On October 20, 2015, US federal and New York state authorities announced that they had each reached an agreement with France’s Crédit Agricole Corporate and Investment Bank (CA-CIB) – a subsidiary of the French bank Crédit Agricole S.A. – to settle criminal charges and potential civil liability stemming from CA-CIB’s alleged violations of US sanctions laws and New York state laws.  Specifically, CA-CIB was accused of violating the Sudanese Sanctions Regulations (SSR) (31 C.F.R. § 538); the Cuban Assets Control Regulations (CACR) (31 C.F.R. § 515); the Burmese Sanctions Regulations (BSR) (31 C.F.R. § 537); and the Iranian Transactions and Sanctions Regulations (ITSR) (31 C.F.R. § 560).  In total, CA-CIB will pay $787.3 million in criminal penalties and civil forfeitures.

The authorities alleged that CA-CIB, primarily through its Swiss subsidiary, Crédit Agricole (Suisse) SA – and the predecessor entities thereof, Crédit Agricole Indosuez (Suisse) SA and Crédit Lyonnais (Suisse) SA – violated US and New York state laws by sending prohibited payments through the US financial system on behalf of entities subject to US economic sanctions.  Between August 2003 and September 2008, CA-CIB assisted its sanctioned clients – predominantly Specially Designated Nationals (SDNs) from Sudan, but also from Iran, Myanmar, and Cuba – by concealing their involvement with these transactions through a process commonly known as “stripping.”  Bank personnel allegedly concealed these parties to the transactions in order to evade sanctions filters at US banks, including its own branch in New York, and caused US banks to process wire payments that should have been rejected, blocked, or flagged for investigation.

The criminal cases were pursued by the US Department of Justice (DOJ) and the New York County District Attorney’s Office (DANY).  CA-CIB entered into a Deferred Prosecution Agreement (DPA) with DOJ that imposes a number of cooperation, compliance, and reporting requirements described below.  It also entered into a separate DPA with DANY.  The civil cases were handled by the Board of Governors of the Federal Reserve (Federal Reserve) and the New York State Department of Financial Services (NYDFS).  The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) also undertook a significant investigation and enforcement action and reached a settlement with CA-CIB.

CA-CIB’s total settlement amount of $787.3 million includes $312 million in criminal penalties (divided equally between DOJ and DANY) and $475.3 million in civil penalties (with $385 million due to NYDFS and $90.3 million due to the Federal Reserve).  A $325.9 million OFAC settlement was satisfied by the other amounts paid. In addition to civil monetary penalties, CA-CIB agreed to undertake certain remedial measures and subject itself to ongoing monitoring.

Sanctions Violations

Problematic Activities

CA-CIB is accused of stripping out information identifying clients subject to US sanctions in order to process US dollar-clearing transactions on behalf of Sudanese, Iranian, Burmese, and Cuban SDNs between 2003 and 2008.  Various CA-CIB entities used cover payments and/or implemented special payment practices that omitted references to clients subject to US sanctions in payment messages sent to the United States.  In doing so, the bank prevented US financial institutions from appropriately reviewing and analyzing the transactions for compliance with OFAC regulations, thus interfering with their own compliance with US economic sanctions.

According to the settlement documents, CA-CIB engaged in the following activities intended to evade scrutiny by US banks that processed the problematic transactions:

  • Sending payments on behalf of sanctioned customers without references to the origin of the payments.
  • Eliminating payment data that would have revealed the involvement of sanctioned countries with the specific intent to evade US sanctions (i.e., “cover” payments).
  • Using alternative payment methods to mask the involvement of sanctioned entities for payments involving sanctioned financial institutions that were sent to the United States. For example, one of CA-CIB’s Swiss subsidiaries would, as a general rule, generate two payment messages for bank-to-bank transfers involving its Sudanese bank customers: the first payment message would be sent to the payee’s foreign bank and reference the Sudanese entities involved in the transactions, while the second message was sent to US-based banks and concealed the involvement of the Sudanese entities.  The bank called this the “Sudanese U-turn.”

CA-CIB employed these practices in 4,297 financial transactions, valued at more than $32 billion, which were routed to or through banks in the US between 2003 and 2008.

Compliance Shortcomings

The settlement documents describe how CA-CIB’s compliance program failed to prevent this misconduct:

  • CA-CIB lacked adequate risk management and legal review policies and procedures to ensure that activities conducted at offices outside the United States complied with applicable OFAC regulations
  • CA-CIB lacked adequate oversight of its risk management and legal review policies and procedures to ensure compliance with applicable OFAC regulations
  • CA-CIB had indications that its conduct might constitute a violation of US law before the earliest date of the apparent violations
  • Many of CA-CIB’s procedures for stripping out identifying details about SDNs were reviewed and approved by its highest-level legal and compliance staff
  • Employees at the Swiss subsidiaries, including both compliance and business professionals, who directed, processed, and oversaw the transactions, claimed ignorance of US sanctions laws’ application to foreign banks that engaged in US dollar denominated transactions, despite warnings to the contrary from their colleagues at the New York branch
  • The Anti-Money Laundering Committee of CA-CIB’s Swiss subsidiary devised the method known as the “Sudanese U-turn,” described above
  • CA-CIB acquiesced to its clients’ requests to continue to engage in sanctions violations on their behalf

Theories of Liability

OFAC alleged that by processing the Sudanese, Iranian, Burmese, and Cuban funds transfers through US banks, CA-CIB unlawfully exported (or reexported) services from the United States to those countries and violated prohibitions against unlawfully dealing in blocked property that “comes within the United States.”  This is consistent with OFAC’s approach in settlements with other non-US banks.  See our previous advisories regarding settlements with Commerzbank AGClearstream Banking, S.A.Royal Bank of ScotlandHSBCStandard Chartered BankING Bank, N.V.Credit Suisse AG, and Lloyds Bank TSB.

