U.S. Antitrust Division Seafood Price-Fixing Investigation Nets Guilty Plea by StarKist

In one of a recent series of television advertisements featuring StarKist products, actress Candace Cameron Bure exclaims to StarKist’s legendary cartoon tuna Charlie, “Bold choice, Charlie!”  Today, StarKist made a bold, if difficult, choice of its own: to plead guilty to a criminal violation of price-fixing under section 1 of the Sherman Act, exposing it to a criminal fine of as much as $100 million, and to cooperate with the U.S. Department of Justice.

In a press release announcing the plea, the Department stated that StarKist and its coconspirators “agreed to fix the prices of canned tuna fish from as early as November 2011, through at least as late as December 2013.”  As part of the Antitrust Division’s continuing investigation of the packaged seafood industry, the Division has already charged five defendants since 2016.  The first four agreed to plead guilty to price-fixing under section 1 and cooperate with the government:

  1. December 7, 2016: a Bumble Bee Seafoods senior vice president of sales;
  2. December 21, 2016: a Bumble Bee senior vice president of trade marketing;
  3. May 8, 2017: Bumble Bee Foods;
  4. June 28, 2017: a former vice president of sales at StarKist; and
  5. May 1, 2018: the President and Chief Executive Officer (CEO) of Bumble Bee Foods, who was indicted.

All three of the individual cooperating defendants face criminal fines.  Bumble Bee has been sentenced to a $25 million criminal fine, which the Department said “will be increased to a maximum of $81.5 million if Bumble Bee is sold, subject to certain terms and conditions.”

Note: The packaged seafood market reportedly is a multi-billion dollar industry in the United States, in which tuna “represents about 73 percent of the market and generates about $1.7 billion in annual sales.”  Bumble Bee, StarKist, and Tri-Union Seafoods, which trades under the Chicken of the Sea brand, together “controlled 80 to 85 percent of the U.S. market between 2003-2015.”

The StarKist information, like the Bumble Bee information, described the conspiracy’s means and methods in bland and general terms: “engag[ing] in conversations and discussions and attend[ing] meetings with representatives of other major packaged-seafood-producing firms; agree[ing] and reach[ing] mutual understandings during these conversations, discussions, and meetings, to fix, raise, and maintain the prices of packaged seafood sold in the United States; and negotiat[ing] prices with customers and issued price announcements for packaged seafood in accordance with the agreements and mutual understandings reached.”

The Bumble Bee CEO indictment, by contrast, describes the conspiracy’s means and methods in more telling detail.  It alleged that the conspirators

a) participated in meetings, conversations, and communications concerning prices of packaged seafood to be sold in the United States;

b) agreed during those meetings, conversations, and communications on prices for packaged seafood sold in the United States;

c) agreed during those meetings, conversations, and communications to limit and restrict competition between the conspirators as to certain types and categories of products, including, but not limited to, competition for products based on certain types of fishing methods;

d) collected, exchanged, monitored, and discussed information on prices, sales, supply, demand, and the production of packaged seafood for the purpose of reaching agreements on prices and monitoring and enforcing adherence to the agreements reached;

e) issued price announcements and pricing guidance for packaged seafood in accordance with the agreements reached;

f) sold packaged seafood in the United States at collusive and noncompetitive prices;

g) accepted payments for packaged seafood sold in the United States at collusive and noncompetitive prices; and

h) employed measures to conceal their conduct, including, but not limited to, using code when referring to coconspirators, meeting at offsite locations to avoid detection, limiting distribution and discouraging retention of documents reflecting conspiratorial contacts, and providing misleading justifications for prices.

To date, neither Tri-Union nor any of its executives have been criminally charged in the Antitrust  Division’s investigation.  The guilty pleas by Tri-Union’s principal competitors, however, are likely to intensify the pressure on Tri-Union to plead and cooperate.  That, in turn, should hearten the dozens of companies seeking class-action certifications in their civil price-fixing litigation against the three companies.

Brazilian Federal Police Recommend New Criminal Case Against President Temer

On October 16, the Associated Press reported, the Brazilian Federal Police recommended that a new corruption-related case be brought against Brazilian President Michel Temer.  The police report, reportedly filed with Brazil’s highest court, stated that President Temer “is suspected of receiving bribes to favor port administrating companies through a presidential decree.”  The potential charges include corruption, money laundering, and criminal association.

