Compliance Officer Liability and FinCEN’s Final Rule, the Perfect Storm
Picture a time where you made a simple mistake at your place of business. Everyone has done it. In fact, it’s a rather frequent occurrence seen on various job sites across the globe today. Studies have shown that the average person will make nearly 800,000 decisions over the course of their lifetime, and as you can imagine, a fair amount of these end up being poor decisions or one’s that individuals may come to regret. Given that the majority of our professional lives are spent on the clock for 8+ hours a day, 5+ days a week, it is also fair to assume that a decent amount of poor decisions are made throughout the course of the average workday. Luckily for most of the employed population, the ramifications of our small-scale errors generally are not more severe than receiving a stern talking-to by a supervisor. Now imagine if the repercussions for your decision could not only lead to the loss of your job, but also costly court cases and personal liability in the form of fines and even jail time depending upon the different factors involved in your case. Frightening isn’t it? Don’t worry; this reality only applies to only one occupation, at a time where these individuals are struggling to keep their heads above water.
In 2018, the stakes are significantly higher for those operating in the financial services sector as compared to other occupational areas, specifically for those working within compliance departments that have been faced with an unprecedented amount of responsibility. While failures in maintaining regulatory compliance have led to the multi-million dollar fines and sanctions against FI’s that have made international headlines over the last several years, and in some cases banks being forced to cease operation altogether, not until recently have we begun to see compliance officers face personal liability for the wrongdoing and regulatory breaches of their respective companies. As new, complex regulations and legislation continue to increase on a regular basis, including FinCEN’s latest “Final Rule” on Beneficial Ownership, the areas where compliance officials can fall victim have also increased exponentially as these individuals have been forced to juggle an abundance of responsibilities all at once. This new legislation could become particularly problematic for compliance departments across the United States because for the first time ever, covered financial institutions are required to implement enhanced due diligence procedures in order to both identify and verify the beneficial ownership status and structures of legal entity customers at the time of account opening, a process that is expected to cause its fair share of issues in its early stages.
This phenomenon has led at least in part to the rise in number of compliance-related failures seen in both the United States and abroad in recent years. The U.S. Justice Department (DOJ) has taken notice of the trend, and its controversial answer to fighting corporate fraud and misconduct has been to seek accountability from the individuals who helped perpetrate the wrongdoing, regardless of whether this activity was performed purposefully or not. As part of their 2015 Individual Accountability Policy, now notoriously known as the “Yates Memo”, the DOJ believes that such accountability could help deter future illegal activity, lead to positive changes in corporate behavior, ensure the proper parties are held responsible for their actions, and promote public confidence in the justice system.
Given the severity of the matter, the power to criminally charge compliance officers for their personal on-the-job decisions has already begun to transform the occupation of Chief Compliance Officer (CCO) into one of the more hazardous jobs on the market today. In fact, analysts believe that this increased accountability has caused a ripple effect in the regulatory realm, where experienced compliance professionals are cutting their losses and abandoning the profession altogether in favor of other less-taxing and “safer” options, leaving banks struggling to find capable replacements. This is worsened by the fact that CCO’s “may be pursued for corporate failures where they were not involved in or aware of the wrongdoing, but because of their position, were potentially capable of preventing or detecting and reporting the misconduct” (Millett, Machua. “Mitigating Personal Liability Risk for Chief Compliance Officers.” Marsh, Sept. 2016.).
Thus CCO’s must ensure that their job descriptions remain updated and cover the exact specifications of what their responsibilities entail in order to mitigate personal liability in the case of a compliance breach. It has also been noted that increased accountability may culminate into increased tensions between employees and organizational management. Ballard Spahr, a top American law firm, notes that the legislation found in certain jurisdictions such as New York State may lead to compliance officers becoming “overly-defensive in their reporting of potential issues, or even may turn into whistleblowers – appropriately or not – against the institution. Conversely, if top management or the board is resistant to addressing a systemic problem, then compliance officers may become scapegoats – or at least may feel like they are being made into scapegoats – for what is really an institutional problem” (Hardy, Peter D., and Jessica C. Watt. “Individual Accountability in AML Cases.” Money Laundering Watch, 18 May 2017).
Between 2009 and 2014, the Securities and Exchange Commission (SEC) brought forth more than 70 liability claims against CCO’s operating in financial institutions across the United States, a number that has remained steady in the years since. Yet although the total number of enforcement actions taken against individuals operating in the compliance realm has not significantly risen of late, the cases that have occurred have had a notable effect on the AML/BSA world. The most notable case in recent memory involved the former CCO of the prominent money transfer company MoneyGram International, where a series of remarkable claims that were ultimately proven legitimate were made against Thomas Haider under the Bank Secrecy Act (BSA). It was discovered that while holding his past position, Haider was involved in a string of egregious fraudulent activity that included failures to terminate specific MoneyGram outlets of which he had knowledge were actively involved in consumer fraud schemes, failing to implement a policy for terminating potential “high-risk” outlets, and structuring the company’s AML program so that crucial information that MoneyGram’s Fraud Department had collected was not provided to the company analysts who were responsible for filing suspicious activity reports (SAR’s). While the complaint against Haider initially sought $1 million in penalties for failures, he was ultimately forced to pay a hefty $250,000 fine as part of his settlement and was prohibited from taking on any compliance-related roles for three years from the closing date of his case. This was coupled with the $100 million in penalties and restitution that MoneyGram as an institution was forced to pay as part of its deferred prosecution agreement with the Department of Justice.
In examining other liability cases involving compliance officers and officials seen in the recent past, several areas stick out that can be addressed by both the individual and the organization collectively to limit exposure to risks and breaches. Several key causes of CCO liability include supervising failures, failure to follow through on standard procedures such as conducting annual reviews and implementing written policies and procedures for AML initiatives, and the inability to escalate material issues to senior management. Each of these can occur when compliance officers are burdened by multiple strenuous responsibilities within an organization, usually when their activities and responsibilities go outside of the traditional duties of a CCO – something that has become far more common in this demanding position. How these issues may pertain to FinCEN’s beneficial ownership legislation remain to be seen, but in the case of compliance officers forced to manage these new requirements, its clear to see that it is better to be safe than sorry.
To help compliance officials manage these crucial regulations, Global RADAR has launched a potent, easy-to-use online tool that allows for the efficient upkeep of organizational structures that can be checked against all published sanctions, Politically Exposed Persons (PEP) lists, as well as adverse media and social media, allowing you to remain compliant with FinCEN requirements with just a few clicks of your mouse. Allow our “Beneficial Ownership Mapper” to take the worry out of compliance with FinCEN’s Final Rule. Register and try it for free today!
Register and try Global RADAR’s Ownership Mapper for free.