On January 9, 2009, Lloyds TSB Bank plc (“Lloyds”) entered into deferred prosecution agreements (DPAs) with the U.S. Department of Justice (DOJ) and the New York County District Attorney’s office (NYDA)1 as a result of Lloyds’ practice of “stripping” customer information from funds transfer orders involving Iranian and Sudanese banks in violation of U.S. sanctions and New York State criminal law. The DPAs are noteworthy for a number of reasons, including the following:
- The $350 million criminal penalty accepted by Lloyds is by far the largest penalty ever imposed for violation of U.S. sanctions laws, eclipsing the $80 million penalty paid by ABN AMRO in 2005 for similar activities.2 It was imposed despite the “prompt and substantial cooperation” with the government shown by Lloyds.
- The DOJ and NYDA charged Lloyds under both the International Emergency Economic Powers Act (IEEPA) and a New York State penal law which criminalizes falsification of business records. Because Lloyds is a United Kingdom-based financial institution and the conduct in question occurred in the UK and elsewhere outside the United States, the DPAs might be viewed as representing a possible new high water mark in expansive application of U.S. sanctions.
- The DPAs reflect the criminalization of conduct which the primary federal regulators (the Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Federal Reserve Board (FRB)) had not formally proscribed through regulation or publicly available written policy guidance at the time the conduct occurred.
- Neither OFAC nor the FRB was party to the DPAs, in contrast to the ABN AMRO settlement, which was with those two agencies and New York and Illinois bank regulators.3 The implication is that financial institutions in the future must approach compliance not only in terms of satisfying the requirements of OFAC and the principal federal and state regulators, but also in terms of the enforcement posture and interests of the DOJ, as well as of state prosecutors charged with administering often far-reaching and less-than-precisely drafted state criminal statutes.
- According to statements to the press by the NYDA, nine other “major foreign banks” are currently under investigation for similar activities.
A more complete discussion of Lloyds’ practices and of the DPAs follows below.
As described in the Factual Statement at Exhibit A to the DPA with the DOJ, Lloyds operated U.S. dollar correspondent accounts for the London branches of six Iranian banks (Bank Sepah, Bank Melli, Bank Tejeret, Bank Mellat, Bank Saderat and the Iranian Overseas Investment Bank).4 In addition, Lloyds’ branches in Tokyo and Dubai held U.S. dollar correspondent accounts for certain Iranian banks. Lloyds provided U.S. dollar clearance services for these banks via relationships that it maintained with correspondent banks located in the United States but which were unaffiliated with Lloyds. Beginning in the mid-1990s and continuing until January 2007, Lloyds, primarily in the UK but evidently also in Tokyo and Dubai, followed a deliberate policy of removing data, based on a manual review, from SWIFT payment messages in order to avoid detection of the involvement of OFAC-sanctioned parties in the transactions by filters used by the U.S. financial institutions.5 This practice permitted Lloyds’ U.S. correspondent banks to process transactions without the necessary compliance due diligence which might have resulted in rejection of the transactions and their reporting to OFAC.
However, it is unclear from the DPAs whether the Iranian transactions would have qualified for the U.S. dollar U-Turn exemption at Section 560.516 of OFAC’s Iranian Transactions Regulations, 31 CFR Part 560, which, until rescinded on November 10, 2008, authorized clearance of U.S. dollars for Iranian transactions, provided certain criteria were met.
According to the Factual Summary, during the course of the conduct, Lloyds employees commonly referred to this procedure as “stripping.” In 2002, facing the possibility that the Financial Action Task Force (FATF) would recommend to member countries that they require banks to include originator information on payment messages, Lloyds reviewed this practice and decided to withdraw from the U.S. dollar clearing business on behalf of Iranian banks in the UK. Although Lloyds fully exited that business by April 2004, it continued to perform these services on a smaller scale on behalf of four Sudanese banks until January 2007.
Federal and State Penal Law Charges
DOJ alleged, and Lloyds accepted, that its conduct violated Section 1705 of IEEPA, 50 U.S.C. 1705, which makes it a crime to “willfully violate or attempt to violate any regulation issued under” IEEPA, including the Iranian Transactions Regulations. Lloyds signed a criminal Information with DOJ agreeing to a single count under Section 1705 of IEEPA. The count cites two sections of the Iranian Transactions Regulations:
- Section 560.204, which prohibits the exportation of services from the United States to Iran; and
- Section 560.203, which prohibits “any transaction by any United States person or within the United States” which evades or avoids any of the prohibitions in the Iranian Transactions Regulations.6
However, what is noteworthy about the DPAs in this connection is that Lloyds is a UK bank and, even though the transactions entered the United States in the form of the dollar clearance instructions, the conduct at issue (i.e., the stripping) occurred only in the UK and elsewhere outside the United States. It thus appears that DOJ takes an elastic view of the term “transaction,” so that it includes not only the actual conduct that violates the regulations but also ensuing actions, such as the transactional flow that results from such conduct, with the important distinction in this instance that the former was not “within the United States” but the latter was.