The article also stated that Brazil’s Attorney General, Grace Maria Fernandes Mendonça, will have 15 days to decide whether to pursue the case.  If she approves the prosecution, the lower house of the Brazilian Congress, the Chamber of Deputies, would have to approve a trial of Temer by a two-thirds margin, which would lead to Temer’s suspension.

Note: Even after last month’s binational criminal resolution of the corruption investigations against Petrobras, this latest case suggests that Operation Car Wash, the longrunning investigation of high-level and deeply rooted corruption in Brazil, is continuing with vigor.   Especially because of the strong possibility that Temer will be succeeded by Congressman Jair Bolsonaro – a far right-wing politician whose support stems in part from widespread public anger about political corruption on the left and right — Mendonça, whom Temer appointed in 2016, will be in a politically delicate position in deciding whether to prosecute Temer before the October 28 runoff Presidential election.  Temer, though deeply unpopular for some time, will remain in office until December 31.  Although the Chamber of Deputies declined in 2017 to vote against Temer in a prior corruption case, his immunity from prosecution would end once he leave office.

U.S. Assistant Attorney General Brian Benczkowski Delivers Remarks on Achieving Effective Corporate Compliance: Part I –Compliance Expertise for Prosecutors

On October 12, the U.S. Department of Justice’s Assistant Attorney General Brian Benczkowski delivered remarks that addressed two significant aspects of corporate compliance: improving the compliance expertise of Criminal Division prosecutors; and the Department’s approach to corporate monitors.  Because each topic deserves separate review and analysis, this post will address the first issue of prosecutorial corporate-compliance expertise.

Benczkowski first noted that compliance “is an important factor we take into consideration in every corporate enforcement matter we review.”  Because prosecutors assess a company’s compliance program’s operation both at the time of the alleged misconduct and at the time of resolution to reach a fair and appropriate resolution, he stated, “our prosecutors and supervisors must have a strong foundational understanding of what constitutes an effective approach to compliance.”

Benczkowski then addressed the Criminal Division’s hiring of Hui Chen in the Fraud Section as a compliance consultant with broad expertise in compliance matters.  He acknowledged that this approach “had its benefits,” but cited two types of “inherent limitations in having the locus of our compliance expertise consolidated in a single person in a single litigating section”:

  • Limitations of Single Professional’s Expertise: “Even when fully briefed on a matter, a single compliance professional who has not been involved in a case throughout an investigation is not likely to have the same depth of factual knowledge as the attorneys who make up the case team. Nor can any one person be a true compliance expert in every industry we encounter.  An effective, state of the art compliance program in the banking industry, for example, is going to look very different from one in the health care, energy, or casino industries.”
  • Limitations of Criminal Division’s Reliance on Single Professional: “Relying on a single person as the repository of all of our compliance expertise also is shortsighted from a management perspective. Anyone who holds such a job will inevitably and quickly feel a strong pull to the private sector.  Their expertise is simply too valuable in this day and age.  If and when that person departed, we would have to start from scratch and find a replacement.  And that process undoubtedly would repeat itself every few years, with little long-term benefit to the Criminal Division.  That is the position we find ourselves in right now.”

Benczkowski added that Chen “spent considerable time training our attorneys and developing in-house knowledge and expertise among attorneys in the Division,” noting that “[t]hat work was very beneficial.”

Benczkowski then announced his plans for increasing compliance capacity and knowledge across the relevant Sections of the Criminal Division, beginning with the Fraud Section and the Money Laundering and Asset Recovery Section, “where the bulk of our corporate enforcement activity takes place.”  He stated that these plans had two elements:  diverse hiring and the development of targeted training programs.”

