Lauren Bacall Whistling or How to Structure Customer Due Diligence

Yesterday we honored Robin Williams whom we lost earlier this week. Today we honor Lauren Bacall. She will always be a part of that great team of Bogey and Bacall. Most of us were introduced to her in the movie To Have and Have Not. I thought she was one of the most sultry and sexy icons of the 40s screen sirens. As Manohla Dargis wrote in her article for the New York Times (NYT) entitled, “That Voice and the Woman Attached,” that “When she opened her mouth in “To Have and Have Not” — taking a long drag on a cigarette while locking Humphrey Bogart in her gaze — she staked a claim on the screen and made an immortal Hollywood debut. But in 1944 at the exquisitely tender age of 19, she was also projecting an indelible screen persona: that of the tough, quick-witted American woman who could fight the good fight alongside her man.” She later married Bogart and together they were certainly Hollywood, if not American royalty, going forward. And she probably did more for the art of whistling than any person on Earth.

Yesterday I wrote about the Foreign Corrupt Practices Act (FCPA) investigation into certain transactions in Venezuela by Derwick Associates (Derwick) and a US company ProEnergy Services (ProEnergy). ProEnergy supplied turbines that Derwick resold to the Venezuelan government and then installed in that country. I wondered if US companies now need to become more concerned with not only who they do business with but how their customers might be doing business. In the parlance, you may now need to ramp up your ‘Know Your Customer’ information to continue throughout a seller-purchaser relationship.

Doug Cornelius, in a post on his Compliance Building blog, entitled “Proposed Regulations on Customer Due Diligence”, discussed “The U.S. Treasury Department’s Financial Crimes Enforcement Network has proposed revisions to its customer due diligence rules. Of course, the proposed rule would affect financial institutions that are currently subject to FinCEN’s customer identification program requirement: banks, brokers-dealers, and mutual funds.” While, investment advisers and private fund managers are not specifically mentioned in the proposed new regulation, Cornelius noted, “FinCEN suggested that it may be considering expanding these customer due diligence requirements to other types of financial institutions.” In other words, this new proposed regulation would not be directly applicable to a large number of US commercial enterprises doing business outside the United States.

However, the proposed regulation did provide some insight into how US companies, not otherwise subject to it, might think about ways to approach such an inquiry. Referencing an inquiry into anti-money laundering issues (AML) Cornelius wrote that AML programs should have four elements:

1. Identify and verify the identity of customers;
2. Identify and verify the identity of beneficial owners of legal entity customers;
3. Understand the nature and purpose of customer relationships; and
4. Conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.

Clearly any FCPA based due diligence would focus on point 2. Cornelius zeroed in on it when he wrote “The definition of “beneficial owner” is proposed as have two prongs”:

• Ownership Prong: each individual who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer, and
• Control Prong: An individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or (ii) any other individual who regularly performs similar functions.

He also noted, “For identifying ownership of an entity, FinCEN has proposed a form of certification.” But he found such a “certification to be overly simplistic. It only asks for individuals with ownership in the entity. This would clearly miss ownership of the account holder by other entities who could be “bad guys.” The certification also only requires one senior officer.  That makes it too easy to appoint a straw man as executive officer to hide the underlying control by a “bad guy.”” But the FinCen proposed notice itself states “these existing core requirements are already laid out in the BSA [Bank Secrecy Act] as minimum requirements”.

I was equally interested in points 3 and 4. Under point 3, an entity subject to the regulation needs to “Understand the nature and purpose of customer relationships”. The proposed regulation further explained “to gain an understanding of a customer in order to assess the risk associated with that customer to help inform when the customer’s activity might be considered “suspicious.”” Such an inquiry could help a business to “understand the relationship for purposes of identifying transactions in which the customer would not normally be expected to engage. Identifying such transactions is a critical and necessary aspect of complying with the existing requirement to report suspicious activity and maintain an effective AML (or anti-corruption compliance) program.”

The final point 4 relates to ongoing monitoring. Once again consider the position of the US Company, ProEnergy, in the referenced FCPA investigation. What can or should it have done in the way of ongoing monitoring of its customer. The proposed regulation states “industry practice generally involves using activity data to inform what types of transactions might be considered “normal” or “suspicious.”

Furthermore, FinCEN understands that information that might result from monitoring could be relevant to the assessment of risk posed by a particular customer. The proposed requirement to update a customer’s profile as a result of ongoing monitoring (including obtaining beneficial ownership information for existing customers on a risk basis), is different and distinct from a categorical requirement to update or refresh the information received from the customer at the outset of the account relationship at prescribed periods”. Lastly the proposed regulation states, “Finally, as noted above with respect to the obligation to understand the nature and purpose of customer relationships, monitoring is also a necessary element of detecting and reporting suspicious activities”.

There does not have to be a direct bribe or other corrupt payment made by a US company to have liability under the FCPA. FCPA enforcement is littered with companies that have paid bribes through third parties. However, as the Fifth Circuit said in Kay v. US, “[W]e hold that Congress intended for the FCPA to apply broadly to payments intended to assist the payor, either directly or indirectly,” [emphasis mine]. ProEnergy would seem to be at the far edge of potential FCPA liability but if it knew, had reason to know, or even perhaps should have known about some nefarious conduct by its customer, it does not take too many steps to get to some FCPA exposure. The proposed FinCEN rules on customer due diligence for financial institutions might be a good starting point for other commercial entities to consider.

If all of the above is a bit too heavy for a Friday, well view this clip on how to whistle by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Inspector Lestrade – Does Leadership Matter?

Continuing our Sherlock Holmes homage, today we draw inspiration from the character of Inspector Lestrade as the theme of this blog post. In the original Doyle works, he appears in 13 of the stories and we are only introduced to him as Inspector G. Lestrade. In the current PBS series, we are informed his given name is Greg. Lestrade is not exactly the sharpest tack in the shed, as evidenced by Holmes comments that he is “an absolute imbecile” from the The Red-Headed League and the “best of a bad lot” from The Boscombe Valley Mystery.

I thought about Inspector Lestrade when I read some of the comments of UBS Chief Executive Officer (CEO), Sergio Ermotti, as reported in the Wall Street Journal (WSJ) article entitled “UBS Chief’s Plea: Stop ‘Lecturing’ to Bankers” by David Enrich and Francesco Guerrera. UBS has not exactly been a law abiding corporate citizen over the past few years. As you might recall this is from the company, which had a $2.3 billion trading loss from one individual. It is also from the company that assisted approximately 17,000 Americans clients with illegally hiding $20bn of assets to avoid paying taxes on this money. UBS paid a fine of $780MM for these actions. But there is much more, as UBS also agreed to pay another $1.5 billion fine for its criminal actions in manipulating the LIBOR. What would you say the ‘tone’ is at UBS about complying with the law?

