Financial Services Law

$6.5M Fine for Persistent BSA/AML Failures: Prelude to OCC's Announcement of Tougher Enforcement Environment

Why it matters

A $6.5 million civil money penalty imposed against a $1.57 billion Florida bank for persistent anti-money laundering (AML) and Bank Secrecy Act (BSA) deficiencies provided an appropriate back drop for two enforcement-related announcements by the Office of the Comptroller of the Currency (OCC). On February 26, the OCC announced a revised policy and matrices for calculating civil money penalties against national banks, legacy federal thrifts and institution affiliated parties. Three days later, the OCC followed with a bulletin addressing the consequences of noncompliance with the BSA and repeat or uncorrected BSA compliance problems.

Detailed discussion

The civil money penalties (CMP) imposed on Gibraltar Bank capped a saga of repeat and "substantial" AML program deficiencies that began more than six years ago and was related to transactional activity tied to a $1.2 billion Ponzi scheme. In 2010, the Office of Thrift Supervision (OTS), the regulatory predecessor of Office of the Comptroller of the Currency, warned Coral Gables, Florida-based Gibraltar Private Bank and Trust about deficiencies in the institution's anti-money laundering and Bank Secrecy Act program. Despite the warning, the bank persisted in violating applicable laws, failed four reviews by the OCC, and was ultimately subjected by a consent order with the OCC in 2014, replacing an earlier order with the OTS.

The Financial Crimes Enforcement Network (FinCEN)'s order against the bank cited a number of deficiencies in the bank's AML/BSA program. It found violations of the requirements to implement an effective AML compliance program, to develop and implement an adequate customer identification program and to report suspicious transactions.

With respect to AML program violations, FinCEN noted the bank did not adequately monitor, detect or report suspicious activity or assess its money laundering risks. Gibraltar's transaction monitoring system contained incomplete and inaccurate account opening information and customer risk profiles, anticipated account activity did not match actual activity and an unmanageable number of alerts were generated. This "hindered its compliance staff from adequately spotting unusual account activity," FinCEN said. The bank could not "timely or adequately review or investigate all of the alerts."

The bank's training was inadequate. It failed to provide appropriate training for "specific positions, departments, board members and other personnel." It also failed to address the needs of its BSA/AML compliance personnel for "significant training in order to adequately implement its BSA/AML compliance program." It did not develop and implement an adequate customer identification program, and it did not sufficiently address a number of problems with its automated monitoring system, which system generated an "unmanageable" number of alerts—including large numbers of false positives—and resulted in significant delays in Gibraltar's review, FinCEN said.

"Although Gibraltar used a software system to monitor its accounts for unusual activity going through the bank, the system and procedures were so flawed that Gibraltar systematically failed to identify and timely report transactions through numerous accounts that exhibited indicia of money laundering or other suspicious activity," according to FinCEN's Assessment of Civil Money Penalty.

For example, from the period from August 2013 to July 2014, 60 percent of the bank's alerts had not been reviewed despite an internal policy requiring all BSA alerts to be checked within 30 days. Even when the alerts were reviewed, they were sometimes closed despite being suspicious or delayed, FinCEN alleged. "And, in those instances where alerts were escalated to investigations for potential SAR filings, 16 alerts, or 64 percent of the escalated reviews, took over 60 days to escalate for further investigation," the regulator said. "Eleven of these reviews resulted in SAR filings."

These compliance failures came at a cost, the regulator said. Gibraltar failed to timely file at least 120 suspicious activity reports (SARs) involving about $558 million over a four-year period. The program deficiencies also delayed the bank from detecting and reporting transactions related to a $1.2 billion Ponzi scheme led by a Florida attorney who was convicted in 2010 and sentenced to 50 years in federal prison.

"We may never know how that scheme might have been disrupted had Gibraltar more rigorously complied with its obligations under the law," FinCEN Director Jennifer Shasky Calvery said in a statement. "This bank's failure to implement and maintain an effective AML program exposed its customers, its banking peers, and our financial system to significant abuse."

One day after the Gibraltar orders were issued, the OCC released its revised civil money penalty policy. First issued in 1993 with a matrix that could be used to calculate the size of CMPs based on a number of factors, the revised policy now provides two matrices. One matrix sets out the factors considered with imposing CMPs on the institutions and the other addresses institution-affiliated parties (IAPs). The weights applied have increased for a number of factors including "continuation of violations after notifications." Its new policy on Process for Administrative Enforcement Actions Based on Noncompliance With BSA Compliance Program Requirements or Repeat or Uncorrected BSA Compliance Problems can be viewed here.

To read the OCC's Assessment of Civil Money Penalty in In the Matter of Gibraltar Private Bank and Trust Company, click here.

To read FinCEN's Assessment of Civil Money Penalty, click here.

back to top

Fed Reports on Payment System Updates

Why it matters

Has the U.S. payment system improved? The process has certainly begun, the Federal Reserve System revealed in a report detailing the steps that have been taken to modernize the system and enhance both speed and security. "Progress Report: Strategies for Improving the U.S. Payment System" discussed the efforts made to date, including the establishment of multiple industry task forces that compiled a list of 36 criteria to describe the desired attributes of a faster payment system that can be used to assess the effectiveness of potential solutions. Also accomplished: a plan to implement a new standard for wire transfers and advanced plans to implement widespread same-day automated clearing house settlements. Going forward, the Fed said it intends to provide additional opportunities for stakeholders to engage in strategy efforts with an eye toward publishing an assessment of faster payments solution proposals in early 2017.