  • Diverse Hiring: Benczkowski said that Criminal Division” will focus on building a team of attorneys who offer diverse skillsets. That means not just attorneys with experience as prosecutors and in the courtroom, but also those who bring compliance experience to the table.”  For corporate-enforcement cases, he indicated that the approach would be to team “a trial attorney with experience litigating corporate cases . . . with an attorney who has experience developing and testing corporate compliance programs,” in order to leverage prosecutorial talent, “which should lead to better and more just outcomes.”  Rather than “outsourc[ing] a separate review of the compliance program when considering the merits of a corporate matter,” Benczkowski maintained that the same attorneys on a case team should be considering all of the factors in the Department’s Principles of Federal Prosecution of Business Organizations (informally known as the “Filip Factors”), “as part of a single, comprehensive review and determination of the right outcome.”
  • Training: Benczkowski first summarized the longstanding approaches to training that the Department has provided to attorneys on how to investigate and try cases. Those included trial-advocacy courses at the Department-operated National Advocacy Center (NAC), detailing of Criminal Division attorneys to U.S. Attorney’s Offices across the country, and “a broad array of both voluntary and mandatory training to all of our attorneys across the Department.”  Benczkowski then stated his expectation

that the Division will develop a training program that addresses compliance programs generally, as well as issues specific to each section and unit.  As a result, more of our health care fraud attorneys who work on corporate cases will become experts in health care industry compliance; attorneys working on securities and commodities cases will become experts in compliance relating to securities laws and trading.  We will take this same approach for attorneys who work on FCPA cases, or MLARS attorneys who do cases involving the banking industry.  Ultimately, our goals are to ensure a balance of experience across the Division and to enhance the expertise of our trial attorney workforce.

Benczkowski explained that “[w]e want to ensure that we build and maintain the capacity we need not just for today or next year, but for ten years down the road.  And it will lessen the impact when people inevitably leave the Department to retire or follow other career paths.”

Note:  The Assistant Attorney General’s general approach to increasing compliance expertise via more diverse hiring and increased training is commendable.  It is no reflection on Hui Chen – who brought an unparalleled depth and breadth of compliance expertise to the Division’s Fraud Section, and materially increased the sophistication of the Section’s evaluation of corporate-compliance programs – to say that the Criminal Division (and by extension the Department overall) would benefit from having broader and more sustainable expertise in every Section that handles corporate criminal investigations and cases.

With regard to the Criminal Division’s hiring and use of more attorneys with compliance expertise, a few observations are in order.  Benczkowski’s remarks, as noted above, seem to indicate that his corporate case-staffing approach envisions two distinct categories of attorneys: a trial attorney with experience in litigating corporate cases, and an attorney with experience developing and testing corporate compliance programs.  In practice, that demarcation may be inadvisable over the long term.  As litigating sections in the Department, Criminal Division Sections need to maintain long-term flexibility in their ability to assign investigations and cases to their trial attorneys.  An attorney hired into a Section based on his or her in-house compliance expertise may be of immense value in certain cases where the attorney’s expertise matches with the type of company under investigation, but of lesser value in other cases if he or she does not have at least some litigating experience.  In fact, a number of corporate-compliance officers and managers have been prosecutors before moving into in-house roles, so the Division may not find it necessary to choose between hiring separate categories of trial attorneys and compliance attorneys.

The greater challenge in recruiting such attorneys, however, may be simple economics.  An experienced Assistant U.S. Attorney or Criminal Division prosecutor who takes an in-house compliance position is likely to improve his or her income significantly (taking into account salary, bonuses, and other compensation) over a federal-government salary.  The longer that those attorneys spend in compliance roles, meaning the greater the expertise they are amassing, the disparity between government and private-sector salaries can only increase.  Although the Department has often been fortunate in attracting attorneys who are willing to leave more lucrative private-sector positions for the opportunity to engage in public service, the question for the Criminal Division will be whether it can find enough of such people with both litigating and compliance experience to meet its needs in the next one to three years.

As for increased training, Benczkowski described the proposed training program in very general terms.  Certainly the NAC, which for many years has offered a wide variety of white-collar crime seminars taught by experienced prosecutors, can play a role in bringing more compliance-related training to Criminal Division chiefs and trial attorneys.  But the Division would benefit from adopting a broader conception of compliance training – one that includes three approaches that in-house compliance functions themselves use.

First, when I headed the global anti-bribery and corruption program for a global financial institution, I not only hired compliance professionals who already had relevant expertise, but encouraged them to maintain their current professional certifications and to pursue additional certifications in anti-corruption, fraud, and money laundering as appropriate.  Training courses offered by reputable certifying organizations enable compliance professionals to hear from a variety of experts in their field, and can enhance the certified professionals’ knowledge and professional credibility.

