On February 7, 2018, the U.S. Department of Justice (“DOJ”) and Office of the Comptroller of the Currency (“OCC”) announced the imposition of $368,701,259 in penalties on Rabobank, N.A., (“Rabobank”), the California-based subsidiary of the Dutch financial services company. Notably, in addition to agreeing to a substantial forfeiture and civil money penalty, Rabobank agreed to plead guilty to one count of conspiracy to obstruct the OCC’s attempts to identify deficiencies in Rabobank’s Bank Secrecy Act (“BSA”)/anti-money laundering (“AML”) compliance program.
Plea Agreement and Statement of Facts
According to the Statement of Facts that Rabobank agreed to as part of the plea agreement, Rabobank’s BSA/AML troubles primarily stemmed from cross-border business between the United States and Mexico that posed elevated AML risk. Although Rabobank had been sanctioned by the OCC for weaknesses in its BSA/AML compliance program in 2006 and 2008—and one of the OCC examiners who had participated in that process later became a Rabobank compliance executive—the institution failed to make improvements sufficient to remedy the identified deficiencies. By no later than 2010, Rabobank had become aware that the accounts of certain high risk customers at Rabobank branches near the U.S.-Mexico border displayed activity indicative of money laundering, narcotics trafficking, and organized crime. The risk of Rabobank’s cross-border business was further heightened when, in June 2010, Mexican regulations restricted the amount of physical U.S. currency Mexican banks could accept—a development that was closely followed by a large influx of new accounts and cash deposits at Rabobank’s branches on the U.S. side of the border. Notwithstanding this activity and the alerts generated by Rabobank’s transaction monitoring system, Rabobank implemented policies and procedures during this timeframe that “precluded and suppressed” the investigation and reporting of suspicious activity. These included:
- Creating a so-called “Verified List” of customers deemed per se non-suspicious, even when a customer’s transaction activity deviated from previous levels.
- Adopting a policy that certain evidently structured transactions under $10,000 were non-suspicious, because the accountholders claimed they wanted to minimize the necessary paperwork when crossing the U.S.-Mexico border with cash.
Rabobank also failed to take certain actions, which negatively impacted its ability to timely report potentially suspicious activity, such as:
- Failing to allocate sufficient staff to investigate suspicious activity—for example, the Statement of Facts notes that, at certain times, Rabobank devoted only three employees to investigate more than 2,300 alerts per month.
- Failing to file Suspicious Activity Reports (“SARs”) on continuing suspicious activity that had previously been reported, and failing to keep up with enhanced due diligence reviews of customers, transactions, and accounts.
Rabobank compounded these issues by marginalizing the executive responsible for managing the institution’s BSA/AML program. According to the Statement of Facts, after this executive raised concerns about Rabobank’s BSA/AML program and engaged in a transparent dialogue with the OCC about the program, Rabobank management placed her on administrative leave, and then terminated her, because she purportedly did not “best represent the Bank.” Separate and apart from this episode, Rabobank also admitted to demoting yet another compliance manager after she too raised concerns about the bank’s BSA/AML program.
Further exacerbating these matters was Rabobank’s concealment of BSA/AML failures from the OCC. In the same time period that the compliance executive was sidelined, the OCC requested that Rabobank turn over reports drafted by consultants retained to evaluate the bank’s BSA/AML program—reports which were highly critical of the program. According to the Statement of Facts, Rabobank management withheld those reports from the OCC for nearly a month and made a number of false or misleading statements to the OCC along the way, notably by claiming that (1) the consultant had not produced an assessment when, in fact, it had done so, and that (2) the consultant had given a presentation to management, but had not left any documents behind when, in fact, the report authored by the consultant was in Rabobank’s possession.
Based on this conduct, Rabobank pled guilty to a charge that it had conspired to defraud the United States and obstruct the OCC’s supervision of the bank, in violation of 18 U.S.C. § 371. Notably, although the Information does not charge Rabobank with a criminal violation of the BSA, the $368,701,259 forfeiture amount appears predicated on the amount of “suspicious transactions that were either unreported or reported untimely” as “a result of [Rabobank’s uncharged] BSA/AML program failures.”
Concurrently with the DOJ’s announcement of Rabobank’s guilty plea, the OCC announced imposition of its own $50 million civil money penalty on Rabobank for BSA/AML program failures and concealment of documents from examiners. When the DOJ and bank regulators have resolved parallel investigations simultaneously over the last several years, it has become standard practice for the smaller penalty to be credited against the larger, eliminating the “stacking” of penalties by multiple regulators. The Rabobank resolution is no different: Rabobank’s plea agreement with the DOJ agrees to credit the $50 million paid to the OCC against the $368 million forfeiture amount.
Implications of the Rabobank Resolution
While the Rabobank resolution involved somewhat unique facts—particularly the allegations that Rabobank affirmatively deceived its regulator and undercut its own compliance staff—the resolution has several parallels with other recent BSA/AML resolutions that financial institutions may wish to consider in assessing their BSA/AML compliance programs.
First, while the handful of major BSA/AML criminal resolutions over the past year were resolved through Deferred and Non-Prosecution Agreements (e.g., the $586 million DPA entered with Western Union in January 2017, and the $97 million NPA entered with Banamex USA in May 2017), the Rabobank resolution makes clear that the DOJ is prepared to require banks to plead guilty in certain circumstances. Specifically, while the Statement of Facts notes that the $368 million penalty imposed on Rabobank was tied to the volume of suspicious activity that went unreported because of persistent deficiencies in its BSA/AML compliance program, the guilty plea was the consequence of the bank’s evident attempts to mislead prudential regulators and marginalize its own well-meaning compliance staff. As Acting Assistant Attorney General John P. Cronan explained in announcing the resolution, Rabobank’s guilty plea “is a warning to financial institutions that there are significant consequences for banks that engage in obstructive conduct in an effort to hide their anti-money laundering program failures.” Also of note in the Rabobank case was the separate charging, and cooperation, of an individual former Rabobank compliance officer. This aspect of the Rabobank matter underscores enforcers’ continued focus, where appropriate, on imposing individual liability for serious BSA/AML-related failures.
Second, the Rabobank resolution highlights the focus of prosecutors and bank regulators on staffing levels within regulated entities’ BSA/AML compliance functions. Indeed, Rabobank conceded that, at some points during the relevant period, it employed only three employees to investigate more than 2,300 alerts each month. In the same vein, the DOJ and OCC also cited policies and procedures—including the so-called “Verified List” of high risk customers requiring no investigation—that had the effect of providing “shortcuts” to clear high numbers of alerts with a minimal investment in staff.
Third, the Rabobank resolution highlights the DOJ’s focus on transactions involving geographies that are known to carry a higher risk of financial crime and money laundering. Indeed, two of the more recent DOJ BSA/AML resolutions—with Rabobank and Banamex USA, in May 2017—involved business done at or across the U.S.-Mexico border, and the resolution early last year with Western Union (January 2017) involved transactions with China. These resolutions underscore the need to implement and maintain BSA/AML controls commensurate with the risks posed by transactions involving higher risk geographies.
Associate Jeffrey Newton contributed to this Client Memorandum.