With all of these fines, penalties and criminal pleas behind him, Ermotti does not seem to think there is any room for criticism of his company. Rather unbelievably, Ermotti was quoted as saying, “Life is hard enough, and I think this constant lecturing on ethics and on integrity by many stakeholders is probably the most frustrating part of the equation. Because I don’t think there are many people who are perfect.” For those of you who might want that translated to Texan, the equivalent phrase is a very nasal twang of “Glass houses dear”. For the more spiritual out there you could fall back on “Let he who is without sin cast the first stone.” Perhaps the most relevant question would simply be ‘How many angels dance on the head of a pin?’

Late last year, I engaged in a dialogue with other Foreign Corrupt Practices Act (FCPA) commentators about whether motives matter in anti-corruption enforcement actions. I opined, in a post, entitled “Does Motive Matter in Anti-Bribery and Anti-Corruption Enforcement?”, that it really does not matter what the motives are for the Chinese government officials in prosecuting western companies, which violate Chinese national anti-bribery laws, if a company breaks the law, it can be subject to prosecution. The FCPA Professor, in a post, entitled “Should Motivations Matter”, said that impure motives do matter in anti-corruption enforcement actions, whether in China or the US. Others have suggested that the FCPA enforcement itself is hypocritical because the US allows gifts, entertainment, charitable donations and a wide variety of other acts to be given as a quid pro quo to US government officials, usually without criminal prosecution.

But Ermotti takes this debate to an entire new level. Now you cannot even criticize his bank unless you are ‘perfect’. Further, showcasing the obvious knowledge of his 60,000 plus employee base, Ermotti “said in the interview that most of the bad behavior that has landed UBS and others in hot water was caused by small groups of rogue employees and doesn’t reflect broader cultural problems in the industry. “It’s not because you’re a banker that you’re a criminal”.” This was in the face of criticism at the World Economic Forum in Davos (where Ermotti was interviewed and made his remarks) that “In a private meeting held between bank CEOs and central bankers and regulators Friday, several participants pointed to banks’ “conduct” issues as undermining efforts to rebuild public and investor confidence in the industry, according to executives and central bankers who were there.” This can be contrasted with Bank of England Governor Mark Carney who said at the same conference, “Whether or not [the industry] thrives will rest on the efforts of individuals and organizations to re-establish the system’s reputation for integrity”.

Yet again Ermotti doubled down when he claimed that the group, which cannot criticize, includes regulators and enforcement officials. This statement is almost the equivalent of another equally enlightened (former) CEO, Bob Diamond, who once ran Barclays and “told British lawmakers in 2011 that “there was a period of remorse and apology for banks. That period needs to be over.” The next year, Mr. Diamond was forced to resign after Barclays admitted trying to rig interest rates.” Ooops.

What does all of this say about the top of this once august organization? First and foremost, how you would like to be the person who has to ‘speak truth to power’ if your CEO says that only the ‘perfect’ can bring forward criticism? Do the words ‘career suicide’ ring any bells here? But more importantly you have a company which entered into a Deferred Prosecution Agreement (DPA) regarding its tax evasion violations and then pled guilt to criminal conduct that as reported in another WSJ article “Regulators described the alleged illegality as “epic in scale,” with dozens of traders and managers in a UBS-led ring of banks and brokers conspiring to skew interest rates to make money on trades.” What would you say about its ‘tone-at-the-top’? Are they committed to following the law? How about complying with the terms of their multiple settlement agreements with US regulators? How about changing the culture in their organization, not simply to make compliance a goal but actually obey the law? What about instituting and then following a best practices program for compliance with anti-corruption laws such as the FCPA or Bribery Act; anti-tax evasion laws such as the Foreign Account Tax Compliance Act (FACTA); relevant anti-money laundering (AML) laws; or indeed others.

Without a hint of irony, the WSJ piece on Ermotti’s remarks ends with the following quote from him, “The banking industry is an easy target.” I wonder if Ermotti has the self-awareness of Inspector Lestrade to understand the wisdom of his words?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

‘You Scratch My Back’ Leads to a Fine and Penalty

As the riders loped on by him he heard one call his name

If you want to save your soul from Hell a-riding on our range

Then cowboy change your ways today or with us you will ride

Trying to catch the Devil’s herd, across these endless skies

 

The above lyrics are the closing stanza to the song “Ghost Riders in the Sky”. I thought about the advice for the cowboy to change his ways to save his soul from Hell when I read in both the Financial Times (FT) and the Wall Street Journal (WSJ) reports that Deloitte LLP (Deloitte) agreed to a one-year suspension from soliciting new consulting work from financial institutions and agreed to pay a $10MM fine to the state of New York Department of Financial Services (DFS) for its role in the Standard Chartered Bank (StanChart) money laundering scandal. StanChart was fined $340MM by the DFS for allegations of money laundering and doing business with Iran, all in violation of US laws.

The FT article, entitled “Deloitte banned for StanChart ‘violations’”, by Kara Scannell, reported that this suspension and fine was the first against a consulting firm by the DFS. The DFS cited Deloitte for ““misconduct, violations of law and lack of autonomy” in its review of the anti-money laundering (AML) practices of Standard Chartered.” Indeed it its settlement with Standard Chartered, it was alleged that “Deloitte “aided” the bank’s deception in hiding transactions linked to Iran.” In one instance, the FT reported that “Deloitte removed a recommendation aimed at rooting out money laundering from a report filed with the state regulator. In an email cited in the settlement, a Deloitte partner said: “‘[W]e agreed’ to [StanChart]’s request because ‘this is too much and too politically sensitive for both [StanChart] and Deloitte. That is why I drafted the watered-down version’.”

However, the real problem was probably better articulated by Ben Lawsky, superintendent of the DFS, who the FT quoted as saying, “At times, the consulting industry has been infected by an ‘I’ll scratch your back if you scratch mine’ culture and stunning lack of independence.” The WSJ article, entitled “Deloitte Unit Gets One-Year Ban”, penned by reporters Shayndi Raice and Michael Rapoport, noted that in the DFS resolution “Deloitte also agreed to overhaul its internal safeguards and create new standards to increase its independence with respect to clients.” Deloitte itself was quoted in the FT article as saying “it looks forward to working constructively with DFS to establish best practices and procedures that are ultimately intended to become the industry standard for all independent consulting engagements under DFS’s supervision”.

The WSJ also reported that the DFS has been concerned for some time “that consultants who review, and help banks with, regulatory issues are potentially subject to conflicts of interest because they are hired and paid by the same banks whose work they are supposed to assess.” Apparently the DFS is looking to use Deloitte’s remediation as a “model to govern all consultants who do work for banks under the agency’s supervision.” This comes on the heels of the US Senate’s Banking, Housing and Urban Affairs Committee, Subcommittee on Financial Institutions and Consumer Affairs’ hearing this past April on the same issue. The hearing was entitled “Outsourcing Accountability? Examining the Role of Independent Consultants”. The hearing was adjourned with no resolution of legislation introduced as yet but Massachusetts’ junior Senator Elizabeth Warren is on the Subcommittee so I would not be surprised for something to come out of this issue.