Second, I also sought funding from my superiors to enable my compliance team to attend external compliance conferences on a regular basis.  In-house corporate-compliance managers and specialists routinely benefit from hearing from their peers in their industry or other industries – to obtain informed perspectives on significant compliance trends and developments, to benchmark their compliance programs with other companies in their industry, and to learn methodologies and processes that could enhance their programs.  Criminal Division attorneys can derive similar benefits.

Third, the Division needs to consider developing its own more advanced training on specific compliance issues, as I and my peers in other firms did for our in-house compliance teams.  While the NAC always seeks to maintain a high standard in its training seminars, its training calendar in any given year fills quickly.  That can make it difficult for the Division to use the NAC as the venue for compliance training without substantial lead time.  Although the Department can hardly look to law firms that appear before it on corporate-compliance matters to provide such training, there are other sources of expertise in the private sector and academia on which the Division might draw.  In any event, the Division should be open to adopting whatever training approaches enhance the compliance knowledge and expertise of its prosecutors.

Afterword: A passing comment by Benczkowski during his remarks deserves separate mention.  In discussing the need to improve prosecutorial compliance expertise, he stated his belief that “our prosecutors should consider the adequacy of a compliance program at the same time they are considering, for example, a company’s remedial actions or the timeliness of any voluntary self-disclosure.”  Other commentators –such as Professor Andy Spalding of the University of Richmond Law School – have urged that the Department consider pre-existing compliance as part of its consideration of potential corporate liability, along with the standard factors such as timely and voluntary self-disclosure, full cooperation, and remediation.  It is not clear whether Benczkowski’s comment is more a personal observation or a telltale of future Department policy changes, but corporate-compliance professionals should closely watch future speeches by Benczkowski and other Department officials for indications of further changes in the Department’s corporate-enforcement policies.

Failures in Financial Institutions’ AML Compliance Programs: A Compliance Officer’s Checklist

In the first three quarters of 2018, there has been an unusual spate of enforcement actions by prosecutors and regulators against top-tier financial institutions for significant failures in their design and implementation of anti-money laundering (AML) compliance programs:

  • February – Rabobank: Rabobank N.A., a subsidiary of Rabobank, pleaded guilty in U.S. federal court to felony conspiracy to impair, impede, and obstructing its primary regulator, the U.S. Department of the Treasury’s Office of the Comptroller of the Currency (OCC), by concealing deficiencies in its anti-money laundering (AML) program and for obstructing the OCC’s examination of Rabobank, and agreed to forfeit $368,701,259.
  • February – U.S. Bancorp: The Department of Justice reached a deferred prosecution agreement (DPA) with U.S. Bancorp, resolving criminal charges under the Bank Secrecv Act (BSA), that required U.S. Bancorp to forfeit $453 million and pay a $75 million civil penalty assessed by the Office of the Comptroller of the Currency (OCC). In addition, the Financial Crimes Enforcement Network (FinCEN) reached a separate agreement with U.S. Bancorp requiring the bank to pay $70 million for civil BSA violations.
  • June – Commonwealth Bank of Australia (CBA): AUSTRAC and CBA reached agreement on a AU$700 million penalty “to resolve Federal Court proceedings relating to serious breaches of anti-money laundering and counter-terrorism financing (AML/CTF) laws.” AUSTRAC later stated that this penalty was “the largest civil penalty in Australia’s corporate history and reflects the magnitude of the serious non-compliance by CBA.”
  • July – UBS U.S. Branches: The OCC reported that it had entered cease-and-desist orders against three U.S. branches of UBS and had found that the branches failed (1) to adopt and implement a compliance program that adequately covered the required Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program elements and (2) to timely file Suspicious Activity Reports (“SARs”) related to suspicious customer activity. The OCC also stated that the deficiencies in the branches’ BSA/AML compliance program resulted in various violations of OCC regulations, but did not impose any financial penalties for those violations.
  • September – ING: The Dutch Public Prosecution Service announced that it had reached a settlement agreement with ING Bank N.V. requiring ING to pay approximately US$900 million to resolve an investigation focused on violation, “for many years and on a structural basis,” of the Dutch Anti-Money Laundering and Counter Terrorism Financing Act by ING’s business unit ING Bank Netherlands.
  • September – Credit Suisse: FINMA concluded two enforcement procedures against Credit Suisse AG. One was for deficiencies in Credit Suisse’s adherence to AML due diligence obligations in relation to suspected corruption involving the International Federation of Association Football (FIFA), the Brazilian oil company Petrobras, and the Venezuelan oil company Petróleos de Venezuela, S.A. (PDVSA).  The other was for deficiencies in the bank’s AML process, as well as shortcomings in the bank’s control mechanisms and risk management, with regard to a significant business relationship with a politically exposed person (PEP).
  • September – Danske Bank: Danske Bank acknowledged, based on internal investigations, that approximately $234 billion in potentially suspicious transactions had flowed through its Estonian branch for nearly a decade. Criminal investigations by several countries into the Estonian branch’s activity are now underway.
  • September – Deutsche Bank: The Bundesanstalt für Finanzdienstleistungsaufsicht (“BaFin,” the German Federal Financial Supervisory Authority) ordered that Deutsche Bank AG “take appropriate internal safeguards and comply with general due diligence obligations” in order to prevent money laundering and terrorist financing, and appointed a monitor “to report on and assess the progress of the implementation.” BaFin did not specify what shortcomings warranted its order, but reportedly stated that “this was the first time it had made such an appointment at a bank related to money laundering.”

