings in the client acceptance and risk management processes, aimed at preventing money laundering” at the Dubai operations of the bank.
The regulators also pointed to “shortcomings” in oversight by ABN Amro’s head office of its Dubai branch, adding that the penalty in Dubai could have been as high as $1 million. The problems were “widespread” and exposed its business to “a high risk of financial crime and money laundering.”
The DFSA found that, over the period from 1 January 2013 to 31 December 2014, ABN “contravened a number of DFSA’s Rules requiring it to implement appropriate safeguards to prevent opportunities for money laundering.”
ABN brought the contraventions to the DFSA’s attention “after the firm received internal whistle-blower complaints concerning the operation of its Private Banking International business line in the DIFC (PBI).”
In response to the complaints, ABN initiated an internal investigation which revealed that certain of its staff, within the DIFC branch, had engaged in practices that breached ABN’s own policies and DFSA administered laws and Rules including that it did not:
- Ensure that its anti-money laundering (AML) related systems and controls operated effectively;
- Monitor and supervise the activities of all its PBI employees and ensure that they were adequately trained, understood and adhered to ABN’s AML policies and procedures;
- Undertake adequate risk based assessments of every customer or conduct adequate customer due diligence (CDD) for many of its clients; and
- Undertake adequate transaction monitoring of client accounts.