On March 12, 2015, Commerzbank AG, the second-largest bank in Germany, agreed to civil and criminal settlements with US federal and New York state authorities that require the bank to pay a total of $1.45 billion in penalties. The authorities alleged that Commerzbank violated US sanctions laws targeting Iran, Sudan, Burma, Cuba, and other “specially designated” persons and vessels by engaging in complex conduct to overwrite and obscure information in payment messages and checks, as well as to split payments and route transactions through various accounts or special purpose vehicles so that US financial institutions would process the transactions. In an unrelated investigation, the authorities separately alleged that Commerzbank violated the Bank Secrecy Act (BSA) and other anti-money laundering (AML) laws by not having a sufficient compliance program to detect suspicious activities and stop high-risk transactions before they were conducted, contributing to an ongoing fraud by the Japanese entity Olympus Corporation. Notably, the economic sanctions and AML settlements arose from separate investigations into alleged conduct. This case nonetheless is part of a continuing trend of US enforcement investigating non-US banks for violating US sanctions and AML laws.
The criminal cases were conducted by the US Department of Justice (DOJ) and the Manhattan District Attorney (DANY). The civil cases were conducted by the Board of Governors of the Federal Reserve System and the New York State Department of Financial Services (NYDFS). The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) also played a major role.
Commerzbank’s settlement amount of $1.45 billion consists of $718 million in sanctions penalties and $734 million in AML-related penalties. The sanctions penalties consist of $342 million in criminal penalties (divided equally between DOJ and DANY) and $376 million in civil penalties (with $66 million due to the Federal Reserve and $310 million due to NYDFS). A $260 million OFAC settlement was satisfied by the other amounts paid.
Commerzbank entered into a three-year Deferred Prosecution Agreement (DPA) with DOJ that imposes a number of cooperation, compliance, and reporting requirements described below. It also entered into a separate settlement with NYDFS.
Commerzbank is accused of stripping out information identifying clients subject to US sanctions in order to process US dollar-clearing transactions on behalf of Iranian, Sudanese, Cuban, and Burmese customers, as well as Specially Designated Nationals (SDNs), between 2002 and 2010. DOJ charged Commerzbank with conspiracy, while OFAC charged the bank with substantive violations. Commerzbank personnel in Germany concealed the nature of the transactions in order to evade OFAC filters at US banks, including its own branch in New York, and cause them to process wire payments that should have been rejected, blocked, or stopped for investigation. This concealment also prevented the US banks from fulfilling reporting requirements.
Specifically, Commerzbank engaged in four types of activity intended to avoid scrutiny by US banks that processed the problematic transactions:
- “Overwriting” payment messages by directing sanctioned country remitters to include a certain reference in the message that would trigger an internal manual review of the message by Commerzbank employees, who were instructed to purge the message of sanctioned country references.
- Engaging in “cover” payments that split incoming payment messages into two outgoing messages – one message that was sent directly to the beneficiary’s bank, and a second cover message that was sent to the US clearing bank and did not contain any information about the sanctioned country remitter.
- Processing transactions on behalf of the Islamic Republic of Iran Shipping Lines (IRISL) – designated by OFAC as an SDN in 2008 – by routing the IRISL transactions through special purpose entities registered by IRISL outside of Iran. Notably, Commerzbank continued with this activity even after its head of Global Compliance met with the OFAC Director to discuss its involvement with IRISL.
- Issuing checks to Bank Melli – designated by OFAC as an SDN in 2007 under Executive Order 13882 for the proliferation of weapons of mass destruction – showing only the bank’s account number and not its name, which the bank used to pay beneficiaries in the United States.
Commerzbank admitted in its OFAC settlement agreement to processing through the United States 959 Iran-related funds transfers, valued at approximately $22.0 million; 375 Sudan-related funds transfers valued at approximately $78.3 million; 142 IRISL-related funds transfers valued at approximately $39.6 million; 64 Burma-related funds transfers valued at approximately $5.1 million; and 56 Cuba-related funds transfers valued at approximately $2.3 million. NYDFS alleged in its press release that Commerzbank engaged in 60,000 funds transfers involving sanctioned countries and/or entities valued at $253 billion, but the basis for those figures is not clear.
The settlement documents describe how Commerzbank’s compliance program failed to prevent this misconduct:
- Upon receiving payment requests that generated “red flags,” New York compliance staff requested additional information from the bank’s foreign branches, but foreign relationship managers often did not respond for months or provided inadequate responses.
- The bank failed to maintain adequate customer due diligence materials and kept little formal documentation on customers for compliance purposes. Without the necessary information from overseas offices, New York staff cleared the alerts based on “perfunctory” internet searches and using public databases, according to NYDFS. Compliance personnel also reported that they set monitoring software thresholds based on a desire not to generate “too many alerts” on potentially suspicious transactions, pursuant to managers’ instructions to reduce the number of alerts being generated, which NYDFS described as “a potential broader problem in the banking industry.”