It may be tempting for some to dismiss these actions simply as examples of aggressive behavior by prosecutors and regulators.  AML compliance officers and internal auditors, however, should examine these cases more closely to see what specific failures or deficiencies were identified, at least as a point of comparison with their own compliance programs.

To that end, this post provides a checklist of some of the principal corporate AML failures that were specifically identified in those cases:

  • Failure of Systems Design
    • Design of Systems for Monitoring Transactions:
      • In Credit Suisse’s case, FINMA stated that the bank had not established an automated comprehensive overview of client relationships, which would allow every relevant department within the bank “to see all the client’s relationships with the bank instantly and automatically.”
      • In Danske Bank’s case, the internal investigation report stated that the Estonian branch had its own information technology platform, which meant “that the branch was not covered by the same customer systems and transaction and risk monitoring as Danske Bank Group” and that Danske Bank Group “did not have the same insight into the branch as other parts of [the] Group.”
    • Design of Systems to Receive Currency Deposits:
      • In CBA’s case, the bank failed to carry out an appropriate assessment of the money laundering and terrorism financing (ML/TF) risks of its smart Automated Teller Machines, labeled “Intelligent Deposit Machines” (IDMs). AUSTRAC alleged that CBA did not limit the number of transactions a customer could make per day, and that its IDMs allowed up to 200 notes per transaction. That meant that a customer could deposit a stack of 200 AU$100 notes at one time, resulting in a deposit twice a large as the AU$10,000 reporting threshold for transfers of physical currency.  In addition, CBA’s IDMs reportedly allowed anonymous cash deposits, making them more attractive to criminals.  One new report speculated that “whoever installed the machines back in 2012 simply didn’t realise transactions above $10,000 had to be reported, and never wrote the code.”
    • Failure of Organizational Design:
      • In ING’s case, the Public Prosecution Service stated that
        • “one of the main reasons for the shortcomings was the insufficient attention paid by ING NL to compliance risk management (business over compliance). The responsibility for compliance with the AML/CTF Act rests with three different divisions of the bank. None of these divisions oversaw the whole picture. This in part explains why senior management was not fully aware of the seriousness of the shortcomings, and their persistence.”
      • In Danske Bank’s case, the back acknowledged that “in general, the Estonian branch had insufficient focus on the risk of money laundering, and branch management was more concerned with procedures than with identifying actual risk,” and that “the Estonian control functions did not have a satisfactory degree of independence from the Estonian organization.”
    • Noncompliance with Corporate AML Program Requirements:
      • In CBA’s case, for a period of three years, the bank did not comply with the requirements of its own AML program relating to monitoring transactions on 778,370 accounts.
      • In Credit Suisse’s case, FINMA found that a client relationship manager –
        • “who was very successful in terms of assets under management – breached the bank’s compliance regulations repeatedly and on record over a number of years. However, instead of disciplining the client manager promptly and proportionately, the bank rewarded him with high payments and positive employee assessments. The supervision of the relationship manager was inadequate due to this special status.”
    • Failure to Implement Controls:
      • In CBA’s case, the bank failed to complete the introduction of appropriate controls to mitigate and manage the money laundering and terrorist financing (ML/TF) risks of its IDMs.
      • In UBS’s case, the Consent Order cited the branches’ inadequate system of internal controls as one of the “critical deficiencies” in the elements of the branches’ BSA/AML compliance program.
    • Failure to Meet Due Diligence Obligations:
      • In Credit Suisse’s case, FINMA determined that “repeatedly over a number of years,” Credit Suisse had failed to comply with its due diligence obligations relating to FIFA, Petrobras, and PDVSA in five respects: (1) Identifying the client; (2) Determining the beneficial owner; (3) Categorizing a business relationship as posing an increased risk; (4) Performing the necessary clarifications upon increased risk plus associated plausibility checks; and (5) documentation. It also determined that with respect to a significant business relationship with a client who was a PEP, Credit Suisse “failed to meet its heightened due diligence obligations regarding investigation, plausibility checks and documentation regarding the client and certain related high-risk transactions.”
