Putting the "Enforcement" into the Financial Crimes Enforcement Network
There is a new police officer on the corporate compliance, investigations, and enforcement beat: the recently formed Enforcement Division of the Financial Crimes Enforcement Network ("FinCEN") of the U.S. Department of the Treasury. With its issuance of two significant penalties and a strongly worded speech by the FinCEN Director in the course of two days, the agency is making clear that the new Enforcement Division intends to take a new and proactive approach in the effort to combat money laundering—an effort that could impact financial and non-financial businesses alike.
FinCEN Background
FinCEN was established to enforce the legislative framework known as the Bank Secrecy Act ("BSA"). Originally enacted in 1970 and significantly expanded by the USA-PATRIOT Act in 2001, the BSA requires U.S. "financial institutions"—which include many types of businesses in addition to traditional banks, currency exchangers, and credit unions—to assist the U.S. government in combatting money laundering. This is achieved through a number of regulatory mechanisms overseen by FinCEN, including requiring institutions to implement comprehensive anti-money laundering ("AML") programs and to submit Suspicious Activity Reports ("SARs") when potential money laundering or other suspicious activity occurs in a transaction.1
The SAR process provides a significant tool in the U.S. government's knowledge or notice of "suspicious transactions."2 As a general matter, a SAR must be filed if the transaction involves $5,000 or more and the covered institution or business knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part) (1) involves illegal gains or an effort to evade federal law or regulation, (2) has no business or apparent lawful purpose or (3) is not the sort in which the particular customer would normally be expected to engage. The duty to file SARs falls upon a wide and long list of businesses apart from banks, including stock brokers, insurance companies, travel agencies, gem and precious metals dealers, auto dealers, real estate settlement companies, casinos and gaming establishments, and even the U.S. Postal Service, among others. Thus, the SAR reporting duty is broad and its enforcement impact upon numerous businesses can be significant.
Bad Facts Can Make Good Examples
In general, FinCEN enforcement actions for the failure to file SARs have been relatively limited. The criminal prosecution of Riggs Bank, resulting in a 2005 plea agreement that included five years of criminal probation and a $16 million fine, for the willful failure to file SARs in violation of 31 U.S.C. §§ 5318 and 5322 set a very strong and public precedent to encourage the filing of SARs. However, in the past, FinCEN has not consistently or regularly pursued civil enforcement actions for the failure to file SARs.
With the empowerment of an Enforcement Division through a reorganization this past June, FinCEN now appears ready and equipped to exercise more aggressive administrative policing and imposition of civil penalties for the failure to file SARs. Consider the September 23 announcement of a $37.5 million penalty imposed on TD Bank's failure to file SARs arising from a law firm's Ponzi scheme.
Throughout 2008 and 2009, TD Bank reportedly handled thousands of transactions related to the billion-dollar Ponzi scheme orchestrated by a Florida attorney and his firm. According to FinCEN's release, although the bank's AML surveillance software flagged many of the transactions, bank staff did not follow up and no SARs were filed in a timely fashion. Once the Ponzi scheme came to light, the bank reviewed its involvement and filed five "late" SARs in 2011 to cover the earlier transactions.
In announcing the first civil penalty imposed by the new Enforcement Division, the FinCEN Director stressed the importance of effective compliance training and resources and consistent vigilance in any business compliance program:
"In the face of repeated alerts on [the] accounts by the Bank's anti-money laundering surveillance software over an 18 month period, the Bank did not do enough to prevent the pain and financial suffering of innocent investors. Financial institutions must do a better job of protecting our financial system and citizens from such harm. It is not acceptable to have a poorly resourced and trained staff overseeing such a critical function."
Building on the theme of proper resources and training, FinCEN followed this action by announcing a separate $4.1 million civil penalty on September 24 against Saddle River Valley Bank in New Jersey for failing to maintain proper records, conduct effective due diligence, or file SARs in connection with $1.5 billion in transactions connected to Mexican and Dominican foreign exchange houses. Although FinCEN has more actively pursued failure to implement AML programs over the years, this action reiterates the importance of the construction and maintenance of an effective overall compliance program, within which SAR filings occur as required.
Next Steps for "Financial Institutions" . . . and Their Business Customers
Although the new Enforcement Division of the FinCEN is still in its infancy, these two penalty actions signal a potentially strong new approach to enforcement that will impact all businesses, regardless whether they are covered directly by FinCEN regulations. For example, the response of financial institutions to this enforcement effort may be to ask more questions and conduct greater due diligence of individuals and commercial businesses, at least those businesses acting in any way "out of the norm" or in a manner not reasonably expected for a similarly situated business.
Financial institutions now will also likely file SARs with greater frequency, given that financial institutions are provided civil immunity from liability for filing a SAR and now may be more likely to face civil penalties for their failure to file a SAR.3 As a result, companies should expect that their financial institutions may ask questions with increasing frequency about any unusual activity or "suspicious transaction" and then report the transaction in a SAR to the U.S. Treasury Department. In turn, such SARs can be expected to lead to additional questions and visits from other federal law enforcement agencies.
As the FinCEN Director noted in a speech to the American Gaming Industry on September 24:
The BSA provides FinCEN with broad authority to obtain injunctions against institutions and individuals it believes are involved in violations of the BSA. It also allows FinCEN to impose civil penalties not only against domestic financial institutions, but also against partners, directors, officers and employees of such entities who themselves willfully participate in misconduct. We will employ all of the tools at our disposal and hold accountable those institutions and individuals who allow our financial institutions to be vulnerable to terrorist financing, money laundering, proliferation finance, and other illicit financial activity.
Clear words from an agency that appears ready to back them up with action from a new and energized enforcer.
1See, e.g., 31 C.F.R. § 1020.320.
231 U.S.C. § 5312(a)(2).
3Id. § 5318(g)(3).