The use of external consultants was also mentioned in a recent enforcement action under the Foreign Corrupt Practices Act (FCPA); that being the Parker Drilling Deferred Prosecution Agreement (DPA). In the DPA there were the following statements about an un-named US law firm and an un-named partner at said law firm, which were listed as an agent of Parker Drilling in connection with its FCPA issues in Nigeria.

1. The law firm was a US limited partnership, which provided legal advice to Parker Drilling for the issue involving the FCPA violation at issue. (Paragraph 10)
2. An unidentified “outside counsel” who provided this legal advice was a partner in the unidentified law firm. (Paragraph 11)
3. Parker Drilling entered into an agreement with a Nigerian Agent who would “act as a consultant to [Law Firm] to provide professional assistance resolving these issues in Nigeria.” (Paragraph 33)
4. Payment to the Nigerian Agent was made through the law firm, which received the Nigerian Agent’s invoice and then forwarded on to Parker Drilling for funding.
   “When the Nigerian Agent required funds, Parker Drilling transferred funds to Law Firm by wire, and Law Firm in turn forwarded those funds to Nigerian Agent by international wire. Nigerian Agent’s funding requests typically first went by email to the Law Firm and U.S. Outside Counsel and asked for currency transfers, often $100,000 or more at a time.” (Paragraph 34)
5. This U.S. Outside Counsel was identified as requesting money from Parker Drilling for entertainment of the Nigerian President (Paragraph 35a); requesting money for payment to the Nigerian State Security Service and Minister of Finance tied to “winning the concession” for Parker Drilling (Paragraph 35d); advised Parker Drilling that the Nigerian Agent in question “will need $100,000 in expense advances to cover various out of pocket expenses and social events” and that the Nigerian Agent’s expenses were running “about 4000 a day per person because of the entourage entertainment.” (Paragraph 35g); and, finally, he advised Parker Drilling that the Nigerian Agent “needs another $150,000 to accomplish his objective”. (Paragraph 35h)

What does all this mean for the compliance practitioner? First of all, it drives home the need to perform due diligence on all third party providers which will provide legal or regulatory services. If there is no underlying due diligence, there can be no understanding of the background of the service provider. The Deloitte StanChart actions, the US law firm and US lawyer identified in the Parker Drilling DPA set out a couple of issues for the consideration of a compliance practitioner in dealing with third party consultants. First and foremost, be on the watch for any third party who suggests anything illegal or that even comes up close to that line. It is clearly a red flag if a third party suggests any violation of the FCPA, AML regulations or the like. Similarly, any claim that ‘this is the way business is done in [fill in the country]’ should immediately raise a red flag. Anytime a required report is ‘watered down’ it is also a clear red flag. Lastly, if your US outside counsel suggests hiring a Nigerian agent to ‘facilitate’ any legal issues, remember the primary liability is on your company, even if you only accept that legal advice, or as the lyrics suggest “cowboy change your ways today or with us you will ride” into a large FCPA or AML settlement.

—————————————————————————————————————————————————————–

For the classic Johnny Cash version of the song, click here. For a more rocking version, check out this clip of The Outlaws by clicking here.

——————————————————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Assess Suspicious Financial Activity

The banking world is littered with institutions that have paid astronomical fines for their failures around anti-money laundering (AML) legislation. Much has been written and said about these events. However one of the areas that has received perhaps less attention is the programs that banks and other financial institutions have set up to comply with the ever-growing increase in AML regulations. But just as crooks tend to follow the money, sophisticated lawbreakers, who tend to engage in crimes such as money-laundering will try and move their operations to business and industries with less robust protections around AML. That is why I found this month’s article by Carole Switzer, President of the Open Compliance and Ethics Group (OCEG), in the June issue of Compliance Week, entitled “The Battle to Balance Vigilance and Suspicion”, to be instructive for the anti-corruption/anti-bribery practitioner who typically focuses on Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance.

In the article Switzer makes clear that she believes that “the most effective AML programs are based on the understanding that financial institutions have an obligation to all of their stakeholders to remain vigilant about AML risks. Banks are not required to prove money laundering; rather they are required to strike the right balance in their vigilant reporting of suspicious activity.” She recognizes that “banks must file a suspicious activity report (SAR) when suspicious activity arises. What qualifies as a suspicion often is a difficult question—as is the determination of whether or not to file a SAR.” Yet Switzer also notes that “filing of too many (and/or incomplete) SARs can overwhelm regulatory agencies, reducing their ability to address genuine criminal activity” and that filing “too few SARs and a company can turn a blind eye to potential money laundering, opening itself and, in some cases, its top managers to significant penalties.” I would posit that the dynamic tension would appear for any company; whether financial institution or other commercial operation. Hence, I believe that Switzer’s thoughts can be used by a non-financial concern to help protect it from violation of US or UK AML laws.

As usual, Switzer has provided a road map to illustrate her thoughts, entitled “Suspicious Activity Investigation Lifecycle”. In the diagram Switzer notes that it is important to understand each step in the lifecycle, so that a company can exploit “opportunities for technology and automation”. Technology, coupled with the human element, which recognizes the signs of suspicious AML activity can help your company protect itself and “hear through the noise.” She counsels that the “focus is to identify suspicious activity and report it, not to prove criminality; law enforcement will take it from there, blending your information with information from other institutions before making a decision on how to proceed.” She lists the following four steps.

1.      Triage – Switzer believes that “understanding and managing your inbound alerts can be an intimidating task. High alert volume and false-positives can abound, often at a 50:1 ratio (False/True).” A company should also focus on automated solutions that allow you to invest human capital into exception cases. Finally, remember to consistently review and modify the system until your organization can hear through the noise.

2.      Investigation – As an investigation process can tax your resources, you should strive to ascertain that you are making the right inquiries documenting the process at every turn. Some of the questions that Switzer suggests you focus on include “Do you understand the context? Are your procedures applicable to the product used? How does the processing channel affect the investigation? What history does the customer or organization have with your institution? Are you truly investigating or just documenting?”

3.      Action – After you have ­finished conducting research, obtained an understanding of the suspicious activity, its context, and the implications, Switzer advocates that this is the time to react. She believes that it is important to have a protocol in place. Some of her suggestions include placing the party on a continued Watch List, or you could “kick off your Enhanced Due Diligence cycle, or offboard the customer altogether.” She notes that the key here is “expediently limiting risk and exposure and promptly notifying regulatory authorities.” To which I would add: document, document, and document.

4.      Feedback/Review – As with any process you need validation or ‘a second set of eyes.” Switzer proposes that you should review your actions and reports for accurateness. Some questions that you may wish to keep in mind are the following: “Was your investigation fruitful? What did you learn? Is our current process sound and comprehensive? Learning what you have done, how it has affected your risk profi­le, and how you have reacted is critical to ongoing success.” A rigorous system would “constantly challenge assumptions and work to refine the process. Evaluate how your customers, products, and business are changing, and develop new scenarios.”

Switzer notes some of the more common mistakes made include failure to document your compliance efforts and missing of key internal and external deadlines for reporting. She cautions against tipping off customers directly during the inquiry process or indirectly through sending questions to a third party which may convey such information. Finally, training is important so that any report which is generated is not of such poor quality, incomplete or overly vague as to be useless and miss important information.

