Presenting a live 90-minute webinar with interactive Q&A AML and OFAC: Lessons from Recent Aggressive Enforcement Against Financial Institutions Strategies for Effective Defense, Remediation and BSA/AML/OFAC Compliance THURSDAY, SEPTEMBER 26, 2013 1pm Eastern 12pm Central 11am Mountain 10am Pacific Today s faculty features: Kevin L. Petrasic, Partner, Paul Hastings, Washington, D.C. Nicholas F. Coward, Partner, Baker & McKenzie, Washington, D.C. Ralph E. Sharpe, Partner, Venable, Washington, D.C. The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
Tips for Optimal Quality FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-888-450-9970 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.
Continuing Education Credits FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: In the chat box, type (1) your company name and (2) the number of attendees at your location Click the SEND button beside the box If you have purchased Strafford CLE processing services, you must confirm your participation by completing and submitting an Official Record of Attendance (CLE Form). You may obtain your CLE form by going to the program page and selecting the appropriate form in the PROGRAM MATERIALS box at the top right corner. If you'd like to purchase CLE credit processing, it is available for a fee. For additional information about CLE credit processing, go to our website or call us at 1-800-926-7926 ext. 35.
Program Materials FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ sign next to Conference Materials in the middle of the lefthand column on your screen. Click on the tab labeled Handouts that appears, and there you will see a PDF of the slides for today's program. Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon.
AML and OFAC: Lessons from Recent Aggressive Enforcement Against Financial Institutions Kevin L. Petrasic Paul Hastings 202-551-1700 kevinpetrasic@paulhastings.com Nicholas F. Coward Baker & McKenzie 202-452-7000 nicholas.coward@bakermckenzie.com Ralph E. Sharpe Venable 202-344-4000 resharpe@venable.com
BSA/AML and OFAC Enforcement Challenges Recent High-Profile Enforcement Activity Large financial institutions Small financial institutions and individual officers and directors Third Party Consultants Renewed Regulatory Focus Compliance Culture Resources Information Technology ( IT ) Strength Risk Management Systems Financial Institution Preparedness Focus on Compliance Sufficient Resources Maintain IT strength Tailored Risk Management Systems 6
Recent High-Profile Enforcement Activity Heightened regulatory scrutiny and program risks presented by compliance with the Bank Secrecy Act ( BSA ), anti-money laundering laws ( AML ) and the Office of Foreign Assets Control ( OFAC ) compliance programs Recent enforcement actions provide helpful information regarding: Federal regulators current mindset The future of BSA/AML supervision and enforcement Oversight of Third Party Vendors Expectations Regarding Third Party Consultants Increasing Complexities with respect to Compliance Issues 7
Recent Enforcement: Large Institutions April 2012 The Office of the Comptroller of the Currency ( OCC ) entered into a consent order with a national bank June 2012 $619 million fine in settlement between a foreign banking organization, OFAC, U.S. Department of Justice ( DOJ ), and the New York County District Attorney s Office ( NYDA ) December 2012 OFAC, DOJ, the New York State Department of Financial Services ( DFS ), and the NYDA entered into settlement requiring a foreign banking organization to pay $132 million for OFAC violations and related laws 8
Recent Enforcement Large Institutions December 2012 $1.9 billion in civil money penalties ( CMPs ) for particularly egregious conduct by a foreign banking organization led to settlement with the OCC, Federal Reserve Board ( FRB ), Financial Crimes Enforcement Network ( FinCEN ), OFAC, and DOJ January 2013 The OCC entered consent into a consent order with a national bank and its affiliates March 2013 The FRB entered into a consent order with a bank holding company regarding the activities of a foreign subsidiary April 2013 A foreign bank and its New York branch entered into a consent order with the FRB and DFS 9
Recent Enforcement: Small Institutions/Individuals/Others November 2012 State chartered bank fined $15 million by the Federal Deposit Insurance Corporation ( FDIC ) and FinCEN and imposed the so-called death penalty by revoking the institution s charter January 2013 The OCC imposed personal cease and desist orders and CMPs on five individuals. Two of those individuals were sanctioned for seeking out high-risk lines of business January 2013 The OCC entered into a consent order and assessed a $10 million CMP against a national bank June 2013 DFS entered into an agreement prohibiting an independent consultant from working with NY financial institutions for one year and requiring the consultant to pay $10 million to the DFS 10