      • In ING’s case, the Public Prosecution Service stated that “[t]he absence or insufficient conducting of client due diligence led to ING NL’s acceptance of clients without sufficiently investigating the risks associated with those clients. Clients were also classified in the wrong client segments.” That statement cited multiple specific examples of due diligence failures, including a women’s underwear trader that was able to launder approximately €150,000,000 through its bank accounts with ING NL.
      • In Danske Bank’s case, the internal investigations report stated that failures of the bank’s due diligence included lack of knowledge of customers, lack of identification of ultimate beneficial owners and “controlling interests,” inclusion of “so-called intermediaries,” “which were unregulated and represented unknown end-customers,” as customers.
      • In UBS’s case, the Consent Order stated that the branches had systemic deficiencies in their customer due diligence, enhanced due diligence, and customer risk rating processes, and failed to establish and apply an adequate due diligence program for foreign financial institutions.
    • Failure to Maintain Adequate Staff:
      • In ING’s case, the Dutch Public Prosecution Service stated that “[t]he compliance department was understaffed and inadequately trained. Partly due to the limited personnel capacity, the system for monitoring transactions was set up by the bank in such a way that only a limited number of money laundering signals were generated.”
      • Similarly, as noted below, in U.S. Bancorp’s case, the bank capped the number of automated alerts its system generated, based on staffing levels and resources.
    • Failure to Monitor Customers:
      • In Danske Bank’s case, the internal investigations report stated that the AML monitoring failings included insufficient attention to customer activities, lack of identification of the source and origin of funds used in transactions, absence of screening of customers against PEP lists, absence of screening of incoming payments against sanctions or terror lists, and in general, absence of automatic screening of incoming payments. In addition, Danske Bank’s Internal Audit team noted in 2014 that “’ongoing monitoring’ was performed manually by account managers, who were responsible for so many customers that it was ‘in fact impossible to perform the monitoring in an effective and efficient way’.”
      • In CBA’s case, the bank, even after it became aware of suspected money laundering or structuring on CBA accounts, “did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.”
      • In UBS’s case, the Consent Order stated that the branches “had systemic deficiencies in their transaction monitoring systems, which resulted in monitoring gaps. These systemic deficiencies resulted in alert and investigation backlogs, and led to a failure to file SARs in a timely manner.”
      • In Credit Suisse’s case, FINMA found that Credit Suisse “had failed to adequately record, contain and monitor the risks arising over a number of years from the PEP business relationship and the responsible (and since criminally convicted) client relationship manager.”
      • In Rabobank’s case, Rabobank “knew that millions of dollars in cash deposits at [its Southwest border] branches were likely tied to illicit conduct,” yet continued its practice of soliciting cash-intensive customers from Mexico and elsewhere for an extended period.
    • Conducting Transactions Not Subject to Monitoring:
      • In U.S. Bancorp’s case, the bank processed Western Union transactions involving non-customers, “even though they would not be subject to the Bank’s transaction monitoring systems. Even when Bank employees flagged specific non-customer transactions raising AML-related concerns, the transactions went uninvestigated.”
    • Manipulation of Monitoring Software:
      • In U.S. Bancorp’s case, FinCEN stated that the bank “capped the number of alerts its automated transaction monitoring system would generate to identify only a predetermined number of transactions for further investigation, without regard for the legitimate alerts that would be lost due to the cap.” The U.S. Attorney who handled the DPA stated that the bank “bas[ed] the number of such alerts on staffing levels and resources, rather than setting thresholds for such alerts that corresponded to a transaction’s level of risk.”
      • Similarly, in ING’s case, the Public Prosecution Service stated that “[p]artly due to the limited personnel capacity, the system for monitoring transactions was set up by the bank in such a way that only a limited number of money laundering signals were generated. Only the proverbial tip of the iceberg was investigated.”
