A recent federal district court decision and a proposed New York State Department of Financial Services regulation have further expanded the risk of liability for chief compliance officers, this time in the context of anti-money laundering compliance. Under the district court decision and proposed regulation, CCOs could be personally subject to both civil and criminal liability if their institutions’ AML compliance programs are found to be incapable of detecting and stopping illicit transactions.
In January, a federal district court held that the compliance officers of financial institutions can be held civilly liable for failing to ensure their institutions’ compliance with the Bank Secrecy Act’s anti-money laundering provisions. In U.S. Dep’t of Treasury v. Haider, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) alleged that MoneyGram’s former chief compliance officer failed to take sufficient action to terminate, and failed to file Suspicious Activity Reports related to, transactions he had reason to believe were related to money laundering, fraud, or other illegal activity. FinCEN fined him $1 million and brought action in federal court to collect the fine. The US District Court for the District of Minnesota denied his motion to dismiss the fine, reasoning that the Bank Secrecy Act’s civil penalties provision applies to “partners, directors, officers, and employees” of financial institutions. No final disposition has been reached in the case but the decision makes clear that FinCEN is empowered to impose personal liability on compliance officers. The CCO also faces a permanent ban from employment in the financial industry.
The District Court’s decision followed closely on the heels of a proposal from the New York Department of Financial Services which would require financial institution CCOs (or their functional equivalent) to annually certify that their AML compliance programs are effective at identifying and preventing illicit transactions. If a certification is later found to be “false or incorrect,” the certifying officer may be subject to criminal liability. The proposal may have been motivated by concerns that terrorist organizations are using American banks as pass-throughs for illicit funds. The comment period remains open and a final rule is not expected until later this Spring but, under the proposed regulation, compliance officers would be required to certify that their AML compliance programs include, among other things:
- A satisfactory monitoring program that identifies transactions that potentially violate the Bank Secrecy Act or other AML laws and regulations, or which give rise to Suspicious Activity Reporting obligations. What constitutes a satisfactory monitoring program will depend on the institution’s risk profile, businesses, products, services and customers
- A Watch List filtering program that prevents execution of any transactions prohibited by sanctions, including OFAC and other sanctions lists, politically exposed persons lists and internal watch lists
- Sufficient oversight to ensure that both the Watch List filtering program and transaction monitoring program are operated by qualified and well-trained personnel or vendors, and
- Periodic auditing and testing of the AML program’s efficacy.
The threat of personal criminal liability on CCOs seems to be of one with banking regulators’ broader attempt to curb potential compliance failures at the highest levels of financial institutions. For example, last Thursday, FINRA sent letters to a dozen financial firms inquiring about the methods by which they establish and maintain a “culture of compliance.” In addition to requesting general information on the firms’ practices, FINRA specifically requested information on how they established a “tone from the top.” FINRA characterized the request letters as an attempt to better understand how culture affects compliance, but the focus on the tone from the top suggests FINRA perceives or is at least particularly concerned about deficiencies among the highest ranking executives of financial firms.