Increased Regulatory Focus Statements by federal banking regulators reinforce their intent to focus greater attention on BSA/AML compliance in upcoming examinations, with scrutiny of OFAC-related compliance likely increasing as well Expect continued escalation of fines and other sanctions (e.g., growth limits, activity restrictions, individual sanctions and, in egregious cases, charter revocation Emerging payment system products and services, such as digital and virtual currencies, and other innovative financial product and service developments open the door for increased scrutiny of BSA/AML and OFAC issues by FinCEN, OFAC, the Federal Banking Agencies and State Banking Supervisors 11
Increased Regulatory Focus: Four Root Causes In recent enforcement actions, the OCC has found BSA/AML and OFAC weaknesses are resulting from four root causes: 1. The strength of an institution s compliance culture 2. An institution s willingness to commit sufficient resources 3. The strength of an institution s IT and monitoring processes 4. The institution s risk management systems 12
Increased Regulatory Focus: Efforts to Address Four Root Causes FBAs are exploring detailed guidance with respect to BSA/AML and OFAC oversight. Significant issues for larger financial institutions and multinational BHCs, include ensuring: Business line accountability for BSA/AML compliance Independence of the compliance function Management/Board accountability for ensuring effectiveness of BSA/AML and OFAC compliance programs, including bearing responsibility for BSA/AML and OFAC lapses. Unclear whether FBAs will issue a rule or other guidance to enhance oversight and enforcement of BSA/AML compliance 13
Increased Regulatory Focus: Efforts to Address Four Root Causes Smaller financial institutions also have BSA/AML and OFAC implementation challenges, including: Compliance risks arising from the use of third-party service providers The rapid growth of mobile banking and payments technology Significant cost pressures that limit the ability of smaller institutions to allocate resources and quickly ramp up investments to address potential compliance risks As larger institutions beef-up BSA/AML and OFAC programs and jettison higher-risk lines of business, marginal or bad actors may migrate to smaller institutions that do not yet have the sophistication or capability to detect and resist complex money laundering and/or terrorist financing schemes 14
Financial Institution Preparedness Imperative for banks, thrifts, and other financial institutions to develop and implement an action plan Enterprise-wide review and assessment of BSA/AML and OFAC risk The FFIEC BSA/AML Examination Manual outlines the four key elements of a BSA/AML compliance program: Designation of a BSA Compliance Officer Development of Internal Policies, Procedures, and Controls Ongoing, Relevant Training of Employees Independent Testing and Review 15
BSA/AML Program Elements BSA Compliance Officer: qualified individual who is competent and knowledgeable with respect to BSA/AML laws and potential risks Has sufficient authority and resources (staff and systems) Lines of communication to the Board and senior management to regularly apprise them of compliance issues. Internal Policies, Procedures, and Controls: Level of sophistication should be commensurate with the size, structure, risks, and complexity of the institution Identify specific business lines and personnel responsible for compliance 16
BSA/AML Program Elements Training: Specific and ongoing training for personnel whose duties require knowledge of BSA/AML requirements, tailored to their specific responsibilities and applicable business lines All staff receive an overview of the BSA/AML requirements during employee orientation Independent Testing and Review: Risk-based audit that evaluates the quality of risk management for all banking operations, departments, and subsidiaries Every 12 to 18 months, commensurate with the BSA/AML risk profile of the institution 17
BSA/AML Program Elements Comprehensive Risk Assessment: Systematic review of potential areas of exposure and vulnerability based on overall BSA/AML risk profile Anticipate areas in which compliance vulnerabilities could invite additional regulatory scrutiny Sound Customer Identification Program ( CIP ): Keystone of an effective BSA/AML program is implementation of and the ability to rely on a welldeveloped and effective CIP Maintain and update CIP as appropriate Ensure effective policies and procedures implement the CIP, including strong employee training initiatives 18