    • Compromise of Alert Processes:
      • In Rabobank’s case, the bank “received regular alerts of transactions by ‘High-Risk’ customers, or through accounts deemed to be ‘High-Risk,’ and that had been the subject of prior SARs filed by Rabobank,” but “created and implemented policies and procedures to prevent adequate investigations into these suspicious transactions, customers, and accounts.” In particular, the bank created a “Verified List” of certain customers, and ”instructed its employees that if a customer was on the ‘Verified List,’ no further review of that customer’s transactions was necessary — even if the transactions generated an internal alert, or the customer’s activity had changed dramatically from when it was ‘verified’.”  The bank also instructed its BSA/AML staff “to aggressively increase the number of bank accounts on the Verified List.”
    • Failure to Timely Report High Volumes of Suspicious Transactions:
      • In CBA’s case, the bank failed to provide 53,506 threshold transaction reports, having a total value of about AU$625 million, to AUSTRAC on time for nearly three years. It also “failed to report suspicious matters on time, or at all, involving transactions in the tens of millions of dollars.”
      • In U.S. Bancorp’s case, the bank willfully failed to timely report suspicious banking activities of a longtime customer, despite being on notice that he had been using the bank to launder proceeds from an illegal and fraudulent payday lending scheme. As part of that failure, the Justice Department stated that the bank “disregarded numerous red flags” concerning the suspicious nature of the customer’s activity.
      • In Danske Bank’s case, the internal investigations report noted that the bank’s AML failings included lack of response to suspicious customers and transactions.
    • Failure to Terminate Customer Accounts:
      • In ING’s case, the Public Prosecution Service determined that “[c]lient relationships and bank accounts were . . . , when necessary, not terminated by the bank in a timely manner.”
      • In U.S. Bancorp’s case, after receiving information that the customer had been using sham bank accounts under the names of companies nominally owned by various Native American tribes to launder proceeds of his fraud scheme, the bank “closed the accounts in the names of the tribal companies but failed to file a SAR . . . and left open [the customer’s] ’s non-tribal accounts and opened new ones,” which allowed additional proceeds of more than $176 million from his illegal payday business to flow into the bank.
    • Termination of Employees Identifying Potential Misconduct:
      • In Rabobank’s case, the Justice Department stated that “[t]o further conceal the inadequate nature of its BSA/AML program and to avoid ‘others contradicting our findings’ and statements to the OCC, Rabobank demoted or terminated two RNA employees who were raising questions about the adequacy of Rabobank’s BSA/AML program.”
    • Prior Warnings by Regulators:
      • In ING’s case, the Public Prosecution Service noted that the Dutch Central Bank had warned ING NL on multiple occasions. In U.S. Bancorp’s case, an OCC examiner assigned to the Bank had repeatedly warned bank officials “of the impropriety of managing the Bank’s monitoring programs based on the size of its staff and other resources.”
      • In Danske Bank’s case, the bank had been the subject of regulatory sanctions with respect to its Estonian branch from both the Estonian FSA and the Danish FSA in 2015 and 2016, respectively.
    • Concealment of Conduct from Regulators:
      • In U.S. Bancorp’s case, bank officials (including the Chief Compliance Officer). “[k]nowing that the OCC would find [the Bank’s] resource-driven alert limits to be improper, . . . deliberately concealed these practices from the OCC.”
    • Obstruction of Regulators:
      • In Rabobank’s case, when the OCC began conducting its periodic examination of Rabobank in 2012, the Justice Department stated that Rabobank agreed to knowingly obstruct the OCC’s examination. Rabobank responded to the OCC’s February 2013 initial report of examination with false and misleading information about the state of Rabobank’s BSA/AML program.  Rabobank also made false and misleading statements to the OCC regarding the existence of reports developed by a third-party consultant, which detailed the deficiencies and resulting ineffectiveness of Rabobank’s BSA/AML program.” The Department also stated that Rabobank did so “in hopes of avoiding regulatory sanctions that had previously been imposed on Rabobank in 2006 and 2008 for nearly identical failures.”