As with other areas of compliance, there are best practices which are fairly well known. Switzer reminds us that your suspicious activity program should constantly challenge your ongoing assumptions and evaluate the accuracy of your program. You should regularly review and adjust thresholds amounts for such investigations and study new typologies. Tone at the top is key in the suspicious activity area of AML compliance so your company should create a culture of compliance, ensure the staff is aware and empowered to do the right thing. Your compliance program should incorporate ongoing monitoring and outcome analysis. Lastly, do not forget to train.

Most non-financial enterprises do not look at potential AML issues, certainly not as thoroughly as financial institutions. However, I believe that this may well be the next area that corrupt persons and parties will try to exploit from otherwise law-abiding entities. The time to prepare is sooner rather than later. Switzer has laid a protocol which you can implement and which can go a long way down the road to protecting your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

British PM Leads the Fight against Shell Corporations

One of the critical areas in due diligence for foreign business partners is determining who are the true owners of an entity. Unfortunately this is not always possible to determine as many countries do not require the names, addresses and other identifying information of shell company owners or limited liability partners. Many people think of the Cayman Islands or other traditional tax havens when such issues arise.

However, a surprising number of allegedly low risk countries also have this problem. New Zealand is generally recognized as one of the lowest risk countries in the annual Transparency International Corruption Perceptions Index (TI CPI), nevertheless this rating may not be all it seems. In an article by Michael Field on Stuff.co.nz, entitled “NZ firms linked to money laundering”, Field reported that one individual was listed as a Director of over 300 New Zealand formed companies. Another person, listed as the Director of the New Zealand Company alleged to have been involved with the shipment of arms to North Korea, was “convicted of 75 breaches of the Companies Act for giving false addresses on registration forms”.

New Zealand is not the only country with a low corruption perception which may not be completely accurate. In a Reuters article, entitled “Special Report: A little house of secrets on the Great Plains”, authors Kelly Carr and Brian Grow reported on one house in Cheyenne, Wyoming, which the authors claim “serves as a little Cayman Island on the Great Plains” as it is home to the registration of over 2,000 entities. The article claims that Wyoming allows “the real owners of corporations to hide behind “nominee” officers and directors with no direct role in the business, often executives of the mass incorporator.” Carr and Grow also quote Jason Sharman, a professor at Griffith University in Nathan, Australia, who states that “Somalia has slightly higher standards [for business incorporation] than Wyoming and Nevada.”

One of the anomalies in the ongoing Hewlett-Packard (HP) investigation, for alleged bribery and corruption violations in its German subsidiary, was the German authorities’ investigation of activities in and through the state of Wyoming. The article by Carr and Grow may help explain why the German authorities needed to investigate matters relating to Wyoming where the allegations were that bribes were paid by a HP German subsidiary for a sale into Russia.

Against this backdrop, British Prime Minister David Cameron has taken the lead in forcing jurisdictions who register such companies to disclose their ownership. While Cameron has come at this problem through the angle of tax evasion and compliance, it clearly has implications for the US Foreign Corrupt Practices Act (FCPA), UK Bribery Act and various anti-money laundering (AML) laws. The issue of public registers and beneficial ownership is coming to the fore on the eve of the G8 Summit which will be held in Northern Ireland starting next Monday. The Guardian has reported, in an article entitled “David Cameron under pressure to clarify owners of firms at G8”, that Cameron has also been given a political boost by the Cayman Islands agreeing to sign the OECD multilateral convention on tax transparency and information, the most important of the British overseas territories to do so.”

However, perhaps there is legislation on the way to close this loophole in the US. In another Reuters article, entitled “US House bill targets anonymous shell corporations”, Patrick Temple-West reported on prior US legislative attempts to require disclosure of corporate beneficial owners. Three such efforts have failed since the year 2000. Who might oppose such legislation? Temple-West reported that “Some state government group[s] remain opposed. In the past, resistance has also come from business groups and lawyers.” I am also somewhat chagrined to report that an organization that I belong to, the American Bar Association (ABA), has opposed prior legislation to provide greater discloser for shell companies.

Still this resistance may be changing. In an article in the New York Times (NYT), entitled “Obama Urged To Back Plan To List Owners Of Shell Firms”, Ravi Somaiya reported that “Anticorruption activists have urged President Obama to back a plan to publicly register the owners of shell companies in the United States and around the world, a move they say is essential to thwart corrupt government officials, tax evaders and money launderers who rely on an opaque financial system.” This problem has existed for several years in the US. Somaiya reported that “The Financial Crimes Enforcement Network, a bureau of the Treasury Department, estimated in 2005 that as much as $18 billion in suspicious transactions were made using international wire transfers that used shell companies in the United States.”

Somaiya also quoted Jack A. Blum, a lawyer and the chairman of Tax Justice Network USA, who said “These anonymous shell companies are used by everybody who steals money. Tens of thousands of shell corporations have been set up within the United States, he said, primarily in four states — Delaware, Montana, Nevada and Wyoming — that have loose regulations.” We know that the bad guys are selling the U.S. as a place to set up companies,” Mr. Blum said, citing its “aura of legitimacy.”

How does all of this relate to due diligence as the US problem would not seem to impact a company covered by FCPA? First of all, a company should know with whom they are doing business, and more pointedly a US company which is subject to the UK Bribery Act needs to recognize that any agent, distributor or other type of representative here in the US, is a foreign entity under the Bribery Act and needs full due diligence. While the jurisdictional scope of the Bribery Act has yet to be fully fleshed out, such a US company needs to consider its due diligence here in the US and may need to strengthen its investigations and background checks on such parties to comply with the Bribery Act.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Risk Assessments in an Anti-Money Laundering Compliance Program

Today we celebrate that noted British comedian who made his fame in America – Bob Hope.  He had a successful film career largely thanks to the series of seven “Road” movies he made with Bing Crosby and Dorothy Lamour, including Road to Singapore (1940), Road to Morocco (1942), Road to Utopia (1946) and Road to Rio (1947). Hope is also known for his entertainment of US military forces overseas. In 1941, after America’s entrance into World War II, Hope began performing for US troops abroad; he would play shows for more than a million American servicemen by 1953. Some 65 million people watched him perform for troops in Vietnam on Christmas Eve in 1966, in his largest broadcast. Hope also became a legend for his countless TV specials, which he would perform over the course of some five decades. He hosted the Academy Awards ceremony a total of 18 times, more than any other Oscars’ host.

What does Bob Hope have to do with compliance? First he was a comedian and second he reinvented himself several times. The anniversary of his birthday reminded me of an article written by Carole Switzer, the co-founder and President of the Open Compliance and Ethics Group (OCEG), for Compliance Week Magazine entitled “Analyze This: The Value of Business Risk Assessments.” In her article, one in a continuing of her series of GRC Illustrated articles, Switzer says that anti-money laundering (AML) compliance programs, like therapy are “difficult to define and relatively easy to avoid.” She quoted Larry David, co-creator of Seinfeld and creator of “Curb Your Enthusiasm” for the following thought on therapy, “I know enough about myself now to know that I really don’t need to know anymore.” Unfortunately, as Switzer notes, many companies have the same problem when it comes to their AML programs.