OFAC Considerations and Requirements OFAC Compliance Program should include the following minimum requirements: Risk Assessment: tailored to specific product lines, customer base, the nature of transactions and identification of higher-risk areas for OFAC transactions Internal Controls: Identifying and Reviewing Suspect Transactions: establish clear and effective policies and procedures Timely updating of OFAC Lists Screen ACH Transactions Report Blocked/Rejected Transactions Maintain Updated License Information 19
OFAC Considerations and Requirements Independent Testing: An important component of any effective OFAC compliance program is verifying compliance through testing by an outside, independent entity knowledgeable about the risks posed for a particular institution based on its profile Responsible Individual: A key aspect of regulatory accountability for a compliance program is identifying a gatekeeper or person charged with overseeing and running the OFAC program Effective Training: Often one of the most overlooked aspects of a successful OFAC compliance program is educating and updating employees regarding OFAC policies and procedures at the organization 20
OFAC Considerations and Requirements Targets of U.S. Sanctions Comprehensive Sanctions Cuba Iran Sudan Syria Significant Sanctions Burma (Myanmar) North Korea Limited Sanctions (Restricted Persons) W. Balkans, Belarus, Côte d Ivoire, DR Congo, Iraq, Lebanon, Liberia, Libya, Somalia, Yemen, Zimbabwe 21
OFAC Considerations and Requirements Penalties for US Sanctions Violations Most sanctions penalties assessed under the International Emergency Economic Powers Act Criminal: up to $1 million and/or 20 years imprisonment Civil: up to the greater of $250,000 or twice the value of the transaction per violation Cuba (Trading with the Enemy Act): $65,000 per violation Other consequences Collateral designation as SDN Revocation of export or OFAC licenses ISA/extraterritorial/secondary sanctions 22
OFAC Considerations and Requirements Company Industry Fine Year 1 HSBC Bank Financial Services $1.256 Billion 2012 2 Standard Chartered Bank Financial Services $667 Million 2012 3 ING Bank N.V. Financial Services $619 Million 2012 4 Credit Suisse AG Financial Services $536 Million 2009 5 Royal Bank of Scotland (formerly ABN Amro Bank, N.V.) Financial Services $500 Million 2010 6 BAE Systems PLC Manufacturing $400 Million 2010 7 Barclays Bank PLC Financial Services $298 Million 2010 8 Mitsubishi UFJ Financial Services $259 Million 2013 9 Lloyds TSB Bank, plc Financial Services $217 Million 2010 10 ITT Corp. Manufacturing $100 Million 2009 11 JPMorgan Chase Bank, N.A. Financial Services $88 Million 2011 23
OFAC Considerations and Requirements Comprehensive Sanctions Cuba Iran Sudan Syria Significant Sanctions Burma (Myanmar) North Korea Limited Sanctions (Restricted Persons) W. Balkans, Belarus, Côte d Ivoire, DR Congo, Iraq, Lebanon, Liberia, Libya, Somalia, Yemen, Zimbabwe Entity/Person-based Sanctions Specially Designated Nationals ( SDNs ) Terrorists Narcotics Traffickers WMD Proliferators Transnational Criminal Organizations Foreign Sanctions Evaders 24
OFAC Considerations and Requirements General Comments re US Sanctions Extraterritoriality Transactions by any person anywhere in the world involving US-origin/content items Transactions by US Persons anywhere Certain transactions by non-us persons which may draw US sanctions Blocking of designated persons by Executive Orders including designation of those providing support to designated persons Entity List Helms Burton Iran Sanctions Act ( ISA ) regime/foreign Sanctions Evaders 25
OFAC Considerations and Requirements General Comments re US Sanctions US Person: US companies and their non-us branches Non-US persons while in the United States US citizens and permanent resident aliens (green card holders) wherever located or employed Separately incorporated foreign subsidiaries of US companies not included as US Persons except: Cuba and Iran sanctions cover foreign entities owned or controlled by US Persons 26
OFAC Considerations and Requirements General Comments re US Sanctions Prohibit US Person facilitation of transactions by non- US persons that are prohibited as to US Persons Examples of US Person facilitation: Supply of product/services to third countries with knowledge or reason to know items destined for a sanctioned country US management approvals for sanctioned-country dealings Financing, bank guarantees, warranties Referral of orders to non-us persons Negotiation/review of commercial terms/contracts Strategizing business Certain forms of IT support and IT access/services Other support (e.g., technical, legal, credit review, etc.) 27
