Anti-money laundering laws and regulations are not only extremely complex and varied, but they also apply to many different entities, ranging from local and international banks, to money service businesses, financial advisors, mortgage lenders, charitable organizations, and potentially even to corporate officers and directors individually.

An institution’s or individual’s exposure can emerge from multiple sources—federal law enforcement and regulatory agencies, state governments, and individual lawsuits from the plaintiffs’ bar. Many of the federal laws and current enforcement efforts target entities suspected of providing ‘‘material support’’ to terrorist organizations, or countries and individuals identified by the U.S. as supporting terrorism, and ‘‘material support’’ may encompass a wide array of financial activities.

This article outlines the anti-money laundering landscape and certain potential exposures for institutions to consider and plan for.

First, compliance systems are vital. Failure to maintain a robust compliance system, and to certify to the proper authorities that the institution has such a system, may subject the institution and possibly individual officers and directors to criminal penalties. Second, when an enforcement agency comes to the company, it is paramount to assure that the disclosure and handling of data is reasonable, appropriate, and prudent. Furthermore, given recent pronouncements of the Department of Justice discussed below, and the incentives for the organization to cooperate, a natural tension potentially exists between the organization and individual officers and directors. Individuals in these companies may wish to consider independent counsel.

Threats From Federal Regulators and Law Enforcement

In an effort to restrict terrorists or other hostile elements’ access to funds, the U.S. has several agencies empowered to prosecute and enforce anti-money laundering laws, and to impose economic and financial sanctions. One such organization is the Office of Foreign Assets Control (OFAC), part of the U.S. Department of Treasury, and which administers and enforces economic and trade sanctions. These sanctions often implicate countries the United States identifies as a location for funders of terrorism, but also covers transactions with individuals and entities designated by the U.S. as ‘‘Specially Designated Nationals’’ (SDNs) and ‘‘Foreign Terrorist Organizations,’’ (FTOs), and with whom U.S. entities are prohibited from providing services or conducting transactions. Accordingly, financial transactions with individuals and institutions in these countries or on these lists may result in enforcement actions by the OFAC, the DOJ or other regulatory or enforcement bodies.

Given that the OFAC and the DOJ often bring actions in parallel, companies and the individual officers and directors should consider how this memo may impact the decision to cooperate with the OFAC or obtain independent counsel.

Each time an organization processes or participates in a prohibited transaction, the regulations view that as a separate violation, and depending on the transaction’s value, can carry a penalty between $1,000 and $250,000. The regulations also allow for penalties for ‘‘egregious conduct’’ to significantly enhance penalties to the ‘‘statutory maximum,’’ meaning the greater of $250,000 or twice the transaction value, under the International Emergency Economic Powers Act. Given that each transaction is a separate violation, the high upper limit in the event of ‘‘egregious conduct’’ has given the OFAC a powerful tool to encourage cooperation and admission of wrongdoing, and accused offenders a powerful incentive.

Egregious Conduct. Based on recent enforcement activity, the OFAC has alleged ‘‘egregious’’ conduct in a variety of situations which, arguably, amount to no more than reckless conduct. The OFAC is more likely to allege egregious conduct when the conduct violates the objectives of the sanctions programs—for instance a transaction that actually arms terrorists. In determining egregious conduct, the OFAC will also factor in the degree of knowledge of the wrongful conduct, and efforts to cover up wrongdoing. Recent actions alleging egregious conduct have resulted in $217 million settlement with Lloyds Banking Group Plc, $268 million settlement with Credit Suisse Group AG, $298 million to Barclays Bank Plc, $667 million to Standard Chartered Plc, and, in the largest global settlement on record, $1.9 billion in penalties to HSBC Holdings Plc.

Egregious conduct allegations are not merely confined to such large institutions, or even financial institutions.

For instance, ATP Inc.—the entity that oversees men’s professional tennis—paid the salary of a tournament official who resided in Iran and did not voluntarily disclose these payments. This case resulted in a settlement of $48,000 in penalties in June 2013. The base penalty amount for ATP was $135,000, but the OFAC cut it significantly given ATP’s cooperation and admission of wrongdoing. The OFAC also investigated American Steamship Owners Mutual Protection and Indemnity Association for processing insurance claims involving Sudan, Cuba and Iran. The base penalty amount was more than $1.7 million, but the insurance company settled for $348,000. In both of these cases, the OFAC agreed to settle the case for less than the base penalty amount by taking into account various mitigating factors, including their cooperation and a lack of prior violations.

Although the OFAC does not come under the umbrella of the DOJ, it is actually a part of the Treasury Department, and thus is not directly subject to the ‘‘Yates Memo,’’ the memo may still bear some relevance to this topic of cooperation. Deputy Attorney General Sally Quillian Yates, in September 2015, in reaction to public sentiment during the recent financial crisis, authored what is now known as the Yates Memo, announcing the DOJ’s policy of increased targeting of individuals in the context of corporate crime. The memo suggests companies are more likely to receive cooperation credit if they provide ‘‘all relevant facts,’’ meaning facts that may subject individuals to prosecution or enforcement action. Given that the OFAC and the DOJ often bring actions in parallel, companies and the individual officers and directors should consider how this memo may impact the decision to cooperate with the OFAC or obtain independent counsel.