Switzer discusses a recent report by the UK Financial Services Authority (FSA) which highlighted four general reasons that UK banks failed to have effective AML programs. The same four reasons hold true for non-banking sector US companies in the area of AML.

(a) Denial. The FSA reported that one-third of the banks “failed to review their business-risk assessment program on a regular basis. Additionally, about one-third of the companies scrutinized also failed to alter their risk assessments in response to new developments and insights, such as when allegations of major corruption were levied against a customer or when a country’s risk profile spiked due to regime change.”

(b) Grandiose delusions (imagine a bank with grandiose delusions!). The FSA found that too many “customer-facing “relationship managers” could override customer risk scores produced by the risk-assessment program—without sufficient evidence to support the decision to disregard the score.”

(c) Borderline suspicious. Bank personnel did not understand how the AML risk assessment was generated and indicated that they were “confused” regarding what score indicated that a customer was a high risk.

(d) Avoidance coping. The FSA noted that institutions “inappropriately low risk weightings for high-risk factors, “sometimes overtly”; while “other banks chose to ignore well-known high-risk indicators and other adverse information from a variety of sources, “such as links to certain business activities commonly associated with higher levels of corruption.”

Fortunately Switzer laid out her thoughts on what an effective business risk assessment program should contain. From this risk assessment, you can identify where your company should focus its AML resources, determine how changes might affect your company, and where your program may need enhancement. She is quite clear that without an effective risk assessment, “your AML program will be inefficient as well as ineffective.” She sets our five steps to take.

1. Define the Risk. Switzer says that “At the forefront of any good business risk assessment program is an executive vision. The executive sponsorship must ask themselves diffi­cult, critical questions.” This is largely because while there are certainly known risks to a business there are also risks you and your company may not be aware of so it is important to define what you know but leave it flexible enough to cover the unknown when it becomes known to you. Switzer lists some of the questions that you might begin with, which include: What are the inherent risks in our current business? What controls do we have in place? How much risk, after the business risk assessment process is instituted, remains? Should we close business locations? Should we add additional controls? Should we put spending restrictions in place? Are other industries at the same level of risk?
2. Gather Intelligence. In this step, after executive sponsorship has set the strategy in motion, you must gather intelligence to truly understand the exposure across the organization’s products, services, and customer base. The AML team should consult local business and compliance leaders to gain key insight. The specific steps include: (1) Develop the business risk assessment questionnaire. (2) Determine what controls are currently in place. (3) Review the external risk. (4) Understand the magnitude of each risk factor. (5) Gather and normalize all data for review.
3. Review the Findings. Once a full business assessment has been conducted and all the data collected, a full analysis of the data is performed at multiple levels. The overall picture of risk is reported to business line, regional leaders, and enterprise leaders. Switzer’s specific steps include (1) Creation of full evaluation reports of all measured data. (2) Involve AML staff, regulators, and critical business leaders in your review. (3) Utilize external, unbiased consultation to determine product and service risk for remediation.
4. Decide How to Proceed. Switzer advises that after you come to an understanding of your exposure and risk, your vision has been set, and you have gathered data and reviewed it, you can set a course to move ahead. However, she cautions that “continual review of the plan’s impact on the business, even at this stage, is critical.”
5. Implement the Plan. At this final step, after your company has defined its strategy, determined, by measurement, the exposure to AML risk, understood and evaluated the areas of potential risk and then “determined a path to accept, resolve and eliminate, it’s time to go to work setting the plan into motion—however, just because you are now implementing doesn’t mean you can relax. Constant scrutiny, learned best practices, and ongoing monitoring are critical.”

Switzer concludes by stating that “Risk assessment programs must evolve quickly as risks and crimes do. Building in a good system of correction and monitoring that can flex with your organization is critical.” So just as Bob Hope reinvented himself as the tastes of society changed, your risk assessment should be a “living, breathing process.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Marine Transportation and Anti-Money Laundering

My recent article on the marine transportation industry and the Foreign Corrupt Practices Act (FCPA) generated some discussion ranging wider than simply the port agent issue regarding interaction with foreign government officials. One of the discussion points was how and where a company should pay the crew. One of the sacrosanct rules that I learned while working at Halliburton was that payments to any third parties had to be made to either (1) the location where the services were delivered or (2) the location where the third party was domiciled. It was called ‘Offshore Payments’ and the legal department was charged with making sure that all contracts specified payments to be delivered into one of the aforementioned locations. The rule was designed to comply with Anti-Money Laundering (AML) rules and regulations. This concept also appears in the FCPA as a red flag if a third party desires to be paid outside either of the locations stated because a corrupt entity or person could use funds already in the banking or financial system to disguise any movement that might reveal the corrupt action, such as a bribe to a foreign governmental official.

Obviously you cannot pay a ship’s crew in the location where the services are delivered if those services are delivered at sea. So that would seem to leave jurisdiction where a crew member is domiciled. But in addition to the home domicile there are other AML issues such as the bank to which the payments are wired into from the US.. The Financial Action Task Force (FATF) Recommendations on the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation set out several in its White Paper released last year. These included due diligence on payees to determine politically exposed persons and specially designed individuals, record keeping, controls regarding payee banks and financial institutions and reporting of suspicious transactions, among others. In others words, there are many concerns about paying third parties; even those third parties a company might not normally consider in their own compliance regime.

Based upon these conversations, I thought a deeper look into AML issues was warranted. Fortunately Carol Switzer, President of the Open Compliance and Ethics Group (OCEG) just penned another piece in her series in Compliance Week on compliance related issues. This month Switzer has taken a look at AML issues in an article entitled “The Complex Mechanics of Money Laundering” and compended with the article is another of OCEG/Compliance Week, GRC Illustrated Series, where in an illustrated manner, they review how to build an effective AML program.

Switzer explains that there are several laws which deal with AML compliance. They include “the Intelligence Reform & Terrorism Prevention Act of 2004, which amended the BSA; the Money Laundering and Financial Crimes Strategy Act; and the Money Laundering Suppression Act).” There are numerous regulatory and enforcement agencies with domestic AML oversight. They include “the U.S. Department of the Treasury and its Financial Crimes Enforcement Network (FinCEN), to the Security and Exchange Commission to the Dodd-Frank Act’s Consumer Financial Protection Bureau (CFPB) to the New York Stock Exchange, IRS, FBI, and a number of federal banking regulators.”

In the illustrated section following Switzer’s article, it sets out three basic steps which are (1) Define the Risk; (2) Quantify the Risk; and (3) Manage the Risk.

