Since December 2018, the Swiss Financial Market Supervisory Authority (FINMA) has taken a series of significant actions that stress its concern about compliance by Swiss financial institutions with anti-money laundering (AML) rules: issuing the revised FINMA Anti-Money Laundering Ordinance, which sets out due diligence requirements for fintech licensee institutions;[1] providing guidance on the application of Swiss AML rules to financial services providers with regard to blockchain technology;[2] and issuing a Risk Monitor that designated money laundering as one of the six principal risks identified for FINMA-supervised institutions.[3] Most recently, FINMA has imposed a number of measures and sanctions on a leading Swiss bank for serious failings in the bank’s AML program, including prohibiting the bank from conducting major acquisitions until it achieves full legal compliance with AML requirements.
On February 20, FINMA announced that it had concluded an investigation of Swiss bank Julius Baer. That investigation — which FINMA had begun in connection with alleged cases of corruption linked to Petróleos de Venezuela S.A. (PDVSA), a Venezuelan state-owned oil company, and FIFA, the world soccer federation — resulted in a finding that Julius Baer had “systematic failings to comply with due diligence under the Anti-Money Laundering Act as well as violations of AML reporting requirements.”[4] In particular, the investigation found that the bank “was in breach of obligations to combat money laundering and its duty to put in place an appropriate risk management policy, representing a serious infringement of financial market law.”[5]
FINMA stated that it arrived at its conclusion:
based on the sheer number of failings. Almost all of the 70 business relationships selected on a risk basis and the vast majority of the more than 150 sample transactions selected on the same basis showed irregularities. What is more, the offences spanned a period of several years, from 2009 to early 2018. FINMA also uncovered systematic failures in risk management at Julius Baer, which repeatedly failed to react to clear indications of possible money laundering risks or did not do so decisively enough.[6]
FINMA’s Findings
Know Your Customer Processes
FINMA first focused on what it described as defective know your customer (KYC) processes at the bank. It stated that Julius Baer “did not do enough to determine the identities of clients” and did not “establish the purpose or background of its business relationships.” Information contained in the bank’s KYC documentation “was either incomplete or ambiguous for the vast majority of the audited business relationships”:
For example, information was frequently missing as to how individual clients had come by their wealth, why they wanted to open an account with Julius Baer and what business they were planning to transact. Transactions were not properly monitored or were insufficiently queried, in a period in which Julius Baer was presumably seeing clear warning signs of money laundering activity.[7]
As an example of the bank’s defective processes, FINMA cited a CHF 70 million transaction that was carried out with respect to a large Venezuelan client in 2014 without the required investigations, even though the bank had learned that same year “that the client was facing accusations of corruption.” In 2017, the bank arranged a pass-through transaction involving several million U.S. dollars for the client without sufficient investigation. According to FINMA, the only information that the client provided “was that the money would serve to pay for advisory services, about which no further details were given.”[8]
Organization and Risk Culture
FINMA also extensively discussed what it characterized as Julius Baer’s “[i]nadequate organisation and risk culture.” It found “that organisational failings and misplaced incentives encouraged breaches of the legal obligations to combat money laundering,” as the bank’s remuneration system “focused almost exclusively on financial targets and paid scant regard to compliance and risk management goals.”
As an example, FINMA cited a case in which a client adviser handling Venezuelan clients in 2016 and 2017 “received bonuses and other remuneration in the millions, even though Julius Baer had reported a number of his clients, on the basis of investigations or suspected wrongdoing in connection with the PDVSA case, to the Money Laundering Reporting Office Switzerland (MROS).” Notwithstanding the bank’s reporting, in 2016 the client adviser received “a special bonus reserved for ‘top performers’” and even in 2017 had his bonus reduced by only 2.5 percent. Moreover, in both years that client advisor “received the highest total remuneration of his career at Julius Baer.”[9]
FINMA stressed, however, that the identified offences “were not confined to a single adviser.” It found that “[a]ll in all, Julius Baer had a poor compliance and risk culture in which legal obligations to combat money laundering were not given the required degree of importance.” It cited several examples of that inadequate culture:
- The manager in charge “did not check the explanations given by the client adviser regarding the background to transactions in many of the cases connected with Venezuela,” but left that task to the person’s assistants.
- “In some examples, money laundering risks were flagged and addressed by the appropriate departments but not properly acted on.”
- Although Julius Baer decided in 2016 that it would conduct an internal review of the PDVSA case, that review “was delayed for almost 17 months.”
