Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading
On December 20, 2017, President Trump issued a new Executive Order (EO) targeting corruption and human rights abuses around the world.
The EO implements last year’s Global Magnitsky Human Rights Accountability Act (the Global Magnitsky Act), which authorized the president to impose sanctions against human rights abusers and those who facilitate government corruption. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC), which will administer the EO, also added 15 individuals and 37 entities to its Specially Designated Nationals and Blocked Persons List (SDN List). Continue reading
Treasury’s Financial Crimes Enforcement Network (“FinCEN”) recently announced the creation of the FinCEN Exchange, a new voluntary platform to facilitate information sharing between the government and industry on topics related to anti–money laundering (“AML”) and other financial crime issues. The program represents a significant step forward on two related priority areas for FinCEN: information sharing and public-private partnerships. Continue reading
In August 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission released the results of its second Cybersecurity Initiative, which examined cybersecurity-related preparedness and implementation efforts by 75 regulated financial entities. The resulting OCIE Risk Alert depicts an industry demonstrating heightened sensitivity to cyber risks, but also experiencing gaps between policy ambition and day-to-day execution, and confronting growing pains associated with accelerated change, including the introduction of significant new policies and procedures that may lack focus or consistent implementation. While the Risk Alert directly addresses the cybersecurity procedures of broker-dealers, investment advisers, and other SEC-regulated entities, companies in all industries should consider assessing their practices with respect to the issues highlighted by the SEC. Continue reading
By Robert W. Werner
The compliance infrastructure for managing financial crime risk at financial institutions is intended to be based on utilizing a risk-based, rather than rule-based, approach. A risk-based approach seeks to allocate resources commensurate with varying risk levels, reflecting the fact that financial institutions cannot eliminate all the risk of illicit activity occurring within an institution without completely shutting down all of its business. To optimize compliance, financial institutions must balance the need to provide legitimate and critical financial services and products with appropriate controls designed to mitigate the financial crime risk associated with those services and products to appropriate levels.
Where activity would violate law or regulation, the calculus is easy because the activity is simply prohibited. However, most legitimate activity will necessarily allow for some level of risk that it may be abused by criminals to facilitate illicit conduct or to exploit products and services for illicit purposes. Arriving at the right balance within this context requires an understanding of the risks, what level of controls can reasonably be put in place to mitigate that risk, and then making judgments based on an institution’s tolerance for reputational, regulatory and operational risk, about whether to engage in the activity. This last element, the exercise of judgment, must be arrived at within the framework of an institution’s risk appetite statement. Continue reading
On May 4, 2017, the U.S. Attorney’s Office for the Southern District of New York (“SDNY”) and the Financial Crimes Enforcement Network (“FinCEN”) announced the settlement of civil claims brought under the Bank Secrecy Act (“BSA”) against the former Chief Compliance Officer of MoneyGram International, Inc. (“MoneyGram”), Thomas Haider, stemming from MoneyGram’s failure to implement and maintain an effective anti-money laundering (“AML”) program or to timely file suspicious activity reports (“SARs”). The settlement represented the resolution of the first-ever suit filed by the federal government against an individual compliance officer in the finance industry, and is likely to add fuel to increasing anxiety regarding the Department of Justice’s (“DOJ”) willingness to hold corporate executives liable for compliance failings. Continue reading
by Daniel Alter
The Enforcement Action:
On September 8, 2016, the U.S. Consumer Financial Protection Bureau (“CFPB”), the U.S. Comptroller of the Currency (“OCC”), and the Los Angeles City Attorney (“LACA”) announced that they had settled regulatory enforcement and consumer protection actions against Wells Fargo Bank, NA (“Wells Fargo” or “Bank”), the nation’s second largest bank. As disclosed by the CFPB’s investigation, the nature and scope of the Bank’s misconduct was truly astounding.
The CFBP found that, over the course of more than five years, thousands of Wells Fargo employees had: (1) opened more than 1.5 million deposit accounts without client consent; (2) transferred funds between client accounts without client consent; (3) applied for almost 600,000 client credit cards without client consent; (4) issued client debit cards without client consent; and (5) enrolled clients in on-line banking services without client consent. As a result of these unauthorized and abusive transactions, the Bank charged customers approximately $2 million in fraudulent deposit-account fees and more than $400,000 in fraudulent credit-card related fees.
This widespread client deception was not driven, however, by the relatively de minimis revenue that it generated for Wells Fargo. Rather, the CFPB concluded that the Bank’s “employees engaged in [the misconduct] to satisfy sales goals and earn financial rewards under [the Bank’s] incentive compensation program.” In all, Wells Fargo “terminated roughly 5300 employees” over five years “for engaging” in these schemes – which is an astonishing number of dishonest personnel and nothing less than an internal compliance disaster. Continue reading
Financial services firms and market participants face an ever-evolving landscape of regulatory programs designed to encourage and enable whistleblowers to report potential misconduct. On August 30, 2016, the US Commodity Futures Trading Commission (CFTC) published proposed amendments to its whistleblower program. Drawing from the agency’s experience in administering its program over the past five years, as well as strides the US Securities and Exchange Commission (SEC) has made in administering its analogous program, the CFTC’s proposal aims to enhance the whistleblower review process and adopt new enforcement authority for whistleblower retaliation. Continue reading
Over the past several years, financial institutions in the United States and abroad have increasingly engaged in a “slimming down” of their client base. They have done so by deciding not to accept certain types of clients ranging from individuals engaged in specific industries –such as trade merchants, precious metal dealers or “politically exposed persons” (a term of art to be discussed below) – to whole categories of businesses or entities such as money service businesses, charities and foreign banks. This trend, which is now commonly referred to as “de-risking,” has significant collateral consequences for those using the global financial network.This blog will discuss de-risking, its causes and consequences, and some of the solutions that have been proposed to address the unintended results of this practice.
Since the passage of the USA PATRIOT Act in 2001 in response to the September 11th terrorist attacks – some would argue even before that – regulators in the U.S. and elsewhere have singled out certain categories of individuals and entities that either are strictly forbidden to hold accounts with financial institutions or, more routinely, require enhanced reviews by the institutions in which the accounts are maintained. The first category of accounts – those that are forbidden – includes entities such as “shell banks,” which are foreign banks without a physical presence in any country. Pursuant to law, U.S. financial institutions may not maintain accounts for such entities. Continue reading
In a recent piece published in the Yale Law Journal Forum, I describe data collected concerning prosecutions of banks. I describe how while formerly quite rare, bank prosecutions have increased in numbers and in the size of penalties. I also analyze the approach of prosecutors and ask whether it is sufficiently effective. Continue reading