In its recent decision to impose $20 million in sanctions upon Oppenheimer and Co. for the company’s failure to maintain internal controls to promote enforcement of the Bank Secrecy Act (BSA), FinCEN revealed the emphasis it places on financial institutions that may be inadvertently permitting unlawful transactions by independent bad actors. Although the financial institution may have no intention to assist in the evasion of any legal requirements imposed on its account holders, it is held accountable, to an extent that may even be considered punitive, to its inability to detect violations of legal requirements. These sanctions reaffirm the significance of the responsibility placed on financial services companies to conduct proper due diligence of their account holders, continuously monitor accounts for any potential suspicious activities and ensure full compliance with applicable anti-money-laundering laws. Approximately 10 years ago, Oppenheimer was fined $2.8 million by FinCEN for violations of the BSA. FinCEN’s decision to impose almost 10 times that for similar violations reflects not only its lack of tolerance for holes in due diligence procedures and internal controls of financial services entities, but the severe approach it intends to take for those companies that fail to correct such inadequacies. Oppenheimer’s failures resulting in FinCEN’s sanctions extended beyond actual failures by employees to conduct due diligence and monitor suspicious activities to the lack of measures in place to allow sharing of such information between departments. Thus, FinCEN’s approach to reviewing such policies and procedures is not only severe, but extremely broad.
FinCEN’s sanctions on Oppenheimer should place financial services companies on notice to ensure their procedures, internal controls, due diligence requirements, and availability of all of this information among all departments are sufficient to catch any potential unlawful activities by its account holders.