- “Moreover, when FINMA questioned the bank over the extent of its business relationships that bore a connection with PDVSA at the start of the investigations, its responses were incomplete, which in itself represents a breach of its duty to provide information to the supervisory authority. Only in 2018 did Julius Baer put in place the long overdue operating and HR measures in respect of its Venezuelan business relationships.”[10]
FINMA took note of the fact that before and after the FINMA proceedings began, Julius Baer had implemented operating, structural, and human resources-related measures to improve AML mechanisms, “which should strengthen controls and the compliance culture.” It acknowledged that the bank’s current executive team “is resolutely pushing ahead with these measures.” Accordingly, FINMA stated that it simply required at this point “that these measures be fully implemented in the near future and that further action be taken to make sure the legal requirements to combat money laundering are observed effectively.”[11]
FINMA’s Choice of Sanctions Against Julius Baer
While it did not impose a financial penalty for Julius Baer’s AML failings, FINMA ordered that the bank take three additional measures:
- Put in place “a process for identifying those client advisers whose client portfolio carries a high money-laundering risk, for assessing the identified risks and for suitably containing them.”
- Make changes to its remuneration and disciplinary policy “so that incentives are no longer offered to generate the highest possible returns at the cost of unreasonable risk-taking or compliance failures.”
- Establish a Board committee specializing in conduct and compliance issues, “or set up a similarly effective mechanism.”
FINMA further took the extraordinary step of prohibiting Julius Baer “from conducting transactions such as major acquisitions that lead to a significant increase in operating risks (including but not limited to money laundering risk) or in its organisational complexity” until the bank “is once again fully compliant with the law.” It also stated that it would appoint an independent auditor for step-by-step monitoring of the bank’s implementation of internal measures — both the measures that the bank already introduced and the additional safeguards that FINMA imposed.[12]
Takeaways
This action by FINMA is more than just a confirmation that it is actively exercising its AML supervisory activities with regard to the effectiveness of Swiss financial institutions’ AML programs, and that it “will act firmly against all violations of AML rules.”[13] Although nowhere nearly as severe as the sanctions that U.S. regulators imposed on Wells Fargo for unsafe and unsound practices,[14] FINMA’s prohibition of Julius Baer from conducting major acquisitions until it achieves full legal compliance is a significant rebuke of the bank and its management. It also puts other Swiss banks on notice that FINMA is prepared, in appropriate circumstances, to impose Wells Fargo-type restrictions on growth in exercising its supervisory authority.
Because FINMA emphasized in this action that money laundering, “as a major risk to the Swiss financial services industry . . . remains a core part of its supervisory activities,”[15] other Swiss institutions should promptly put to use the findings and measures in the Julius Baer action in reviewing the adequacy of their own AML programs.
Footnotes
[1] See FINMA, Press Release, FinTech licence: FINMA sets out details of anti-money laundering due diligence requirements (Dec. 10, 2018), https://www.finma.ch/en/news/2018/12/20181210-mm-fintech-bewilligung/.
[2] See FINMA, Press Release, FINMA guidance: stringent approach to combating money laundering on the blockchain (Aug. 26, 2019), https://www.finma.ch/en/news/2019/08/20190826-mm-kryptogwg/.
[3] See FINMA, Press Release, New FINMA report: Risk Monitor (Dec. 10, 2019), https://www.finma.ch/en/news/2019/12/20191210-mm-risikomonitor/.
[4] FINMA, Press Release, Serious AML Failings at Julius Baer (Feb. 20, 2020), https://www.finma.ch/en/news/2020/02/20200220-mm-jb.
[5] Id.
[6] Id.
[7] Id.
[8] Id.
[9] Id.
[10] Id.
[11] Id.
[12] Id.
[13] Id.
[14] See, e.g., Wells Fargo Bank, N.A., No. 2018-026 (Office of the Comptroller of the Currency Apr. 20, 2018), https://www.occ.gov/static/enforcement-actions/ea2018-026.pdf (PDF: 100 KB) (imposing $500 million civil penalty); Press Release, Bd. of Governors of the Fed. Reserve Sys., Responding to Widespread Consumer Abuses and Compliance Breakdowns by Wells Fargo, Federal Reserve Restricts Wells’ Growth Until Firm Improves Governance and Controls. Concurrent with Fed Action, Wells to Replace Three Directors by April, One by Year End (Feb. 2, 2018), https://www.federalreserve.gov/newsevents/pressreleases/enforcement20180202a.htm (explaining the Federal Reserve Board prohibition on bank from growing any larger than its total asset size as of the end of 2017 until sufficient improvement of its governance and controls, and Wells Fargo removal of three of its directors).
[15] Press Release, FINMA, supra note 4.
Jonathan J. Rusch is Principal of DTG Risk & Compliance, a consulting firm specializing in corporate-compliance issues, and a Senior Fellow of the Program on Corporate Compliance and Enforcement at New York University School of Law.
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.