- Eventually, senior management ordered an end to the overwriting activity, but made no attempt to stop “cover” payments that omitted sanctioned country references from payment messages.
- At one point, Commerzbank sought advice from outside counsel regarding its activities but omitted key information related to its overwriting and cover payment practices. Even without this key information, counsel raised concerns, but the bank continued its activity.
- Certain Commerzbank offices, in particular its Hamburg office, evaded oversight by the bank’s Global Compliance department.
Theories of Liability
OFAC alleged that Commerzbank, by processing the Iran-, Sudan-, and Burma-related funds transfers through US banks, unlawfully exported services from the United States to those countries. Regarding the IRISL- and Cuba-related transactions, OFAC alleged that Commerzbank violated prohibitions against unlawfully dealing in blocked in property. This is consistent with OFAC’s approach in settlements with other non-US banks, such as BNP Paribas, S.A.; Clearstream Banking, S.A.; Royal Bank of Scotland; HSBC; Standard Chartered Bank; ING Bank, N.V.; Credit Suisse AG; and Lloyds Bank TSB.
OFAC noted that Commerzbank did not voluntarily self-disclose these apparent violations. However, OFAC credited the bank with several mitigating factors, including remedial measures such as increasing the number of compliance staff and expanding its online training, and compliance enhancements such as improved payment filter technology and management reporting. Commerzbank also cooperated with OFAC by conducting an extensive internal investigation and executing a tolling agreement.
DOJ charged Commerzbank with conspiracy to violate the International Emergency Economic Powers Act (the enabling statute for most US sanctions programs), while DANY and NYDFS charged the bank with falsifying the records of New York banks.
The DOJ settlement requires Commerzbank to cooperate with US and foreign law enforcement agencies, including providing all factual information requested with respect to the settled enforcement actions, furnishing any documents and witnesses at its own expense, and disclosing any credible evidence or allegations of any violations of US law. Commerzbank also agreed to continue to implement compliance and ethics programs and report to the US government every 90 days regarding the status of these efforts. Commerzbank further agreed to not publicly contradict its acceptance of responsibility or else it will trigger legal action under the DPA.
The NYDFS settlement requires Commerzbank to retain an independent sanctions/AML compliance monitor selected by NYDFS for two years. In addition, NYDFS ordered the bank to terminate four employees who played “central roles” in the misconduct and also claimed that its investigation resulted in the resignation of the bank’s Head of AML, Fraud, and Sanctions Compliance for the New York branch.
In addition to sanctions violations, Commerzbank was accused of having an inadequate AML program that allowed Olympus Corporation, a Japanese optics and medical device manufacturer, to use the bank to engage in a major accounting fraud scheme, spanning from the late 1990s through 2011, designed to conceal hundreds of millions of dollars in losses from auditors and investors. Commerzbank’s Singapore-based private banking and trusts businesses helped Olympus create and fund special purpose vehicles used to fraudulently represent its finances to investors. The bank also processed more than $1.6 billion in fraudulent transactions through its New York branch in furtherance of the scheme.
The Commerzbank settlements mark another instance in which federal and New York authorities have imposed large penalties on a non-US bank for concealing the role of sanctioned countries and persons while engaging in transactions with the US financial system. Several aspects of the settlements are notable, and appear to be part of a clear trend with regard to sanctions enforcement against non-US banks:
- Penalties ranging from eight to ten figures (in this case, $1.45 billion total);
- Charging the bank with unlawful export of services from the United States (in particular, New York) to sanctioned countries;
- Charging the bank with unlawful dealing in blocked property within the United States; and
- The involvement of New York authorities.
Notably, Commerzbank was charged with dealing in blocked property, even though as a non-US person it ordinarily would not be subject to the prohibition against such dealing. The basis for this theory of liability is not clear. Commerzbank was charged with “dealing in property or interests in property that come within the United States” of blocked persons. This allegation could be based on the actions of Commerzbank’s New York branch, which processed the funds transfers, or on the theory that the German parent acted within the United States by directing the funds transfers as it did (similar to the theory that Commerzbank exported services from the United States). Alternatively, the charge could rest on an unstated theory that Commerzbank “caused” US persons to deal in blocked property. Under a 2007 amendment to the International Emergency Economic Powers Act (IEEPA), it is unlawful for all persons – including non-US persons – to “cause” a violation of IEEPA sanctions. Non-US banks should be aware of these different possible theories of liability that could give rise to an allegation of unlawful dealing in blocked property.
Federal and state authorities can be expected to continue to target non-US banks for conduct that involves the US financial system and sanctioned countries and/or entities, particularly where deceptive conduct is involved. Finally, the settlements underscore the importance of financial institutions having effective AML compliance programs with experienced staff that implement processes to identify, detect, and stop unlawful proceeds from being processed and transacted in.