Increased Exposure to Private Lawsuits For ‘Materially Supporting’ Terrorism

Actions from federal regulators are not the beginning and end of potential exposure. The Anti-Terrorism Act of 2001 (ATA) allows individual plaintiffs to sue and collect if they are injured (in either person or property) by international terrorism. Unsurprisingly, many of the direct and obvious culprits of international acts of terrorism are FTOs lacking collectible assets in the U.S. Victims, therefore, have received enormous judgments against FTOs but little or no money. For instance, under the ATA, plaintiffs have obtained judgments worth $164 million, $655.5 million, and $214.5 million, respectively, but all of it against FTOs.

Given the inability to collect judgments against these organizations, plaintiffs have asserted claims under the ATA and related provisions against entities that ‘‘materially support’’ terrorism. This broad term has caused plaintiffs to eye the more accessible assets of banks and other ‘‘money service businesses,’’ and also those of non-governmental organizations and charities here and abroad. In determining whether an accused parties’ actions constituted ‘‘material support’’ of terrorist acts, the relevant question has been what level of intent will result in the imposition of liability—intentional violations, knowing violations, reckless violations, or negligent violations. From the legislative history on the ATA, it is clear that some of the legislators intended for negligent conduct supporting terrorism to result in liability, even though several circuit courts have pointed to the ATA’s allowance of treble damages as requiring a higher threshold of culpable conduct.

To recover under ATA, the federal courts have generally concluded that a plaintiff must plead and prove that the defendant(s) have violated some federal law and are reckless with respect to providing material support to terrorists. A well-pled complaint, alleging a faulty compliance system, knowledge of such faults, and knowledge of a significant risk of supporting terrorists may resist dismissal and thus expose financial institutions to the risk of protracted legal proceedings, if not liability.

With a few notable exceptions, ATA plaintiffs have largely failed to allege a nexus between the activities of financial institutions and the terrorist acts, but, if the compliance systems of the financial institution are sufficiently poor, the nexus may become easier to establish. One thing is certain: As long as there exists the possibility of awards in the range of nine figures and attorneys fees, plaintiffs will find attorneys willing to attempt these claims.

Given the foregoing, and the uncertainties of knowing what constitutes sufficient wrongful intent, financial institutions, again, are well advised to implement— and consider even monitoring and testing—compliance measures to avoid accusations of clearly inadequate compliance measures, which may risk rising to the level of liability under ATA.

Individual States, Such as New York, May Have Independent and More Stringent Requirements

The bar for a potential violation, or even criminal prosecution, under the laws of each individual state, may be lower than under corresponding federal laws. For instance, in December 2015, New York Gov. Andrew Cuomo (D) announced a new proposed regulation for financial institutions regulated by the Department of Financial Services (DFS).

The new regulation would apply very broadly to all banks, trust companies, private bankers, savings banks, and savings and loan associations chartered under New York Banking Law, as well as check cashers and money transmitters licensed pursuant to the New York Banking Law. This law, with such broad reach, has extensive implications for online payment clearing houses, such as PayPal, but also corner check cashers and grocers who operate with a New York license. The new proposals would require a chief compliance officer to personally certify that the institution maintains a robust anti-money laundering program. This proposal has the potential to expose executives to criminal liability for incorrect or false certifications. The requirement is modeled after the Sarbanes-Oaxley Act and is aimed at establishing strong anti-money laundering controls. The regulation also describes a number of minimum requirements for the AML programs, including the requirement that the institutions incorporate any knowledge or awareness that they acquire during monitoring that would alert them to potential suspicious activity.4

One of the motivations for New York proposing this more robust system is perceived shortcomings in compliance and oversight programs of financial institutions subject to New York regulators, such as in the Standard Chartered settlement, discussed above. In the Standard Chartered case, the DFS’s review of the bank’s systems revealed failures to detect potentially high-risk transactions for further review. This sentiment by the DFS underscores the view of regulators that current systems are potential targets for enforcement actions, as they may fail to properly identify money laundering activity by criminals and, most importantly to national security agencies, international terrorists.

These regulations have not yet gone into effect, with the current comment period ending March 31, 2016. If these regulations go into effect at that time, it is critical for any institution or business subject to these regulations to review compliance systems and ensure accurate certifications. While New York is among the most important and influential when it comes to banking and financial regulation, it is also important to review laws and regulations relevant to each individual state within which an institution transacts business. Other states may have differing and more stringent requirements.

Conclusion

Adequate compliance systems are a must. Failings in these systems, and a failure to understand their capabilities and shortcomings, can result in serious penalties for the organization, and criminal prosecution for individuals. Each of these avenues for liability counsels the same approach—prudent risk management and compliance measures. In addition, after an enforcement action or prosecution begins, it is important to consider cooperation and the potential risks and benefits of such cooperation. Directors and officers, in light of the DOJ’s pronouncements in the Yates Memo, should consider independent, outside counsel to advise them and mitigate the risk of individual civil or criminal liability.