I.                   Define the Risk

It all begins with a comprehensive organizational analysis so that you can understand how much exposure your organization has and where it originates. A company should keep track of the places it does business and how it does business, either directly or through third parties. A company should determine where threats are hiding in its operations and to identify any specific AML issues posed by a particular products or service line. A company should also understand the enhanced risks posed by any specific geographic markets and then identify the risks inherent in different customer types.

II.                Quantify the Risks

Under this prong, a company should determine the quantitative impact of defined risks, both from a customer and asset perspective, while understanding how operating locations may affect these identified risks. Next a business should profile and risk rate customers and assets based on risk attributes including customer geography, business structure, sources of funds, business type, products and services utilized and other factors. From these factors a company should then formulate a comprehensive business risk assessment.

III.             Manage the Risk

Based on steps one and two a company should then implement an AML program consisting of people, processes, and controls proportional to the quantified risks which can ensure compliance, visibility, and protection. This Step III has four subparts.

1. Design: A company should define its internal roles and responsibilities. There should be designated risk categories which will inform the appropriate level of due diligence. A company should build and implement both suspicious activity controls and transaction monitoring.
2. Implement: This step involves the establishment of policies and procedures and training of employees and relevant third parties there. To the extent possible OCEG recommends using technology to monitor, review, escalate, and report suspicious activities using a risk-based and practical approach. Lastly, they recommend that companies should exchange knowledge with industry peers and experts.
3. Test and Analyze: A company should regularly test its controls and monitor personnel and third parties. A company should evaluate the data that it receives. Finally, as with all compliance regimes, there should be a confidential reporting mechanism to report suspicious activities or other violations.
4. Report: A company should report suspicious activity and any AML controls system weaknesses should be scheduled for analysis. A company should also document and file any suspicious activity for both its own internal use and regulatory reporting requirements.

A company must continually capture and update its understanding of threats and system weaknesses to influence continued evolution of an effective AML program. This should be coupled with the continuous evolution of your AML program because the nature of money laundering is ever-evolving as criminals construct new and “improved” methods to hide the proceeds of crime and funds for financing criminal action, making it ever more difficult to monitor and stop.

So how about the payment issue in marine transport industry and the ship’s crew? Most US companies no longer own and crew the ships they use to transport product or cargo and will typically use a charter party. The charterer gives orders for the employment of the vessel and payment of the crew. If your company is in such a position I would suggest that it make the following inquiries of your charter party. 1) Does the charter party have an International Organization for Standardization (ISO) program and policy in place for the hiring and paying of employees?; 2) Does the charter party vet all employees to include license checks; verify bank address to employee address and obtain background checks thereon?; 3) Does your charter party ensure that all banking transactions made to the employees are documented starting with hours worked, signature from masters and payments made to employees home country only?

If you are in the marine transport industry and use a third party to pay those working on your behalf you need to review the third party’s AML program. The same is true for any other business which uses a third party company to make payments to others outside the US.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The HSBC AML Settlement – Lessons Learned for the AML Compliance Practitioner

I recently wrote about banks behaving badly. Currently, Exhibit A in that list is HSBC. In December, 2012, the UK banking giant HSBC agreed to pay a fine of $1.92 billion for its transgressions involving money laundering. Today I want to look at the violations which the company engaged in and its resolution.

I.                   HSBC AML Violations

Regarding the HSBC AML claims there were four major areas of money laundering violations by HSBC. As listed in the Statement Facts to the Deferred Prosecution Agreement (DPA) they read:

10. There were at least four significant failures in HSBC Bank USA’s AML program that allowed the laundering of drug trafficking proceeds through HSBC Bank USA:

1. Failure to obtain or maintain due diligence or KYC information on HSBC Group Affiliates, including HSBC Mexico;
2. Failure to adequately monitor over $200 trillion in wire transfers between 2006 and 2009 from customers located in countries that HSBC Bank USA classified as “standard” or “medium” risk, including over $670 billion in wire transfers from HSBC Mexico;
3. Failure to adequately monitor billions of dollars in purchases of physical U.S. dollars (“banknotes”) between July 2006 and July 2009 from HSBC Group Affiliates, including over $9.4 billion from HSBC Mexico; and
4. Failure to provide adequate staffing and other resources to maintain an effective AML program.

We will review each of these in more depth to provide guidance to the AML compliance practitioner on the steps that their financial institution needs to take.

a.      HSBC Bank USA Failed to Conduct Due Diligence on HSBC Group Affiliates

One of HSBC Bank USA’s high risk products was its correspondent banking practices and services. Correspondent accounts were established at banks to receive deposits from, make payments on behalf of, or handle other financial transactions for foreign financial institutions. They are considered high risk because the US bank does not have a direct relationship with the clients and, therefore, has no diligence information on the foreign financial institution’s customers who initiated the wire transfers. To mitigate this risk, the Bank Secrecy Act (BSA) requires financial institutions to conduct due diligence on all non-US entities for which it maintains correspondent accounts. There is no exception for foreign financial institutions with the same parent company.

HSBC Bank USA was required under the BSA to conduct due diligence on all foreign financial institutions with correspondent accounts, including HSBC Group Affiliates, which it failed to do, from at least 2006 to 2010.  The decision not to conduct due diligence was guided by a formal policy memorialized in HSBC Bank USA’s AML Procedures Manuals.

b.      HSBC Bank USA Failed to Adequately Monitor Wire Transfers

From 2006 to 2009, HSBC Bank USA monitored wire transfers using an automated system called the Customer Account Monitoring Program (“CAMP”). The CAMP system would detect suspicious wire transfers based on parameters set by HSBC Bank USA under which various factors triggered review, in particular, the amount of the transaction and the type and location of the customer. However, HSBC Bank USA knowingly set the thresholds in CAMP so that wire transfers by customers located in countries categorized as standard or medium risk, including foreign financial institutions with correspondent accounts, would not be subject to automated monitoring unless the customers were otherwise classified as high risk.

Between 2000 and 2009, HSBC Bank USA, specifically disregarded numerous publicly available and industry-wide advisories about the money laundering risks inherent to Mexican financial institutions. These included the following:

1. The U.S. State Department’s designation of Mexico as a “jurisdiction of primary concern” for money laundering as early as March 2000;
2. The U.S. State Department’s International Narcotics Control Strategy Reports from as early as 2002 stating that Mexico was and continues to be one of the most challenging money laundering jurisdictions for the United States;
3. The April 2006 Financial Crimes Enforcement Network (“FinCEN”) Advisory concerning bulk cash being smuggled into Mexico and deposited with Mexican financial institutions;
4. The federal money laundering investigations that became public in 2007-08, involving Casa de Cambio Puebla, a Mexican-based money services business that had accounts at HSBC Mexico, and Sigue, a U.S.-based money services business, that had accounts at HSBC Mexico; and
5. The federal money laundering investigation into Wachovia for its failure to monitor wire transactions originating from the correspondent accounts of certain Mexican money services businesses, which became public in April 2008.

 c.       HSBC Bank USA Failed to Monitor Banknotes’ Transactions with HSBC Group Affiliates

HSBC Bank USA’s Banknotes business (“Banknotes”) involved the wholesale buying and selling of bulk cash throughout the world. The Banknotes business line was a high risk business because of the high risk of money laundering associated with transactions involving physical currency and the countries where some of its customers were located. In an attempt to mitigate these risks, Banknotes’ AML Compliance monitored customer transactions.  The purpose of transaction monitoring was to identify the volume of currency going to or coming from each customer and to determine whether there was a legitimate business explanation for buying or selling that amount of physical currency.