Detailed discussion

Calling it "a critical juncture" in the evolution of the U.S. payment system, the Federal Reserve System called on the industry last year to join together and work to improve the speed, efficiency, and security of the system. The Fed published "Strategies for Improving the U.S. Payment System," setting a road map for the agency's plans.

Roughly one year later, the Fed released a Progress Report to detail its efforts and outline the steps remaining.

"More than 1,000 individuals from every corner of the payments world are formally participating in the initiatives," the agency wrote, including the formation of two groups, the Faster Payments Task Force and the Secure Payments Task Force.

The Faster Payments Task Force produced three deliveries over the last year: the Faster Payments Effectiveness Criteria, a "foundational component for assessing faster payment solutions," the Decision-Making Framework, and the Glossary of Terms. The 36 criteria were divided into six categories—ubiquity, efficiency, safety and security, speed, legal, and governance—and will be used by the Task Force to assess the proposed solutions.

Solutions will also be evaluated using the methodology found in the Decision-Making Framework, which "ensures that decisions and work products have broad support of the task force membership, including support within and across the different stakeholder groups represented," the Fed explained. And by creating a Glossary of Terms, the Task Force will be speaking a common language.

With regard to payment security, the Secure Payments Task Force identified its top priorities: payment identity management, data protection, law and regulation coordination, and information-sharing to reduce payment risk and fraud. The group also provided input on security components for the Faster Payments Effectiveness Criteria.

Payment efficiency was also addressed by the Federal Reserve. The Remittance Coalition released the Small Business Payments Toolkit, a set of free education resources for small businesses and the bankers and advisors who service them. In addition, the Coalition began work on a B2B directory, intended to encourage businesses to make more electronic payments to vendors and other payees, and worked with standards development organizations on remittance standards.

Seeking to establish "a single, common 'language' for global financial communications," the Fed advocated for the use of ISO 20022, using the last year to educate stakeholders about the benefits of the wire transfer format, the Progress Report noted, and created the ISO20022 Resource Center.

The focus on payment systems included a look at the Federal Reserve's own services, the agency said, and a number of activities were initiated to improve the agency, from expanding the hours of the National Settlement Service to support for the NACHA Same-Day Automated Clearing House (ACH) initiative.

What to expect in the coming months?

The Fast Payments Task Force will begin assessing potential solutions and hopes to publish its findings in early 2017 along with a report on the issues, opportunities, and barriers that need to be addressed to achieve the goal of a faster payment system. The Secure Payments Task Force intends to spend 2016 focusing on its priorities with the creation of topical work groups. For example, the Payment Identity Management group will address the lack of universally accepted ways to establish and verify the identity of a payment system participant, the Fed said.

2016 will see the Fed's efforts continue to work toward same-day ACH with the release of operational details for FedACH SameDay Service. Last October, a high-level plan and timeline to implement ISO 20022 was announced for the United States and the coming year will flesh out details of the implementation.

"We have seen many of the strategies and tactics included in the plan come to life through broad, unprecedented stakeholder support," Esther George, president and chief executive officer of the Federal Reserve Bank of Kansas City, who is leading the initiative, said in a statement. "When implemented, the strategies will contribute to public confidence and the global competitiveness of the U.S. payment system."

To read "Strategies for Improving the U.S. Payment System," click here.

To read the Federal Reserve's Progress Report, click here.

back to top

CFPB Commences Consumer Complaint System for Marketplace Lenders

Why it Matters

On March 7, 2016, the Consumer Financial Protection Bureau (CFPB) announced that it is now accepting complaints on consumer loans from online marketplace lenders (MPLs). Established in 2010 under the Dodd-Frank Act, the CFPB has historically relied on this complaint mechanism followed by enforcement actions to affect industry practices, and this announcement may be the agency's way of setting up a beachhead in an industry that has, until now, been the subject of somewhat fragmented regulators. The CFPB's jurisdiction is mainly focused on consumers and consumer-based financial issues. Accordingly, the new complaint process is not expected to impact the small business and real estate MPL segments. Depending on the nature and scope of complaints proffered up by consumers, MPLs should expect that various aspects of their business activity will come under increased scrutiny in the near-term. MPLs are encouraged to review closely the CFPB's marketplace lending consumer bulletin for hints about areas where the CFPB may be focusing its attention, including hidden fees, penalties and nature and extent of disclosure about costs of loans generated by an online platform. The CFPB is not the first agency to announce that it is focusing on MPLs. The California Department of Business Oversight has sent questionnaires to numerous MPLs who have licenses under California's Financial Lender Law and in 2015 the Department of the Treasury began gathering information about MPLs.

The CFPB bulletin can be found here.

back to top



pursuant to New York DR 2-101(f)

© 2021 Manatt, Phelps & Phillips, LLP.

All rights reserved