OFAC described certain aggravating factors related to CA-CIB’s conduct.  OFAC noted that CA-CIB was aware that its conduct might constitute a violation of US law before the earliest date of the apparent violations, and that several managers were aware of the conduct that led to the apparent violations.  Furthermore, OFAC explained that CA-CIB is a large and sophisticated institution with a global presence, and that the bank’s compliance program was inadequate.  Additionally, the apparent violations were not self-disclosed.

OFAC also credited the bank with several mitigating factors: CA-CIB had not received a penalty notice or Finding of Violation from OFAC in the five years preceding the earliest date of the apparent violations; the bank took appropriate remedial action in response to these apparent violations; and CA-CIB provided substantial cooperation throughout the course of OFAC’s investigation, including by producing detailed and well-organized information, and by executing a statute of limitations tolling agreement and multiple extensions to that agreement.  OFAC also considered that the majority of the apparent violations occurred between 2003 and 2005, prior to the publication of the ABN Amro settlement that marked one of the first significant enforcement actions targeting “stripping” of sanctioned-country information from payment messages by a non-US bank.

DOJ charged CA-CIB with knowingly and willfully conspiring to defraud the United States and violating the International Emergency Economic Powers Act (IEEPA, 50 U.S.C. §§ 1701-06)  and the Trading With the Enemy Act (TWEA, 50 U.S.C. App. §§ 5 and 16), both of which are administered by OFAC.  DANY charged the bank with violating New York state law by falsifying the records of New York financial institutions.  Certain mitigating factors led to the agreements to defer prosecution.  Those factors included CA-CIB’s cooperation throughout the investigation and devotion of significant resources to both its internal investigation and the investigations conducted by DANY and DOJ.  Furthermore, CA-CIB fully acknowledged and accepted responsibility for its conduct, and voluntarily undertook a series of remedial actions before entering into the DPAs.

NYDFS charged CA-CIB with: failing to maintain an effective compliance program; failing to maintain at its New York branch accurate books and records; knowingly making false material entries in the bank’s books and records with regard to the bank’s US dollar clearing business at its New York branch, with the intent to deceive regulators; and failing to submit a report immediately upon discovering the foregoing conduct. 

Finally, the Federal Reserve based its assessment of a civil money penalty on section 8(i)(2)(B) of the Federal Deposit Insurance Act, as amended (12 U.S.C. § 1818(i)(2)(B)), on the theory that CA-CIB engaged in unsafe or unsound practices by allegedly violating federal and state laws.

Settlement Terms

The DOJ DPA requires CA-CIB to cooperate with US and foreign law enforcement agencies, including by providing all factual information requested with respect to the settled enforcement actions, furnishing any documents and witnesses at its own expense, and disclosing any credible evidence or allegations or any violations of US law.  CA-CIB also agreed to continue to implement compliance and ethics programs and report to the US government every 90 days regarding the status of these efforts.  CA-CIB further agreed not to contradict publicly its acceptance of responsibility.

Under the OFAC Settlement Agreement, CA-CIB is required to maintain policies and procedures to minimize the risk of the recurrence of such conduct in the future.  CA-CIB is also required to provide OFAC with copies of submissions relating to an OFAC compliance review that it will be conducting as part of its settlement with the Federal Reserve.

The Federal Reserve announced that the bank has agreed to a cease and desist order and will take certain remedial steps to ensure its compliance with US law in its ongoing operations.  The Federal Reserve order also prohibits CA-CIB from (re)employing the individuals involved in the past actions or retaining them as consultants or contractors.  Finally, NYDFS announced that the bank agreed in a consent order to, among other things, employ an independent compliance consultant selected by NYDFS for one year.

Conclusion

The CA-CIB settlement marks the latest in an ongoing series of US enforcement actions against non-US banks alleged to have violated US sanctions.  Many of these enforcement actions have resulted in penalties of nine and ten figures, demonstrating the US Government’s emphasis on preventing the use of the US financial system to transfer funds on behalf of sanctioned countries and persons.  The involvement of New York state authorities in the CA-CIB settlement also is notable, and follows several other sanctions settlements that involved state authorities. 

It seems likely that non-US financial institutions will continue to be a focus of US sanctions enforcement for the foreseeable future.  Non-US banks should tailor their compliance programs accordingly, and should be aware of the risks in the sanctions context when engaging in activity that involves the US financial system.  This is particularly important at a time when United Nations, US, EU, and other sanctions programs are changing in light of geopolitical developments throughout the world, and especially vis-à-vis Iran, where the risk of errors in the financial services sector may be high.