Despite the high risk of money laundering associated with the Banknotes business and FinCen advisories to the contrary, the HSBC Banknotes’ AML compliance consisted of one, or at times two, compliance officers. Unlike the CAMP system for wire transfers, Banknotes did not have an automated monitoring system, and, as a result, the Banknotes’ compliance officers were responsible for personally reviewing the transactions of approximately 500 to 600 Banknotes customers. These attempted reviews were deemed wholly insufficient.

d.      HSBC Bank USA Failed to Provide Adequate Staffing and Other Resources to Maintain an Effective AML Program

HSBC’s conduct regarding its AML policy was found to be completely wanting. Not only did the Bank fail to fill senior compliance officer positions after personnel left the Bank but it actually reduced the resources available to the compliance program by cutting funding in 2007. In 2008, the Chief Operating Officer (COO) for Compliance conducted an internal review of the AML compliance program and found it to be “behind the times” and noted that the program was under-resourced and understaffed. Despite these findings the Bank did not begin to address the resource problems until late 2009.

II.                HSBC Remedial Measures

The Department of Justice (DOJ) listed the remedial actions which HSBC engaged in that led, in part, to successfully avoiding a Criminal Indictment by the DOJ.

1. Change in Leadership and increase in resources. The Bank hired a new leadership team. In 2011, the Bank spent more than $244 on its compliance program. The Bank substantially increased the personnel in its compliance function from 92 full time employees and 25 consultants in 2010 to 880 full time employees and 267 consultants as of May 2012.
2. Claw Backs. The Bank ‘clawed back’ compensation from senior company executives.
3. Compliance Function. The Compliance Department was separated from the legal department and given direct reporting lines to the Board of Directors.
4. Exiting high risk business lines. The Bank exited the Banknotes business and ended 109 high risk business relationships.

The HSBC investigation and enforcement action took years and cost the Bank millions of dollars. The Bank ignored not only its internal compliance requirements but also outside information about the high risk nature of many of its business relationships. Banks must review their compliance programs to determine if any of the factors present in the HSBC matter are risks to their business models and remediate them as soon as possible to avoid a similar fate.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Is It the End of the (Compliance) World?

It’s the end of the world as we know it.

 It’s the end of the world as we know it.

It’s the end of the world as we know it and I feel fine.

Today the Mayans predicted the world would end. I must say that I find the Mayans had a complete lack of courtesy, indeed if not foresight, as they did not identify the time the world would end and further did not specify if the time not indicated would be GMT or some other time zone. I would note for the record that for anyone who went to college in the 1980s, the R.E.M. version may be more prescient – “It’s the End of the World as We Know It (And I Feel Fine)” and I actually feel pretty good today, and thanks for asking. Finally, for all you conspiracy theorists out there, you might recall that, in the final episode of the X-Files, the Cigarette-Smoking Man predicted the end of the in 2012, although with even less courtesy than the Mayans, he did not give us any date. So if you are reading this blog it means that the world has not yet ended. If you are not reading it, I hope you enjoyed the rapture.

While the Mayans may have believed that the apocalypse was coming down as we neared the end of 2012, there may well be other events which have a more contemporary meaning for us. Exhibit A is the article in the Wednesday Wall Street Journal (WSJ), entitled “A Banker’s Costly Cab Ride”, in which reporter Aaron Lucchetti detailed the woes which have befallen the former Morgan Stanley employee William Bryan Jennings who got into a dispute with a cab driver over a fare during the holiday season in the pre-apocalypse year of 2011. The dispute got so heated that Jennings pulled a pen knife on the cab driver and cut him so that the driver required stitches. Police filed and later dropped charges against Jennings but Morgan Stanley fired him in October of this year, before there was a final determination that the charges would be dropped.

Jennings, a 22 year veteran of the company, was fired for breaching the Company’s Code of Conduct, which was reported to read in part “We promote a culture of integrity by taking personal responsibility for our actions, making the right decisions and being accountable.” The Code further specifies, “…If you violate the Code or other Morgan Stanley policy or procedure, you will be subject to the full range of disciplinary sanctions, including termination of your employment.” In addition to summarily firing him, the WSJ article reported “Morgan Stanley refused to give him a deferred-compensation payment in June and has frozen as much as $5 million or more…” Ouch!

In our continuing look at “Banks Behaving Badly” Exhibit B is the report by Bloomberg News regarding the HSBC $1.9 billion settlement with the US Department of Justice (DOJ) to resolve its anti-money laundering violations. In an article entitled “HSBC Judge Requests Reasons to Approve Drug-Money Accord” it is reported that the Judge, who will pass upon the settlement with HSBC, has asked the parties “to submit a brief giving reasons he should approve the bank’s $1.9 billion settlement of money-laundering charges over drug cartel-related transfers.” The Judge was quoted as saying, “My suggestion is you present to the court a document that demonstrates why I should accept the agreement” and “There’s been some publicized criticism of this. I think you should feel free to address it.” With all the criticism of the settlement and its no criminal penalties perhaps he wants to know the same thing as Halah Touryalai, who asked in an article entitled “Final Thought On HSBC Settlement: How Much Bad Behavior Will We Tolerate?”, “What’s a bank got to do to get into some real trouble around here?” She then added, “The scary part about the HSBC settlement is that U.S. authorities are essentially saying they couldn’t act on criminal charges because it would harm the larger financial system. That’s got many calling HSBC (and potentially others) too-big-to-jail.”

Exhibit C is the article today in the WSJ by Chris Matthews entitled, “Judge Won’t Approve IBM, SEC Bribery Settlement”. In it he reported that the District Judge, in whose court the SEC filed its agreed to settlement with IBM for FCPA violation, refused to accept the agreed upon settlement. Judge Leon, the trial judge in the Gun Sting cases, was reported to have said he, “couldn’t approve the settlement unless the SEC and IBM agreed to abide by additional settlement terms imposed by the court or explain why the terms are too burdensome.” IBM’s counsel argued that certain of the Judge’s conditions were too burdensome and these included, that “that IBM must report to the court and the SEC annually on its efforts to comply with the FCPA, report any future violations of the FCPA, and report any new criminal or civil investigations.” Matthews wrote that “IBM said it was willing to report future improper payments, and books and records violations related to such payments, but was unable to report broader accounting inaccuracies that weren’t tied to improper payments.” Judge Leon asked “So if they learn about other FCPA violations, they get a pass on that?” He also “pressed lawyers for the SEC and IBM about what data they had to prove reporting FCPA books and records violations would be burdensome and wondered aloud why “one of the largest companies in the world” couldn’t track that.” Burdensome indeed.

