How “Not” to Do AML Compliance
Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand. Archibald Putt
On August 19, 2016 the New York Department of Financial Services (DFS) announced that Mega International Commercial Bank Company Ltd of Taiwan will pay a $180 million penalty and install an independent monitor for violating New York’s anti-money laundering laws. Mega International Commercial Bank of Taiwan is a subsidiary of Mega Financial Holding Company. It is one of the leading banks in Taiwan. It has 105 branches in Taiwan. It also has more than 15 branches or representative offices and two wholly owned subsidiaries abroad. The bank’s total workforce is over 5,100 employees. Mega International Commercial Bank Company Ltd is licensed by the State of New York to operate a foreign bank branch in New York. The New York foreign bank branch (New York branch) has approximately $9 billion in assets and has operated a correspondent banking business for many years.
According to the enforcement order, the New York branch was examined by DFS and another regulator during early 2015. The examination period covered until September 2014 and focused on the New York branch’s risk management, operational controls, compliance and asset quality. The examiners also evaluated any corrective actions undertaken by management to address the issues from a prior examination conducted as of 2013.
DFS provided its Report of Examination (ROE) to the New York branch in February 2016. Among the most significant findings, the DFS examination indicates that the BSA/AML officer for the New York branch, who was based at the bank’s Taiwan headquarters, and the New York branch’s chief compliance officer both lacked familiarity with U.S. BSA/AML and OFAC regulatory requirements, as well as the supervisory expectations relating to these requirements. In addition, the ROE specified that the compliance structure was significantly flawed as the compliance and operational functions were comingled as a result of dual conflicting responsibilities of certain compliance personnel. For example, the chief compliance officer had conflicted interests because she had key business and operational responsibilities, along with her compliance role. The examiners concluded that the chief compliance officer devoted insufficient time and effort to the compliance responsibilities and was conflicted with these responsibilities. In another example, the New York branch BSA/AML Officer also served as the operations manager of the Business Division. If that was not enough, the branch’s OFAC Officer also served as the Operations Manager for the Foreign Correspondent Banking Division.
To make matters worse, the examiners found that both the chief compliance officer and the New York branch BSA/AML Officer received inadequate training subsequent to their designations.
The examination also indicated that the compliance staff at both the head office and New York branch failed to periodically review surveillance monitoring filter criteria designed to detect suspicious transactions, and did not evaluate the appropriateness of the filtering criteria and thresholds. When asked by examiners, branch management was unable to explain the monitoring system validation process or the justifications of the criteria in use. Also, numerous documents relied upon in transaction monitoring were not translated to English from Chinese, precluding effective examination by regulators.
To further complicate the branch’s risk profile, the examination found that the bank’s head office was indifferent toward risks associated with transactions involving Panama, recognized as a high-risk jurisdiction for money-laundering. Mega Bank has a branch in Panama City and another in Panama’s Colon Free Trade Zone. DFS’s investigation identified a number of suspicious transactions running between Mega Bank’s New York and Panama branches. The investigation also determined that a
substantial number of customer entities, which have or had accounts at several other Mega Bank branches, were apparently formed with the assistance of the Panamanian law firm at the center of the recent Panama Papers scandal.
If that was not enough, the ROE indicates that the New York branch procedures provided virtually no guidance concerning the reporting of continuing suspicious activities; had inconsistent compliance policies; and failed to determine whether foreign affiliates had in place adequate AML controls.
In its written response, the branch refuted a number of the examination findings and challenge the suspicious characterization of certain transactions noted by the examiners. In addition, the branch has not taken sufficient actions to demonstrate material improvements to the compliance program.
The fine is part of a consent order entered into with DFS pursuant to which Mega Bank needs to take immediate steps to correct violations, including engaging an independent monitor to address serious deficiencies within the bank’s compliance program and implement effective anti-money laundering controls. Under the consent order, Mega Bank will install an independent consultant within ten days of the selection by DFS to implement changes to its policies and procedures and immediately address compliance deficiencies at the New York branch. The order also calls for the bank to engage an independent monitor within thirty days of its selection by DFS for two years to conduct a comprehensive review of the effectiveness of the branch’s compliance program. The independent monitor will also commence a Transaction and OFAC Sanctions Review to determine whether transactions inconsistent with or in violation of the OFAC Regulations, or suspicious activity involving high risk customers or transactions were properly identified and reported from 2012 to 2014. The monitor will be selected by and report directly to DFS.
This enforcement action is the first issued under the DFS’s new risk-based anti-terrorism and anti-money laundering regulation that requires regulated institutions to maintain programs to monitor and filter transactions for potential BSA/AML violations and prevent transactions with sanctioned entities. The regulation, which takes effect on January 1, 2017, requires regulated institutions to submit an annual board resolution or senior officer compliance certification confirming steps taken to ascertain compliance with the regulation.