Moreover, Lloyds is not a “United States person.” Section 560.314 of the Iranian Transactions Regulations defines the term “United State person” to mean “any United States citizen, permanent resident alien, entity organized under the laws of the United States (including foreign branches), or any person in the United States.”7 Furthermore, as noted above, no branch of Lloyds in the United States participated in the stripping activity or cleared U.S. dollars on the basis of “stripped” instructions.
As a result, the DPAs penalized the head office of a non-U.S. financial institution, which itself is not a “United States person,” for causing non-affiliated banks in the United States to violate the regulations cited above. The U.S. government’s assertion of jurisdiction appears to be posited on the fact that the allegedly prohibited transactions involving Iran occurred in the United States (even though it is unclear whether some or all of the transactions might have qualified for the U.S. dollar U-Turn exemption under the Iranian Transactions Regulations) and that Lloyds caused the unrelated banks in the United States to provide prohibited services to a sanctioned country. If so, this is a seeming expansion of the enforcement interpretation of the jurisdictional predicates which hitherto have governed U.S. sanctions programs under IEEPA. Moreover, it is an expansion of jurisdiction with extraterritorial implications which non-U.S. financial institutions should study carefully.
In addition to the federal charge under IEEPA, the separate DPA with the NYDA is equally noteworthy and far-reaching. According to that DPA, Lloyds agreed that it violated New York State Penal Law Sections 175.05 and 175.10, which make it a crime to “with intent to defraud, … (i) make or cause a false entry in the business records of an enterprise (defined as any company or corporation) … or (iv) prevent the making of a true entry or cause the omission thereof in the business records of an enterprise.” It is a felony under Section 175.10 if a violation under Section 175.05 is committed and the person or entity’s “intent to defraud included an intent to commit another crime or to aid or conceal the commission of a crime.”
Although the New York State penal provision is perhaps relatively little known in the non-U.S. financial services community, prosecutors in New York frequently use it to bring charges, particularly when accurate business records would have left a paper trail or evidence of a legal or regulatory violation. The breadth of subsection (iv) of Section 175.05 above is particularly far-reaching in that it criminalizes the prevention of “the making of a true entry” or causing “the omission thereof” in the business records of an enterprise. Although Lloyds’ intent to “defraud” (a term which is undefined in Section 175) is arguably unclear from the facts presented in the DPA, this criminal provision nonetheless potentially could be used to prosecute the omission of data or factual information from any business record, even though the provision was neither drafted nor enacted to address sanctions compliance.
The use of expansive jurisdictional concepts and broadly worded state criminal law in this context is also noteworthy because neither OFAC nor the FRB was a party to the DPAs and had issued no formal legally binding requirements, or even written publicly available guidance, on inclusion of full customer information on funds transfer orders at the time the conduct occurred. In this connection, FATF issued “Nine Special Recommendations on Terrorist Financing” on October 22, 2004, number VII of which (“Wire Transfers”) states “Countries shall take measures to require [emphasis added] financial institutions … to include accurate and meaningful originator information … on funds transfers and related messages that are sent, and the information should remain with the transfer and related message through the payment chain.” Clearly, the intent was that FATF Special Recommendation VII was not self-executing but required regulatory implementation by individual countries, including the United States. Although, after September 11, 2001, OFAC has informally counseled financial institutions that sought its advice on the issue to include full information and, in addition, efforts have been underway in the SWIFT messaging system to expand the fields to accommodate more complete transactional information, it appears that no agency of the U.S. government had explicitly implemented any such requirement in a clear and legally binding fashion at the time of the transactions conducted by Lloyds. Therefore, it appears that U.S. enforcement authorities, in the form of the DOJ and NYDA, may have jumped ahead of international standard-setting bodies like FATF and the primary U.S. regulators by criminalizing conduct that normally would have first been addressed by proper regulatory procedures. Notwithstanding the evident egregiousness of Lloyds’ conduct, observers might well ponder the separate isssue of whether this is an exercise in “good government” in terms of transparency and orderly rulemaking. The further question of whether it is wise practical policy at a time of great economic uncertainty in the U.S. financial markets, especially when directed at a bank to which UK taxpayers have extended major financial assistance and in which they hold an ownership stake,8 will only be answered in time.
The $350 million penalty appears from the DOJ’s DPA to have been selected because “approximately [that amount] was involved in transactions described in the Factual Statement” and would have been the amount subject to forfeiture as a result of criminal prosecution. Thus, the IEEPA penalty does not appear to have been based on the specific criminal penalty amounts stated in IEEPA (up to $1 million per violation), and further, it is not clear from either DPA how many transactions were involved or which ones might have been non-prosecutable under either the US dollar U-turn exemption or IEEPA’s fiveyear statute of limitations.
In addition to the penalty described above, Lloyds agreed as part of the DPAs to adhere to the Wolfsberg Anti-Money Laundering Principles for Correspondent Banking and to cooperate with the United States by conducting various look-back reviews and instituting other compliance measures.
* * *
The Lloyds DPAs are a wake-up call to financial institutions that conduct transactions through the U.S. financial system. Financial institutions will want to review both the Lloyds DPAs and their own compliance procedures closely to ensure that they do not run afoul of the prohibitions highlighted by the DPAs.