So if the world does not end today, I hope that you have (or will) enjoy the shortest day of the year. As this will be my final post before Christmas, a Merry Christmas to all. I submit for your holiday enjoyment what I consider to be the greatest Christmas and holiday song of all-time, Nat King Cole singing “The Christmas Song”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Banks Behaving Badly or Brother Can You Spare A Billion (or Two)?

Remember when a billion dollars was real money? Over the past couple of weeks there have been some mammoth fines paid by financial institutions for conduct, which would appear to fall under the category of “Banks Behaving Badly”. Last week HSBC agreed to pay a fine of $1.92 billion for its transgressions involving money laundering. UBS is in the final stages of negotiations to pay $1.5 billion to resolve allegations that it tried to rig interest rate benchmark (i.e. ‘Libor’) to boost trading profits. Finally, on December 10, coming in at a paltry $327 million are our old friends Standard Chartered, which admitted processing thousands of transactions for Iranian and Sudanese clients through its American subsidiaries; subsequently to avoid having Iranian transactions detected by the US Treasury Department computer filters, Standard Chartered deliberately removed names and other identifying information, according to the authorities. All in all, it’s not been a bad couple of weeks for the US Treasury, given the current stalemate over the ‘fiscal cliff’ and the need to reduce the US deficit.

For those of you keeping score at home, we present our updated Banks Behaving Badly Box Score of Settlements

Banks Behaving Badly – Box Score of AML Settlements

Bank	Amount	Date of Settlement
Lloyds TSB Bank	$567MM	December 2009
Credit Suisse	$536MM	December 2009
ING Bank	$619MM	June 2012
Royal Bank of Scotland	$500MM	May 2012
Barclays	$298MM	August 2012
Standard Chartered – NY state	$340MM	August 2012
Standard Chartered – Federal	$327MM	December 2012
HSBC	$1.92 BN	December 2012
Total	$4.004BN

Banks Behaving Badly – Box Score of Libor Manipulation Settlements

Bank	Amount	Date of Settlement
Barclays	$450MM	June 2012
UBS	$1.5BN (proposed)	December 2012?
Total	$1.95BN (proposed)

If you do not have a calculator handy, for the 2012 banking season alone, that is $4,004,000,000 all going to the US Treasury thanks to our friends at Banks Behaving Badly. If you want to sneak-a-peak at what it might look like if the UBS settlement comes through just add on an additional $1.5 bn so that is over $6 billion in fines, penalties and disgorged profits from one industry sector in one year. And people have the temerity to complain about the energy industry being corrupt.

So what is the cause of ‘Banks Behaving Badly’? Back in June, at the time of the Barclays Libor manipulation settlement, the Financial Times (FT) wrote on its Op-Ed page in the piece entitled “Shaming banks into better ways” that “few have shone such an unsparing light on the rotten heart of the financial system” and then went on to say “nothing less than a long-running confidence trick played on the public for personal and institutional advantage” and even pointed out the “rotten culture at Barclays”. The FT editorial clearly focused on ethics when it said “But beyond the questions about legality there is a bigger worry about the wayward behavior of the financial sector.” The FT editorial concluded by telling banks that if “banker-bashing is to stop, the banks themselves must change.” Typical British understatement at its finest wouldn’t you say?

The HSBC settlement was announced by Lanny A. Breuer, Assistant Attorney General of the Justice Department’s Criminal Division. In the Department of Justice (DOJ) Press Release it was reported that HSBC received a Deferred Prosecution Agreement (DPA) which required, among other things, that it “committed to undertake enhanced AML and other compliance obligations and structural changes within its entire global operations to prevent a repeat of the conduct that led to this prosecution.  HSBC has replaced almost all of its senior management, “clawed back” deferred compensation bonuses given to its most senior AML and compliance officers, and has agreed to partially defer bonus compensation for its most senior executives – its group general managers and group managing directors – during the period of the five-year DPA.  In addition to these measures, HSBC has made significant changes in its management structure and AML compliance functions that increase the accountability of its most senior executives for AML compliance failures.” There will also be an independent outside monitor appointed to oversee the bank’s compliance efforts and report periodically to the DOJ.

Even with all the above and the fines, penalty and profit disgorgement, the DOJ has come under withering criticism for its failure to both let HSBC off so lightly, with a DPA, where “HSBC Bank USA failed to monitor over $670 billion in wire transfers and over $9.4 billion in purchases of physical U.S. dollars from HSBC Mexico” and no individuals were indicted. CNN reported that Sen. Charles Grassley, R-Iowa, sent a stinging letter to Attorney General Eric Holder, calling it “inexcusable” for the department [DOJ] not to prosecute criminal behavior by HSBC. Senator Grassley’s letter was quoted as saying, “What I have seen from the department is an inexplicable unwillingness to prosecute and convict those responsible for aiding and abetting drug lords and terrorists.” Further, “By allowing these individuals to walk away without any real punishment, the department is declaring that crime actually does pay,” Grassley asserted.

Halah Touryalai, in an article entitled “Final Thought On HSBC Settlement: How Much Bad Behavior Will We Tolerate?” in forbes.com, put it another way. Touryalai asked “What’s a bank got to do to get into some real trouble around here?” She went on to say, “So, let’s get this straight. A major global bank failed to catch activity that put our country’s security at risk and now it is sorry… The HSBC case brings to the forefront a big question for the U.S.: How much are we willing to tolerate from financial services companies? If we’re looking at the HSBC case then a lot, apparently.” Finally, Touryalai spoke for many when she said, “The scary part about the HSBC settlement is that U.S. authorities are essentially saying they couldn’t act on criminal charges because it would harm the larger financial system. That’s got many calling HSBC (and potentially others) too-big-to-jail.”

However, the DOJ had many data points to factor into its calculus on settlement. First, and foremost, (apparently) remains Arthur Anderson. If the DOJ had pushed for a criminal settlement, would it have debarred HSBC from doing business with the US government or its monies going through the US banking system? What would be the effect of such a remedy? What if the DOJ had pushed too far and HSBC felt it had no choice but to go to trial, would they have been Arthur Andersen’d out of business? Perhaps this is a variant of the “too big to fail” argument, called the ‘too-big-to-put-out of business’ argument.

But there is another reason for the specific terms of the HBSC settlement, which was discussed by Lanny Breuer during the news conference. He stressed the extraordinary cooperation by HSBC during the investigation in addition to the structural changes the bank put in place as noted above. If the DOJ wants to obtain the highest level of cooperation from a defendant during an investigation, turning around after such cooperation and indicting either the entity or a bunch of its employees will most probably end such a level of cooperation. My guess is that the DOJ wants to encourage as much cooperation as it can from parties under investigation. That would include greater compliance after the resolution in addition to extraordinary cooperation during the investigation. However this may not be enough to quell the critics. So the DOJ may be stuck in the position of damned if they do (indict) and damned if they don’t (indict).

But whatever your take on the DOJ’s position as to HSBC, it certainly has been a year of reckoning for “Banks Behaving Badly”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012