There is no doubt that each of these acts and omissions constitute, in varying degrees, serious failures in AML compliance that would be problematic for any financial institution.  AML compliance officers should use these examples in not only in reviewing their own programs, but in crafting general and targeted training for managers and employees.  It is easy for executives and employees at leading financial institutions to think, “It can’t happen here,” which makes it all the more important for compliance programs to show that it can happen and has happened at peer institutions.  As the examples here have shown, the price of complacency or inattention to robust and consistent AML compliance can be devastating in financial and reputational terms.

Danske Bank: A Status Report on Criminal Investigations

Since the start of October, two events strongly indicate that Danske Bank – already under the pitiless glare of publicity for its acknowledgement that $234 billion in potentially suspicious transactions had moved through its Estonian branch – has now entered a new and substantially more worrisome phase of law enforcement scrutiny.  First, on October 4, Danske Bank itself acknowledged not only that it was “in dialogue” with Danish and Estonian authorities regarding criminal investigations by both countries into the Estonian branch’s activities, but also that it also had “received requests for information from the U.S. Department of Justice (DOJ) in connection with its own criminal investigation relating to the Estonian branch . . . .”  The bank further stated that It “is cooperating with these authorities,” adding that “[t]he timing of completion of the investigations by, and subsequent discussions with, the authorities is uncertain, as is the outcome.”

Second, on October 12, according to ERR News (the English-language service of Estonian Public Broadcasting), Estonian Prosecutor General Lavly Perling informed the Legal Affairs Committee of the Riigikogu (Estonia’s unicameral Parliament) that the criminal investigation into the Estonian branch “is expected to progress enough by the end of the year that the Prosecutor’s Office will be able to reveal new information about it.”  Perling, who has been the Prosecutor General since 2014, also reportedly stated that cooperation with Danish prosecutors “has been good,” but “cooperation with Russia, the alleged source of the money laundering, has been difficult,”  and that Estonian authorities had sent “appeals for legal assistance” to European and unspecified other countries. Although ERR News said that Danske Bank “has reported eight people to the Estonian police in connection with the suspected money laundering,” Perling declined to specify the number of people currently under investigation.

Note:  That Danish, Estonian, and even United Kingdom authorities are conducting criminal investigations into the myriads of suspicious transactions through Danske Bank’s Estonian branch is old news.  Confirmation of a U.S. Department of Justice investigation into that subject is not.  To date, the Justice Department has not confirmed Danske Bank’s statement, and is unlikely to say anything about the scope and scale of that investigation until and unless it reaches a resolution with Danske Bank.

For now, it is reasonable to assume that the primary focus of the Justice Department investigation will be whether any of the bank’s or Estonian branch’s conduct indicates criminal violations of the U.S. money-laundering offenses.  U.S. agents and prosecutors will certainly want to determine whether any possible laundering transactions by non-resident customers in Estonia flowed from Danske Bank’s Estonian branch through U.S. correspondent banks. Given the titanic scale of cross-border transactions that flowed through Estonia over nearly a decade, however, it is by no means impossible that as the Department receives and reviews material from Danske Bank and other sources, it may find a factual basis on which to expand its investigation beyond Danske Bank to other Estonian banks or branches of foreign banks.

In any event, the pace of all of these investigations is likely to be far slower than any of the investigating agencies – let alone Danske Bank – would want.  As each new jurisdiction opens its own investigation and seeks documents from foreign authorities, the challenges for each investigating agency in reviewing and analyzing documentation, deciding on next steps in its investigation, and coordinating with other jurisdictions can mount exponentially.  At least for participating European Union Member States, it may soon be worthwhile considering the establishment of a Joint Investigation Team (JIT), in conformity with the European Union’s model JIT agreement, to improve investigative coordination and reduce the financial burdens on less populous countries.  Any coordination measures that might shorten what otherwise could be a years-long process to bring these disparate investigations to fruition would be welcome.