OFAC Considerations and Requirements US SDNs U.S. list-based sanctions programs: not countryspecific Terrorists WMD Proliferators Narcotics Traffickers Transnational Criminal Organizations Sanctioned persons on SDN List published by OFAC SDNs include any person owned 50% or more by SDNs, even if not on SDN list 28
Additional BSA/AML and OFAC Recommendations Ensure a strong compliance culture at the top Board and senior management are taking notice Commit sufficient resources to ensure a strong compliance program Recession has focused compliance resources away from BSA/AML and OFAC Maintain the strength of IT and monitoring processes Invest in systems and personnel Implement tailored risk management systems Identify particular risks to a bank s business model 29
Compliance Culture Necessary involvement by bank senior officers and directors Build BSA/AML and OFAC compliance measures into the performance criteria for senior bank and business unit managers Senior Management Accountability: Ensure responsibility for oversight is assumed at the highest levels of an organization Independence of Senior Officials: Define clear channels for reporting potential compliance deficiencies Conduct thorough board reviews 30
Compliance Programming Demonstrate to regulators a commitment to invest necessary resources Including attention of senior management BSA/AML and OFAC compliance efforts should not be part of any planned cost-cutting measures At a minimum, employ experienced and knowledgeable: BSA officer and support staff, as appropriate, and OFAC compliance staff Ensure direct communication with senior management Compliance must keep pace with technological innovation on the business side 31
IT and Monitoring Processes Maintain updated IT software and programs Invest in new systems and technologies to keep pace with growth (both in size and product lines) Ensure systems provide effective and timely feedback to both compliance staff and management Ensure staff adequately trained Devote sufficient resources to annual and updated training on recent developments and emerging risks Available to all institution staff (not just compliance), management and directors Understand vulnerabilities of new systems and controls, and avoid over-reliance on vendor black boxes (testing and validation essential) 32
Risk Management Identify particular risks posed by an institution s business model, such as: pre-paid card services remittance transfers mobile banking platforms electronic banking and ACH activities Money Service Businesses Design a BSA/AML and OFAC compliance program addressing such risks An effective program should be targeted to focus on the unique risks to the institution 33
Action Plan for Financial Institution: Small Institution Risks Particular risks/issues for smaller institutions include: Identify particular lines of business or geographic regions that pose higher risks Ensure risks are specifically reflected and addressed in BSA/AML and OFAC compliance program, policies, and procedures Compliance exposure to third-party vendors Technology maintenance and upkeep Anticipate challenges related to resource allocation issues and potential impact on maintaining BSA/AML and OFAC compliance programs 34
Action Plan for Third Party Consultants Carefully monitor consultant and vendor activities FBAs looking to impose new standards on vendors and vendor management, including expanded enforcement (IAP definition may be too constraining) States are also becoming active For example, third party AML consultants advising NY institutions should expect : Providing up to three years of prior work for the institution to DFS Approval of project timeline and procedures by DFS Monthly updates provided to DFS Material disagreements with institution that cannot be resolved are brought to the attention of DFS Restrict access to draft of final report to limited institution personnel Maintain polices and procedures for safeguarding confidential supervisory information 35
Special Considerations Going Forward Increased Regulatory Burden Particularly greater impact on smaller institutions Potential Impact on bank products and services Banks becoming more unwilling to assume AML risks from certain customers or lines of business Greater Reliance on Vendors and Third Party Consultants Increased Sophistication of Money Launderers and Terrorist Financing Schemes 36